Ports & Protocols Flashcards
FTP
File Transfer Protocol
tcp/20 - active mode data
tcp/21 - control
Port 20
FTP Active Mode Data
Port 21
FTP Control
SSH
Secure Shell
tcp/22
Port 22
SSH
SFTP
SFTP
Secure FTP
tcp/22
Telnet
tcp/23
Port 23
Telnet
SMTP
Simple Mail Transfer Protocol
server to server email
tcp/25
tcp/587
Port 25
SMTP
Port 587
SMTP w/ TLS Encryption
DNS
Domain Name System
udp/53
tcp for large data transfers
Port 53
DNS
DHCP
Dynamic Host Config Protocol
udp/67
udp/68
Port 67
DHCP
Port 68
DHCP
TFTP
Trivial FTP
udp/69
Port 69
TFTP
HTTP
Hypertext Transfer Protocol
tcp/80
HTTPS
HTTP secure
tcp/443
Port 80
HTTP
Port 443
HTTPS
NTP
Network Time Protocol
udp/123
Port 123
NTP
SNMP
Simple Network Management Protocol
udp/161
udp/162 - SNMP Trap - net device automatically sends status messages
Port 161
SNMP
Port 162
SNMP Trap
LDAP
Lightweight Directory Access Protocol
tcp/389
tcp/636 - secure
LDAP is used to store and manage data such as usernames, passwords, and
Port 389
LDAP
Port 636
LDAPS
SMB
Server Message Block
File sharing
tcp/445
Port 445
SMB
Syslog
udp/514
Port 514
Syslog
SQL Server
Structured Query Language
tcp/1433
Port 1433
SQL Server
RDP
Remote Desktop Protocol
tcp/3389
Port 3389
RDP
SIP
Session Initiation Protocol
tcp/5060
tcp/5061
VoIP
Port 5060
SIP
Port 5061
SIP
ICMP
Internet Control Message Protocol
Not TCP or UDP
Ping, TTL expired, unreachable
GRE
Generic Routing Encapsulation
tunnel btw 2 endpoints
no encryption
VPN
Virtual Private Network
encrypted
IPSec
Internet Protocol Security
Security for Layer 3
encryption and packet signing
widely used standard protocol for VPN
AH
Authentication Header
for IPSec
Hash of packet and shared key
ESP
Encapsulating Security Payload
for IPSec
Encrypts the packet and ESP trailer
IKE
Internet Key Exchange
for IPSec
Build Security Association (SA) agree on keys to use
IPSec Transport Mode
Data is encrypted but IP address is not
IPSec Tunnel Mode
Both Data and IP address are encrypted
RIPv2 Metric
RIPv2 uses number of hops to destination as the metric
Routing Metric
Each protocol has a different method for calculating a metric
Cannot be used interchangeably between protocols
Lowest metric is best
Administrative Distance by protocol
Based on which is most trusted:
Local 0
Static Route 1
EIGRP 90
OSPF 110
RIPv1/RIPv2 120
DHCP default route 254
Unknown 255
Prefix Length
Route Tables
Used to evaluate and prioritize next hop
Most specific wins (longest prefix)
Route Table Entry
R 10.10.30.0/24 [120/1] via 10.10150.2, 00:00:14, Serial0/3/1
R - Route Code
10.10.30.0/24 - Subnet ID with Prefix Length
120 - Administrative Distance
1 - Metric
10.10.50.2 - Next Hop
00:00:14 - Route Timestamp - how long this entry has been active
Serial0/3/1 - Outgoing interface
BGP
EIGRP
OSPF
BGP - Route outside of your AS
EIGRP - partly Cisco Proprietary - route within your AS
OSPF - Common standard to route within your AS
AS
Autonomous System
All devices on your controlled local network
Link-State Protocol
Routing path chosen based on “cost”
each link has a cost assigned
- Throughput, reliability, round trip time
Low cost and fastest path wins
Identical costs are load balanced
- OSPF
- IS-IS
- BGP-LS
OSPF
Open Shortest Path First
Link-State Protocol
EIGRP
Enhanced Interior Gateway Routing Protocol
Hybrid Protocol
Cisco Proprietary
BGP
Border Gateway Protocol
Hybrid Protocol
Used to route to outside of your Autonomous System
Routing Table Entry
D 10.10.30.0/24 [90/2172416] via 10.10.50.1, 00:05:54, Serial0/3/0
D - Route Code - EIGRP
10.10.30.0/24 - Subnet ID with Prefix Length
90 - Administrative Distance
2172416 - Metric
10.10.50.1 - Next Hop
00:05:54 - Route Timestamp - how long this entry has been active
Serial0/3/1 - Outgoing interface
FHRP
First Hop Redundancy Protocol
Create Virtual IP address for router. If the physical router fails, the VIP shifts to another router so no interruption is network access
Default Gateway is actually multiple routers
VIP
Virtual IP address
An address that can be transferred from device to device to provide fail-over for routers using FHRP
Subinterfaces
Non-physical interfaces
- VLANS in a trunk
Example:
Interface Ethernet1/1
Subinterface Ethernet1/1.10
Subinterface Ethernet 1/1.20
Subinterface Ethernet 1/1.100
NAT
Network Address Translation
PAT
Port Address Translation
802.1Q Tagging
Add VLAN Tag to a Frame to pass it through a trunk
Trunk
Combine VLANS on one interface
SVI
Switched Virtual Interface
Virtual interface in a Layer 3 switch used to route traffic between VLANs
