A plus 220-1001 – Exam Objective 2.1
A+ Exam Objective 2.1
2.1 Compare and contrast TCP and UDP ports, protocols, and their purposes.
Click here to go back to the A+ Main Domain 2.0 Table of Content
In this installment of ExamNotes, we will look at 220-1001
Sub-objective 2.1 “Compare and contrast TCP and UDP ports, protocols, and their
In the objectives, TCP vs. UDP is listed last. This topic should really be listed
before protocols and ports in order to best help you understand what to expect
when you use a particular protocol in terms of performance and reliability.
That is why this review is starting with the last item on the list: TCP vs.
TCP vs. UDP
TCP (Transmission Control Protocol) is
a protocol that rides on top of the IP protocol (Internet Protocol) and is designed
to address the reliability issues of IP, which is inherently unreliable. This
is the main reason why you see the TCP/IP protocol suite referenced as a single
protocol in internet communication.
TCP is responsible for the connection and the continuity
necessary for reliable communication on any network, most notably the Internet.
TCP opens a reliable “socket” on each end of the transmission throughout the
entire communication. To effectively do this, TCP needs to know the IP
addresses and ports of both the client and the server. This action is known as
connection-oriented and can be viewed much like a traditional telephone call
consisting of the following actions: pickup, dial, connect, chat and hang up.
This is why Port/Protocol information is significant.
With the connection sockets established, TCP becomes responsible
for breaking the data into packets of up to 64K, however the lower level
protocols that use TCP have much lower maximum packet sizes such as 1500K for
Ethernet. TCP breaks the data down to the necessary size and adds its header. TCP
is also responsible for delivery, meaning that all failed packets are
retransmitted and that the packets arrive intact in the correct sequence. Most importantly
each packet receipt is acknowledged, referred to as ACK. If it isn’t
acknowledged, the packet will be retransmitted. In the end, all data is
delivered to the correct host in sequence and complete.
UDP (User Datagram Protocol) is an
unreliable, connectionless delivery system for communication that also rides on
top of IP. The difference with UDP is that the packets are all individual and
are all handled separately. This negates the flow control and other checks and
balances offered by TCP. This means no solid connection, no inter-packet
relationship like in the case of TCP where a packet will say “I’m the 7th
packet of 90” to the system. This also means no error control and no
acknowledgment of packet receipt let alone dropped or lost packets. The sender
has no information as to whether their communication was received or not.
So why use UDP? UDP is fast due to the lack of ACK. UDP data
streams continuously to the destination, regardless if the receiver is ready or
not. TCP sends, waits for the ACK, then sends more. This could add a
substantial amount of time to large transmissions.
Port Numbers and Protocols
We will list the related ports and protocols as defined by the
21 – FTP
The File Transfer Protocol (FTP) is used in a client/server
configuration to transfer files. FTP can operate in active or passive mode and
uses TCP to control the connection. In active mode, the connection is initiated
by the client and informs the server about which port it intends to use to
receive data. In active mode (although port 21 is used for command and control),
the data will be sent out on port 20 which serves as the FTP server’s data
port. Passive mode is used in situations where inbound client TCP connections
are not possible. Firewalls generally block inbound connections by default. In
this case, the client sends a PASV command to the server and the server
determines which client port can be used for the transfer.
22 – SSH
Secure Shell (SSH) opens a secure network channel over an
unsecured network using public key cryptography, providing confidentiality and
integrity for network services. This makes SSH a cryptographic network
protocol. SSH is used to secure remote network logins and other confidential
data. Passwords cannot be intercepted because the encryption is established
before the login is required.
23 – TELNET
Developed in the late 60’s, Telnet was designed to support
remote logins and communication between computers during what was a “kinder and
gentler” time for networks. Telnet provides a functional command prompt on the
remote host. However, these communication channels are in plaintext making them
subject to interception. This is not acceptable for today’s networks and the
internet. Since Telnet does not encrypt data, SSH has generally replaced Telnet
for these connections.
25 – SMTP
The Simple Mail Transport Protocol (SMTP) uses TCP port 25 for
internet mail transmission. SMTP is an internet standard protocol. Due to the
proliferation of SPAM and other email related vulnerabilities, other ports can
be used for SMTP, most notably port 587. A secure, nonstandard implementation
of this protocol is SMTPS. SMTPS is quite effective because it is one of
the protocols that can utilize SSL. SMTP is responsible for the transmission of
email between servers and for sending email from a client. Other protocols are
used by the client to receive email.
53 – DNS
The Domain Name System (DNS) is mostly known for its
function of translating friendly domain name URLs such as www.mysite.com into
its actual IP address which are much more difficult for humans to remember
DNS uses the two protocols TCP and UDP on port 53. DNS servers
update themselves by maintaining a list of known host-to-address translations
in a distributed database while also receiving and adding unknown or moved
domains. This supports the hierarchical nature of domain naming of domains and
sub-domains. Each domain has a designated authoritative name server that manages
the domains and sub-domains. The name server also communicates that information
to the database.
80 – HTTP
Web Browsers use the Hypertext Transfer Protocol (HTTP) for
internet communications. HTTP can be considered the foundation of the World
Wide Web. HTTP uses the client/server method where a client uses a Uniform
Resource Locator (URL) to locate and request information from the target server
of the resource. The response is more often than not an HTML page.
A typical URL begins with http:// (or increasingly https://)
followed by the Fully Qualified Domain Name (FQDN) of the desired resource.
