Common Network Protocols – Complete Overview

1. What Are Network Protocols?

A network protocol is a standardised set of rules that defines how data is formatted, transmitted, received, and processed between devices on a network. Without protocols, different devices and operating systems from different vendors would be unable to communicate — a Cisco router, a Windows PC, and an iPhone all interoperate because they implement the same open protocol standards.

Protocols are organised in a layered stack (the OSI or TCP/IP model). Higher-layer protocols rely on lower-layer protocols to carry their data:

  Application (L7):  HTTP  FTP  SMTP  DNS  DHCP  SSH  SNMP
                          |         |
  Transport (L4):        TCP       UDP
                          |         |
  Network (L3):               IP
                               |
  Data Link (L2):          Ethernet / Wi-Fi
                               |
  Physical (L1):         Cables / Radio waves

Related pages: OSI Model | TCP/IP Model | Common Port Numbers | FTP | SSH | SNMP Overview | SNMP Versions | NTP Overview | OSPF Overview | EIGRP Overview | RIP Concepts | How DNS Works | How DHCP Works

2. Master Protocol Reference Table

Protocol Full Name OSI Layer Transport Port(s) Primary Purpose
TCPTransmission Control Protocol4 – TransportVariesReliable, ordered, connection-oriented delivery
UDPUser Datagram Protocol4 – TransportVariesFast, connectionless, best-effort delivery
IPInternet Protocol (v4/v6)3 – NetworkLogical addressing and routing between networks
ICMPInternet Control Message Protocol3 – NetworkDiagnostics (ping) and error reporting (TTL exceeded)
ARPAddress Resolution Protocol2/3 – Data Link/NetworkResolves IP addresses to MAC addresses on a LAN
DNSDomain Name System7 – ApplicationUDP (mainly) / TCP53Resolves hostnames to IP addresses
DHCPDynamic Host Configuration Protocol7 – ApplicationUDP67 (server) / 68 (client)Automatically assigns IP addresses and network config
HTTPHypertext Transfer Protocol7 – ApplicationTCP80Unencrypted web page delivery
HTTPSHTTP Secure (HTTP over TLS)7 – ApplicationTCP443Encrypted web page delivery
FTPFile Transfer Protocol7 – ApplicationTCP20 (data) / 21 (control)File transfer between client and server
TFTPTrivial File Transfer Protocol7 – ApplicationUDP69Simple, lightweight file transfer (Cisco IOS upgrades)
SMTPSimple Mail Transfer Protocol7 – ApplicationTCP25 / 587 (TLS)Sending email from client to server or server to server
IMAPInternet Message Access Protocol7 – ApplicationTCP143 / 993 (TLS)Retrieving email — messages stay on server
POP3Post Office Protocol v37 – ApplicationTCP110 / 995 (TLS)Retrieving email — messages downloaded and deleted from server
SSHSecure Shell7 – ApplicationTCP22Encrypted remote login, command execution, file transfer
TelnetTeletype Network7 – ApplicationTCP23Unencrypted remote login — legacy, insecure
SNMPSimple Network Management Protocol7 – ApplicationUDP161 (queries) / 162 (traps)Monitoring and managing network devices
NTPNetwork Time Protocol7 – ApplicationUDP123Synchronising clocks across network devices
TLS/SSLTransport Layer Security / Secure Sockets Layer6 – PresentationTCPVaries (443, 993, 995…)Encryption for HTTPS, SMTPS, FTPS, IMAPS
OSPFOpen Shortest Path First3 – NetworkIP (protocol 89)Link-state IGP routing protocol
EIGRPEnhanced Interior Gateway Routing Protocol3 – NetworkIP (protocol 88)Cisco hybrid IGP routing protocol
BGPBorder Gateway Protocol3 – NetworkTCP179Exterior routing — connects ISPs and autonomous systems
RIPRouting Information Protocol3 – NetworkUDP520Simple distance-vector IGP for small networks

3. Transmission Control Protocol (TCP)

TCP is the reliable workhorse of the internet. It provides ordered, error-checked delivery of a stream of bytes between applications, guaranteeing that data arrives completely and in the correct sequence — even over unreliable networks.

