A plus 220-1001 – Exam Objective 2.1

A+ Exam Objective 2.1

A plus 220-1001 – Exam Objective 2.1 – Compare and contrast TCP and UDP ports, protocols, and their purposes.

In this installment of ExamNotes, we will look at A plus 220-1001 Exam Objective 2.1 “Compare and contrast TCP and UDP ports, protocols, and their purposes”.
In the objectives, TCP vs. UDP is listed last. This topic should really be listed before protocols and ports in order to best help you understand what to expect when you use a particular protocol in terms of performance and reliability. That is why this review is starting with the last item on the list: TCP vs. UDP.


TCP (Transmission Control Protocol) is a protocol that rides on top of the IP protocol (Internet Protocol) and is designed to address the reliability issues of IP, which is inherently unreliable. This is the main reason why you see the TCP/IP protocol suite referenced as a single protocol in internet communication.

TCP is responsible for the connection and the continuity necessary for reliable communication on any network, most notably the Internet. TCP opens a reliable “socket” on each end of the transmission throughout the entire communication. To effectively do this, TCP needs to know the IP addresses and ports of both the client and the server. This action is known as connection-oriented and can be viewed much like a traditional telephone call consisting of the following actions: pickup, dial, connect, chat and hang up. This is why Port/Protocol information is significant.

table showing the IPv6 prefix
IPv6 prefix

With the connection sockets established, TCP becomes responsible for breaking the data into packets of up to 64K, however, the lower-level protocols that use TCP have much lower maximum packet sizes such as 1500K for Ethernet. TCP breaks the data down to the necessary size and adds its header. TCP is also responsible for delivery, meaning that all failed packets are retransmitted and that the packets arrive intact in the correct sequence. Most importantly each packet receipt is acknowledged, referred to as ACK. If it isn’t acknowledged, the packet will be retransmitted. In the end, all data is delivered to the correct host in sequence and complete.

UDP (User Datagram Protocol) is an unreliable, connectionless delivery system for communication that also rides on top of IP. The difference with UDP is that the packets are all individual and are all handled separately. This negates the flow control and other checks and balances offered by TCP. This means no solid connection, no inter-packet relationship like in the case of TCP where a packet will say “I’m the 7th packet of 90” to the system. This also means no error control and no acknowledgment of packet receipt let alone dropped or lost packets. The sender has no information as to whether their communication was received or not.

So why use UDP? UDP is fast due to the lack of ACK. UDP data streams continuously to the destination, regardless of whether the receiver is ready or not. TCP sends, waits for the ACK, then sends more. This could add a substantial amount of time to large transmissions.

Port Numbers and Protocols

We will list the related ports and protocols as they are listed in the A+ objectives. To download the objectives for A+ 1001 click here.

Screenshot showing TCP & OSI Layers vs. Protocols for Network+ N10-007 Exam sub-objective 1.1 "Explain the purposes and uses of ports and protocols."
TCP & OSI Layers vs. Protocols

21 – FTP

The File Transfer Protocol (FTP) is used in a client/server configuration to transfer files. FTP can operate in active or passive mode and uses TCP to control the connection. In active mode, the connection is initiated by the client and informs the server about which port it intends to use to receive data. In active mode (although port 21 is used for command and control), the data will be sent out on port 20 which serves as the FTP server’s data port. Passive mode is used in situations where inbound client TCP connections are not possible. Firewalls generally block inbound connections by default. In this case, the client sends a PASV command to the server and the server determines which client port can be used for the transfer.

22 – SSH

Secure Shell (SSH) opens a secure network channel over an unsecured network using public key cryptography, providing confidentiality and integrity for network services. This makes SSH a cryptographic network protocol. SSH is used to secure remote network logins and other confidential data. Passwords cannot be intercepted because encryption is established before the login is required.


Developed in the late ’60s, Telnet was designed to support remote logins and communication between computers during what was a “kinder and gentler” time for networks. Telnet provides a functional command prompt on the remote host. However, these communication channels are in plaintext making them subject to interception. This is not acceptable for today’s networks and the internet. Since Telnet does not encrypt data, SSH has generally replaced Telnet for these connections.

25 – SMTP

The Simple Mail Transport Protocol (SMTP) uses TCP port 25 for internet mail transmission. SMTP is an internet standard protocol. Due to the proliferation of SPAM and other email-related vulnerabilities, other ports can be used for SMTP, most notably port 587. A secure, nonstandard implementation of this protocol is SMTPS. SMTPS is quite effective because it is one of the protocols that can utilize SSL. SMTP is responsible for the transmission of email between servers and for sending email from a client. Other protocols are used by the client to receive email.

53 – DNS

The Domain Name System (DNS) is mostly known for its function of translating friendly domain name URLs such as www.mysite.com into its actual IP address which are much more difficult for humans to remember (think IPv6!).

DNS uses the two protocols TCP and UDP on port 53. DNS servers update themselves by maintaining a list of known host-to-address translations in a distributed database while also receiving and adding unknown or moved domains. This supports the hierarchical nature of domain naming of domains and sub-domains. Each domain has a designated authoritative name server that manages the domains and sub-domains. The name server also communicates that information to the database.

80 – HTTP

Web Browsers use the Hypertext Transfer Protocol (HTTP) for internet communications. HTTP can be considered the foundation of the World Wide Web. HTTP uses the client/server method where a client uses a Uniform Resource Locator (URL) to locate and request information from the target server of the resource. The response is more often than not an HTML page.

