TCP, UDP Ports, and ICMP Message Types1

Similar documents
Addresses, Protocols, and Ports Reference

Addresses, Protocols, and Ports

Addresses, Protocols, and Ports

Network-Based Application Recognition

Extended ACL Configuration Mode Commands

1 of 5 5/19/05 9:48 AM

TCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER

IP Services Commands. Network Protocols Command Reference, Part 1 P1R-95

IP Services Commands. Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services IP1R-157

D Commands. Send document comments to This chapter describes the Cisco NX-OS security commands that begin with D.

Global Information Assurance Certification Paper

Access List Commands

This appendix contains job aids and supplements for the following topics: Extending IP Addressing Job Aids Supplement 1: Addressing Review Supplement

A Commands CHAPTER. Commands that are identical to those documented in the Cisco IOS software documentation have been removed from this chapter.

Protocol Filters APPENDIX

Download the latest version of the DNS2Go Client from:

Access List Commands

Access List Commands

Introduction to Networking

Supported services. 21/tcp FTP File transfer. 22/tcp SSH Secure shell. 23/tcp Telnet Terminal access. 37/tcp Time Time. 80/tcp HTTP WWW pages

Legal and notice information

Preface to the First Edition Preface to the Second Edition Acknowledgments UNIX Operating System Environment p. 1 UNIX: Past and Present p.

This appendix contains job aids and supplementary information that cover the following topics:

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Cisco Application Control Engine Module Security Configuration Guide

Hands-On Ethical Hacking and Network Defense

Network+ Week 5: Introduction to TCP/IP

Global Information Assurance Certification Paper

Static Application Mapping Using Performance Routing

BGP. bgp. Name/CLI Keyword. Border Gateway Protocol. Full Name

VB Socket Visual Basic socket implementation

HP ArcSight Port and Protocol Information

Default Application Policies

Granular Protocol Inspection

Nessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT

HP Firewalls and UTM Devices

NAT and Firewall ALG Support on Cisco ASR 1000 Series Aggregation Services Routers

Port Utilization in Unified CVP

Certified Vulnerability Assessor

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

OmniPeek Report: 21/01/ :17:00. Start: 21/01/ :16:06, Duration: 00:00:33. Total Bytes: , Total Packets: 5274

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Platform Settings for Firepower Threat Defense

NBAR2 Standard Protocol Pack 1.0

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

CSE 265: System and Network Administration

OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300

Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

IPv6. Copyright 2017 NTT corp. All Rights Reserved. 1

Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.

Lecture Overview. INF5290 Ethical Hacking. Lecture 4: Get in touch with services. Where are we in the process of ethical hacking?

INF5290 Ethical Hacking. Lecture 4: Get in touch with services. Universitetet i Oslo Laszlo Erdödi

Introduction to TCP/IP

General Terms Node - File Permissions - file permissions file

General Important Protocols for Examination of IA Examination 2018

TCP/IP Fundamentals. Introduction. Practice Practice : Name. Date Period

Chapter 6 Global CONFIG Commands

IP version 6. The not so new next IP version. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam.

Introduction to routing in the Internet

01/17/08 TDC /17/08 TDC363-03

K2289: Using advanced tcpdump filters

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Project 4: Penetration Test

Configuring Routes on the ACE

Appendix B Policies and Filters

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Computer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University

ICS 351: Networking Protocols

Network Monitoring. Contents

Using the Command Line Interface

Operational Security Capabilities for IP Network Infrastructure

Network: infrastructure (hard/software) that enables endpoints (hosts) to communicate

Internet Applications II

Computer Network Programming. The Transport Layer. Dr. Sam Hsu Computer Science & Engineering Florida Atlantic University

Configuring System and Message Logging

Packet Capture. Using the Debug Facility. Information About Using the Debug Facility

OER Commands. November Cisco IOS Optimized Edge Routing Command Reference OER-3

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Global Information Assurance Certification Paper

Topics for This Week

Sample Business Ready Branch Configuration Listings

LINUX ADMINISTRATION TYBSC-IT SEM V

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Introduction to the Cisco Broadband Operating System

Personal Firewall Default Rules and Components

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

Inforland

Context Based Access Control (CBAC): Introduction and Configuration

ch02 True/False Indicate whether the statement is true or false.

