Every port number, OSI model layer, subnetting reference, routing protocol, wireless standard, and key acronym you need for the N10-009 exam — all in one place.
The OSI model is one of the most tested topics on Network+. Know every layer number, name, what it does, and at least two protocols or devices that operate at each layer.
Layers 7→1: "All People Seem To Need Data Processing" (Application, Presentation, Session, Transport, Network, Data Link, Physical)
Layers 1→7: "Please Do Not Throw Sausage Pizza Away"
Key device associations: Hub = Layer 1 · Switch = Layer 2 · Router = Layer 3 · Firewall = Layer 3/4 · Load balancer = Layer 4/7
Memorise every port below — Network+ tests these directly and in scenario questions where you must identify a blocked service from its port number.
| Port | Protocol | Service | Notes |
|---|---|---|---|
| 20 | TCP | FTP Data | Active FTP data transfer |
| 21 | TCP | FTP Control | FTP commands and control channel |
| 22 | TCP | SSH | Secure remote access — encrypted replacement for Telnet |
| 23 | TCP | Telnet | Unencrypted remote access — deprecated, insecure |
| 25 | TCP | SMTP | Sends email between mail servers |
| 53 | TCP/UDP | DNS | UDP for queries, TCP for zone transfers |
| 67/68 | UDP | DHCP | 67 = server, 68 = client |
| 69 | UDP | TFTP | Trivial FTP — no auth, used for booting and config files |
| 80 | TCP | HTTP | Unencrypted web traffic |
| 110 | TCP | POP3 | Downloads email to device, deletes from server |
| 119 | TCP | NNTP | Network News Transfer Protocol — Usenet |
| 123 | UDP | NTP | Network Time Protocol — clock synchronisation |
| 137–139 | TCP/UDP | NetBIOS | Legacy Windows name resolution and file sharing |
| 143 | TCP | IMAP | Email stays on server, synced to devices |
| 161/162 | UDP | SNMP | 161 = queries, 162 = traps (alerts) |
| 389 | TCP/UDP | LDAP | Directory services — Active Directory queries |
| 443 | TCP | HTTPS | Encrypted web traffic (TLS) |
| 445 | TCP | SMB | Windows file sharing, Active Directory |
| 465/587 | TCP | SMTP (Secure) | 587 = STARTTLS (preferred), 465 = SMTPS |
| 514 | UDP | Syslog | System log messages — network device logging |
| 636 | TCP | LDAPS | LDAP over SSL — encrypted directory queries |
| 993 | TCP | IMAPS | IMAP over SSL — encrypted email retrieval |
| 995 | TCP | POP3S | POP3 over SSL — encrypted email download |
| 1433 | TCP | MS SQL | Microsoft SQL Server |
| 1723 | TCP | PPTP | Legacy VPN — insecure, deprecated |
| 3306 | TCP | MySQL | MySQL database |
| 3389 | TCP | RDP | Remote Desktop Protocol — Windows remote access |
| 5060/5061 | TCP/UDP | SIP | Session Initiation Protocol — VoIP signalling |
The most tested calculation topic on Network+. Know the subnet mask, number of hosts, and network increment for each CIDR prefix from /24 to /30.
