Welcome to TCP/IP Part 5

Internet Control Message Protocol (ICMP) works at the Network Layer (Layer 3) and is used by Internet Protocol for several different purposes. ICMP is a managing protocol and messaging service provider for Internet Protocol.  The ICMP messages are carried as IP datagrams that afford a host’s capability to discover routes to gateways.  ICMP packets can provide hosts with information about network problems and are encapsulated within IP datagrams.

Destination Unreachable is where a router cannot send an IP datagram any further to its intended destination, it therefore uses ICMP to send a message back to the sender advising it that the destination Host is unreachable.

When Host A sends a packet whose destination is Host B, the Lab_B router is what sends and ICMP destination unreachable message back to the sending device, or Host A.


Buffer Full is the message sent out to the sending Host by using ICMP and will continue to do so until the congestion has subsided.


Hops is the number of routers and IP datagram is permitted to travel, or pass through, if it reaches its limit before arriving at its destination Host the last router to receive that datagram then deletes or drops it.  That router will then use ICMP to send a message back to the sending Host of the loss of the datagram due to the maximum number of hops.


Ping (Packet Internet Groper) uses ICMP echo requests and reply messages to check both the physical and logical connectivity of a Host to a network, or internetwork. 


Traceroute uses ICMP time-outs and is used to discover the path a packet as it travels through an internetwork.


Perhaps it would be good to see the routing of a packet, please click on the URL below the ICMP packet figure.



ICMP in Action shows how the dropped packet will be handled.  Server 1 ( Telnets to a Host ( using the DOS prompt.  The packet will be sent to the default gateway, since the Server (1) has no knowledge as to where is located.  The default gateway will drop the packet because there is no listing of in the routing table of the router.  After dropping the packet, the router will send an ICMP packet to Server 1 stating that the destination is unreachable.

See also: Part 1, Part 2, Part 3, Part 4, Part 5


Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.



Welcome to TCP/IP Part 4

Key Concepts of Host-to-Host Protocols have been reviewed in our last part, but like me some of you may be more visually oriented, so here you are:

…and just one more for you…

Now, Port Numbers are of great importance for both understanding and troubleshooting purposes.  You can find lists of Port Numbers for various applications, but for the CCENT/CCNA study purposes what follows should be sufficient.

Below is a rather extensive listing, but not all-inclusive, for the TCP/UDP Port Numbers.  It will be helpful in the big picture, but the above picture views will be more than sufficient for anyone testing out.

port / protocol service name common UNIX daemon(s) additional remarks
20/tcp and 21/tcp ftp (file transfer protocol) data and login control in.ftpd,wu.ftpd,proftpd; launched by inetd obsolete:insecure, because unencrypted and difficult to harden service, please use sshd and scp or sftp instead (see below)
22/tcp ssh (Secure SHell) sshd secure, because fully encrypted remote login (ssh) and copy (scp and sftp) service, please use exclusively this full substitute instead of the obsolete ftp, telnet, rlogin, rsh, rcp and so on!
23/tcp telnet (remote login) in.telnetd, launched by inetd obsolete: unencrypted login, use sshd and ssh instead, see above
25/tcp smtp (simple mail transfer protocol) sendmail, postfix, qmail, etc. standard mail protocol since 30 years, only way to communicate world wide with messages without http measures, for your privacy you need to encrypt mails preferably with the free PGP (pretty good privacy)
53/udp and 53/tcp DNS (domain name system) bind (Berkeley Internet Name Domain) the name service of the Internet, used by http, smtp and all others to resolve symbolic names into the IP layer addresses, name resolution is done via udp, zone transfers between several name servers via tcp
80/tcp http (Hyper Text Transfer Protocol) = www (World Wide Web) httpd (= apache, A PAtCHy [web] sErver) the Internet/web service, unencrypted port (see below, 443, for encrypted counterpart) for standard data transfer from web servers to user agents (browsers, robots, download tools)
88/tcp kerberos krshd high security special purpose protocol with ticket system and so on
110/tcp pop3 (Post Office Protocol version 3) popper, launched by inetd post retrieval service of storing mail servers with encryption possibilities
111/udp (sun)rpc (remote procedure call) rpc.statd, rpc.rusersd,rpc.walld insecure remote calls of special information services
119/tcp nntp (Network News Transfer Protocol) leafnode the internet news server query service
123/udp ntp (Network Time Protocol) (x)ntpd modern world wide time service for synchronisation with nuclear clock driven time standard
137/udp netbios-ns (NETBIOS Name Service) nmbd special name service for a still too widespread proprietary OS and its SMB (Server Message Block) system, needed in union with the following service
139/tcp netbios-ssn (NETBIOS Session Service Network) smbd (Samba daemon) special session service for that proprietary OS and its SMB (Server Message Block) system, works together with immediately above service
143/tcp imap2 (Internet Message Access Protocol version 2) imapd (Interactive Mail Access Protocol Daemon), launched by inetd rather insecure and therefore only locally suitable mail retrieval service, for non-local purposes prefer pop3 (see above)
161/tcp snmp (Simple Network Management Protocol) snmpd base of communication between very different technical units (not only computers), they have to share the network capability and these protocol rules only: CAUTION: very insecure (no limiting of allowed requesting IP addresses possible)
194/tcp irc (Internet Relay Chat) ircd the Internet chat service
220/tcp imap3 (Interactive Mail Access Protocol version 3) imapd modern mail retrieval service, successor of imap2 (see above), but still pop3 may the better alternative (see above too)
389/tcp ldap (Lightweight Directory Access Protocol) ldapd network distributed, domain organized directory service, connection part, see also immediately below
389/udp ldap (Lightweight Directory Access Protocol) slapd (Standalone Lightweight Access Protocol Daemon network distributed, domain organized directory service, listener/contoller part, see also immediately above
443/tcp https (HyperText Transfer Protocol Secure) httpd (= apache) encrypted (via TLS/SSL) counterpart to above http/80 entry, the only acceptable way, to do online credit card transactions
514/udp system log listener syslogd always active to log other hosts informations, because otherwise the daemon won’t start
515/tcp print spooler lpd (Line Printer Daemon) network printer queue
554/tcp rtsp (Real Time Stream Protocol) rsvpd (Resource reSerVations Protocol Daemon) used by Real Media for video and audio streaming
631/tcp ipp (Internet Printing Protocol) cupsd — CUPS (Common Unix Printing System) Daemon unencrypted port for (local) printer access via browser and CUPS client
744/udp flexlm (FLEXible License Manager) lmgrd (License ManaGeR Daemon) network bound license evaluation system
901/tcp swat (Samba Web Administration Tool) swat, launched by inetd browser/web bound Samba administration (see above, 137/nmbd and 139/smbd), use with care: it’s not encrypted without additional measures
993/tcp imaps (Interactive Mail Access Protocol Secure version 4) imapd, launched by inetd TLS/SSL encrypted mail retrieval system (see also imap above)
994/tcp ircs (Internet Relay Chat Secure) ircd the Internet chat system TLS/SSL encrypted, see also irc above
995/tcp pop3s (Post Office Protocol Secure version 3) popper, launched by inetd TLS/SSL encrypted mail retrieval system (see also pop3 above)
2049/tcp NFS (Network File System by Sun) nfsd, rpc.nfsd, needs (sun)rpc and portmap too network sharing of filesystems, only suitable for local networks
2049/udp NFS (Network File System by Sun) rpc.mountd needs (sun)rpc and portmap too network sharing of filesystems, only suitable for local networks
2401/tcp cvspserver (Concurrent Version System Password server) cvs, launched by inetd (alternatively by sshd, see above) RCS (revision control system) based network version control, suitable even for Internet cooperation, but than usage via ssh (see above) is recommended, because this pserver protocol does only a not really secure scrambling of passwords (only suitable for anonymous checkout otherwise)
6000/tcp (–6063/tcp) x11 X (X window system server) standard GUI base server of the X/Open Group, the ports above 6000 up to 6063 are addressed via display (variable: upper case) setting to 1, 2 and so on, instead of 0, for the ports 6001, 6002 and so on instead of 6000 (display number part 1 = port offset)
8080/tcp http-alt (alternative http) httpd (= apache) see http above: usually privately=non-public used http port