TCP Three-Way Handshake

  Client                              Server
    |                                    |
    |---- SYN (seq=100) ---------------->|  Step 1: Client initiates connection
    |                                    |
    |<--- SYN-ACK (seq=200, ack=101) ----|  Step 2: Server acknowledges + sends its seq
    |                                    |
    |---- ACK (ack=201) ---------------->|  Step 3: Client acknowledges — connection open
    |                                    |
    |==== Data exchange begins ==========|
FeatureDetail
ConnectionConnection-oriented — 3-way handshake required before data transfer
ReliabilitySequence numbers + ACKs ensure every byte arrives; retransmits lost segments
OrderingReceiver reassembles segments in correct order using sequence numbers
Flow controlSliding window — receiver advertises how much buffer space it has
Congestion controlSlow start / congestion avoidance — backs off when network is congested
Port numbersSource (ephemeral, 49152–65535) + Destination (well-known, e.g. 80, 443)
OverheadHigher than UDP — connection setup, ACKs, and retransmissions add latency

Use cases: Web browsing (HTTP/HTTPS), email (SMTP/IMAP/POP3), FTP, SSH, database connections — any application where data completeness is critical.

4. User Datagram Protocol (UDP)

UDP provides a minimal, connectionless delivery service. It sends datagrams with no handshake, no acknowledgement, and no retransmission. What it sacrifices in reliability it gains in speed and low overhead — making it ideal for real-time applications.

FeatureDetail
ConnectionConnectionless — no handshake; data sent immediately
ReliabilityNo guarantees — packets may be lost, duplicated, or arrive out of order
SpeedVery fast — minimal header (8 bytes vs TCP's 20+ bytes), no handshake delay
OverheadVery low — no ACKs, no connection state to maintain
Error handlingBasic checksum only — if a packet is lost, the application must decide what to do

Use cases: VoIP calls, video streaming (YouTube, Netflix), online gaming, DNS queries, DHCP, SNMP, TFTP — applications where a dropped packet is better skipped than waited for.

TCP vs UDP — Head-to-Head Comparison

FeatureTCPUDP
Connection typeConnection-oriented (3-way handshake)Connectionless
ReliabilityGuaranteed delivery with retransmissionBest-effort — no retransmission
OrderingSegments reassembled in orderNo ordering — arrives as sent
SpeedSlower — overhead from handshake and ACKsFaster — minimal overhead
Header size20–60 bytes8 bytes (fixed)
Flow controlYes (sliding window)No
Use caseWeb, email, file transfer, SSHVoIP, streaming, DNS, gaming, DHCP

5. Internet Protocol (IP) and ARP

Internet Protocol (IP)

IP is the addressing and routing protocol of the internet — Layer 3. Every device on a network is assigned a unique IP address, and routers use these addresses to forward packets to the correct destination network.

FeatureIPv4IPv6
Address length32 bits (e.g., 192.168.1.10)128 bits (e.g., 2001:db8::1)
Address space~4.3 billion addresses (exhausted)~340 undecillion addresses
Header size20 bytes (minimum)40 bytes (fixed)
FragmentationPerformed by routersOnly by source host (MTU discovery)
BroadcastYes (limited and directed)No broadcast — uses multicast/anycast
ConfigurationManual or DHCPManual, DHCPv6, or SLAAC (auto)

IP is connectionless and best-effort — it makes no delivery guarantees. Reliability is the job of TCP above it.

Address Resolution Protocol (ARP)

ARP bridges the gap between Layer 3 (IP) and Layer 2 (MAC) addressing. Before a host can send an Ethernet frame to another device on the same LAN, it must know the destination's MAC address. ARP resolves this by broadcasting "Who has IP 192.168.1.20? Tell 192.168.1.10."

  Host A (192.168.1.10)          Host B (192.168.1.20)
        |                               |
        |-- ARP Request (broadcast) --->| "Who has 192.168.1.20?"
        |                               |
        |<-- ARP Reply (unicast) --------| "I have it! My MAC is AA:BB:CC:11:22:33"
        |                               |
        | (A caches B's MAC in ARP table, sends frame directly)

View the ARP cache: arp -a (Windows/Linux) | show ip arp (Cisco IOS)

6. Domain Name System (DNS)

DNS is the internet's phone book — it translates human-readable hostnames (like netstuts.com) into the IP addresses that routers need to deliver packets. Without DNS, users would need to memorise numeric IP addresses for every website.

