Ports, Protocols, & Network Scanners
Network Communications Uncovered: Exploring Ports, Protocols, and Scanners in Action
Introduction
Understanding how devices communicate on a network is a cornerstone of Information Technology. At the heart of this communication are ports and protocols – the essential rules and channels that govern data flow across systems. Whether you're troubleshooting a network issue, performing a security assessment, or mapping out assets, knowing how to identify open ports, active services, and connected endpoints is critical.
This tutorial is designed to introduce and reinforce core concepts of ports, protocols, and network discovery through hands-on use of popular network scanning tools – including Advanced IP Scanner, Nmap, and its graphical counterpart Zenmap. By the end, you’ll not only have a strong theoretical grasp but also practical experience scanning a live network, interpreting results, and identifying potential security and infrastructure insights.
Note: Only run scanning tools on networks where you have explicit permission from the owner or administrator.
What You’ll Learn
- The structure and function of the TCP/IP suite
- The difference between TCP and UDP, and how port numbers relate to services
- How core network services like DNS, DHCP, SMTP, IMAP, and HTTP/HTTPS work
- Remote access protocols: RDP, SSH, and VNC
- How to use Advanced IP Scanner, Nmap, and Zenmap to find devices and services on a network
Section 1: The Foundation – TCP/IP, Ports, and Protocols
What is TCP/IP?
It all starts with the TCP/IP (Transmission Control Protocol/Internet Protocol) suite. The TCP/IP Suite is the fundamental communication framework of computer networking and the Internet that allows devices to connect and communicate across the Internet and most modern networks. It is a suite of protocols that work together to transmit data between computers.
TCP/IP is comprised of two fundamental transport layer protocols to facilitate computer network communications over local and remote networks. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
While TCP focuses on reliable, ordered communication, UDP is designed for speed and simplicity. It’s used when applications care more about performance than guaranteed delivery, for such example such as video streaming or voice/video communications.
- IP handles addressing and routing packets to the correct destination
- TCP ensures reliable, ordered, error-checked delivery of packets
- UDP offers faster, connectionless communication without guarantees
TCP vs. UDP
| Feature | TCP | UDP |
|---|---|---|
| Type | Connection-oriented | Connectionless |
| Delivery | Reliable, ordered, checked | Unreliable, unordered |
| Speed | Slower | Faster |
| Use Case | Web, email, file transfer | Streaming, gaming, VoIP |
What Are Port Numbers?
Port numbers exist at the Transport Layer of TCP/IP. They act as logical endpoints, identifying specific services or applications running on a device.
Analogy: If an IP address is a building's address, the port number is the apartment number.
| Port | Protocol | Service | Description |
|---|---|---|---|
| 20/21 | TCP | FTP | File Transfer Protocol |
| 22 | TCP | SSH | Secure remote access |
| 23 | TCP | Telnet | Remote shell (unencrypted) |
| 25 | TCP | SMTP | Email sending |
| 53 | UDP/TCP | DNS | Domain name resolution |
| 80 | TCP | HTTP | Insecure web browsing |
| 443 | TCP | HTTPS | Secure web browsing |
| 3389 | TCP | RDP | Remote Desktop Protocol |
| 445 | TCP | SMB | File sharing on Windows networks |
Section 2: Core Network Services
These five core protocols/services play a foundational role in making our everyday digital experiences possible.
- DNS: Translates domain names to IP addresses
- DHCP: Automatically assigns IP configuration to devices
- SMTP: Sends outgoing emails
- IMAP: Syncs email messages across devices
- HTTP/HTTPS: Transfers data between web servers and browsers
DNS - Domain Name Service
DNS acts as the internet's phonebook, translating human-friendly domain names (like google.com) into IP addresses (like 142.250.190.78) that computers use to identify each other on a network. Without DNS, you’d have to remember the exact IP address of every website or service you want to access. Every time you type a URL or click a link, DNS silently resolves it for you. It’s the first step in nearly every online interaction.
DHCP - Dynamic Host Configuration Protocol
DHCP automatically assigns IP addresses and network configuration details (like subnet masks, default gateways, and DNS servers) to devices on a network. Thanks to DHCP, your device connects to Wi-Fi and just works – no manual IP settings required. It allows for quick, scalable, and conflict-free connectivity across home, office, and public networks.
