Intro to IP and Ports Flashcards
IP is like a series of moving vans
- Network topology is the road (ethernet, DSL, cabling)
- the trucks are IP (roads designed for this truck)
- the boxes inside hold your data (TCP/UDP)
- inside the boxes are also application info
What is multiplexing?
sending may different applications across the network simultaneously between the same devices.
TCP is connection oriented, what does that mean?
there is a formal set up and tear down process.
TCP can acknowledge that the recipient has received data, which UDP cannot. what is this called?
Reliable Delivery
What is a TCP acknowledgement?
TCP ACK
What does a sending device do if it does not receive a TCP ACK?
resend the data
UDP is connectionless, meaning…?
there is no formal open or close, no acknowledgement. no warning that data is coming or when it will stop.
Can TCP or UDP use flow control?
TCP can because it is a connection oriented protocol which allows the recipient to perform flow control.
what range is non ephemeral port numbers?
0 - 1,024
What range are ephemeral ports?
1,024 - 65,535
Port numbers are for communication, not security
service port numbers need to be well known
TCP and UDP port numbers are not the same, but ranges are
TCP and UDP use port 80 for different things
FTP use and port number?
tcp/20 (active mode data)
tcp/21 (control)
file transfer between systems. generic and not specific to an OS
SSH / Secure Shell use and port number?
tcp/22, text based console communication. Encrpyted communication link, also allows for encrypted file communication
STFP use and port
tcp/22, generic file transfer with security alone an encrypted network.
telnet
tcp/23, non encrpted communication, looks identical to SSH but telnet is sent in the clear (non encrpyted).
SMTP using plaintext
SMTP using TLS encryption
tcp/25 (SMTP using plaintext)
tcp/587 (SMTP using TLS)
Simple Mail Transfer Protocol, server to server email transfer. Also used from client devices sending to mail server.
Other protocols are used for clients to receive email, IMAP or POP3
DNS (fqdn)
udp/53, larger transfers may use tcp/53
DHCP
udp/67 and udp/68
dynamic host configuration protocol, automatically configures IP address, subnet mask, etc. requires DHCP server.
What are pooled addresses on DHCP?
Anyone who connects to a network will be given an IP from the pool of available addresses. Each system is given a lease that lasts a set amount of time.
What is a DHCP reservation?
reserving a particular IP address for a particular device on a network. This is done by associating an IP address with the devices MAC address.
TFTP
udp/69
Trivial File Transfer Protocol
For sending a small bit of information quickly to another device.
HTTP and HTTPS
tcp/80 (in the clear)
tcp/443 (encrypted)
If encrypted, using SSL or TLS
NTP
udp/123
Network Time Protocol
every device on the network has it’s own clock and uses NTP to stay synchronized. Critical for logging files, authentication or outage details
SNMP
udp/161
Simple Network Management Protocol
query devices about how that device may be performing
v3 has encryption, unlike v1 and v2
What are SNMP Traps?
When SNMP queries a device about how it’s performing, traps allow alerts from the network devices to be sent from the devices using udp/162
LDAP/LDAPS
tcp/389
lightweight directory access protocol
store and retrieve information in a network directory.
LDAP Secure
tcp/636 LDAP over SSL
SMB
tcp/445
server message block
allows for file sharing, locking, sometimes calles CIFS
integrated into windows OS
Syslog
udp/514
standard for message logging
often used in conjunction with a SIEM
How should you log messages on a network?
using a log collector like syslog, used on a SIEM (Security Information and Event Manager)
What is SQL
a standard language across database servers
what port is Microsoft SQL server on?
tcp/1433
RDP
tcp/3389
allows helpdesk to connect to a desktop or just an application
SIP
tcp/5060 and tcp/5061
Session Initiation Protocol
control protocol for VoIP
ICMP
it’s own protocol, doesn’t use TCP or IP.
internet control message protocol, like text messaging with a device
GRE
generic routing ecapsulation
tunnelling between endpoints, like a VPN
No built in encryption but can be added
What is a VPN Concentrator
purpose built device to encrypt/decrypt data at a central point in VPN tunnel
Commonly found on firewalls
IPSec
internet protocol security
Security for OSI layer 3
Very standardized
anti-replay
TWO common protocols
AH authentication header
ESP encapsulation security payload
IKE
Internet Key Exchange
agree on encryption/decryption keys without sending keys across the network, builds a security association (SA)
IKE Phase 1
Uses diffie-hellman to create a shared secret key using udp/500
IKE Phase 2
Coordinate ciphers and key sizes, negotiate inbound and outbound SA for IPsec
What is the purpose of an AH
Authentication Header is to validate the information you’re receiving over an IPSec tunnel. If using AH mode, you’re sending info in the clear, but the AH mode includes hashing.
What is the purpose of ESP
Encapsulation Security Payload (ESP) encrypts the packet. Adds a header, trailer, and integrity check value