AttributeDetail
PortUDP 53 (queries under 512 bytes) / TCP 53 (large responses, zone transfers)
OSI layer7 — Application
Query typesRecursive (resolver does all the work) / Iterative (each server replies with a referral)

Common DNS Record Types

Record TypePurposeExample
AMaps hostname to IPv4 addressnetstuts.com → 93.184.216.34
AAAAMaps hostname to IPv6 addressnetstuts.com → 2606:2800::1
CNAMEAlias — maps one hostname to anotherwww.netstuts.com → netstuts.com
MXMail server for a domainnetstuts.com → mail.netstuts.com
PTRReverse lookup — IP to hostname34.216.184.93.in-addr.arpa → netstuts.com
NSAuthoritative name server for a zonenetstuts.com → ns1.example-dns.com
TXTArbitrary text — used for SPF, DKIM, domain verification"v=spf1 include:_spf.google.com ~all"

See also: How DNS Works | DNS Record Types | nslookup | dig

7. Dynamic Host Configuration Protocol (DHCP)

DHCP automatically assigns IP addresses and network configuration to devices when they join a network — eliminating the need to manually configure every device. The process follows the DORA sequence:

  Client                              DHCP Server
    |                                    |
    |-- DISCOVER (broadcast) ----------->|  "Is there a DHCP server? I need an IP!"
    |                                    |
    |<-- OFFER (broadcast/unicast) ------|  "I offer you 192.168.1.50 for 24 hours"
    |                                    |
    |-- REQUEST (broadcast) ------------>|  "I accept 192.168.1.50 from you"
    |                                    |
    |<-- ACK (broadcast/unicast) --------|  "Confirmed! 192.168.1.50 is yours"
AttributeDetail
PortsUDP 67 (server receives client messages) / UDP 68 (client receives server messages)
What DHCP assignsIP address, subnet mask, default gateway, DNS server(s), lease duration
LeaseIP address is temporary — client renews at 50% of lease time, rebinds at 87.5%
DHCP relayip helper-address on a router forwards DHCP broadcasts across subnets to a centralised server

See also: How DHCP Works | DHCP Configuration | DHCP Relay

8. HTTP and HTTPS

HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web. It defines how browsers request resources (web pages, images, APIs) and how servers respond. HTTPS wraps HTTP inside a TLS (Transport Layer Security) session — encrypting all data exchanged, including credentials.

FeatureHTTPHTTPS
Port80 (TCP)443 (TCP)
EncryptionNone — plaintextTLS/SSL encryption — all data protected
AuthenticationNone from serverServer certificate validates server identity
Data integrityNo — data can be tampered in transitYes — TLS MACs detect tampering
UseLegacy or internal non-sensitive trafficAll modern web traffic, especially anything with login or payments

Common HTTP methods: GET (retrieve), POST (submit data), PUT (update), DELETE (remove). HTTP status codes: 200 OK, 301 Redirect, 404 Not Found, 500 Server Error.

See also: HTTP vs HTTPS

9. Email Protocols — SMTP, IMAP, POP3

Three different protocols handle different stages of email delivery:

ProtocolRolePort (Plain / TLS)Key behaviour
SMTP Sending — client to server AND server to server 25 (server-to-server) / 587 (client submission) Pushes email outbound. Always used for sending regardless of retrieval protocol.
IMAP Receiving — client retrieves from server 143 / 993 (TLS) Messages remain on the server. Multiple devices stay synchronised. Folders managed on server.
POP3 Receiving — client downloads from server 110 / 995 (TLS) Messages typically downloaded and deleted from server. No server-side sync between devices.
Real-world example: When John sends an email, his client uses SMTP (port 587) to submit it to his mail server. When his colleague retrieves it, she uses IMAP (port 993) — the message stays on the server so she can access it from her phone and laptop simultaneously.

See also: SMTP

10. File Transfer Protocol (FTP) and TFTP

FTP uses two TCP connections: a control connection (port 21) for commands and responses, and a data connection (port 20 in active mode, or a negotiated high port in passive mode) for actual file data. FTP sends credentials in plaintext — use SFTP (SSH File Transfer Protocol, port 22) or FTPS (FTP over TLS, port 990) in production.

ProtocolPort(s)TransportSecurityUse Case
FTP21 (control), 20 (data active)TCPNone — plaintextLegacy file transfers, web hosting workflows
SFTP22TCP (over SSH)Full SSH encryptionSecure file transfer — preferred in production
FTPS990 (implicit TLS)TCPTLS encryptionFTP with TLS — used where SFTP is not available
TFTP69UDPNoneCisco IOS firmware upgrades, PXE boot, simple transfers on trusted networks

See also: FTP – Active vs Passive, Ports, Commands

11. Internet Control Message Protocol (ICMP)

ICMP is a Layer 3 diagnostic and error-reporting protocol built into IP. It carries no user data — only control messages. The two most important tools in networking (ping and traceroute) are built entirely on ICMP.