URLs to websites can be distributed between parties using clickable links
called hyperlinks, named in reference to the hypertext communication being used.
HTTP uses TCP/UDP port 80 and sends unencrypted data by default. This is
110 – POP3
Receiving email is done over several different protocols. There
are two main protocols available depending on your service. The first is Post
Office Protocol (POP) with the latest version being POP3. This protocol uses
port 110 by default and is responsible for the management of messages on the
server (saving and deleting). Deleting the message after delivery is the
default mode. Leaving messages on the server is useful if you use multiple
devices for messaging.
143 – IMAP
Today’s email user is probably using email over a collection of
devices including Tablets, Smartphones, and Laptops. If your smartphone downloads
and deletes a work-related email (POP3 default), you will have a problem when
you check email on your PC or laptop. The Internet Message Access Protocol
(IMAP) on TCP port 143 solves this problem by leaving the messages on the server
regardless of the delivery status. Every device that checks the server will get
the email. This is great unless you get spammed a lot. If 18 out of 20 emails
are junk, your server space will fill up quite quickly. This calls for closer
scrutiny of the undeleted messages on your server. You have to move spam emails
to the trash folder and purge it or configure the client to purge trash. Despite
this, IMAP is the preferred client messaging protocol.
3389 – RDP
This is for the old timers that used Telnet and then Terminal
Services. From Windows XP onward, the Remote Desktop Connection (RDC) was
available. Using the Remote Desktop Protocol (RDP) on TCP/UDP port 3389, RDC is
able to bring a fully functional remote machine’s desktop and its programs to
your device. This requires that the client and server software be configured on
Microsoft products but versions of Remote Desktop are available for most OS’s.
Server Message Block (SMB) predates Active Directory and was the
foundation of Microsoft’s Windows for Workgroups networking capability. Based
on NetBIOS, SMB can run on UDP ports 137 and 138, and TCP ports 137 and 139 as
NetBIOS over TCP/IP (NetBT).
Server Message Block (SMB) runs directly on TCP port 445. While
being one of the oldest networking protocols, it has been continuously improved.
The 3.0 version implemented with Windows 8 (3.02 in 8.1) supports improved
performance in virtualized data centers. It is pervasive in many network
applications and embedded devices. However, newer versions support end-to-end
AES encryption. The Windows 10 version of SMB, version 3.1.1, requires secure
negotiation when connecting to earlier versions. You may also see this service named
as Common Internet File System (CIFS) or Samba depending on the operating
427 – SLP
SLP was designed to help networks grow from small networks
to large enterprise networks. Operating on port 427 the (Service Location
Protocol), SLP allows clients to locate servers and services on the network.
548 – AFP
Apple File Protocol (AFP) version 3.0 and higher use TCP/IP
ports 548 or 427 to support the proprietary Apple sharing protocol. This protocol
uses URLs with the structure afp//server/path. At the time of this writing, AFP
is migrating to SMB. This is probably not covered in the scope of the
67-68 – DHCP
The Dynamic Host Configuration Protocol (DHCP) has saved years
of man hours and countless misconfigurations. As the most common IPv4 or IPv6
TCP/IP addressing method, DHCP is responsible for complete client configuration
on a TCP/IP network. On a work network, there is usually an assigned DHCP
server. Residential or SOHO implementations use the router provided by the ISP
to perform this function. DHCP assigns or leases a unique IP address to each
host. The duration of the lease is determined by the network administrator or is
weekly by default. DHCP will also define the internet gateway and Domain Name
Server to be used. This means that your machine may not get the same IP address
when rebooted or otherwise disconnected. However, the DNS and Gateway settings
The DHCP server has an available pool of IP addresses available
to assign to clients (hosts) that attempt to connect to the network. The client
broadcasts a UDP discovery packet for an address to all connected networks. All
DHCP servers will offer an address to the client. The client will then accept
the offer from the nearest server by requesting a lease. That server will lease
that address to the client. The address assignment process is identical for
both IPv4 and IPv6 addressing. For the sake of consistency, the ports used are
UDP 67 for the server and UDP 68 for the client.
389 – LDAP
Think of the Lightweight Directory Access Protocol (LDAP) as a
phonebook for network services. The protocol serves to maintain and provide
access to a distributed directory of the users, applications, available network
services, and systems throughout an IP network.
Based on the x.500 standard’s directory, services using the Directory Access Protocol (DAP), which relied on the 7 layer OSI model, LDAP uses only a portion of the x.500 standard set and uses the newer and more relevant four layer Internet protocol suite on port TCP/UDP 389 at the application layer. By containing all the required network information, including users and their credentials, LDAP servers can be used to quickly validate user access. LDAP can precisely fulfill specific and detailed responses to queries about the network. The more details specified in the request, the more concise the response. In addition to its own Distinguished Name (DN) object identification, LDAP can ask DNS servers to locate other LDAP servers.
As one of the more popular network management protocols, Simple
Network Management Protocol (SNMP) is used to monitor and configure network
nodes such as printers, hosts, routers, and servers on TCP/UDP ports 161 and
162 using a network manager. SNMP agent software is used on the nodes to enable
That’s all for Sub-objective 2.1. Stay with it! Good luck on the test!
Click here to go back to the A+ Main Domain 2.0 Table of Content
Pass Your IT Certification Exams With Free Real Exam Dumps and Questions
Full Version 220-1001 Dumps