1.4 Explain common networking ports, protocols, services, and traffic types.

Question 1

What is ICMP?

Answer 1

Internet Control Message Protocol
- “Text messaging” for your network devices.
- NOT used for data transfer.
- “Hey are you there? Yes, I’m right here”
- Can also let you know that the network you are trying to reach is unreachable (TTL expired).

Question 2

What is TCP?

Answer 2

Transmission Control Protocol
- Connection-oriented that requires a formal connection set-up and close.
- “Reliable” delivery method.
- The receiver can manage how much data is sent (flow control).

Question 3

What is UDP?

Answer 3

User Datagram Protocol
- Connectionless meaning that there is no formal open or close to the connection
- Packet after packet can be sent without receiving an acknowledgement
- Referred to as “unreliable” delivery method because we cannot guarantee that the information was received.

Question 4

What is GRE?

Answer 4

Generic Routing Encapsulation.
- The “tunnel” between two endpoints (commonly done with VPNs).
- Encapsulate traffic inside of IP but NO built-in encryption.

Question 5

What is IPSec?

Answer 5

Internet Protocol Security
- Security for OSI Layer 3.
- Authentication and encryption for every packet.
- Provide digital signatures of every packet.

Question 6

What is an Authentication Header (AH)?

Answer 6

IPSec Protocol
- Uses the hash of the packet and a shared key
- Used to validate the information over an IPSec Tunnel.

Question 7

What is Encapsulating Security Payload (ESP)?

Answer 7

IPSec Protocol
- Encrypts the packet.
- Adds a header, a trailer, and an Integrity Check Value.

Question 8

What is Internet Key Exchange (IKE)?

Answer 8

• The ability to agree on encryption/decryption keys without sending keys across the network.
• This agreement is called a Security Association (SA)
  – PHASE 1: ISAKMP- Internet Security Association and Key Management Protocol over UDP/500.
  – PHASE 2: Coordinate ciphers and key sizes (providing encrypted data over the ESP tunnel via IPSec).

Question 9

What is Unicast?

Answer 9

• One station sending information to another station.
• Send information between two systems without it going to any other systems.
• One-to-one relationship.
• Does not scale optimally for real-time streaming media.
• Examples: Web surfing, file transfers

Question 10

What is Multicast?

Answer 10

• Delivery of information to interested systems.
• One-to-many-of-many.
• Someone is usually subscribing to your “multicast”.
• Very specialized and difficult to scale across large networks.
• Examples: Multimedia delivery, stock exchanges, dynamic routing updates.

Question 11

What is Anycast?

Answer 11

• Single destination IP address has multiple paths or two or more endpoints.
  -One-to-one-of-many.
• Packets sent to an anycast address are delivered to the closest interface.
  – Announce the same route out of multiple data centers, clients use the data center closest to them.
  Example: Anycast DNS

Question 12

What is Broadcast?

Answer 12

• Send information to everyone at once.
• One-to-all
• One packet, received by everyone.

Question 13

What is multiplexing?

Answer 13

It is using many different applications at the same time (both TCP and UDP) on Layer 4 of the OSI Model (Transport Layer).

Question 14

What is a non-ephemeral port number?

Answer 14

• It is a permanent port number between Ports 0 - 1,023.
• Usually on a server or service.

Question 15

What is an ephemeral port number?

Answer 15

• They are temporary port numbers that are typically used on the client side.
• Ports 1,024 - 65,535.

Question 16

What is a typical command that would utilize ICMP?

Answer 16

The “ping” command.

Question 17

What is the difference between Transport Mode and Tunnel Mode?

Answer 17

• Transport mode: the IP header is not encrypted and could be intercepted by malicious actors.
• Tunnel mode: encrypts the IP Header and the Data.

Question 18

What is FTP?

Answer 18

File Transfer Protocol
- TCP Ports 20/21
- Transfers files between systems, not specific to an operating system.
- Port 20 active mode data; port 21 is control

Question 19

What is SFTP?

Answer 19

Secure File Transfer Protocol
- TCP Port 22 (uses same port at SSH)
- Generic file transfer with security.
- Provides file system functionality (resuming interrupted transfers, directory listings, remote file removal.)

Question 20

What is SSH?

Answer 20

Secure Shell
- TCP Port 22
- Text-based console communication.
- Encrypted communication link.

Question 21

What is Telnet?

Answer 21

• Telecommunication Network
• TCP Port 23
• This was the non-encrypted (in the clear) form of SSH.

Question 22

What is SMTP?

Answer 22

Simple Mail Transfer Protocol
- TCP Port 25
- Server to server email transfer.
- Port 25 uses plaintext (in the clear) and port 587 uses TLS encryption.
- Also used to send mail from a device to a mail server (mobile devices)
- Other protocols are used for clients to receive mail
– IMAP & POP3

Question 23

What is DNS?

Answer 23

Domain Name System
- UDP Port 53
- Converts names to IP addresses
- Large transfers may use TCP Port 53.

Question 24

What is DHCP?

Answer 24

Dynamic Host Configuration Protocol
- UDP Port 67/68
- Automated configuration of IP addresses, subnet mask and other options.
- This requires a DHCP server (typically integrated into a wireless router).
- Dynamic/pooled IP addresses are assigned in real-time from a pool.
- DHCP reservation (addresses are assigned by MAC address in the DHCP server).

Question 25

What is TFTP?

Answer 25

Trivial File Transfer Protocol
- UDP Port 69
- Very simple file transfers (read and write files)
- No authentication
- Most commonly seen on VOIPs.

Question 26

What is HTTP?

Answer 26

Hyper Text Transfer Protocol
- Port 80
- Communication in the browser and by other applications.
- Information over Port 80 is sent “in the clear”.

Question 27

What is NTP?

Answer 27

Network Time Protocol
- UDP Port 123
- Switches, routers, firewalls, server, workstations all have their own clock.
- Being able to synchronize clocks become critical (typically done by automatic updates done behind the scenes using this protocol).

Question 28

What is SNMP?

Answer 28

Simple Network Management Protocol
- UDP Port 161/162
- Gathers statistics from network devices.
- 3 versions:
– 1. is standard that has structured tables and is sent “in the clear”
– 2. Data type enhancements that allow bulk transfers and is still “in the clear”
– 3. is a secure standard that provides message integrity, authentication and encryption.

Question 29

What is LDAP?

Answer 29

Lightweight Directory Access Protocol
- TCP Port 389
- Stores and retrieves information in a network directory.

Question 30

What is HTTPS?

Answer 30

Hypertext Transfer Protocol Secure
- TCP Port 443
- Communication in the browser and by other applications.
- Information is encrypted when sent out using SSL or TLS.

Question 31

What is SMB?

Answer 31

Server Message Block
- TCP Port 445
- This a protocol used by Microsoft Windows for file sharing, printer sharing.
- Also called CIFS (Common Internet File System).
- Integrated into Windows itself.

Question 32

What is Syslog

Answer 32

• UDP Port 514
• Standard for message logging and allows you to consolidate your log files into one single database.
• You are typically consolidating this information by sending it to a Security Information and Event Manager (SIEM).

Question 33

What is SMTPS?

Answer 33

Simple Mail Transfer Protocol Secure
- TCP Port 587

Question 34

What is LDAPS?

Answer 34

Lightweight Directory Access Protocol Secure
- TCP Port 636
- A non-standard implementation of LDAP over SSL that allows you to store and retrieve information in a network directory.

Question 35

What is SQL?

Answer 35

Structured Query Language
- TCP Port 1433
- A standard language across database servers

Question 36

What is RDP?

Answer 36

Remote Desktop Protocol
- TCP Port 3389
- The ability to share a desktop from a remote location.

Question 37

What is SIP?

Answer 37

Session Initiation Protocol
- TCP Port 5060/5061)
- Voice Over IP (VOIP) Signaling
- Set-up and manages VoIP sessions
- Extends voice communication
– Video conferencing
– Instant messaging
– File transfer

Question 38

SNMP Traps

Answer 38

Alerts and Notifications from the network devices over UDP Port 162.

Question 39

What are some examples of unicasting?

Answer 39

Web surfing or file transfers.

Question 40

Transport Mode vs. Tunnel Mode

Answer 40

• Transport Mode: when using IPSec you have the following in the packet – IP header, IPSec headers, Data, and IPSec Trailers.
• Tunnel Mode: when using IPSec you have the following in the packet – New IP Header, IPSec Headers, (ORIG) IP Header, Data, IPSec Trailers.