ICMP TypeMessageUsed By
Type 0Echo Replyping (response from destination)
Type 3Destination UnreachableRouter/host cannot deliver packet (various codes for host/port/network unreachable)
Type 5RedirectRouter tells host to use a better next-hop for a destination
Type 8Echo Requestping (sent by source)
Type 11Time Exceededtraceroute (TTL = 0 at a router — router reports back)
Type 12Parameter ProblemIP header error detected by router

ICMP does not use TCP or UDP — it rides directly on top of IP (IP protocol number 1). Firewalls commonly filter ICMP, which is why ping or traceroute sometimes shows asterisks even when a path is working.

See also: Ping | Traceroute

12. SSH and Telnet

Both protocols provide remote CLI access to network devices, but they differ critically in security:

FeatureSSH (Secure Shell)Telnet
PortTCP 22TCP 23
EncryptionFull encryption — all data, credentials, commandsNone — everything in plaintext
AuthenticationPassword, public key, or certificatePassword only (plaintext)
SecurityRequired for all production useNever use on production networks
UseManaging routers, switches, servers, Linux hostsLegacy testing only; isolated labs

On Cisco IOS, enforce SSH-only access on VTY lines: transport input ssh and ip ssh version 2.

See also: SSH – Full Guide | Telnet | Step-by-Step: SSH Configuration

13. SNMP and NTP

SNMP — Simple Network Management Protocol

SNMP allows network managers to monitor and manage routers, switches, servers, and printers from a centralised NMS (Network Management System). It operates over UDP — port 161 for queries, port 162 for traps (unsolicited alerts from devices).

VersionAuthenticationEncryptionRecommended?
SNMPv1Community string (plaintext)NoneNo — legacy only
SNMPv2cCommunity string (plaintext)NoneOnly for non-critical internal use
SNMPv3Username + HMAC-SHA/MD5AES or DESYes — use in all production environments

See also: SNMP Overview | SNMP Versions | SNMP Community Strings | SNMP Traps

NTP — Network Time Protocol

NTP synchronises clocks across all devices in a network to within milliseconds of a reference time source. Accurate time is critical for log correlation, certificate validity, Kerberos authentication, and network forensics.

AttributeDetail
PortUDP 123
StratumStratum 0 = atomic clock / GPS. Stratum 1 = directly connected to stratum 0. Each hop adds 1. Stratum 16 = unsynchronised.
Cisco configntp server 216.239.35.0 — sync to a public NTP server
Verifyshow ntp status / show ntp associations

See also: NTP Overview | NTP Synchronisation | Step-by-Step: NTP Configuration

14. Routing Protocols

Routing protocols allow routers to dynamically learn about network topology and share routing information with each other — automatically building and maintaining routing tables without manual static route configuration.

Interior Gateway Protocols (IGP) — Within an Autonomous System

ProtocolTypeMetricAdmin DistanceConvergenceBest For
RIP v2 Distance-vector Hop count (max 15) 120 Slow Small, simple networks; lab environments
OSPF Link-state Cost (bandwidth-based) 110 Fast Enterprise networks of any size; open standard
EIGRP Advanced distance-vector (hybrid) Composite (bandwidth + delay) 90 (internal) Very fast Cisco-only networks; large enterprise

Exterior Gateway Protocol (EGP) — Between Autonomous Systems

ProtocolTypePortUse Case
BGP Path-vector TCP 179 Internet routing between ISPs; connects enterprise to multiple ISPs (multihoming)

See also: OSPF Configuration | EIGRP Configuration | RIP Configuration | Administrative Distance

15. TLS/SSL — The Encryption Layer

TLS (Transport Layer Security) is the cryptographic protocol that secures the majority of internet communications. When you see the padlock in your browser, TLS is running. TLS operates at OSI Layer 6 (Presentation) and negotiates encryption algorithms, authenticates the server via its certificate, and creates a symmetric session key for fast bulk encryption.

TLS wraps many plaintext protocols to create their secure variants:

Plaintext ProtocolSecured VersionPort Change
HTTP (80)HTTPS443
SMTP (25)SMTPS / SMTP+STARTTLS465 / 587
IMAP (143)IMAPS993
POP3 (110)POP3S995
FTP (21)FTPS990 (implicit)
LDAP (389)LDAPS636
SSL is deprecated: SSLv2, SSLv3, TLS 1.0, and TLS 1.1 all have known vulnerabilities and should be disabled. Modern deployments use TLS 1.2 (widely supported) or TLS 1.3 (fastest, most secure — recommended).