Native VLAN
Does not add an 802.1Q header
Can traverse a trunk without a tag
Native VLAN needs to match on both switches
used because some devices cannot use 802.1Q
Voice VLAN
VOIP needs consistent connection speed
If there’s alot of data traffic on same network, bad voice quality
Put VOIP on separate VLAN with dedicated bandwidth
Link Aggregation
Connect multiple interfaces together and configure so treated as one high capacity link
LACP
Link Aggregation Control Protocol
Automatically recognize multiple connections to the same device and implements Link Aggregation
MTU
Maximum Transmission Unit
Max packet size
Jumbo Frame
Ethernet Frame with more than 1,500 bytes of payload
Up to 9,216 bytes
STP
Spanning Tree Protocol
Automatically recognize and prevent loops on net
Reconfigure if a link is disabled
STP port states
Blocking
Listening
Learning
Forwarding
Disabled
RSTP
Rapid Spanning Tree Protocol
802.1w
Faster convergence of network configuration
SNMP Versions
SNMP v1 - Structured tables stored in the clear
SNMP v2c - +data typed, bulk transfer, still in the clear
SNMP v3 -
OID
Object Identifier
identifies devices as data about their network usage is stored in the MIB for SNMP query
SNMP
Simple Network Management Protocol
Monitor network statistics and data
Data stored in MIB
MIB
Management Information Base
Stores network activity data to be queried using SNMP
SNMP Trap
Periodically poll MIBs on network devices to proactively provide alerts when a problem is detected
SNMP Authentication
Community String - v1 and v2c only - password style
Username and PW - v3 transmitted as PW hash
SNMP Community String
Password-style authentication method only used in SNMP v1 and v2c
Network Discovery methods
- LLDP
- CDP
- IP scanners (Nmap)
- Commercial net scanners
- SNMP
LLDP
Link Layer Discovery Protocol
CDP
Cisco Discovery Protocol
NetFlow
Protocol used to collect and analyze network traffic, performance, troubleshooting, and plan upgrades
DHCP Process
- Discover
- send discover packet
- from 0.0.0.0:udp/68
- to 255.255.255.255:udp/68 - Offer
- DHCP Server send offer packet
- to 255.255.255.255:udp/68 - Request
- send request packet to DHCP server
- might have gotten multiple offers, send request to one - Acknowledgement
- send ack packet
- to 255.255.255.255:udp/68
DHCP Scope
Pool of addresses managed by the DHCP server
DHCP Reservation
Table to reserve IP addresses for devices so they are always assigned the same one
DHCP Renewal - Timers
T1 Timer - 50% of lease time
T2 Timer - 87.5% (7/8ths) of lease time
DHCP Options
Configure other settings
Many many
-
NDP
Neighbor Discovery Protocol
Like ARP for IPv6
No broadcasts
Discover neighbor MAC addresses
Uses ICMPv6
SLAAC
StateLess Address AutoConfiguration
Devices automatically create their own IPv6 address from their MAC Address
64-bit network prefix
last 64-bit:
- Split MAC in half
- Insert ff:fe
- flip 7th bit to make routable
Uses Duplicate Address Detection (DAD) to prevent duplicate IPs
NDP Messages
RA: Router Advertisement - from router
- from router or periodically from ff02::1 multicast
RS: Router Solicitation - from device
- to all IPv6 routers ff02::2
DNS Record Types
SOA - Start of Authority
A - Address - IPv4
AAAA - Address - IPv6
CNAME - Canonical Name
MX - Mail Exchange
TXT - Text
NS - Name Server
PTR - Pointer
DNS Recursive query
Start at Root server
then .com server
then authoritative name server of website
then store in cache
DNSSEC
Domain Name Security Extensions
Responses digitally signed
DoH
DNS over HTTPS
DoT
DNS over TLS
Send data over tcp/853
but encrypt with TLS/SSL
DNS - SOA record
Start of Authority
Describes DNS zone details
- name of zone (xyz.com)
- Serial Number
- Refresh, retry, and expiry timeframes
- Caching duration/TTL
DNS - CNAME
Canonical Name
Aliases for services that all point to the same server
- chat, mail, ftp, www
DNS - TXT
SPF
DKIM
DNS - SPF
Sender Policy Framework
Prevent spoofing
DNS - DIKM
Domain Keys Identified Mail
Digitally sign outgoing mail
DIKM record contains public key
DNS - PTR
Reverse of A and AAAA
NTS
Network Time Security
NTP but with authentication
uses cookie
PTP
Precision Time Protocol
Granularity to nanosecond
Hardware based
Hybrid Routing Protocol
Combines link-state and distance-vector routing strategies
- EIGRP
- BGP
- ZRP
IS-IS
Intermediate System to Intermediate System
Link-State Protocol
RIP
Routing Information Protocol
Distance Vector Protocol
RPC
Remote Procedure Call
Session Layer
manage comms sessions between devices