Formula: Usable hosts = 2^(host bits) − 2 · Network bits + host bits = 32
| CIDR | Subnet Mask | Hosts per Subnet | Increment | Subnets from /24 |
|---|---|---|---|---|
| /24 | 255.255.255.0 | 254 | N/A | 1 |
| /25 | 255.255.255.128 | 126 | 128 | 2 |
| /26 | 255.255.255.192 | 62 | 64 | 4 |
| /27 | 255.255.255.224 | 30 | 32 | 8 |
| /28 | 255.255.255.240 | 14 | 16 | 16 |
| /29 | 255.255.255.248 | 6 | 8 | 32 |
| /30 | 255.255.255.252 | 2 | 4 | 64 |
| /16 | 255.255.0.0 | 65,534 | — | — |
| /8 | 255.0.0.0 | 16,777,214 | — | — |
10.0.0.0/8 → 10.0.0.0 – 10.255.255.255 (Class A — large enterprises) 172.16.0.0/12 → 172.16.0.0 – 172.31.255.255 (Class B — medium networks) 192.168.0.0/16 → 192.168.0.0 – 192.168.255.255 (Class C — home/small office) Special ranges: 127.0.0.0/8 → Loopback — 127.0.0.1 = localhost, tests local TCP/IP stack 169.254.0.0/16 → APIPA — self-assigned when DHCP fails (link-local)
| Protocol | Full Name | What it does |
|---|---|---|
| TCP | Transmission Control Protocol | Reliable, connection-oriented, three-way handshake (SYN, SYN-ACK, ACK) |
| UDP | User Datagram Protocol | Fast, connectionless, no guarantee of delivery — streaming, DNS, VoIP |
| IP | Internet Protocol | Logical addressing and routing at Layer 3 |
| ICMP | Internet Control Message Protocol | Error messages and diagnostics — used by ping and traceroute |
| ARP | Address Resolution Protocol | Resolves IP addresses to MAC addresses on a local network |
| DNS | Domain Name System | Resolves hostnames to IP addresses — "phonebook of the internet" |
| DHCP | Dynamic Host Configuration Protocol | Automatically assigns IP, subnet mask, gateway, and DNS to devices |
| NAT | Network Address Translation | Translates private IPs to a public IP for internet access |
| SNMP | Simple Network Management Protocol | Monitors and manages network devices — v3 adds encryption |
| NTP | Network Time Protocol | Synchronises clocks across network devices — UDP port 123 |
| STP | Spanning Tree Protocol | Prevents switching loops by blocking redundant paths |
| 802.1Q | VLAN Tagging Standard | Tags Ethernet frames with VLAN ID for trunk links between switches |
| 802.1X | Port-Based Access Control | Authenticates devices before allowing network access — uses RADIUS |
| Protocol | Type | Algorithm | Metric | Key fact |
|---|---|---|---|---|
| RIP v2 | IGP / Distance Vector | Bellman-Ford | Hop count (max 15) | Simple, slow convergence — 15 hops = unreachable |
| OSPF | IGP / Link State | Dijkstra (SPF) | Cost (bandwidth) | Most common interior routing — fast convergence, scalable |
| EIGRP | IGP / Hybrid | DUAL | Bandwidth + delay | Cisco proprietary — combines distance vector and link state traits |
| BGP | EGP / Path Vector | Best path selection | AS path attributes | Routes traffic between autonomous systems — the internet's routing protocol |
IGP = Interior Gateway Protocol — routes within one organisation (RIP, OSPF, EIGRP)
EGP = Exterior Gateway Protocol — routes between organisations/ISPs (BGP)
Distance vector = knows direction and distance to destinations (RIP). Link state = knows the full network map (OSPF). Path vector = knows the full path including autonomous systems (BGP).
