High-Yield Ports and Protocols Table
Key Takeaways
- Port questions usually test the service, transport protocol, secure alternative, or troubleshooting implication.
- Know common administrative, web, name resolution, email, file transfer, directory, and monitoring ports.
- TCP is connection-oriented; UDP is common for low-overhead queries, streaming, and discovery.
- Secure replacements such as HTTPS, SSH, SFTP, SNMPv3, and LDAPS are common exam cues.
- When a service fails, check DNS, reachability, port filtering, service status, and authentication in order.
Last updated: April 2026
High-Yield Ports and Protocols
Network+ N10-009 expects you to recognize common services by port, choose safer alternatives, and use port behavior during troubleshooting. Do not memorize the table as isolated trivia. Tie each port to a symptom.
Core Reference Table
| Service | Port | Transport | What it does | Exam cue |
|---|---|---|---|---|
| FTP data | 20 | TCP | File transfer data channel | Legacy clear-text file transfer |
| FTP control | 21 | TCP | File transfer commands | Use SFTP or FTPS when security is required |
| SSH | 22 | TCP | Secure remote shell and tunneling | Secure admin access |
| SFTP | 22 | TCP | File transfer over SSH | Secure replacement for FTP in many scenarios |
| Telnet | 23 | TCP | Clear-text remote shell | Avoid for secure administration |
| SMTP | 25 | TCP | Mail transfer between servers | Mail relay or outbound mail filtering |
| DNS | 53 | UDP/TCP | Name resolution and zone transfers | UDP for most queries, TCP for zone transfers and large responses |
| DHCP server | 67 | UDP | Server side of IPv4 address assignment | Client broadcasts discover |
| DHCP client | 68 | UDP | Client side of IPv4 address assignment | APIPA may indicate DHCP failure |
| TFTP | 69 | UDP | Simple file transfer | Device boot or config transfer, no built-in security |
| HTTP | 80 | TCP | Unencrypted web traffic | Redirect to HTTPS when possible |
| NTP | 123 | UDP | Time synchronization | Certificates, logs, and Kerberos depend on accurate time |
| SNMP | 161 | UDP | Monitoring queries | Prefer SNMPv3 for authentication and encryption |
| SNMP trap | 162 | UDP | Device-initiated alert | Monitoring alert from device to manager |
| LDAP | 389 | TCP/UDP | Directory queries | Directory lookup without TLS by default |
| HTTPS | 443 | TCP | Encrypted web traffic | Web app, API, or secure management page |
| SMB | 445 | TCP | Windows file and printer sharing | File share access or blocked lateral movement |
| Syslog | 514 | UDP/TCP | Log forwarding | Centralized log collection |
| LDAPS | 636 | TCP | LDAP over TLS | Secure directory queries |
| IMAP over TLS | 993 | TCP | Secure mailbox retrieval | Mail client retrieval |
| POP3 over TLS | 995 | TCP | Secure mailbox retrieval | Download-style mail retrieval |
| RDP | 3389 | TCP/UDP | Remote desktop | Remote GUI administration; restrict exposure |
| SIP | 5060/5061 | TCP/UDP | Voice session signaling | VoIP call setup; 5061 commonly uses TLS |
Troubleshooting With Ports
| Symptom | Useful check |
|---|---|
| Website name fails before connecting | DNS on 53, resolver configuration, DNS records |
| Website resolves but browser times out | TCP 443 reachability, firewall logs, web service status |
| Device has APIPA address | DHCP broadcast path, relay, scope, VLAN, UDP 67/68 |
| Secure switch admin fails | SSH on 22, management ACL, local account or AAA |
| File share unavailable | SMB on 445, name resolution, firewall, share permissions |
| Monitoring shows no device metrics | SNMP version, community or credentials, ACL, UDP 161 |
Secure Alternatives
| Avoid when possible | Prefer | Why |
|---|---|---|
| Telnet | SSH | Encrypted remote administration |
| FTP | SFTP or FTPS | Protects credentials and file contents |
| HTTP login pages | HTTPS | Protects sessions and credentials |
| SNMPv1 or SNMPv2c | SNMPv3 | Adds authentication and encryption options |
| LDAP for sensitive queries | LDAPS or LDAP with StartTLS | Protects directory traffic |
Common Traps
- Assuming DNS is UDP only; TCP is used for zone transfers and some large responses.
- Confusing SSH and SFTP because both commonly use TCP 22.
- Treating a closed port as proof that routing is broken.
- Opening RDP or management services broadly instead of restricting source networks.
- Forgetting that application authentication can fail even when the port is reachable.
- Choosing Telnet or FTP when the question asks for secure management or transfer.
Test Your Knowledge
Which port is most commonly associated with SSH and SFTP?
A
B
C
D
Test Your Knowledge
A client has an APIPA address. Which service path should be checked first?
A
B
C
D
Test Your KnowledgeMulti-Select
Which are secure or more secure replacements for legacy clear-text options? Select three.
Select all that apply
SSH instead of Telnet
SFTP instead of FTP
HTTPS instead of HTTP for login pages
Telnet instead of SSH
FTP instead of SFTP