Networking Tutorials

Network Protocols

From core transport protocols to routing, management, and security. Learn how the internet really works.

Transport & Web Protocols

HTTP/HTTPS HTTP/2 HTTP/3 QUIC TCP UDP WebSocket

Network Services

ARP DHCP DNS FTP ICMP NTP SMTP

Routing & Switching

BGP HSRP LACP OSPF RIP STP VRRP

Remote Access

RDP VNC

Security & VPN

IPsec OpenVPN SSH TLS/SSL WireGuard

Monitoring & Discovery

CDP LLDP mDNS NetFlow SNMP Syslog

Authentication & Directory

Kerberos LDAP RADIUS TACACS+

Overlay & Virtualization

GRE VXLAN

Database & Backend

MongoDB MySQL PostgreSQL Redis

TCP (Transmission Control Protocol)

Reliable, connection-oriented protocol that ensures data delivery with error checking and retransmission.

  • Used by HTTP/HTTPS, SSH, FTP, SMTP, IMAP, etc.
  • Guarantees packet order and reliability.
  • Port range: 0–65535, common: 80 (HTTP), 443 (HTTPS), 22 (SSH).

UDP (User Datagram Protocol)

Connectionless protocol focused on speed, with no guarantee of delivery.

  • Used by DNS, VoIP, streaming, gaming.
  • No handshake, lower overhead compared to TCP.
  • Common ports: 53 (DNS), 67/68 (DHCP), 123 (NTP).

SSH (Secure Shell)

Encrypted remote login protocol for securely managing servers and devices.

  • Replaces insecure protocols like Telnet.
  • Supports tunneling, file transfer (SCP, SFTP), and port forwarding.
  • Default port: 22.

HTTP / HTTPS (Hyper Text Transfer Protocol)

The foundation of web communication. HTTPS adds TLS/SSL encryption for security.

  • Stateless protocol used by browsers and APIs.
  • HTTPS is now the standard for all secure sites.
  • Ports: 80 (HTTP), 443 (HTTPS).

DNS (Domain Name System)

Resolves human-readable domain names (like example.com) to IP addresses.

  • Works primarily over UDP port 53, but also TCP for large queries.
  • Critical for almost all internet communication.

ICMP (Internet Control Message Protocol)

Protocol used for diagnostics and network communication errors.

  • Used by tools like ping and traceroute.
  • No ports, works directly on the network layer.

FTP / SFTP

File transfer protocols. FTP is unencrypted, while SFTP (via SSH) is secure.

  • FTP ports: 20/21 (control + data).
  • SFTP runs over SSH port 22.
  • Modern systems prefer SFTP for security.

Email Protocols: SMTP, IMAP, POP3

Protocols for sending and receiving email.

  • SMTP (25, 587, 465) – sending mail.
  • IMAP (143, 993) – retrieving mail, keeps messages on server.
  • POP3 (110, 995) – downloading mail to local device.

DHCP (Dynamic Host Configuration Protocol)

Automatically assigns IP addresses, default gateways, and DNS servers to devices.

  • Eliminates manual IP configuration.
  • Critical in enterprise and home networks.
  • Ports: UDP 67 (server), UDP 68 (client).

NTP (Network Time Protocol)

Keeps clocks synchronized across systems for accurate timestamps and logging.

  • Hierarchy of time servers (stratum model).
  • Essential for Kerberos, logs, certificates.
  • Port: UDP 123.

SNMP (Simple Network Management Protocol)

Used for monitoring and managing network devices like routers, switches, and servers.

  • Supports polling and traps for alerts.
  • Versions: v1, v2c (community strings), v3 (secure).
  • Ports: UDP 161 (queries), UDP 162 (traps).

ARP (Address Resolution Protocol)

Resolves IP addresses to MAC addresses in local networks.

  • Essential for communication in Ethernet networks.
  • Vulnerable to ARP spoofing attacks.
  • Works at Layer 2/3, no port numbers.

STP (Spanning Tree Protocol)

Prevents switching loops in Ethernet networks by blocking redundant paths.

