Network Protocols Flashcards
An academic and military network that later became the Internet’s primary precursor
ARPANET
What do the 1s represent in a Subnet Mask?
Network ID
What do the 0s represent in a Subnet Mask?
Host ID
What is the IP range and subnet for class A networks?
0.-127.255.255.255
Subnet Mask 255.0.0.0 /8
What is the IP range and subnet for class B networks?
- 191.255.255.255
Subnet Mask 255.255.0.0 /16
What is the IP range and subnet for class C networks?
- 223.255.255.255
Subnet Mask 255.255.255.0 /24
What is the IP range for class D networks?
- 239.255.255.255
What is the IP range for class E networks?
- 254.255.255.255
A non-routable address which can either mean the current network, the default route, any address at all, or a specific error condition, depending on context.
0.0.0.0
The broadcast address that addresses the entire subnet at once. Broadcasts aren’t generally routed, so any packet to this address is just sent through the local broadcast domain.
255.255.255.255
Reserved for loopback addresses, which, as the name implies, simply points right back to the local host.
127.0.0.0, Most commonly, you’ll see 127.0.0.1 used to refer to the local system.
These network addresses aren’t routable on the Internet, but are instead commonly used on home or office networks. They were originally assigned as classful addresses, but you can break them into CIDR subnets on your own networks.
Private Networks
- 0.0.0/8, or the single Class A network with addresses 10.0.0.0 – 10.255.255.255.
- 16.0.0/12, or the 16 contiguous Class B networks with addresses 172.16.0.0 – 172.31.255.255.
- 168.0.0/16, or the 256 contiguous Class C networks with addresses 192.168.0.0 – 192.168.255.255.
What network address is reserved for link-local or automatic Private IP addressing (APIPA) addresses
169.254.0.0/16
Used to find the physical address corresponding to an IvP4 local IP address
ARP Address Resolution Protocol
Used to find the physical address corresponding to an IvP6 local IP address
Neighbor Discovery Protocol (NDP)
A hierarchical directory service that stores assigned domain names and their corresponding IP addresses.
Domain Name System (DNS)
The root category of the domain. Originally these were either three-letter functional categories like.comor.edu, or two letter country codes like.ukor.jp.
Top-Level Domain (TLD)
Represents a particular organization
Domain
An optional level used for categories within the organization.
Subdomain
The name of the specific host within the organization, or its alias
Hostname
Usable on the local segment, but not routable and starts with 1111111010 (fe80) followed by 54 zero bits
Link-Local
Routable on public networks and starts with the bits 001, and the first group is in the range 2000-3fff
Global
Routable within an organization, but not on public networks and starts in the range fec0 to fef0 followed by 38 zero bits
Site-Local
TCP negotiates a virtual connection between two hosts, a dedicated channel that carries a defined stream of data to the remote host. This connection always requires two-way communications: even if the ultimate goal is a one-way transfer, the recipient must be able to acknowledge receipt of data.
Connection-oriented
Provides connection-oriented, reliable communications, with error correction, flow control, and sequencing
TCP (Transmission Control Protocol)
TCP guarantees that all data is successfully delivered to the host. If a segment fails to arrive, TCP itself handles discovering the failure and resending the segment
Reliable
A TCP segment itself contains a checksum which is used for error detection. Detected errors are then corrected, since corrupt segments are discovered and resent just like missing ones.
Error Correction
As part of the acknowledgement process, the remote host can regulate the rate of data flow. This keeps a slow recipient from being overwhelmed by high-speed transmissions
Flow Control
When a long transmission must be broken into many segments, for example a large file transfer, TCP can guarantee they will be delivered to the upper layers in the correct sequence, even if the packets on the network arrived out of order. This keeps applications from being burdened with reassembling fragmented transmissions.
Sequencing
Protocol that is unreliable, connectionless, fast, and lightweight.
UDP (User Datagram Protocol)
What network services use UDP?
streaming video or online multiplayer games
Represents a certain place on the Transport layer that represents the end point of the conversation
Port or Socket number
Process in which a single port on a host can only be used by one application at a time.
Port Binding
Client programs connecting to servers which are held in a pool by the operating system and only assigned for the length of a given connection.