Nsauditor White Paper. Abstract

Dell EMC OpenManage Version Port Information Guide. Version 9.1

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Systrome Next Gen Firewalls

1/18/13. Network+ Guide to Networks 5 th Edition. Objectives. Chapter 10 In-Depth TCP/IP Networking

INFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY

AutoSecure. Finding Feature Information. Last Updated: January 18, 2012

LESSON 3 PORTS AND PROTOCOLS

Chapter 4 Lab A: Configuring CBAC and Zone-Based Firewalls

Transcription:

Appendix A APPENDIX A TCP, UDP Ports, and ICMP Message Types1 I list useful TCP, UDP ports, and ICMP message types in this appendix. A comprehensive list of registered TCP and UDP services may be found at http://www.iana.org/ assignments/port-numbers. The nmap-services list of ports provided with Nmap is also a good reference, particularly for backdoors and other unregistered services. TCP Ports TCP ports of interest from a remote security assessment perspective are listed in Table A-1. I have included references to chapters within this book, along with other details that I deem appropriate, including MITRE CVE references to known issues. Table A-1. TCP ports 1 tcpmux TCP port multiplexer, indicates the host is running IRIX 11 systat System status service 15 netstat Network status service 21 ftp File Transfer Protocol (FTP) service; see Chapter 8 22 ssh Secure Shell (SSH); see Chapter 8 23 telnet Telnet service; see Chapter 8 25 smtp Simple Mail Transfer Protocol (SMTP); see Chapter 11 42 wins Microsoft WINS name service; see Chapter 5 43 whois WHOIS service; see Chapter 3 53 domain Domain Name Service (DNS); see Chapter 5 79 finger Finger service, used to report active users; see Chapter 5 80 http Hypertext Transfer Protocol (HTTP); see Chapter 6 88 kerberos Kerberos distributed authentication mechanism 98 linuxconf Linuxconf service, remotely exploitable under older Linux distributions; see CVE-2000-0017 109 pop2 Post Office Protocol 2 (POP2), rarely used 415

Table A-1. TCP ports (continued) 110 pop3 Post Office Protocol 3 (POP3); see Chapter 11 111 sunrpc RPC portmapper (also known as rpcbind); see Chapter 13 113 auth Authentication service (also known as identd); see Chapter 5 119 nntp Network News Transfer Protocol (NNTP) 135 loc-srv Microsoft RPC server service; see Chapter 10 139 netbios-ssn Microsoft NetBIOS session service; see Chapter 10 143 imap Internet Message Access Protocol (IMAP); see Chapter 11 179 bgp Border Gateway Protocol (BGP), found on routing devices 264 fw1-sremote Check Point SecuRemote VPN service (FW-1 4.1 and later); see Chapter 12 389 ldap Lightweight Directory Access Protocol (LDAP); see Chapter 5 443 https SSL-wrapped HTTP web service; see Chapter 6 445 cifs Common Internet File System (CIFS); see Chapter 10 464 kerberos Kerberos distributed authentication mechanism 465 ssmtp SSL-wrapped SMTP mail service; see Chapter 11 512 exec Remote execution service (in.rexecd); see Chapter 8 513 login Remote login service (in.rlogind); see Chapter 8 514 shell Remote shell service (in.rshd); see Chapter 8 515 printer Line Printer Daemon (LPD) service; commonly exploitable under Linux and Solaris 540 uucp Unix-to-Unix copy service 554 rtsp Real Time Streaming Protocol (RTSP) service, vulnerable to a serious remote exploit; see CVE- 2003-0725 593 http-rpc Microsoft RPC over HTTP port; see Chapter 10 636 ldaps SSL-wrapped LDAP service; see Chapter 5 706 silc Secure Internet Live Conferencing (SILC) chat service 873 rsync Linux rsync service, remotely exploitable in some cases; see CVE-2002-0048 993 imaps SSL-wrapped IMAP mail service; see Chapter 11 994 ircs SSL-wrapped Internet Relay Chat (IRC) service 995 pop3s SSL-wrapped POP3 mail service; see Chapter 11 1080 socks SOCKS proxy service 1352 lotusnote Lotus Notes service 1433 ms-sql Microsoft SQL Server; see Chapter 9 1494 citrix-ica Citrix ICA service; see Chapter 8 1521 oracle-tns Oracle TNS Listener; see Chapter 9 416 Appendix A: TCP, UDP Ports, and ICMP Message Types

