Chapter 7 TCP/IP Implementation Flashcards
The DHCP Leases Process:
- Discover- Once a node comes online and loads a simple version of TCP/IP and it’s ready to communicate with a DHCP server, it transmits a broadcast called a DHCP discover to the network’s broadcast address of 255.255.255.255 to see if any DHCP servers are online and then request an IP address.
- Offer- DHCP servers that are online respond with a directed lease offer packet that contains an IP address that the node can lease.
- Request- The node accepts the first offer it receives and returns a request to lease the IP address from the DHCP server.
- Acknowledge- The DHCP server acknowledges the request from the node with a DHCP ACK, which has the IP address and settings required for the leasing time and starts the lease.
the predecessor of DHCP. It was developed to assign IP addresses to diskless workstations that had no way of storing their operating system.
BOOTP (the bootstrap protocol)
are lease assignments in DHCP that enable you to configure a permanent IP address for a particular client on the subnet. Reserved IP addresses differ from statically configured IP addresses; when there are any changes in network parameters on the DHCP server, IP addresses receive the changes when they renew their leases.
DHCP Reservations
a service that captures a BOOTP or DHCP broadcast and forwards it through the router as a unicast transmission to the DHCP server on another subnet. You must either have a DHCP server on each subnet and configure the router to forward the broadcasts, or configure one of these
DHCP Relay Agent
a service that enables a DHCP client device to configure itself automatically with an IP address in the range of 169.254.0.1 to 169.254.255.254, in case no DHCP servers respond to the client’s DHCP discover broadcast. APIPA addresses are not routable, so devices with APIPA addresses cannot communicate outside of the local subnet.
Automatic Private IP Addressing (APIPA)
windows command that displays connection-specific DNS suffix, IP address, subnet mask, and default gateway information. /release forces the release of an IP address. /renew requests the renewal of an IP address.
Ipconfig
command displays the status of currently active network interface devices on Linux and Unix. Iwconfig for wireless devices on Linux and Unix
Ifconfig
Enables you to configure and manage DHCP settings on the network interfaces of a computer. Supported on Linux and Unix.
Dhclient
Ping command options:
- Packet Size - by default, data packets are sent as re bytes. You can specify a larger size to response time. Example ping target [-1 size]
- TTL- A value that determines how many hops an IP packet can traverse before being discarded. Example ping target [-i TTL]
- Packet Count- Specifies the number of packets with which a remote host is pinged. Default is four packets. Example ping target [-n packet count]
- Continuous ping- Pings the specified host until the command is interrupted by pressing Ctrl+C. Example ping target -t
- IPv6- Ping using IPv6. Example ping target -6
As a security measure, some public Internet hosts and routers might be configured to block incoming packets that are generated by the ping command and is known as this.
ICMP Blocking
a number that represents a process running on a network. associated with OSI Layer 5, but in every packet, there will be both a source and destination one embedded in the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) header.
Ports
Port # and Protocol(s) for FTP Data File Transfer - Default Data
20 & TCP
Port # and Protocol(s) for
21 & TCP
Port # and Protocol(s) for SSH - Secure Shell & SFTP - Secure File Transfer Protocol
22 & TCP, UDP
Port # and Protocol(s) for Telnet
23 & TCP, UDP
Port # and Protocol(s) for SMTP
25 & TCP
Port # and Protocol(s) for DNS
53 & TCP, UDP
Port # and Protocol(s) for BOOTPS - DHCP (BOOTP) server
67 & TCP, UDP
Port # and Protocol(s) for BOOTPC - DHCP (BOOTP) client
68 & TCP, UDP
Port # and Protocol(s) for TFTP
69 & UDP
Port # and Protocol(s) for HTTP
80 & TCP
Port # and Protocol(s) for POP3 - Post Office Protocol, version 3 (POP3)
110 & TCP
Port # and Protocol(s) for NTP - Network Time Protocol (NTP)
123 & UDP
Port # and Protocol(s) for IMAP - IMAP
143 & TCP, UDP
Port # and Protocol(s) for SNMP - Simple Network Management Protocol (SNMP)
161 & UDP
Port # and Protocol(s) for IRC - Internet Relay Chat (IRC)
194 & TCP
Port # and Protocol(s) for IDAP - Lightweight Directory Access Protocol (LDAP)
389 & TCP, UDP
Port # and Protocol(s) for HTTPS - HTTP-secure
443 & TCP
Port # and Protocol(s) for SMB - Server Message Block (SMB)
445 & TCP
Port # and Protocol(s) for LDAPS - Secure LDAP
636 & TCP, UDP
Port # and Protocol(s) for h.323 - H.323 Call Setup
1720 & TCP
Port # and Protocol(s) for RDP - Remote Desktop Protocol (RDP)
3389 & TCP, UDP
Port # and Protocol(s) for SIP - Session Initiation Protocol (SIP) unencrypted signaling traffic
5060 & TCP, UDP
Port # and Protocol(s) for SIP encrypted traffic
5061 & TCP, UDP
For example, if your web server is installed on 193.44.234.3, the —- for the HTTP process would look like this 193.44.234.3:80.
Socket
a unique name given to a node on a TCP/IP network.
Host Names
a grouping of devices on the Internet or on another network based on the nature of their operations.
Domain Name
a host name combined with the host’s domain name forms this
a host name combined with the host’s domain name forms
a TCP/IP name resolution service that translates FQDNs into IP addresses.
Domain Name System (DNS)
The DNS database is divided logically into a hierarchical grouping of domains. It is divided physically into files called this
Zones
files that contains the actual IP-to-host name mappings for one or more domains.
Zone File
can be entered into a DNS database either statically or dynamically
records
DNS record is entered manually by an administrator and does not change unless the administrator manually updates it.
Static Record
For example, if a client is using DHCP to get its IP address, each time it leases a new address, it can request an update of its DNS host record.
Dynamic Record
DNS record that maps a host name to its IP address by using a 32-bit IPv4 address.
(A) Address
DNS record that maps a host name to its IP address by using a 128-bit IPv6 address.
(AAAA) IPv6 address
Maps multiple canonical names (aliases) to an A record
Canonical name (CNAME)
Maps a domain name to a email server list
Mail Exchanger (MX)
Maps an IP address to the host name for the purpose of reverse lookup
Pointer (PTR)
The DNS Resolution Process: (7 Steps)
Step 1- Client Request Step 2- Preferred DNS server Step 3- Root name Server Step 4- Top-level domain server Step 5- Other domain servers Step 6- Host name resolution Step 7- Host address
is a plaintext file configured on a client device containing a list of IP addresses and their associated host names, separated by at least once space.
HOSTS file
this command determines the route data takes to get to a particular destination. Internet Control Message Protocol (ICMP) “Time Exceeded” messages are then sent back from the routers to the node running the command. Each time a packet is sent, the TTL value is reduced before the packet is forwarded, thus allowing TTL to count how many hops it is away from the destination. Traceroute is the Linux equivalent of the tracert command.
Tracert
Tracert command options:
if you are having trouble resolving host names when using tracert, use this option to prevent tracert from trying to resolve host names. It also speeds up response time because it is not spending time resolving host names.
-d
Tracert command options:
The default number of hops tracert will attempt to reach is 30. Using this option, you can specify more or fewer hops for it to check.
-h max_hops
Tracert command options:
You can use thisoption to force the outgoing datagram to pass through a specific router.
-j host-list
Tracert command options:
If many of your responses on the tracert are timing out, by using this option, you can increase the number of milliseconds to wait before continuing. If, after increasing the value, destinations are then reachable, you probably have a bandwidth issue to resolve.
-w timeout
this command provides information about latency and packet loss on a network. combines the functionality of the ping and tracert commands. It is similar to tracert as it identifies the routers that are on the path. In the output, it also displays the path to the remote host over a maximum of 30 hops.
pathping command
pathping options:
- h maximum hops
- i specifiy a source address
- n specify that host name resolution can be skipped
Querries DNS and displays the domain name or IP address mapping
nslookup
Displays incoming and outgoing TCP network connections, routing tables, and connection statistics.
netstat
Scans the network to discover hosts and services on the network and build a map of the network. Built into Linux and Unix. Have to download the utility for windows.
nmap
the integrated management of IP address allocation, DNS, and DHCP services.