  • Elects a root bridge, calculates loop-free topology.
  • Variants: RSTP (faster), MSTP (multiple spanning trees).
  • Vital in enterprise LANs with redundant links.

OSPF (Open Shortest Path First)

Interior gateway protocol (IGP) used for routing inside large networks.

  • Link-state protocol, calculates shortest paths with Dijkstra’s algorithm.
  • Supports areas and hierarchical design.
  • Port: IP protocol 89.

BGP (Border Gateway Protocol)

The routing protocol of the internet, used between autonomous systems (AS).

  • Path vector protocol, controls routing policies.
  • Enables global internet connectivity.
  • Port: TCP 179.

TLS / SSL (Transport Layer Security)

Encryption layer on top of TCP. Secures communication for HTTPS, SMTP, IMAP and more.

  • Provides confidentiality, integrity, authentication.
  • Replaced SSL; TLS 1.3 is current standard.
  • Works above TCP, typically port 443 for HTTPS.

QUIC (Quick UDP Internet Connections)

Modern transport protocol built on UDP, designed by Google to reduce latency and improve performance.

  • Used by HTTP/3 and supported by major browsers.
  • Combines TLS encryption with multiplexed streams.
  • Port: UDP 443.

HTTP/2

Successor to HTTP/1.1 with improved speed, multiplexing, and header compression.

  • Improves website performance and lowers latency.
  • Works over TLS (usually port 443).
  • Widely supported by modern web servers and browsers.

HTTP/3

Next generation HTTP based on QUIC protocol, improving security and performance.

  • Built directly on UDP with encryption (TLS 1.3).
  • Faster connection establishment and better handling of lost packets.

WebSocket

Full-duplex communication protocol used for real-time web apps like chat and live updates.

  • Initiated via HTTP handshake, then upgrades to persistent connection.
  • Runs over TCP; typically port 80 (ws) or 443 (wss).

RIP (Routing Information Protocol)

Distance-vector routing protocol for small to medium-sized networks.

  • Uses hop count as routing metric.
  • Slow convergence; replaced in many networks by OSPF or EIGRP.
  • UDP port 520.

IPsec (Internet Protocol Security)

Suite of protocols to secure IP communications via encryption and authentication.

  • Used in VPNs (site-to-site or remote access).
  • Supports ESP, AH, and IKEv2 protocols.
  • Works at the network layer (Layer 3).

WireGuard

Modern, lightweight VPN protocol with a small codebase and strong cryptography.

  • Faster and simpler than IPsec or OpenVPN.
  • Uses UDP; default port 51820.
  • Built into the Linux kernel since version 5.6.

OpenVPN

Open-source VPN protocol with support for SSL/TLS encryption and flexible configuration.

  • Cross-platform support with client/server model.
  • Uses TCP or UDP; common ports are 1194 (default), 443 (stealth).
  • Popular in enterprise and personal VPN services.

LDAP (Lightweight Directory Access Protocol)

Used for accessing and managing distributed directory information services over an IP network.

  • Common in authentication systems (e.g., Active Directory).
  • Ports: 389 (unencrypted), 636 (LDAPS).

RADIUS (Remote Authentication Dial-In User Service)

Authentication, authorization, and accounting (AAA) protocol for managing user access.

  • Used in Wi-Fi, VPNs, and network access control.
  • Ports: UDP 1812 (auth), UDP 1813 (accounting).

Kerberos

Network authentication protocol using tickets and symmetric-key cryptography.

  • Default in Windows domains, also used by MIT and Unix systems.
  • Port: UDP/TCP 88.

VXLAN (Virtual Extensible LAN)

Overlay protocol that allows Layer 2 networks to span across Layer 3 infrastructure.

  • Used in cloud, virtualization, and data center networks.
  • Encapsulates Ethernet frames in UDP.
  • Port: UDP 4789.

GRE (Generic Routing Encapsulation)

Tunneling protocol that encapsulates a wide variety of network layer protocols.