Common Network Protocols Quiz

1. Which protocol provides reliable, connection-oriented communication with guaranteed delivery?

Correct answer is A. TCP (Transmission Control Protocol) is connection-oriented — it establishes a session with a 3-way handshake (SYN / SYN-ACK / ACK) before any data is sent. It uses sequence numbers to reassemble segments in order, acknowledgements to confirm receipt, and retransmits any lost segments. This makes it ideal for web browsing, email, file transfers, and SSH where data completeness is critical.

2. Which protocol is connectionless, has minimal overhead, and is preferred for real-time applications like VoIP?

Correct answer is B. UDP (User Datagram Protocol) is connectionless — it sends datagrams immediately with no setup handshake and no retransmission. Its 8-byte header (vs TCP's 20+ bytes) minimises overhead. A dropped VoIP packet is better skipped than replayed 500ms late. Other UDP use cases: DNS queries, DHCP, streaming video, online gaming, SNMP, TFTP.

3. What is the main function of the Internet Protocol (IP)?

Correct answer is C. IP operates at Layer 3 and provides two core functions: logical addressing (assigning unique IP addresses to identify devices) and routing (forwarding packets hop-by-hop toward the destination network). IP is connectionless and best-effort — reliability is the job of TCP above it. Dynamic IP assignment is DHCP's job; name resolution is DNS's job.

4. Which protocol resolves human-readable domain names (like www.cisco.com) to IP addresses?

Correct answer is D. DNS (Domain Name System) is the internet's directory service. When you type www.cisco.com, your device queries a DNS resolver which traces the hierarchy (root → .com TLD → cisco.com authoritative server) and returns the IP address. DNS uses UDP port 53 for standard queries and TCP port 53 for large responses or zone transfers. Without DNS, users would need to remember numeric IP addresses for every service.

5. What does DHCP do, and what is the correct order of its 4-message exchange?

Correct answer is A. DHCP uses the DORA sequence over UDP (server port 67, client port 68): DISCOVER (broadcast — "any DHCP servers?"), OFFER (server offers an IP), REQUEST (client accepts the offer), ACK (server confirms and provides full config: IP, mask, gateway, DNS, lease time). The client can then communicate with a properly configured network without any manual setup.

6. Which email protocol sends outgoing mail, and on which port does a mail client typically submit messages?

Correct answer is B. SMTP (Simple Mail Transfer Protocol) is used for sending email — from a client to its outbound mail server, and from server to server. Port 25 is used for server-to-server relay. Port 587 is the standard submission port for email clients (with STARTTLS encryption). IMAP (143/993) and POP3 (110/995) are retrieval protocols — they only download messages from a server, never send them.

7. Which protocol is primarily used for file transfers and what are its two TCP ports?

Correct answer is C. FTP uses two simultaneous TCP connections: port 21 for the control channel (commands and responses) and port 20 for the data channel in active mode (or a negotiated high port in passive mode). Because FTP transmits credentials in plaintext, use SFTP (over SSH, port 22) or FTPS (FTP over TLS, port 990) in any environment where security matters.

8. What is the purpose of ICMP, and which two network tools rely on it?

Correct answer is D. ICMP (Internet Control Message Protocol) carries diagnostic and error messages at Layer 3 — it rides directly on IP (protocol number 1) with no TCP or UDP. Ping uses ICMP Type 8 (Echo Request) and Type 0 (Echo Reply) to test reachability. Traceroute uses ICMP Type 11 (Time Exceeded) — each router that drops a TTL=0 packet sends this message back, revealing its IP address as a hop.

9. Which protocol provides secure, encrypted remote management of servers and network devices, and on which port?

Correct answer is B. SSH (Secure Shell) on TCP port 22 provides encrypted remote login, command execution, file transfer (SFTP/SCP), and port forwarding. It replaced Telnet (port 23) which sends everything in plaintext. On Cisco IOS, enforce SSH-only VTY access with transport input ssh and ip ssh version 2. Always use SSH-2 — SSH-1 has known vulnerabilities.

10. Which protocol monitors and manages network devices, and which SNMP version is recommended for production use?

Correct answer is A. SNMP (Simple Network Management Protocol) uses UDP 161 for manager-to-agent queries (GET, SET) and UDP 162 for agent-to-manager traps (unsolicited alerts). SNMPv1 and v2c use plaintext community strings — insecure. SNMPv3 with authPriv (HMAC-SHA authentication + AES encryption) is required for all production networks where SNMP traffic could be intercepted. Tools like SolarWinds, PRTG, and Zabbix all support SNMPv3.

← Back to Home