| Standard | Wi-Fi Name | Frequency | Max Speed | Key feature |
|---|---|---|---|---|
| 802.11a | Wi-Fi 1 | 5 GHz | 54 Mbps | First 5 GHz standard — less interference |
| 802.11b | Wi-Fi 2 | 2.4 GHz | 11 Mbps | First widely adopted Wi-Fi standard |
| 802.11g | Wi-Fi 3 | 2.4 GHz | 54 Mbps | Backward compatible with 802.11b |
| 802.11n | Wi-Fi 4 | 2.4 / 5 GHz | 600 Mbps | First dual-band — introduced MIMO |
| 802.11ac | Wi-Fi 5 | 5 GHz | 3.5 Gbps | MU-MIMO, beamforming — enterprise standard |
| 802.11ax | Wi-Fi 6/6E | 2.4 / 5 / 6 GHz | 9.6 Gbps | OFDMA — most efficient in dense environments |
WEP → Broken — RC4 cipher, crackable in minutes. Never use. WPA → Deprecated — TKIP encryption, vulnerabilities exist WPA2 → Current standard — AES-CCMP encryption Personal (PSK) = shared password | Enterprise (802.1X) = RADIUS auth WPA3 → Latest — SAE replaces PSK handshake, forward secrecy Required on Wi-Fi 6 certified devices
| Term | What it does |
|---|---|
| Firewall | Filters traffic based on rules — stateless (packet filtering) or stateful (tracks connections) |
| IDS | Intrusion Detection System — monitors and alerts on suspicious traffic, does not block |
| IPS | Intrusion Prevention System — monitors and actively blocks suspicious traffic inline |
| DMZ | Demilitarised zone — network segment between internal and external networks for public-facing servers |
| VPN | Encrypted tunnel over public internet — IPsec for site-to-site, SSL/TLS VPN for remote access |
| ACL | Access Control List — ordered list of permit/deny rules applied to router interfaces |
| NAC | Network Access Control — verifies device compliance before granting network access |
| VLAN | Virtual LAN — logical network segments on the same physical switch, isolates broadcast domains |
| AAA | Authentication, Authorisation, Accounting — RADIUS and TACACS+ implement AAA for network access |
| RADIUS | Centrally authenticates network access — encrypts password only, UDP ports 1812/1813 |
| TACACS+ | Cisco AAA protocol — encrypts entire packet, separates auth/authz/accounting, TCP port 49 |
ping → Tests ICMP connectivity to a host — basic reachability test tracert/traceroute → Shows each hop to a destination — identifies where traffic fails ipconfig → Shows IP, subnet, gateway (Windows) — /all shows DNS, MAC ifconfig/ip a → Shows network interface info (Linux/macOS) nslookup → Queries DNS — tests name resolution netstat → Shows active connections and listening ports arp -a → Shows ARP cache — IP to MAC mappings nmap → Network scanner — discovers hosts and open ports route print → Shows local routing table (Windows) pathping → Combines ping and tracert — shows packet loss per hop (Windows)
1. Identify the problem → Gather information, question users, identify symptoms 2. Establish a theory → Question the obvious, consider multiple causes 3. Test the theory → Confirm or deny — if denied, establish new theory 4. Establish a plan of action → Consider effects, create plan to resolve 5. Implement the solution → Apply fix, escalate if needed 6. Verify full system functionality → Confirm fix works, check for side effects 7. Document findings → Record what happened, what fixed it, preventive measures
Network+ loves acronym-heavy questions. If you can't expand an acronym instantly you'll lose time on the exam.
| Acronym | Stands for | One-line description |
|---|---|---|
| APIPA | Automatic Private IP Addressing | 169.254.x.x — self-assigned when DHCP fails |
| CIDR | Classless Inter-Domain Routing | IP addressing notation using prefix length (e.g. /24) |
| CSMA/CD | Carrier Sense Multiple Access / Collision Detection | Wired Ethernet collision-handling method |
| CSMA/CA | Carrier Sense Multiple Access / Collision Avoidance | Wireless collision avoidance — used in 802.11 |
| FQDN | Fully Qualified Domain Name | Complete domain name — www.example.com |
| MTBF | Mean Time Between Failures | Average time a device runs before failing |
| MTTR | Mean Time To Repair | Average time to restore a failed device |
| QoS | Quality of Service | Prioritises certain traffic types — VoIP, video |
| SLA | Service Level Agreement | Contractual uptime and performance guarantees |
| SDN | Software-Defined Networking | Separates control plane from data plane — centralised management |
| MPLS | Multiprotocol Label Switching | WAN technology using labels to route traffic efficiently |
| PoE | Power over Ethernet | Delivers electrical power over Ethernet cable — IP phones, APs |
| STP | Spanning Tree Protocol | Prevents Layer 2 loops in switched networks |
| LACP | Link Aggregation Control Protocol | Combines multiple physical links into one logical link (802.3ad) |
| VXLAN | Virtual Extensible LAN | Extends VLANs across Layer 3 networks — used in cloud/data centres |
The N10-009 study guide, Dion Training practice exams, and Professor Messer's free course.
Join candidates getting study tips, resource picks, and exam-day advice for A+, Network+, and Security+.