Table A-1. TCP ports (continued) 1526 oracle-tns Alternate Oracle TNS Listener port; see Chapter 9 1541 oracle-tns Alternate Oracle TNS Listener port; see Chapter 9 1720 videoconf H.323 video conferencing service 1723 pptp Point-to-Point Tunneling Protocol (PPTP); see Chapter 12 1999 cisco-disc Discovery port found on Cisco IOS devices 2301 compaq-dq Compaq diagnostics HTTP web service 2401 cvspserver Unix CVS service, vulnerable to a number of attacks 2433 ms-sql Alternate Microsoft SQL Server port; see Chapter 9 2638 sybase Sybase database service 3128 squid SQUID web proxy service 3268 globalcat Active Directory Global Catalog service; see Chapter 5 3269 globalcats SSL-wrapped Global Catalog service; see Chapter 5 3306 mysql MySQL database service; see Chapter 9 3372 msdtc Microsoft Distributed Transaction Coordinator (MSDTC) 3389 ms-rdp Microsoft Remote Desktop Protocol (RDP); see Chapter 8 4110 wg-vpn WatchGuard branch office VPN service 4321 rwhois NSI rwhoisd service, remotely exploitable in some cases; see CVE-2001-0913 4480 proxy+ Proxy+ web proxy service 5000 upnp Windows XP Universal Plug and Play (UPNP) service 5432 postgres PostgreSQL database service 5631 pcanywhere pcanywhere service 5632 pcanywhere pcanywhere service 5800 vnc-http Virtual Network Computing (VNC) web service; see Chapter 8 5900 vnc VNC service; see Chapter 8 6000 x11 X Windows service; see Chapter 8 6103 backupexec VERTIAS Backup Exec service 6112 dtspcd Unix CDE window manager Desktop Subprocess Control Service Daemon (DTSPCD), vulnerable on multiple commercial platforms; see CVE-2001-0803 6588 analogx AnalogX web proxy 7100 font-service X Server font service 8890 sourcesafe Microsoft Source Safe service 9100 jetdirect HP JetDirect printer management port TCP Ports 417

UDP Ports UDP ports of interest from a remote security assessment perspective are listed in Table A-2. I have included references to chapters within this book, along with other details that I deem appropriate, including MITRE CVE references to known issues. Table A-2. UDP ports 53 domain Domain Name Service (DNS); see Chapter 5 67 bootps BOOTP (commonly known as DHCP) server port 68 bootpc BOOTP (commonly known as DHCP) client port 69 tftp Trivial File Transfer Protocol (TFTP), a historically weak protocol used to upload configuration files to hardware devices 111 sunrpc RPC portmapper (also known as rpcbind); see Chapter 13 123 ntp Network Time Protocol (NTP); see Chapter 5 135 loc-srv Microsoft RPC server service; see Chapter 10 137 netbios-ns Microsoft NetBIOS name service; see Chapter 10 138 netbios-dgm Microsoft NetBIOS datagram service; see Chapter 10 161 snmp Simple Network Management Protocol (SNMP); see Chapter 5 445 cifs Common Internet File System (CIFS); see Chapter 10 500 isakmp IPsec key management service, used to maintain IPsec VPN tunnels; see Chapter 12 513 rwho Unix rwhod service; see Chapter 5 514 syslog Unix syslogd service for remote logging over a network 520 route Routing Information Protocol (RIP) service. BSD-derived systems, including IRIX, are susceptible to a routed trace file attack; see CVE-1999-0215 1434 ms-sql-ssrs SQL Server Resolution Service (SSRS); see Chapter 9 1900 upnp Universal Plug and Play (UPNP) service used by SOHO routers and other devices 2049 nfs Unix Network File System (NFS) server port; see Chapter 13 4045 mountd Unix NFS mountd server port; see Chapter 13 ICMP Message Types ICMP message types of interest from a remote security assessment perspective are listed in Table A-3. Both the message types and individual codes are listed, along with details of RFCs and other standards in which these message types are discussed. 418 Appendix A: TCP, UDP Ports, and ICMP Message Types

Table A-3. ICMP message types Type Code Notes 0 0 Echo reply (RFC 792) 3 0 Destination network unreachable 3 1 Destination host unreachable 3 2 Destination protocol unreachable 3 3 Destination port unreachable 3 4 Fragmentation required, but don t fragment bit was set 3 5 Source route failed 3 6 Destination network unknown 3 7 Destination host unknown 3 8 Source host isolated 3 9 Communication with destination network is administratively prohibited 3 10 Communication with destination host is administratively prohibited 3 11 Destination network unreachable for type of service 3 12 Destination host unreachable for type of service 3 13 Communication administratively prohibited (RFC 1812) 3 14 Host precedence violation (RFC 1812) 3 15 Precedence cutoff in effect (RFC 1812) 4 0 Source quench (RFC 792) 5 0 Redirect datagram for the network or subnet 5 1 Redirect datagram for the host 5 2 Redirect datagram for the type of service and network 5 3 Redirect datagram for the type of service and host 8 0 Echo request (RFC 792) 9 0 Normal router advertisement (RFC 1256) 9 16 Does not route common traffic (RFC 2002) 11 0 Time to live (TTL) exceeded in transit (RFC 792) 11 1 Fragment reassembly time exceeded (RFC 792) 13 0 Timestamp request (RFC 792) 14 0 Timestamp reply (RFC 792) 15 0 Information request (RFC 792) 16 0 Information reply (RFC 792) 17 0 Address mask request (RFC 950) 18 0 Address mask reply (RFC 950) 30 0 Traceroute (RFC 1393) ICMP Message Types 419

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback