1.5 Ports and Protocols

Question 1

What is the Internet Control Message Protocol (ICMP) and where does it operate in the OSI Model?

Answer 1

Helper protocol
Allows devices to
communicate regarding
connectivity
PING and TRACERT use ICMP
Operates at “Layer 3.5”

Question 2

Explain Internet Protocol Security (IPSec) and the two protocols that it works with.

Answer 2

IPSec is designed to provide a secure connection between
systems both local and remote
It works using two separate
protocols:
◦ Authentication Header (AH)- which
provides the authentication services
◦ Encapsulating Security Payload
(ESP)- which provides the encryption
services
Each can be used in either
Transport or Tunnel mode

Question 3

Explain Generic Routing Encapsulation (GRE) and its uses.

Answer 3

A Cisco proprietary tunneling
protocol
Used for sending data securely
across VPNs, Point-to-Point, or
Point-to-Multipoint links

Question 4

What is File Transfer Protocol (FTP)?

Answer 4

TCP 20/21
Used to execute server/client
file transfers
Two TCP ports used:
◦ 21: session control and auth
◦ 20: file transfers

Question 5

What is Secure File Transfer Protocol (SFTP)?

Answer 5

TCP 22
SFTP uses SSH (port 22) to
create an encrypted
connection the server

Question 6

What is Trivial File Transfer Protocol (TFTP)?

Answer 6

UDP 69
Simple and unsecured file
transfer protocol

Question 7

What is Secure Shell (SSH)?

Answer 7

TCP 22
Used for secure remote command- line terminal access

Question 8

What is Telnet?

Answer 8

TCP 23
Used for unsecure remote command- line terminal access

Question 9

What is Simple Mail Transfer Protocol (SMTP/SSMTP)?

Answer 9

TCP 25 Unsecure
TCP 465/587 Secure
E-mail clients use SMTP to
submit new messages to their
e-mail server
From client perspective, SMTP
is used for outgoing
messages

Question 10

What is Post Office Protocol v3 (POP3/SPOP3)?

Answer 10

TCP 110 Unsecure
TCP 995 Secure
E-mail client access protocol
Users can download their e-mails from the mail server to their client (Stored on own device then wiped from server)
From client perspective, POP3
is used for incoming messages

Question 11

What is Internet Message Access Protocol (IMAP/SIMAP)?

Answer 11

TCP 143 Unsecure
TCP 993 Secure
E-mail client access protocol
IMAP preferred when user has
multiple clients
◦ Only downloads a copy of latest
messages
◦ Marks read messages as read
on server to sync to all devices
From client perspective, IMAP
is used for incoming messages

Question 12

What is Domain Name System (DNS)?

Answer 12

TCP/UDP 53
Translates domain names to IP
addresses
Can be configured using
DHCP or manually by the user
Designed to use UDP
◦ Modern DNS needs to use TCP as
well as UDP

Question 13

What is Dynamic Host Configuration Protocol (DHCP)?

Answer 13

UDP 67/68
Used to automatically hand
out IP addresses to network
hosts
DHCP Server listens on UDP
port 67 for requests
DHCP Client talks from UDP
port 68 to send requests

Question 14

What is Hyper-text Transfer Protocol (HTTP/HTTPS)?

Answer 14

TCP 80 Unsecure
TCP 443 Secure
Used to transport files from a
web server down to a web
browser
HTTPS is HTTP over SSL/TLS

Question 15

What is Network Time Protocol (NTP)?

Answer 15

UDP 123
Synchronizes the clocks on
devices
Important for log files,
authentication, outages, etc.
Very accurate

Question 16

What is Simple Network Managing Protocol (SNMP)?

Answer 16

UDP 161
Aids the collection of metrics
from network devices and
hosts
◦ SNMP Manager reaches out to
network devices for metrics
◦ Value usually stored historically
◦If values exceed threshold, an
alert could be sent to admin

Question 17

What is Syslog?

Answer 17

UDP 514
Unix/Linux-based systems can
write messages to a log server
using the SYSLOG protocol
Helpful for centralized
management and observation
of logs across multiple machines

Question 18

What is Lightweight Directory Access Protocol (LDAP/LDAPS)?

Answer 18

TCP 389 Unsecure
TCP 636 Secure
Industry standard protocol for
utilizing central directories
◦ Username/Passwords
◦ Personal contact info
◦ Computer names/attributes
Microsoft Active Directory (AD)
◦ Most popular directory service
◦ LDAP allows lookups to AD to
find people or computers

Question 19

What is Server Message Block (SMB)?

Answer 19

TCP 445
Used by Microsoft to facilitate
network resource sharing
File and Printer sharing based
on SMB
SMB 1.0 was based off and
branded as CIFS

Question 20

What is Structured Query Language (SQL)?

Answer 20

TCP 1433, 1521, 3306
SQL is a protocol that allows us to
communicate with a database
SQL Server (Microsoft) uses 1433
SQLnet (Oracle) is a proprietary
version of SQL and uses port 1521
MySQL is an open-source version of
SQL and uses port 3306

Question 21

What is Remote Desktop Protocol (RDP)?

Answer 21

TCP 3389
Allows client computer to
control desktop environment
of a remote Windows client
Microsoft proprietary
Also used in virtual desktop
environments
◦ Thin clients often use RDP

Question 22

What is Session Initiation Protocol (SIP)?

Answer 22

TCP 5060
VoIP session protocol
Also supports video and
messaging applications over IP
streams