# Ports and Protocols In this section, we'll dive into the essential building blocks of network communication that help devices speak to each other, transfer data, and ensure everything functions smoothly. Understanding ports, protocols, and how they work together is vital for anyone starting out in penetration testing or network security. ## **What are Ports?** In simple terms, a port is like a door through which data enters or leaves a device (computer, router, server). Think of a device as a building, and each port as a door that allows certain types of traffic in and out. But just like a building has multiple doors leading to different rooms, a device has multiple ports, each assigned a number to distinguish it from others. * **Ports are numbers**: A device can have thousands of ports, but only a few hundred are actively used. Ports are categorized into three ranges: * **Well-Known Ports (0-1023)**: These are reserved for popular services like HTTP, HTTPS, FTP, etc. * **Registered Ports (1024-49151)**: These are used by applications that aren’t part of the well-known services but are still standardized. * **Dynamic or Private Ports (49152-65535)**: These are used for ephemeral (temporary) connections. For example: * **HTTP** uses port **80**. * **HTTPS** uses port **443**. * **FTP** uses ports **20** (data) and **21** (control). * **SSH** uses port **22**. Each port corresponds to a specific type of service or application, and understanding these helps us direct data correctly when testing or securing networks. ## **Common Protocols** Protocols are like languages that computers use to communicate. They define how data is transmitted across a network, and each one serves a specific purpose. ### **HTTP (Hypertext Transfer Protocol)**: * Port **80** * This is the protocol used for transferring web pages and other resources over the internet. When you type a website into your browser, it uses HTTP (or HTTPS) to request the page. HTTP doesn’t encrypt data, so it's not secure by default. ### **HTTPS (Hypertext Transfer Protocol Secure)**: * Port **443** * A secure version of HTTP that encrypts the data to ensure privacy and security during transmission. This is used by websites requiring login information or handling sensitive data. ### **FTP (File Transfer Protocol)**: * Ports **20** and **21** * Used for transferring files between computers over a network. Port 21 handles control commands, while port 20 is used for data transfer. ### **SSH (Secure Shell)**: * Port **22** * A secure way to remotely access and control another computer over a network. It is commonly used by system administrators for managing servers. We used SSH to connect to shell of remote server for capstone of Linux Module in TryHackMe by connecting to TryHackMe VPN Server (if you didn't skip it). ### **SMB (Server Message Block)**: * Ports **137-139** and **445** * Used for sharing files and printers on a network, especially in Windows environments. SMB allows applications to read and write to files and request services from server programs. ### **ICMP (Internet Control Message Protocol)**: * Port **N/A** (ICMP doesn’t use ports) * Used for sending error messages and operational information. A good example is the **ping** command, which uses ICMP to test connectivity between devices. These protocols form the backbone of most network communications, and knowing their ports and purposes will help you identify and secure network traffic. ## **MAC Address (Recall)** Earlier, we briefly mentioned **MAC addresses**—but now let’s dive into how they play a key role in networking. * **MAC Address** (Media Access Control) is a unique identifier assigned to the network interface card (NIC) of a device. * Unlike IP addresses, which can change, MAC addresses are permanent and assigned at the hardware level, usually in the form of a 12-character hexadecimal string. * **Example**: `00:1A:2B:3C:4D:5E` MAC addresses are used in the data link layer (Layer 2) of the OSI model to ensure that data is directed to the correct physical device. It’s also crucial when a device is connecting to a network via protocols like **ARP** (Address Resolution Protocol), which we'll get into next. ## **ARP Protocol (Recall)** We already briefly covered ARP earlier, but let’s expand on it here. * **ARP (Address Resolution Protocol)** is used to map an IP address to a MAC address. * When a device wants to communicate with another device on the local network, it needs to know the MAC address corresponding to the destination’s IP address. * If a device doesn’t know the MAC address, it sends an ARP request to the network, asking, “Who has this IP address?” The device with that IP responds with its MAC address. This protocol is vital for local network communication and is one of the first things that happen when two devices on the same network try to talk to each other. ## **TCP vs UDP (Recall)** We’ve previously touched on **TCP** and **UDP**, but here’s how they fit into the protocols we’ve just discussed. 1. **TCP (Transmission Control Protocol)**: * **Reliable**: Ensures that packets of data are delivered in the correct order and checks for errors. * **Connection-oriented**: A connection must be established between sender and receiver before data is transmitted (via a three-way handshake). * **Used by**: HTTP, HTTPS, FTP, SSH, SMB, etc. * **Why**: TCP is essential for applications where data integrity and order are crucial. For instance, when you load a web page (HTTP/HTTPS), the browser needs the data to be received in order and without errors to display it correctly. 2. **UDP (User Datagram Protocol)**: * **Unreliable**: Doesn’t guarantee packet delivery or order, which can lead to dropped or out-of-order data. * **Connectionless**: No handshake is required before transmission. * **Used by**: DNS (port 53), DHCP (port 67/68), VoIP, streaming services, etc. * **Why**: UDP is faster because it doesn’t have to establish a connection or check for errors. This is why it's used in real-time applications like video streaming, gaming, or VoIP, where speed is more important than reliability. UDP, as seen with protocols like **DNS** and **DHCP**, is often the preferred choice when speed is essential, and minor packet loss is acceptable. ## **DHCP and the DORA Process** **DHCP** (Dynamic Host Configuration Protocol)—one of the coolest network protocols out there. It’s like a concierge service for devices trying to connect to a network. Without DHCP, you would need to manually assign an IP address to every device on the network, which would be a huge pain. {% hint style="info" %} **DHCP** automatically assigns IP addresses, subnet masks, default gateways, and DNS servers to devices on a network, making life much easier for administrators and users alike. {% endhint %} **The DORA Process:** When a device joins a network, DHCP follows a process called **DORA**:

Image Adapted from Post: https://www.linkedin.com/pulse/how-computer-gets-dhcp-address-dora-process-yogesh-sawant/

1. **D**iscover: The device sends a broadcast to the network, saying, “Hey, I need an IP address!” 2. **O**ffer: The DHCP server responds with an offer, including an available IP address. 3. **R**equest: The device then requests that specific IP address from the DHCP server. 4. **A**cknowledge: The server acknowledges the request, and the device is assigned the IP address for a **lease time**. This entire process happens quickly and seamlessly, allowing devices to get online without any manual configuration. ## Summary * **Ports** help us route traffic to the right service. * **Protocols** define how that data should be handled. * **MAC addresses** and **ARP** ensure data finds its way to the correct physical device. * **TCP** and **UDP** control how data is delivered, depending on the need for reliability and speed. * **DHCP** makes it easy to configure devices to join the network without manual input. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://handbook.ncateam.xyz/fundamentals/networking/ports-and-protocols.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.