Beginner Networks Updated on Jun 25, 2025

Common protocols and ports — and their risks

Every network protocol was built to solve a specific problem. Understanding how it works reveals where it can be exploited — and how to protect it.

Essential ports and protocols

Port   21  → FTP        → file transfer (no encryption)
Port   22  → SSH        → secure remote shell
Port   23  → Telnet     → remote shell without encryption (avoid)
Port   25  → SMTP       → email delivery
Port   53  → DNS        → name resolution
Port   80  → HTTP       → web without TLS
Port  443  → HTTPS      → web with TLS
Port 3306  → MySQL      → database
Port 3389  → RDP        → Windows remote desktop

HTTP and HTTPS

HTTP sends everything in plain text. A network sniff exposes cookies, passwords, and content.

GET /login HTTP/1.1
Host: example.com
Cookie: session=abc123   ← visible without TLS

HTTPS wraps HTTP in TLS — encrypts the payload and authenticates the server via certificate.

Common risks: MITM on HTTP, TLS downgrade, ignoring invalid certificates.

DNS

Translates names (example.com) to IPs (93.184.216.34). Uses UDP/53 by default — no authentication.

Query:   who is example.com?
Answer:  93.184.216.34

Risks: cache poisoning, spoofing, data tunneling via TXT/A records. Defense: DNSSEC validates responses; DoH/DoT encrypts the query.

SSH

Encrypted remote shell. Authenticates via password or key pair.

ssh -i key.pem user@192.168.1.10

Risks: brute force on weak passwords, exposed private keys, old versions with known CVEs. Defense: key-only authentication, fail2ban, non-default port as an extra layer.

SMTP

Email delivery protocol. Port 25 between servers; 587 for client → server with auth.

Risks: open relay enables spam and phishing; missing SPF/DKIM/DMARC makes sender spoofing easy.

From: ceo@example.com   ← anyone can forge this without SPF/DKIM
To: finance@company.com
Subject: Urgent wire transfer

Defense: SPF in DNS, DKIM to sign messages, DMARC for rejection policy.

FTP and Telnet — protocols to avoid

Both transmit credentials in plain text. Replace FTP with SFTP or SCP; replace Telnet with SSH.

Wireshark capture — Telnet:
USER admin
PASS password123   ← exposed

Quick checklist by protocol

Protocol	Encrypted by default?	Secure alternative
HTTP	No	HTTPS
FTP	No	SFTP / FTPS
Telnet	No	SSH
DNS	No (default)	DoH / DoT
SMTP	Optional	Mandatory STARTTLS