Do ports only accept TCP/ IP OR UDP? (Nmap question...)
Hi All - I'm studying for CEH and I have a question about ports and port scanning: TCP + UDP....
1. TCP is connection oriented – once a connection is established, data can be sent bidirectional.
2. UDP is a simpler, connectionless Internet protocol.
So, with that being said - are ports inherently programmed to accept one over the other? The reason I ask is because some nmap scans seem to be ONLY TCP or UDP specific. Thanks..
1. TCP is connection oriented – once a connection is established, data can be sent bidirectional.
2. UDP is a simpler, connectionless Internet protocol.
So, with that being said - are ports inherently programmed to accept one over the other? The reason I ask is because some nmap scans seem to be ONLY TCP or UDP specific. Thanks..
Comments
-
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□Can they run other ports? In some cases but basically assume they run on standard ports. See the below rfc as an example for SMTP.
https://www.ietf.org/rfc/rfc3207.txt -
IvDogg Member Posts: 8 ■□□□□□□□□□Hi All - I'm studying for CEH and I have a question about ports and port scanning: TCP + UDP....
1. TCP is connection oriented – once a connection is established, data can be sent bidirectional.
2. UDP is a simpler, connectionless Internet protocol.
So, with that being said - are ports inherently programmed to accept one over the other? The reason I ask is because some nmap scans seem to be ONLY TCP or UDP specific. Thanks..
I can see a lot of ways to answer this questions, but I think I understand what you're getting at....
There are 65536 ports (including 0) for each L4 protocol (i.e. TCP port 80 & UDP Port 80).
Your layer 3 header (byte 9) will identify what the higher layer protocol is for the packet (i.e. TCP/UDP/ICMP/etc). Google image IP header to SEE what I'm referring to.
NMAP is a whole 'nother can of worms as to how it enumerates ports. As a start, if you turn the "--reason" switch on (I think) for your NMAP scan, it will hopefully tell you why it returned a particular result for the port scan.
-Ivan -
bamahonky Member Posts: 52 ■■□□□□□□□□You can scan with options. -sT runs TCP connection scans and -sU can scan for UPD Ports. That is just some basic pieces of a command.
-
JDMurray Admin Posts: 13,099 AdminThere are 65535 TCP ports and 65535 UDP ports per network interface in a conventional TCP/IP stack.
These ports only exist at the Transport layer of the OSI and TCP/IP network architectures.
In a conventional TCP/IP stack, any network protocol can run over any port.
There is no port zero. A zero port value is used to indicate that no port is used, specified, or selected.
For further reference: http://www.tcpipguide.com/free/t_TCPIPApplicationAssignmentsandServerPortNumberRang-2.htm -
IvDogg Member Posts: 8 ■□□□□□□□□□There are 65535 TCP ports and 65535 UDP ports per network interface in a conventional TCP/IP stack.
These ports only exist at the Transport layer of the OSI and TCP/IP network architectures.
In a conventional TCP/IP stack, any network protocol can run over any port.
There is no port zero. A zero port value is used to indicate that no port is used, specified, or selected.
For further reference: http://www.tcpipguide.com/free/t_TCPIPApplicationAssignmentsandServerPortNumberRang-2.htm
Speaking from a CEH/PenTest/Security perspective I wouldn't simply say there's no port 0. Just because port 0 is only SUPPOSED to be used for something doesn't always mean that it happens that way. Not all TCP/IP stacks are created equal. There are many cases of malicious traffic using port 0 as it is sometimes ignored or treated as ICMP traffic, or unspecified as you stated (firewall evasion, OS fingerprinting, DDoD source ports)...
Further, both the site you referenced and IANA identify TCP and UDP Port 0 as a system port. -
JDMurray Admin Posts: 13,099 AdminFurther, both the site you referenced and IANA identify TCP and UDP Port 0 as a system port.
Correct--port 0 is only in reference to the local system and not to any networking protocol, as are all the other port numbers. -
BuzzSaw Member Posts: 259 ■■■□□□□□□□
These ports only exist at the Transport layer of the OSI and TCP/IP network architectures.
Bingo
I think this is where most people get confused. TCP and UDP are a mechanism in use by the larger machine (so to speak).
So the to OP's point, yes a port will only accept a TCP or UDP packet strictly speaking being that the port is either a TCP port or a UDP port. Imagine you have a wall of square holes and round holes. The object you receive to pass through the wall will dictate which hole it goes in. This is a very simply answers to a complex question. So caveat's certainly exist.