Networking Fundamentals · beginner · ~12 min
Choose TCP vs UDP correctly and recognise the common service ports.
TCP is connection-oriented and reliable (SYN/SYN-ACK/ACK handshake); UDP is connectionless and lightweight. Ports (0–65535) identify services — memorise 21/22/25/53/80/110/143/443/445/3306/3389.
Port scanning and service enumeration are the heart of the scanning phase. Knowing TCP vs UDP shapes your scan type, and recognising common ports instantly tells you what service to enumerate next.
TCP handshake. SYN → SYN-ACK → ACK before data. Reliability. TCP retransmits and orders; UDP doesn't. Ports. 16-bit endpoint identifiers. Well-known services. 22 SSH, 80 HTTP, 443 HTTPS, 445 SMB, 3389 RDP, 3306 MySQL, 53 DNS, 25 SMTP.
The transport layer delivers data between processes, identified by ports (0–65535).
| TCP | UDP | |
|---|---|---|
| Connection | Yes (3-way handshake) | No |
| Reliable | Yes (acks, retransmit, ordering) | No |
| Overhead | Higher | Lower |
| Use | Web, SSH, email | DNS, DHCP, VoIP, games |
TCP's three-way handshake is SYN → SYN-ACK → ACK. Port scanners exploit this: a full connect sees the handshake complete; a SYN scan sends SYN and reads the reply without finishing.
| Port | Service |
|---|---|
| 21 | FTP |
| 22 | SSH |
| 25 | SMTP (mail) |
| 53 | DNS |
| 80 | HTTP |
| 110 | POP3 |
| 143 | IMAP |
| 443 | HTTPS |
| 445 | SMB |
| 3306 | MySQL |
| 3389 | RDP |
A port scan's job is to find which of these are open. Each open port is a service, and each service is a potential entry point. Recognising the port tells you what's likely listening before you've even grabbed a banner.
TCP = reliable, connection-oriented (handshake first); UDP = fast, connectionless. Services live on ports; the common-port table is a pentester's mental shortcut from an open port to the service likely behind it.