Important TCP/UDP Port Numbers

Port 21 –> TCP –> FTP (File Transfer Protocol)
Port 22 –> TCP/UDP –> SSH (ssh,scp copy or sftp)
Port 23 –> TCP/UDP –> Telnet
Port 25 –> TCP/UDP –> SMTP (for sending outgoing emails)
Port 43 –> TCP –> WHOIS function
Port 53 –> TCP/UDP –> DNS Server (DNS lookup uses UDP and Zone transfers use TCP)
Port 70 –> TCP –> Gopher Protocol
Port 79 –> TCP –> Finger protocol
Port 110 –> TCP –> POP3 (for receiving email)
Port 119 –> TCP –> NNTP (Network News Transfer Protocol)
Port 143 –> TCP/UDP –> IMAP4 Protocol (for email service)
Port 194 –> TCP –> IRC
Port 389 –> TCP/UDP –> LDAP (light weight directory access)
Port 443 –> TCP –> Secure HTTP over SSL (https)
Port 465 –> TCP –> Secure SMTP (email) using SSL
Port 990 –> TCP/UDP –> Secure FTP using SSL
Port 993 –> TCP –> Secure IMAP protocol over SSL (for emails)
Port 1433 –> TCP/UDP –> Microsoft SQL server port
Port 2082 –> TCP –> CPanel default port
Port 2083 –> TCP –> CPanel over SSL
Port 2086 –> TCP –> CPanel Webhost Manager (default)
Port 2087 –> TCP –> CPanel Webhost Manager (with https)
Port 2095 –> TCP –> CPanel Webmail
Port 2096 –> TCP –> Cpanel secure webmail over SSL
Port 2222 –> TCP –> DirectAdmin Server Control Panel
Port 3306 –> TCP/UDP –> MySQL Database Server
Port 4643 –> TCP –> Virtuosso Power Panel
Port 5432 –> TCP –> PostgreSQL Database Server
Port 8080 –> TCP –> HTTP port (alternative one for port 80)
Port 8087 –> TCP –> Plesk Control Panel Port (default)
Port 8443 –> TCP –> Plesk Server Control Panel over SSL
Port 9999 –> TCP –> Urchin Web Analytics
Port 10000 –> TCP –> Webmin Server Control Panel
Port 19638 –> TCP –> Ensim Server Control Panel

Each and every listing of Port Numbers is in-fact, an important list to someone in some fashion or form.  The reason being is that each list has some meaning for all of the applications that someone is dealing with in the specific system infrastructure that they have to work with.  So, do not limit yourself by having just one list at your fingertips.  It will be helpful to have many and use your search engine to your benefit!

See also: Part 1, Part 2, Part 3, Part 4

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.