Internet Protocol Address Management (IPAM)
a TCP/IP protocol that enables the transfer of files between a user’s workstation and a remote host. Characteristics include:
Works at the Application Layer (Layer7) of the OSI model and the Application Layer of the TCP/IP model.
TCP port 20 for data transfer
TCP port 21 for control commands
File Transfer Protocol (FTP)
is a simple version of FTP that uses UDP as the transport protocol, and does not require logon to the remote host. It is commonly used for bootstrapping and loading applications and not for file transfer. FTP traffic is not encrypted and all transmissions are in clear text. User names, passwords, commands, and data can be read by anyone able to perform packet capture (sniffing) on the network.
Trivial File Transfer Protocol (TFTP)
is an Internet protocol that synchronizes the clock times of devices in a network by exchanging time signals. Works at the Application Layer (Layer 7) of the OSI model. Uses UDP port number 123.
Network Time Protocol (NTP)
is an Internet protocol that enables administrators to monitor and manage network devices and traffic. Works at the Application Layer (Layer 7) of the OSI model. uses ports 161 and 162 to collect information from and send configuration commands to networking devices such as routers, switches, servers, workstations, printers, and any other SNMP-enables devices. generally runs over UDP.
Simple Network Management Protocol (SNMP)
a communications protocol for formatting and sending email messages from a client to a server or between servers. Works at the Application Layer (Layer 7) of the OSI model. Uses port 25 or 587 for standard communications and port 465 for encrypted communications. Runs on TCP.
Simple Mail Transfer Protocol (SMTP)
a protocol used to retrieve email messages from a mailbox on a mail server. Characteristics include:
Works at the Application Layer (Layer 7) of the OSI model.
Uses TCP port 110 for regular transmissions and port 195 for encrypted transmissions.
Once the client retrieves and downloads the messages, the server deletes them unless the client configures options to leave the messages on the server.It is not the best email protocol to use when users need to access their email from multiple devices.
Post Office Protocol 3 (POP3)-
is a protocol used for retrieving messages from a mail server. Works at the Application Layer (Layer 7) of the OSI model. Uses port 143 for regular transmissions and port 993 for encrypted transmissions.
Internet Message Access Protocol version 4 (IMAP4)
is a network protocol that enables clients to interact with websites by allowing them to connect to and retrieve web pages from a server. Works at the Application Layer (Layer 7) of the OSI model. Uses port 80 for communications.
Hypertext Transfer Protocol (HTTP)
is a secure version of HTTP that provides a secure connection between a web browser and a server. Runs at the Application Layer (Layer 7) of the OSI model. Uses port 443 and runs on TCP. uses the Transport Layer Security (TLS) security protocol to encrypt data.
HTTP Secure (HTTPS)
a terminal emulation protocol. It works at the Application Layer (Layer 7) of the OSI model. Uses TCP Port 23. It is NOT a secure protocol, since it transmits in cleartext.
Telnet
is a program that enables a user or an application to log on to another device over a network, execute commands, and manage files. Characteristics include:
Operates at the Application Layer (Layer 7) of the OSI model.
It uses port 22 and runs on TCP
Offers strong authentication methods, and ensures that communications are secure over insecure channels.
All traffic (including passwords) is encrypted to eliminate connection hijacking, eavesdropping, and other network-level attacks, such as IP source routing, IP spoofing, and DNS spoofing.
SSH2 includes a secure replacement for FTP called Secure File Transfer Protocol (SFTP)
Secure Shell (SSH)
is a protocol that helps share resources such as files, printers, and serial ports among devices. Works at the Application Layer (Layer 7) of the OSI model. Uses port 445 and runs on TCP.
Server Message Block (SMB)
is a proprietary protocol created by Microsoft for connecting to and managing devices that are not necessarily located at the same place as the administrator. It uses port 3389 and runs on TCP. Works at the Application Layer (Layer 7) of the OSI model.
Remote Desktop Protocol (RDP)