ephemeral ports or dynamic ports
Ports 0-1023 are assigned to the most universal and accepted TCP/IP standard applications, or applications the IANA expects to become standards
System Ports (Well Known or Privilege)
Ports 1024-49151 are assigned to applications that benefit from assigned port numbers, but aren’t so widely used that they need to become a worldwide standard
User Ports (registered ports)
Ports 49152-65535 aren’t assigned by the IANA, and can be used for any purpose without registration
Private Ports
Used to retrieve data from web servers. Port 80
HTTP (Hypertext Transfer Protocol)
Used for secure web pages and sites. Includes encryption services. Port 443
HTTPS (HTTP over TLS/SSL)
Used for transferring files between hosts. Contains basic authentication features. Port 20 (data) Port 21 (control)
FTP (File Transfer Protocol)
Used to log into remote systems via a virtual text terminal interface. Port 23
Telnet
Encrypted replacement for Telnet and FTP. Includes Secure Copy Protocol (SCP) and Secure Shell FTP (SFTP). Port 22
SSH Secure
Sends an email to and between mail servers. Port 25
SMTP Simple Mail Transfer Protocol
Retrieves email from mail servers. Port 110
POP3 Post Office Protocol version 3
Retrieves email from mail servers. Port 143
IMAP Internet Message Access Protocol
Used to share files and resources like printers. Port 445
SMB Server Message Block
Used to share files on Linux and other Unix-like networks. Port 2049, 111
NFS Network File System
Used to share files on OSX and MacOS networks. Port 548 or 427
AFP Apple Filing Protocol
Allows computers to find network services without prior configuration. Most commonly used for network printers. Port 427
SLP Service Location Protocol
Used for network directory services that centrally manage user accounts and network services. Port 389, 636 (secure)
LDAP Lightweight Directory Access Protocol
Used for remote logins to Windows systems. Port 3389
RDP Remote Desktop Protocol
Provides name, datagram, and session services for networks using the NetBIOS API. NetBIOS used on TCP/IP networks is sometimes called NetBT. SMB often uses NetBIOS functions as well. Port 137 - 139
NetBIOS Network Basic Input/Output System
Which protocol is used to find the MAC address of a given IP address?
ARP
Server that controls access to the network or other resources.
Authentication Server
Server that provides dynamic IP address configuration to client systems.
DHCP server
Server that provides domain name lookups for client systems.
DNS server
Manages security policies for end user systems such as PCs and mobile devices. An endpoint management server may centrally administer antivirus protection, security logging, and policy compliance enforcement across the entire network.
Endpoint management server
Provides centralized file storage and sharing for network users
File server
Receives, stores, and delivers email messages
Mail server
Provides central access to a network printer. Today, network-enabled printers usually run print server applications, and connect directly to the network.
Print server
Relays communications between LAN hosts and Internet hosts. A proxy server may be used for some protocols or all communications; depending on the network it might be designed to improve security or performance
Proxy server
Gathers syslog data from other computers and devices on the network and compiles them into one place. A syslog server commonly includes features that process raw logs then generate reports or alerts which are more useful to human administrators.
Syslog server
Distributes web pages. Internet web servers might be most familiar, but local network applications often use web servers as well. Even an embedded appliance like a home router or network printer will typically use a web server for its configuration interface
Web server
Allows a command line terminal interface with a remote system. Dating to 1969, Telnet is one of the oldest Internet standards, and uses TCP port 23. Its features are very basic and it isn’t very secure, so it’s not nearly as popular as it once was.
Telnet
Secure shell was developed as a secure alternative to Telnet: it allows stronger authentication and encrypted transmission. It also allows other features, such as file transfers. SSH uses TCP port 22.
SSH
Microsoft’s proprietary remote access protocol. Not only does it provide security features, but it allows you to log into a complete Windows desktop over the network. RDP uses TCP port 3389. A number of other vendors offer similar protocols for use with their own products.
RDP
Virtual Network Computing is an open set of standards based on the Remote Frame Buffer (RFB) protocol. Like RDP, VNC allows you to access a complete graphical desktop, but unlike RDP it directly shares input and output rather than creating a remote user session. This makes it especially useful for screen sharing and presentations as well as remote access. There are many VNC variants such as RealVNC, TightVNC, and UltraVNC. Each may have extra features such as security or specific operating system optimizations. By default, VNC uses TCP port 5900+N, where N is the display number.
VNC
Web-based interfaces aren’t that suitable for remote access to a graphic or command-line shell interface, though it’s possible with the assistance of a web-based application. More commonly, HTTP is used for web management interfaces for network devices and services. Just like any other website, HTTP itself provides no real security, so HTTPS is much better for use on untrusted networks.
HTTP
Used to remotely manage and monitor network devices like routers and switches. SNMP doesn’t provide a direct login to the device, but rather standardizes communication between managed devices and a central management application. SNMP uses UDP ports 161 and 162.
SNMP
Designed for dialup connections to private LANs, but widely used in other networks, Remote Authentication Dial-In User Service authenticates users when they attempt to connect to the network. Uses a variety of UDP ports depending on implementation.
Radius
A proprietary Cisco protocol with similar functions to RADIUS. It was designed for remote administration of network devices but can be used for remote access authentication as well. Compared to RADIUS it has some security and flexibility benefits, but is proprietary and more resource intensive.
TACACS+: Terminal Access Controller Access-Control System Plus
Allows a client to access multiple network resources via a single sign-in. Used by a number of network systems, including Windows domain networks.
Kerberos
An IEEE standard Used to authenticate connections to an Ethernet switch or wireless access point. It’s the protocol used by Wi-Fi hotspots operating in Enterprise mode. 802.1X servers commonly use RADIUS servers for back-end authentication.
