Secure peace of mind with Cyber Legion—Your Trusted Cybersecurity Partner.

Speak With a Security Expert

Elevate your cybersecurity posture with our expert and strategic security solutions

Experience the assurance of CREST Certified Penetration Testing services

Understanding Common Protocols in Information Technology

Understanding Common Protocols In Information Technology

In the vast and ever-changing field of information technology, understanding common protocols is essential. This post provides a comprehensive list of common protocols, including HTTP, DNS, TCP/IP, SMTP, FTP, and more.

In the field of information technology, protocols are the foundation for communication between different devices and systems. Understanding common protocols is essential for any IT professional, whether you’re just starting or have years of experience. This post provides a comprehensive list of common protocols and their descriptions to help you develop a strong foundation in the field.

One of the most widely used protocols is the Hypertext Transfer Protocol (HTTP). This client-server protocol is used for sending and receiving data over the internet, and it is the basis for the World Wide Web. Similarly, the Domain Name System (DNS) is a protocol used for translating domain names into IP addresses, making it easier to access websites and other online resources.

The Transmission Control Protocol/Internet Protocol (TCP/IP) is another essential protocol used in computer networks. It allows devices to communicate with each other and is responsible for breaking data into packets for transmission and reassembling them at the destination. Simple Mail Transfer Protocol (SMTP) is another common protocol used for sending and receiving email messages.

File Transfer Protocol (FTP) is a network protocol used for transferring files between computers. It is commonly used for downloading software, updates, and other files from the internet. Additionally, the Post Office Protocol version 3 (POP3) is a protocol used for retrieving email messages from a mail server.

Other common protocols include Simple Network Management Protocol (SNMP), which is used for managing network devices, and Telnet, which allows remote access to a computer or device. The User Datagram Protocol (UDP) is a protocol that allows messages to be sent without establishing a connection, making it ideal for real-time communication and video streaming.

By understanding these common protocols and their functions, you can develop a solid foundation in the field of information technology. This will enable you to troubleshoot and solve problems more effectively, and communicate more efficiently with other IT professionals. Whether you’re just starting or have years of experience, it’s important to stay up-to-date with the latest protocols and technology to ensure success in this rapidly evolving field.

List of Common Protocols In Information Technology

As a result, TCP is reliable but slower than UDP because it requires additional overhead for establishing and maintaining the connection.

ProtocolAcronymPortDescription
TelnetTelnet23Remote login service
Secure ShellSSH22Secure remote login service
Simple Network Management ProtocolSNMP161-162Manage network devices
Hyper Text Transfer ProtocolHTTP80Used to transfer webpages
Hyper Text Transfer Protocol SecureHTTPS443Used to transfer secure webpages
Domain Name SystemDNS53Lookup domain names
File Transfer ProtocolFTP20-21Used to transfer files
Trivial File Transfer ProtocolTFTP69Used to transfer files
Network Time ProtocolNTP123Synchronize computer clocks
Simple Mail Transfer ProtocolSMTP25Used for email transfer
Post Office ProtocolPOP3110Used to retrieve emails
Internet Message Access ProtocolIMAP143Used to access emails
Server Message BlockSMB445Used to transfer files
Network File SystemNFS1112049Used to mount remote systems
Bootstrap ProtocolBOOTP6768Used to bootstrap computers
KerberosKerberos88Used for authentication and authorization
Lightweight Directory Access ProtocolLDAP389Used for directory services
Remote Authentication Dial-In User ServiceRADIUS18121813Used for authentication and authorization
Dynamic Host Configuration ProtocolDHCP6768Used to configure IP addresses
Remote Desktop ProtocolRDP3389Used for remote desktop access
Network News Transfer ProtocolNNTP119Used to access newsgroups
Remote Procedure CallRPC135137-139Used to call remote procedures
Identification ProtocolIdent113Used to identify user processes
Internet Control Message ProtocolICMP0-255Used to troubleshoot network issues
Internet Group Management ProtocolIGMP0-255Used for multicasting
Oracle DB (Default/Alternative) Listeneroracle-tns1521/1526The Oracle database default/alternative listener is a service that runs on the database host and receives requests from Oracle clients.
Ingres Lockingreslock1524Ingres database is commonly used for large commercial applications and as a backdoor that can execute commands remotely via RPC.
Squid Web Proxyhttp-proxy3128Squid web proxy is a caching and forwarding HTTP web proxy used to speed up a web server by caching repeated requests.
Secure Copy ProtocolSCP22Securely copy files between systems
Session Initiation ProtocolSIP5060Used for VoIP sessions
Simple Object Access ProtocolSOAP80443Used for web services
Secure Socket LayerSSL443Securely transfer files
TCP WrappersTCPW113Used for access control
Network Time ProtocolNTP123Synchronize computer clocks
Internet Security Association and Key Management ProtocolISAKMP500Used for VPN connections
Microsoft SQL Serverms-sql-s1433Used for client connections to the Microsoft SQL Server.
Kerberized Internet Negotiation of KeysKINK892Used for authentication and authorization
Open Shortest Path FirstOSPF520Used for routing
Point-to-Point Tunneling ProtocolPPTP1723Is used to create VPNs
Remote ExecutionREXEC512This protocol is used to execute commands on remote computers and send the output of commands back to the local computer.
Remote LoginRLOGIN513This protocol starts an interactive shell session on a remote computer.
X Window SystemX116000It is a computer software system and network protocol that provides a graphical user interface (GUI) for networked computers.
Relational Database Management SystemDB250000RDBMS is designed to store, retrieve and manage data in a structured format for enterprise applications such as financial systems, customer relationship management (CRM) systems.

