Module 3 / Unit 2 TCP and UDP Flashcards
On completion of this unit, you will be able to: □ Describe the functions of TCP and UDP and the characteristics of connectionoriented versus connectionless protocols. □ Identify "well known" ports. □ Use netstat and Nmap to identify open connections and services. □ Use a protocol analyzer to monitor network traffic.
Why would a developer choose to use unreliable delivery over reliable, connection oriented delivery?
When speed is more important than reliability.
What is the purpose of the Window field in a TCP segment?
Used for flow control (indicates the amount of data that the host can receive before sending another acknowledgement).
If the client is in the TIME-WAIT state, is the connection with the server still open?
Not normally - the server closes the connection when it receives the ACK from the client; if this packet is lost the server connection may still be open.
What are the sizes of TCP and UDP headers?
TCP is 20 bytes (or more) while UDP is 8 bytes.
A function of TCP is to handle flow control. What is the purpose of the flow control function?
Flow control makes sure the sender does not inundate the receiver with data packets.
True or false? User Datagram Protocol (UDP), like TCP, uses flow control in the sending of data packets.
False
Which ports are closely associated with web applications?
TCP ports 80 (HTTP) and 443 (HTTPS[ecure]).
A security consultant tells you that the headers used by your organization’s database server should be changed. Why might she recommend this?
The headers may reveal information about the way the database server is configured to a banner grabbing attack.
If you wanted to investigate connections on your machine, which utility would you use?
netstat
You need to audit services made publicly available on a web server. What commandline tool could you use?
Nmap is an ideal tool for scanning remote hosts to discover which ports they have open and the applications or services running the
You need to analyze the information saved in a .pcap file. What type of commandline tool or other utility is best-suited to this task?
This type of file will contain a network packet capture. You could use a commandline tool such as tcpdump to display the contents but a grahpical tool such as Wireshark will make analysis easier.