802.1X
Manages distributed directory information services across a network. It’s used by many directory service systems from multiple vendors, such as Novel’s eDirectory and Microsoft’s Active Directory. LDAP allows clients to query a central network database for information about user accounts, printers, and other network resources. While it’s not an authentication system in itself, it’s also vital in some single sign-on environments such as Active Directory. LDAP by default uses TCP port 389 and has limited security features LDAP over SSL (LDAPS) uses TCP port 636; it has security features, but is still more suited to trusted LANs than the Internet.
LDAP: Lightweight Directory Access Protocol
One of the oldest Internet protocols, File Transfer Protocol allows network access to files. It isn’t very secure, and it isn’t very much like accessing local files at all, so it’s been gradually displaced by SSH on the Internet and other file sharing protocols on the LAN. Still, FTP is in common use as a way to provide Internet access to files. FTP uses TCP ports 20 and 21.
FTP
Allows folders or hard drives to be shared over the network and accessed much like they were local drives. It’s not only used by file servers, but by clients sharing folders on peer-to-peer networks. SMB was primarily developed and popularized by Microsoft, but today is used by many vendors. SMB uses ports 137-139 and 445. Some versions of SMB are called CIFS, but typically the two can be used interchangeably.
SMB: Server Message Block
Very similar to SMB but is used primarily by Linux and other Unix-like operating systems. In Linux-only environments it tends to have better performance and easier configuration than SMB, while in Windows environments it’s the opposite. The newest version, NFSv4, uses TCP and UDP port 2049. Older versions additionally require port 111, and possibly others depending on configuration.
NFS: Network File System
Operates similarly to SMB, but with specific features more tuned to Apple’s file systems. Operates on ports 427 or 548. Older literature might call AFP AppleShare or AppleTalk Filing Protocol.
AFP: Apple Filing Protocol
A session-layer API, rather than strictly a protocol, NetBIOS is designed to allow various applications to communicate over the network. NetBIOS was designed by IBM but is best known for its use by Microsoft Windows systems, where it is also called NetBEUI and is used for file and printer sharing as well as computer identification. On TCP/IP networks, NetBIOS is often called NetBT and uses TCP and UDP ports 137-139. Due to a number of serious security vulnerabilities, when NetBIOS must be used it should only be enabled on trusted local networks, not on connections accessible from the Internet.
NetBIOS
Operates on TCP port 80, and itself is an insecure protocol
HTTP
Operates on TCP port 443. Connections are encrypted using either Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. This not only keeps others from eavesdropping on your conversations, it helps you make sure you’re really logging into your bank’s website and not a clever mockup created by a scammer.
HTTPS
Used to send an email from clients to servers, and for transferring email between servers. It never is used by clients to receive an email from servers. SMTP typically uses TCP port 25.
Simple Mail Transfer Protocol (SMTP)
Used by clients to receive email from servers; never used to send an email. Currently at version 3, or POP3. POP3 works best for accounts accessed only on one device, and uses TCP port 110
Post Office Protocol (POP)
Used by clients to receive email from servers; never used to send an email. Currently at version 4, or IMAP4. IMAP supports more features than POP. It works better for accounts accessed from multiple devices, but it also requires more server resources.
Internet Message Access Protocol (IMAP)
A proprietary protocol used by Microsoft Exchange email servers. It both sends and receives email, and has other specific features used by Exchange. It’s not usually used on the Internet, but is popular in Microsoft-based networks and email clients.
Messaging Application Programming Interface (MAPI)
Allows file transfer feature and uses TCP port 22
Secure Shell (SSH)
Allows a user to access a complete graphical desktop and uses TCP port 5900+N
Virtual Network Computing (VNC)
Allows a user to log into a complete Windows desktop over the network and uses TCP port 3389
Remote Desktop Protocol (RDP)
Allows a command-line terminal interface with a remote system and uses TCP port 23
Telnet
Used to remotely manage and monitor network devices and uses UDP ports 161 and 162
Simple Network Management Protocol (SNMP)
Used for web management interfaces for network devices and services
Hyper Text Transfer Protocol (HTTP)
An authentication protocol that provides centralized authentication and authorization services for remote users. It uses TCP port 49 and supports multifactor authentication.
Terminal Access Controller Access Control System Plus (TACACS+)
IPv6 (version 6) or IPng (next generation) advantages
- IP address size will increase from 32 bits to 128 bits.
- Some of the header fields have been dropped.
- Version 6 has less rigid length limits and the ability to introduce new options.
- Packets will indicate particular traffic type.
- Support will be provided for data integrity and confidentiality.
- The IPv6 header is 40 fixed bytes and has eight fields of information.
What is the APIPA address range?
169.254.0.0 - 169.254.255.255
What is the Link Local address?
fe80::/10
What are the three blocks of IP addresses that have been reserved by the IANA for private networks?
- 0.0.0 to 10.255.255.255
- 16.0.0 to 172.31.255.255
- 168.0.0 to 192.168.255.255