User Datagram Protocol

On the other hand, UDP is a connectionless protocol, which means it does not establish a virtual connection before transmitting data. Instead, it sends the data packets to the destination without checking to see if they were received.

For example, when we stream or watch a video on a platform like YouTube, the video data is transmitted to our device using UDP. This is because the video can tolerate some data loss, and the transmission speed is more important than the reliability. If a few packets of video data are lost along the way, it will not significantly impact the overall quality of the video. This makes UDP faster than TCP but less reliable because there is no guarantee that the packets will reach their destination.

ProtocolAcronymPortDescription
Domain Name SystemDNS53It is a protocol to resolve domain names to IP addresses.
Trivial File Transfer ProtocolTFTP69It is used to transfer files between systems.
Network Time ProtocolNTP123It synchronizes computer clocks in a network.
Simple Network Management ProtocolSNMP161It monitors and manages network devices remotely.
Routing Information ProtocolRIP520It is used to exchange routing information between routers.
Internet Key ExchangeIKE500Internet Key Exchange
Bootstrap ProtocolBOOTP68It is used to bootstrap hosts in a network.
Dynamic Host Configuration ProtocolDHCP67It is used to assign IP addresses to devices in a network dynamically.
TelnetTELNET23It is a text-based remote access communication protocol.
MySQLMySQL3306It is an open-source database management system.
Terminal ServerTS3389It is a remote access protocol used for Microsoft Windows Terminal Services by default.
NetBIOS Namenetbios-ns137It is used in Windows operating systems to resolve NetBIOS names to IP addresses on a LAN.
Microsoft SQL Serverms-sql-m1434Used for the Microsoft SQL Server Browser service.
Universal Plug and PlayUPnP1900It is a protocol for devices to discover each other on the network and communicate.
PostgreSQLPGSQL5432It is an object-relational database management system.
Virtual Network ComputingVNC5900It is a graphical desktop sharing system.
X Window SystemX116000-6063It is a computer software system and network protocol that provides GUI on Unix-like systems.
SyslogSYSLOG514It is a standard protocol to collect and store log messages on a computer system.
Internet Relay ChatIRC194It is a real-time Internet text messaging (chat) or synchronous communication protocol.
OpenPGPOpenPGP11371It is a protocol for encrypting and signing data and communications.
Internet Protocol SecurityIPsec500IPsec is also a protocol that provides secure, encrypted communication. It is commonly used in VPNs to create a secure tunnel between two devices.
Internet Key ExchangeIKE11371It is a protocol for encrypting and signing data and communications.
X Display Manager Control ProtocolXDMCP177XDMCP is a network protocol that allows a user to remotely log in to a computer running the X11.

ICMP

Internet Control Message Protocol (ICMP) is a protocol used by devices to communicate with each other on the Internet for various purposes, including error reporting and status information. It sends requests and messages between devices, which can be used to report errors or provide status information.

ICMP Requests

A request is a message sent by one device to another to request information or perform a specific action. An example of a request in ICMP is the ping request, which tests the connectivity between two devices. When one device sends a ping request to another, the second device responds with a ping reply message.

ICMP Messages

A message in ICMP can be either a request or a reply. In addition to ping requests and responses, ICMP supports other types of messages, such as error messages, destination unreachable, and time exceeded messages. These messages are used to communicate various types of information and errors between devices on the network.