A typical URL begins with http:// (or increasingly https://) followed by the Fully Qualified Domain Name (FQDN) of the desired resource. URLs to websites can be distributed between parties using clickable links called hyperlinks, named in reference to the hypertext communication being used. HTTP uses TCP/UDP port 80 and sends unencrypted data by default. This is inherently un-secure.

110 – POP3

Receiving email is done over several different protocols. There are two main protocols available depending on your service. The first is Post Office Protocol (POP) with the latest version being POP3. This protocol uses port 110 by default and is responsible for the management of messages on the server (saving and deleting). Deleting the message after delivery is the default mode. Leaving messages on the server is useful if you use multiple devices for messaging.

143 – IMAP

Today’s email user is probably using email over a collection of devices including Tablets, Smartphones, and Laptops. If your smartphone downloads and deletes a work-related email (POP3 default), you will have a problem when you check email on your PC or laptop. The Internet Message Access Protocol (IMAP) on TCP port 143 solves this problem by leaving the messages on the server regardless of the delivery status. Every device that checks the server will get the email. This is great unless you get spammed a lot. If 18 out of 20 emails are junk, your server space will fill up quite quickly. This calls for closer scrutiny of the undeleted messages on your server. You have to move spam emails to the trash folder and purge it or configure the client to purge trash. Despite this, IMAP is the preferred client messaging protocol.

3389 – RDP

This is for the old-timers that used Telnet and then Terminal Services. From Windows XP onward, the Remote Desktop Connection (RDC) was available. Using the Remote Desktop Protocol (RDP) on TCP/UDP port 3389, RDC is able to bring a fully functional remote machine’s desktop and its programs to your device. This requires that the client and server software be configured on Microsoft products but versions of Remote Desktop are available for most OS’s.

137-139 NetBIOS/NetBT

Server Message Block (SMB) predates Active Directory and was the foundation of Microsoft’s Windows for Workgroups networking capability. Based on NetBIOS, SMB can run on UDP ports 137 and 138, and TCP ports 137 and 139 as NetBIOS over TCP/IP (NetBT).

445 – SMB/CIFS

Server Message Block (SMB) runs directly on TCP port 445. While being one of the oldest networking protocols, it has been continuously improved. The 3.0 version implemented with Windows 8 (3.02 in 8.1) supports improved performance in virtualized data centers. It is pervasive in many network applications and embedded devices. However, newer versions support end-to-end AES encryption. The Windows 10 version of SMB, version 3.1.1, requires secure negotiation when connecting to earlier versions. You may also see this service named as Common Internet File System (CIFS) or Samba depending on the operating system.

427 – SLP

SLP was designed to help networks grow from small networks to large enterprise networks. Operating on port 427 the (Service Location Protocol), SLP allows clients to locate servers and services on the network.

548 – AFP

Apple File Protocol (AFP) version 3.0 and higher use TCP/IP ports 548 or 427 to support the proprietary Apple sharing protocol. This protocol uses URLs with the structure afp//server/path. At the time of this writing, AFP is migrating to SMB. This is probably not covered in the scope of the objectives.

67-68 – DHCP

The Dynamic Host Configuration Protocol (DHCP) has saved years of man-hours and countless misconfigurations. As the most common IPv4 or IPv6 TCP/IP addressing method, DHCP is responsible for complete client configuration on a TCP/IP network. On a work network, there is usually an assigned DHCP server. Residential or SOHO implementations use the router provided by the ISP to perform this function. DHCP assigns or leases a unique IP address to each host. The duration of the lease is determined by the network administrator or is weekly by default. DHCP will also define the internet gateway and Domain Name Server to be used. This means that your machine may not get the same IP address when rebooted or otherwise disconnected. However, the DNS and Gateway settings will remain.

The DHCP server has an available pool of IP addresses available to assign to clients (hosts) that attempt to connect to the network. The client broadcasts a UDP discovery packet for an address to all connected networks. All DHCP servers will offer an address to the client. The client will then accept the offer from the nearest server by requesting a lease. That server will lease that address to the client. The address assignment process is identical for both IPv4 and IPv6 addressing. For the sake of consistency, the ports used are UDP 67 for the server and UDP 68 for the client.

389 – LDAP

Think of the Lightweight Directory Access Protocol (LDAP) as a phonebook for network services. The protocol serves to maintain and provide access to a distributed directory of the users, applications, available network services, and systems throughout an IP network.

Based on the x.500 standard’s directory, services using the Directory Access Protocol (DAP), which relied on the 7 layer OSI model, LDAP uses only a portion of the x.500 standard set and uses the newer and more relevant four layer Internet protocol suite on port TCP/UDP 389 at the application layer. By containing all the required network information, including users and their credentials, LDAP servers can be used to quickly validate user access. LDAP can precisely fulfill specific and detailed responses to queries about the network. The more details specified in the request, the more concise the response. In addition to its own Distinguished Name (DN) object identification, LDAP can ask DNS servers to locate other LDAP servers.

161-162– SNMP

As one of the more popular network management protocols, Simple Network Management Protocol (SNMP) is used to monitor and configure network nodes such as printers, hosts, routers, and servers on TCP/UDP ports 161 and 162 using a network manager. SNMP agent software is used on the nodes to enable monitoring.

That’s all for A plus 220-1001 – Exam Objective 2.1. Stay with it! Good luck with the test!

Click here to go back to the A+ Main Domain 2.0 Table of Content

Reasons given in a survey by employers for requiring certification.
Reasons given by employers for requiring certification.

By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.