1.4 Explain common networking ports, protocols, services, and traffic types. Flashcards
What is ICMP?
Internet Control Message Protocol
- “Text messaging” for your network devices.
- NOT used for data transfer.
- “Hey are you there? Yes, I’m right here”
- Can also let you know that the network you are trying to reach is unreachable (TTL expired).
What is TCP?
Transmission Control Protocol
- Connection-oriented that requires a formal connection set-up and close.
- “Reliable” delivery method.
- The receiver can manage how much data is sent (flow control).
What is UDP?
User Datagram Protocol
- Connectionless meaning that there is no formal open or close to the connection
- Packet after packet can be sent without receiving an acknowledgement
- Referred to as “unreliable” delivery method because we cannot guarantee that the information was received.
What is GRE?
Generic Routing Encapsulation.
- The “tunnel” between two endpoints (commonly done with VPNs).
- Encapsulate traffic inside of IP but NO built-in encryption.
What is IPSec?
Internet Protocol Security
- Security for OSI Layer 3.
- Authentication and encryption for every packet.
- Provide digital signatures of every packet.
What is an Authentication Header (AH)?
IPSec Protocol
- Uses the hash of the packet and a shared key
- Used to validate the information over an IPSec Tunnel.
What is Encapsulating Security Payload (ESP)?
IPSec Protocol
- Encrypts the packet.
- Adds a header, a trailer, and an Integrity Check Value.
What is Internet Key Exchange (IKE)?
- The ability to agree on encryption/decryption keys without sending keys across the network.
- This agreement is called a Security Association (SA)
– PHASE 1: ISAKMP- Internet Security Association and Key Management Protocol over UDP/500.
– PHASE 2: Coordinate ciphers and key sizes (providing encrypted data over the ESP tunnel via IPSec).
What is Unicast?
- One station sending information to another station.
- Send information between two systems without it going to any other systems.
- One-to-one relationship.
- Does not scale optimally for real-time streaming media.
- Examples: Web surfing, file transfers
What is Multicast?
- Delivery of information to interested systems.
- One-to-many-of-many.
- Someone is usually subscribing to your “multicast”.
- Very specialized and difficult to scale across large networks.
- Examples: Multimedia delivery, stock exchanges, dynamic routing updates.
What is Anycast?
- Single destination IP address has multiple paths or two or more endpoints.
-One-to-one-of-many. - Packets sent to an anycast address are delivered to the closest interface.
– Announce the same route out of multiple data centers, clients use the data center closest to them.
Example: Anycast DNS
What is Broadcast?
- Send information to everyone at once.
- One-to-all
- One packet, received by everyone.
What is multiplexing?
It is using many different applications at the same time (both TCP and UDP) on Layer 4 of the OSI Model (Transport Layer).
What is a non-ephemeral port number?
- It is a permanent port number between Ports 0 - 1,023.
- Usually on a server or service.
What is an ephemeral port number?
- They are temporary port numbers that are typically used on the client side.
- Ports 1,024 - 65,535.
What is a typical command that would utilize ICMP?
The “ping” command.
What is the difference between Transport Mode and Tunnel Mode?
- Transport mode: the IP header is not encrypted and could be intercepted by malicious actors.
- Tunnel mode: encrypts the IP Header and the Data.
What is FTP?
File Transfer Protocol
- TCP Ports 20/21
- Transfers files between systems, not specific to an operating system.
- Port 20 active mode data; port 21 is control
What is SFTP?
Secure File Transfer Protocol
- TCP Port 22 (uses same port at SSH)
- Generic file transfer with security.
- Provides file system functionality (resuming interrupted transfers, directory listings, remote file removal.)
What is SSH?
Secure Shell
- TCP Port 22
- Text-based console communication.
- Encrypted communication link.
What is Telnet?
- Telecommunication Network
- TCP Port 23
- This was the non-encrypted (in the clear) form of SSH.
What is SMTP?
Simple Mail Transfer Protocol
- TCP Port 25
- Server to server email transfer.
- Port 25 uses plaintext (in the clear) and port 587 uses TLS encryption.
- Also used to send mail from a device to a mail server (mobile devices)
- Other protocols are used for clients to receive mail
– IMAP & POP3
What is DNS?
Domain Name System
- UDP Port 53
- Converts names to IP addresses
- Large transfers may use TCP Port 53.
What is DHCP?
Dynamic Host Configuration Protocol
- UDP Port 67/68
- Automated configuration of IP addresses, subnet mask and other options.
- This requires a DHCP server (typically integrated into a wireless router).
- Dynamic/pooled IP addresses are assigned in real-time from a pool.
- DHCP reservation (addresses are assigned by MAC address in the DHCP server).
What is TFTP?
Trivial File Transfer Protocol
- UDP Port 69
- Very simple file transfers (read and write files)
- No authentication
- Most commonly seen on VOIPs.
What is HTTP?
Hyper Text Transfer Protocol
- Port 80
- Communication in the browser and by other applications.
- Information over Port 80 is sent “in the clear”.
What is NTP?
Network Time Protocol
- UDP Port 123
- Switches, routers, firewalls, server, workstations all have their own clock.
- Being able to synchronize clocks become critical (typically done by automatic updates done behind the scenes using this protocol).
What is SNMP?
Simple Network Management Protocol
- UDP Port 161/162
- Gathers statistics from network devices.
- 3 versions:
– 1. is standard that has structured tables and is sent “in the clear”
– 2. Data type enhancements that allow bulk transfers and is still “in the clear”
– 3. is a secure standard that provides message integrity, authentication and encryption.
What is LDAP?
Lightweight Directory Access Protocol
- TCP Port 389
- Stores and retrieves information in a network directory.
What is HTTPS?
Hypertext Transfer Protocol Secure
- TCP Port 443
- Communication in the browser and by other applications.
- Information is encrypted when sent out using SSL or TLS.
What is SMB?
Server Message Block
- TCP Port 445
- This a protocol used by Microsoft Windows for file sharing, printer sharing.
- Also called CIFS (Common Internet File System).
- Integrated into Windows itself.
What is Syslog
- UDP Port 514
- Standard for message logging and allows you to consolidate your log files into one single database.
- You are typically consolidating this information by sending it to a Security Information and Event Manager (SIEM).
What is SMTPS?
Simple Mail Transfer Protocol Secure
- TCP Port 587
What is LDAPS?
Lightweight Directory Access Protocol Secure
- TCP Port 636
- A non-standard implementation of LDAP over SSL that allows you to store and retrieve information in a network directory.
What is SQL?
Structured Query Language
- TCP Port 1433
- A standard language across database servers
What is RDP?
Remote Desktop Protocol
- TCP Port 3389
- The ability to share a desktop from a remote location.
What is SIP?
Session Initiation Protocol
- TCP Port 5060/5061)
- Voice Over IP (VOIP) Signaling
- Set-up and manages VoIP sessions
- Extends voice communication
– Video conferencing
– Instant messaging
– File transfer
SNMP Traps
Alerts and Notifications from the network devices over UDP Port 162.
What are some examples of unicasting?
Web surfing or file transfers.
Transport Mode vs. Tunnel Mode
- Transport Mode: when using IPSec you have the following in the packet – IP header, IPSec headers, Data, and IPSec Trailers.
- Tunnel Mode: when using IPSec you have the following in the packet – New IP Header, IPSec Headers, (ORIG) IP Header, Data, IPSec Trailers.
