Do ports only accept TCP/ IP OR UDP? (Nmap question...)

resilientresilient Posts: 14Member ■□□□□□□□□□
Hi All - I'm studying for CEH and I have a question about ports and port scanning: TCP + UDP....

1. TCP is connection oriented – once a connection is established, data can be sent bidirectional.
2. UDP
is a simpler, connectionless Internet protocol.

So, with that being said - are ports inherently programmed to accept one over the other? The reason I ask is because some nmap scans seem to be ONLY TCP or UDP specific. Thanks..

Comments

  • TechGuru80TechGuru80 Posts: 1,539Member ■■■■■□□□□□
    Can they run other ports? In some cases but basically assume they run on standard ports. See the below rfc as an example for SMTP.

    https://www.ietf.org/rfc/rfc3207.txt
  • IvDoggIvDogg Posts: 8Member ■□□□□□□□□□
    resilient wrote: »
    Hi All - I'm studying for CEH and I have a question about ports and port scanning: TCP + UDP....

    1. TCP is connection oriented – once a connection is established, data can be sent bidirectional.
    2. UDP
    is a simpler, connectionless Internet protocol.

    So, with that being said - are ports inherently programmed to accept one over the other? The reason I ask is because some nmap scans seem to be ONLY TCP or UDP specific. Thanks..

    I can see a lot of ways to answer this questions, but I think I understand what you're getting at....

    There are 65536 ports (including 0) for each L4 protocol (i.e. TCP port 80 & UDP Port 80).

    Your layer 3 header (byte 9) will identify what the higher layer protocol is for the packet (i.e. TCP/UDP/ICMP/etc). Google image IP header to SEE what I'm referring to.

    NMAP is a whole 'nother can of worms as to how it enumerates ports. As a start, if you turn the "--reason" switch on (I think) for your NMAP scan, it will hopefully tell you why it returned a particular result for the port scan.

    -Ivan
  • bamahonkybamahonky Posts: 52Member ■■□□□□□□□□
    You can scan with options. -sT runs TCP connection scans and -sU can scan for UPD Ports. That is just some basic pieces of a command.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,504Admin Admin
    There are 65535 TCP ports and 65535 UDP ports per network interface in a conventional TCP/IP stack.

    These ports only exist at the Transport layer of the OSI and TCP/IP network architectures.

    In a conventional TCP/IP stack, any network protocol can run over any port.

    There is no port zero. A zero port value is used to indicate that no port is used, specified, or selected.


    For further reference: http://www.tcpipguide.com/free/t_TCPIPApplicationAssignmentsandServerPortNumberRang-2.htm
  • IvDoggIvDogg Posts: 8Member ■□□□□□□□□□
    JDMurray wrote: »
    There are 65535 TCP ports and 65535 UDP ports per network interface in a conventional TCP/IP stack.

    These ports only exist at the Transport layer of the OSI and TCP/IP network architectures.

    In a conventional TCP/IP stack, any network protocol can run over any port.

    There is no port zero. A zero port value is used to indicate that no port is used, specified, or selected.


    For further reference: http://www.tcpipguide.com/free/t_TCPIPApplicationAssignmentsandServerPortNumberRang-2.htm

    Speaking from a CEH/PenTest/Security perspective I wouldn't simply say there's no port 0. Just because port 0 is only SUPPOSED to be used for something doesn't always mean that it happens that way. Not all TCP/IP stacks are created equal. There are many cases of malicious traffic using port 0 as it is sometimes ignored or treated as ICMP traffic, or unspecified as you stated (firewall evasion, OS fingerprinting, DDoD source ports)...

    Further, both the site you referenced and IANA identify TCP and UDP Port 0 as a system port.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,504Admin Admin
    IvDogg wrote: »
    Further, both the site you referenced and IANA identify TCP and UDP Port 0 as a system port.

    Correct--port 0 is only in reference to the local system and not to any networking protocol, as are all the other port numbers.
  • BuzzSawBuzzSaw Posts: 258Member
    JDMurray wrote: »

    These ports only exist at the Transport layer of the OSI and TCP/IP network architectures.

    Bingo

    I think this is where most people get confused. TCP and UDP are a mechanism in use by the larger machine (so to speak).

    So the to OP's point, yes a port will only accept a TCP or UDP packet strictly speaking being that the port is either a TCP port or a UDP port. Imagine you have a wall of square holes and round holes. The object you receive to pass through the wall will dictate which hole it goes in. This is a very simply answers to a complex question. So caveat's certainly exist.
Sign In or Register to comment.