This blog provides some tables covering common Internet (IP whether TCP or UDP) ports that may be found on CompTIA entry level exams. A continuation of my series addressing content useful for candidates preparing for CompTIA A+ or Security+ exams. Allow me to recap my goal with this series:
For instructor-led CompTIA classes, see our course schedule.
Although CompTIA exams are heavily based upon the published exam objectives, CompTIA tends to expand target material by exposing candidates to potential content on their certification exams. Although such questions are not supposed to count toward the exam score, they can be particularly disconcerting – and if they occur on one of the more time consuming simulation questions also rather disruptive to the candidate’s focus.
Since the exam objectives may lag technology introduction by three years or more, you may find it beneficial to consider technology extensions to existing exam objectives during your certification preparations. In that light, I will be providing a growing series that introduces new or potentially expanding content.
My goal here is to provide you with a study list or guide, not a full explanation for each of the ports listed. The material related to Internet ports or protocols provided within the CompTIA objectives can sometimes be deceiving in its apparent simplicity. In other words, the Objectives don’t typically clarify that both the protocol and its default associated port should be known for the exam.
As an introduction to common TCP and UDP ports, the A+ 220-801 objectives provide the following learning target.
2.4 Explain common TCP and UDP ports, protocols, and their purpose.
- 21 – FTP
- 23 – TELNET
- 25 – SMTP
- 53 – DNS
- 80 – HTTP
- 110 – POP3
- 143 – IMAP
- 443 – HTTPS
- 3389 – RDP
- TCP vs. UDP
Although the Objectives do not list them, you should take note of the Ports commonly used with these Protocols.
The Security+ SY0-401 Objectives provide the following ports and protocols list:
1.4 Given a scenario, implement common protocols and services.
- Fibre Channel
As you continue to study other secured protocols, including VPN, IPSEC and various authentication, authorization, or key exchange mechanisms you should also become familiar with the default ports used by the most common transports.
Given the requirements under the DoD 8570.01-M: mandate, it would not hurt you to know the full set of ports, whether studying for the A+ or Security+ credential. IT Contributors and developers are required to have the A+ credential, while supervisors and leadership positions are required to hold both the A+ and Security+ credential. Knowledge across both certifications is therefore useful for career advancement.
Note: This table is NOT comprehensive. It provides a list of ports commonly referenced on CompTIA A+ and/or Security+ exams.
Remember that 0-1023 are considered “Well Known” or reserved ports, albeit their use has evolved significantly over the last two decades of Internet growth. Additional research on each of the ports listed will identify more details, specific or alternate uses, as well as both legacy and current application use. Once again, my attempt is to identify the ports as they are typically referenced within entry level CompTIA materials and exams – not necessarily as you will find them listed within a Wikipedia article.
I like to use SpeedGuide.net when researching additional port and transport information. The site library of port information is extremely comprehensive, including use by legacy and less known applications, as well as typical malware vulnerabilities. You can enter the site directly via the Port Database. Then select the Port number you wish to investigate. This site is particularly useful for information assisting you to secure your network since the Port Database identifies common attacks, bots, Trojans, and other malware exploitation of each targeting UDP or TCP traffic.
|1||ICMP (ping, etc.)||UDP|
|7||Echo (Wake-On-LAN alternate)||TCP/UDP; Fraggle Attack|
|9||WakeOnLan (formerly Discard)||TCP/UDP|
|19||Chrgen||TCP/UDP, Fraggle attack|
|22||SSH (SCP), SFTP||TCP|
|47||PPTP VPN (also port 1723)||TCP/UDP, typically called Ni-FTP|
|49||TACACs+||TCP (vulnerable on UDP)|
|50||ESP/IPSEC`||TCP (formerly re-mail-ck)|
|67||DHCP Server (former Bootstrap)||UDP|
|68||DHCP Client (former Bootstrap)||UDP|
|69||TFTP||UDP, Transfer via random ephemeral ports|
|80||HTTP||TCP (often redirected to 81, 8080, 8081)|
|135||RPC /DCE endpoint mapper||TCP/UDP|
|137||WINS (Netbios Name Service)||TCP/UDP|
|138||Netbios Datagram Service||TCP/UDP|
|139||SMB (Server Message Block)Also Netbios Session Service||SMB over NetbiosTCP/UDP|
|445||SMB||SMB over TCP (No need for Netbios layer)|
|500||IPSEC: IKE /ISAKMP||UDP/TCP|
|636||Secured LDAP (LDAPS)||TCP|
|989||FTPS FTP over TLS/SSL DATA||TCP/UDP|
|990||FTPS FTP over TLS/SSL Control||TCP/UDP|
|991||FTPS (seldom referenced); was Netnews Administration||TCP|
|4500||IPSEC: IKE /ISAKMP||UDP|
For those of you taking the Security+ exam, you might want to take a closer look at IPSEC which I will likely cover in more detail in a separate blog. Multiple ports are associated with IPSEC. Here is a quick overview:
|IPSec (VPN tunneling) uses the following ports:|
50 – Encapsulation Header (ESP)
51 – Authentication Header (AH)
500/udp – Internet Key Exchange (IKE)
4500/udp – NAT traversal
500/tcp – sometimes used for IKE over TCP
Good luck with your certification preparations.
Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 10, Windows 7, Windows 8.1 and CompTIA classes in Phoenix, Arizona.