FTP (tcp/20, tcp/21)

Generic file transfer method

Uses 2 ports:

• TCP/20
• TCP/21

SFTP - Secure FTP (tcp/22)

Uses SSH

Telnet (tcp/23)

Provides console access like SSH but unencrypted.

SMTP (tcp/25, tcp/587)

tcp/25: plaintext tcp/587: TLS encryption

DNS (udp/53)

Converts names to IP addresses

May use tcp/53 for large transfers

DHCP (udp/67, udp/68)

Automated configuration of IP addresses, subnet mask, and more. Requires a DCHP server.

IP addresses are assigned dynamically from a pool and are leased for a set interval.

IP addresses can be reserved by assigning a MAC address

TFTP - Trivial File Transfer Protocol (udp/69)

For very simple file transfers such as configuration files when starting a system. No authentication.

HTTP (tcp/80)

Web Server Communication

HTTPS (tcp/443)

HTTPS with TLS or SSL encryption

NTP - Network Time Protocol (udp/123)

Used to keep devices in sync

SNMP - Simple Network Management Protocol (udp/161)

Used to gather statistics from network devices

LDAP - Lightweight Directory Access Protocol (tcp/389)

Used to store and retrieve information from network directories

LDAPS - LDAP Secure (tcp/636)

Non-standard implementation of LDAP over SSL

SMB - Server Message Block / CIFS Common Internet File System (tcp/445)

Protocol used by Windows for file and printer sharing. Define access rights, file share publishing, and file locking.

Syslog (udp/514)

Standard for message logging in a network. Consolidate many devices into a log

Often used with a SIEM (Security Information and Event Manager)

Microsoft SQL (tcp/1433)

RDP - Remote Desktop Protocol (tcp/3389)

Commonly used on a Windows host machine with clients on many devices

SIP -Session Initiation Protocol (tcp/5060, tcp/5061)

Voice over IP signaling - initiating and disconnecting calls

Extending VoIP with video conferencing, messaging, file transfer, etc.