  • Used in VPNs and site-to-site tunnels.
  • No encryption by default; often paired with IPsec.
  • IP protocol number 47.

MySQL

Open-source relational database management system (RDBMS) widely used for web applications.

  • Uses SQL for querying and managing structured data.
  • Default port: 3306.
  • Popular in LAMP stack (Linux, Apache, MySQL, PHP).

PostgreSQL

Advanced open-source relational database known for reliability, performance, and SQL compliance.

  • Supports complex queries, indexing, and ACID compliance.
  • Port: 5432.
  • Used in enterprise and open-source projects.

Redis

In-memory key-value store used for caching, real-time analytics, and message brokering.

  • Supports strings, hashes, lists, sets, pub/sub, and more.
  • Port: 6379.
  • Extremely fast with persistence options.

MongoDB

NoSQL document-oriented database designed for scalability and flexibility.

  • Stores data in JSON-like BSON format.
  • Port: 27017.
  • Ideal for dynamic or unstructured data.

Syslog

Standard protocol for logging system messages from network devices and servers.

  • Common in Linux/Unix systems and network appliances.
  • Port: UDP 514 (default), TCP possible.
  • Used for centralized log collection and SIEMs.

NetFlow

Network protocol developed by Cisco for collecting IP traffic statistics.

  • Enables traffic analysis and capacity planning.
  • Used by tools like SolarWinds, ntopng, and PRTG.
  • Exporter → Collector architecture.

LLDP (Link Layer Discovery Protocol)

Vendor-neutral Layer 2 protocol used to discover directly connected network devices.

  • Used for inventory, topology mapping, and VoIP setups.
  • Replaces Cisco's CDP in multi-vendor networks.
  • Port: Ethernet type 0x88CC.

CDP (Cisco Discovery Protocol)

Cisco proprietary Layer 2 protocol for discovering nearby Cisco devices.

  • Shares info like hostname, model, IP, and interface details.
  • Replaced by LLDP in many environments.

mDNS (Multicast DNS)

Resolves hostnames to IP addresses in local networks without a central DNS server.

  • Used by Apple Bonjour, IoT, printers, and smart home devices.
  • Port: UDP 5353.
  • Works with zero-configuration networking (zeroconf).

LACP (Link Aggregation Control Protocol)

Combines multiple physical links into a single logical link for redundancy and increased bandwidth.

  • Part of IEEE 802.3ad standard (now 802.1AX).
  • Supports dynamic negotiation of link bundles.
  • Widely used in switches and servers with multiple NICs.

VRRP (Virtual Router Redundancy Protocol)

Provides automatic failover between routers by assigning a virtual IP to the active router.

  • Defined by RFC 5798, standardized alternative to HSRP.
  • Ensures network availability without manual intervention.
  • Used in high-availability network designs.

HSRP (Hot Standby Router Protocol)

Cisco proprietary protocol for providing router redundancy by electing an active and standby router.

  • Uses virtual IP for gateway redundancy.
  • Similar to VRRP but only supported on Cisco devices.
  • Ensures continuous network availability.

TACACS+ (Terminal Access Controller Access-Control System Plus)

Cisco-developed protocol for centralized authentication, authorization, and accounting (AAA).

  • Encrypts the entire packet (unlike RADIUS).
  • Often used to manage access to network devices (e.g. routers, switches).
  • Runs over TCP port 49.

RDP (Remote Desktop Protocol)

Microsoft protocol for remotely accessing and controlling Windows desktops and servers with a full graphical interface.

  • Uses TCP port 3389 by default.
  • Supports encryption, clipboard sharing, and multiple monitor sessions.
  • Often used by IT administrators and remote workers.

VNC (Virtual Network Computing)

Platform-independent protocol for graphical remote desktop access using the RFB (Remote Framebuffer) protocol.

  • Typically runs on TCP ports 5900+ (e.g. 5901 = display :1).
  • Lightweight and simple, often used for Linux desktops or cross-platform support.
  • Can be tunneled through SSH for encryption.