For example, if a device tries to send a packet to another device and the packet cannot be delivered, the device can use ICMP to send an error message back to the sender. ICMP has two different versions:

  • ICMPv4: For IPv4 only
  • ICMPv6: For IPv6 only

ICMPv4 is the original version of ICMP, developed for use with IPv4. It is still widely used and is the most common version of ICMP. On the other hand, ICMPv6 was developed for IPv6. It includes additional functionality and is designed to address some of the limitations of ICMPv4.

Request TypeDescription
Echo RequestThis message tests whether a device is reachable on the network. When a device sends an echo request, it expects to receive an echo reply message. For example, the tools tracert (Windows) or traceroute (Linux) always send ICMP echo requests.
Timestamp RequestThis message determines the time on a remote device. <
Address Mask RequestThis message is used to request the subnet mask of a device.
Message TypeDescription
Echo replyThis message is sent in response to an echo request message.
Destination unreachableThis message is sent when a device cannot deliver a packet to its destination.
RedirectA router sends this message to inform a device that it should send its packets to a different router.
time exceededThis message is sent when a packet has taken too long to reach its destination.
Parameter problemThis message is sent when there is a problem with a packet’s header.
Source quenchThis message is sent when a device receives packets too quickly and cannot keep up. It is used to slow down the flow of packets.

Another crucial part of ICMP for us is the Time-To-Live (TTL) field in the ICMP packet header that limits the packet’s lifetime as it travels through the network. It prevents packets from circulating indefinitely on the network in the event of routing loops. Each time a packet passes through a router, the router decrements the TTL value by 1. When the TTL value reaches 0, the router discards the packet and sends an ICMP Time Exceeded message back to the sender.

We can also use TTL to determine the number of hops a packet has taken and the approximate distance to the destination. For example, if a packet has a TTL of 10 and takes 5 hops to reach its destination, it can be inferred that the destination is approximately 5 hops away. For example, if we see a ping with the TTL value of 122, it could mean that we are dealing with a Windows system (TTL 128 by default) that is 6 hops away.

However, it is also possible to guess the operating system based on the default TTL value used by the device. Each operating system typically has a default TTL value when sending packets. This value is set in the packet’s header and is decremented by 1 each time the packet passes through a router. Therefore, examining a device’s default TTL value makes it possible to infer which operating system the device is using. For example: Windows systems (2000/XP/2003/Vista/10) typically have a default TTL value of 128, while macOS and Linux systems typically have a default TTL value of 64 and Solaris’ default TTL value of 255. However, it is important to note that the user can change these values, so they should be independent of a definitive way to determine a device’s operating system.


VoIP

Voice over Internet Protocol (VoIP) is a method of transmitting voice and multimedia communications. For example, it allows us to make phone calls using a broadband internet connection instead of a traditional phone line, like Skype, Whatsapp, Google Hangouts, Slack, Zoom, and others.

The most common VoIP ports are TCP/5060 and TCP/5061, which are used for the Session Initiation Protocol (SIP). However, the port TCP/1720 may also be used by some VoIP systems for the H.323 protocol, a set of standards for multimedia communication over packet-based networks. Still, SIP is more widely used than H.323 in VoIP systems.

Nevertheless, SIP is a signaling protocol for initiating, maintaining, modifying, and terminating real-time sessions involving video, voice, messaging, and other communications applications and services between two or more endpoints on the Internet. Therefore, it uses requests and methods between the endpoints. The most common SIP requests and methods are:

MethodDescription
INVITEInitiates a session or invites another endpoint to participate.
ACKConfirms the receipt of an INVITE request.
BYETerminate a session.
CANCELCancels a pending INVITE request.
REGISTERRegisters a SIP user agent (UA) with a SIP server.
OPTIONSRequests information about the capabilities of a SIP server or user agent, such as the types of media it supports.

Information Disclosure

However, SIP allows us to enumerate existing users for potential attacks. This can be done for various purposes, such as determining a user’s availability, finding out information about the user’s capabilities or services, or performing brute-force attacks on user accounts later on.

One of the possible ways to enumerate users is the SIP OPTIONS request. It is a method used to request information about the capabilities of a SIP server or user agents, such as the types of media it supports, the codecs it can decode, and other details. The OPTIONS request can probe a SIP server or user agent for information or test its connectivity and availability.

More To Explore