SMTP - Simple Mail Transfer Protocol
SMTP is the protocol used to send outgoing emails from a client (like Outlook or Gmail) to a mail server, or between mail servers themselves. Every time you hit “send”, SMTP handles the delivery process behind the scenes – routing your message across servers until it reaches its destination inbox.
IMAP - Internet Message Access Protocol
IMAP lets your email client retrieve and sync messages from a mail server while keeping them on the server. It’s what makes email synchronization possible across multiple devices—read, delete, or organize on one device and it’s reflected everywhere.
HTTP – HTTPS – Hypertext Transfer Protocol / Secure
HTTP governs how browsers and servers communicate. HTTPS is the encrypted version, protecting credentials and personal data from interception. Today, HTTPS is essential for nearly every website.
The Bigger Picture – Why These Five Are Essential
These protocols work together to enable everything from browsing the web, sending email, and connecting to networks, to keeping your inbox in sync. They’re the invisible architecture of digital life.
- No DNS → no human-readable websites
- No DHCP → painful manual IP setup
- No SMTP/IMAP → email breaks
- No HTTPS → insecure browsing
Section 3: Remote Access Protocols
- RDP (Port 3389): Graphical remote access to Windows systems
- SSH (Port 22): Secure command-line remote access to Unix/Linux systems
- VNC (Port 5900): Platform-independent graphical remote access
Each enables remote control of systems and should be secured with encryption, firewalls, and VPNs.
RDP - Remote Desktop Protocol
RDP lets users remotely access a Windows desktop with full GUI, clipboard, and audio redirection—commonly over TCP 3389.
SSH - Secure Shell
SSH provides encrypted remote shell access (and tunneling/file transfer) for Unix/Linux—commonly over TCP 22.
VNC - Virtual Network Computing
VNC is cross-platform screen sharing over the RFB protocol—commonly over TCP 5900.
How RDP, SSH, and VNC Are Similar
All three enable remote management. RDP/VNC offer GUIs; SSH is CLI-first. Harden with firewalls, VPNs, and least-exposure principles.
Section 4: Tool Showcase – Network Scanners
Advanced IP Scanner
- Simple tool for fast Windows network scans
- Finds live devices with hostname, IP, manufacturer, and MAC address
To scan for devices on a network using Advanced IP Scanner, enter the default gateway followed by the subnet CIDR (in this case, /24). Then click “Scan” to begin. For each device it detects, you’ll see hostname, IP, manufacturer, and MAC address.
Nmap – The Powerhouse
Nmap discovers hosts, services, and potential exposures by sending crafted packets and analyzing responses.
- Network admins audit infrastructure
- Security teams assess exposure
- Pen testers enumerate targets during recon
Scan types:
-sS: TCP SYN scan-sU: UDP scan-A: Aggressive (OS, services, scripts)--script vuln: Run vulnerability detection scripts
Nmap Linux Commands
sudo nmap -sn 10.38.1.115Purpose: Ping scan (host discovery).
- Checks if the host is up
- Skips port scanning
Ideal for quickly identifying live devices.
sudo nmap -sS 10.38.1.115Purpose: TCP SYN (stealth) scan.
- Probes for open TCP ports without completing the handshake
sudo nmap -sU 10.38.1.115Purpose: UDP port scan.
- Targets UDP services (DNS, NTP, etc.)
- Slower due to lack of acknowledgments
sudo nmap -A 10.38.1.115Purpose: Aggressive scan.
- Open ports, service versions, OS detection
- Traceroute + default scripts
sudo nmap --script vuln 10.38.1.115Purpose: Run the vuln script category.
- Uses NSE to check for known vulnerabilities
Zenmap
- GUI for Nmap with profiles, visuals, and easier onboarding
Section 5: Lab Walkthrough
- Run a basic discovery scan with Advanced IP Scanner
- Identify 2–3 live devices
- Use Nmap and Zenmap to:
- Identify open ports and services
- Detect OS
- Find exposed services (e.g., Telnet, SMB)
- Document findings
This lab revealed the layers of modern networking—from the TCP/IP model to port numbers and protocols like TCP/UDP and services like DNS, DHCP, SMTP, and HTTP/HTTPS. Then we moved from theory to practice using Advanced IP Scanner, Nmap, and Zenmap to uncover endpoints, services, and potential vulnerabilities.
Understanding what devices are on your network, what ports are open, and what services are running is essential knowledge for anyone in IT, cybersecurity, or network management.
This lab builds a strong foundation for network security, system administration, and vulnerability assessment.