Ports & Protocols

Question 1

What is TCP?

Answer 1

Transport Control Protocol.

Question 2

Which protocol guarantees info delivery?

Answer 2

Transfer Control Protocol (TCP). UDP is “best effort”.

Question 3

What is UDP?

Answer 3

User Datagram Protocol (UDP)

Question 4

What is a benefit of UDP?

Answer 4

Faster than TCP (Transfer Control Protocol)

Question 5

What is Transfer Control Protocol really good for?

Answer 5

File transfer, email, and web page requests.

Question 6

What is UDP really good for?

Answer 6

Audio and streaming. Since there is no guarantee the connection was made you can loose data, but you gain speed. That’s acceptable with audio and stream (normally)

Question 7

What is meant by TCP being connection-orientated?

Answer 7

Transfer Control Protocol ensures that a connection is established between the sender and the receiver. It is reliable in that you know the message will be received.

Question 8

Why is UDP considered Connection-less orientated Protocol?

Answer 8

User Datagram Protocol will only promise to send the request to the target. It doesn’t ensure the target is ready to receive, or that it has been received. Fire and pray.

Question 9

How does every TCP (transfer control protocol) session start?

Answer 9

3-way handshake

Question 10

What is a 3-way handshake composed of, and what protocol uses it?

Answer 10

TCP uses it. It is 3 packets that go back and forth from the sender to the destination to establish connection. The packets have no payload.

Question 11

Describe the 3-way handshake process.

Answer 11

TCP sets up the connection by sending a SYN packet to the destination machine, the destination then sends back a SYN/ACK packet, and TCP then sends its ACK packet back.

Question 12

What else is being set up in the 3-way handshake besides connection?

Answer 12

Flow control. They are telling each other how fast they can send and receive data, and agreeing on an optimal choice.

Question 13

In TCP, what must occur before sending any data?

Answer 13

A connection via the 3-way handshake (also identify the flow control)

Question 14

Every time a data packet is sent in TCP what should occur?

Answer 14

The destination should send an acknowledgement. If not it will need to send again.

Question 15

Explain an “error” message in terms of TCP

Answer 15

During the 3-way handshake the destination did not acknowledge. The initiator send numerous attempts until its default limit was reached. Then provided the user with an error message.

Question 16

TCP sends packets, what does UDP send?

Answer 16

User Datagram Protocol sends datagrams.

Question 17

TCP and UDP both use ports. What is another name for ports?

Answer 17

service identifiers

Question 18

What are ports, or service identifiers?

Answer 18

Ways of breaking up channels so you can multiple different applications over them

Question 19

Ports, or service identifiers are specifically set up for what?

Answer 19

Each port, or group of ports is for a specific exchange. The computer is listening for messages that apply to the specific port, through that port. For example, Port 80 is reserved for HTTP traffic.

Question 20

Who decides what ports are reserved for specific traffic?

Answer 20

(IANA) Internet Assigned Numbers Authority

Question 21

How many ports are there in a computer?

Answer 21

0 - 65535 (so 65536)

Question 22

What ports are reserved for “well known” ports (ie. DNS or HTTPS)

Answer 22

0 - 1023

Question 23

What set of ports are registered, but at the moment unassigned by IANA

Answer 23

1024 - 49151

Question 24

What set of ports are unassigned and open for anyone to use? Also known as Dynamic.

Answer 24

49152 - 65535

Question 25

If a server is not listening to a certain port when a request is made what will happen

Answer 25

It will not respond

Question 26

If I am a developer that has made a new protocol, where would I go to get a port assigned to my protocol?

Answer 26

IANA (Internet Assigned Authority)

Question 27

What is the dynamic assigned SOURCE port that a client uses to send out a request to establish a connection called?

Answer 27

Ephemeral Port

Question 28

What is a source port?

Answer 28

This is the port that the client machine uses to send out the message hoping to establish a connection with a server.

Question 29

How are source ports (Ephemeral Ports) chosen?

Answer 29

They are randomly assigned from a cache of ports that the system uses. Ex: Windows uses a cache of 1025 - 5000. One of these would be assigned arbitrarily to the client machine.

Question 30

What is FTP?

Answer 30

File Transfer Protocol

Question 31

What ports do FTP run on?

Answer 31

TCP port 20 and 21.

Question 32

Why does FTP (File Transfer Protocol) use 2 TCP ports?

Answer 32

One port is used to send the command communications (log me in, authenticate me, upload this file, etc), and the other port is used for data transfers.

Question 33

What is a problem with FTP (file transfer protocol)?

Answer 33

It is insecure. It is an unencrypted protocol. A sniffer in the middle between A and B can see all the information being exchanged (this includes passwords, usernames, data, everything)

Question 34

What is TFTP?

Answer 34

Trivial File Transfer Protocol

Question 35

Is TFTP run on TCP ports or UDP ports?

Answer 35

UDP ports.

Question 36

Is FTP run on TCP or UDP ports?

Answer 36

TCP ports

Question 37

What port does Trivial File Transfer Protocol (TFTP) run on?

Answer 37

User Datagram Protocol (UDP) ports

Question 38

How does TFTP differ from FTP?

Answer 38

It is run on UDP ports. It transfers data to a remote machine with basically no commands and no authentication

Question 39

Using TFTP what is all you need to make your transfer?

Answer 39

Remote end and file name. This IP address, get this .doc

Question 40

What is ARP?

Answer 40

Address Request Protocol

Question 41

What layer is Address Request Protocol (ARP) located?

Answer 41

Data Link, Layer 2.

Question 42

How does Address Request Protocol work?

Answer 42

Requests MAC addresses for a given IP address. “I have a packet for 192.168.1.5, which computer is that, tell me, I am 192.168.1.1. (this is done on the same network, the package is already within the network, now its trying to get to is destination). The owner of the IP would then give the MAC address so the package can be delivered.

Question 43

What is a problem with ARP (Address Request Protocol)

Answer 43

No authentication. A spoof can be placed that just says its everything so now all traffic goes to it. (Man in the middle)

Question 44

What is DHCP?

Answer 44

Dynamic Host Control Protocol

Question 45

What does DCP (Dynamic Host Control Protocol)

Answer 45

Assign an IP to a machine at boot time.

Question 46

Why would a machine need to use a DHCP (Dynamic Host Control Protocol) server?

Answer 46

If you have not statically assigned, manually assigned, an IP address to your machine it can request one from a DHCP server every time it boots up.

Question 47

What is a DHCP machine, in terms of the network?

Answer 47

It is one server on the network that assigns dynamic IP addresses to machines that request one. (because they were not manually assigned an IP address)

Question 48

How does the DHCP server work? (Dynamic Host Control Protocol)

Answer 48

A machine asks for a DHCP server, it responds, the machine requests an IP address, the DHCP either gives it one from its pool or it can select one it has already identified as reserved for that machine’s MAC address.

Question 49

What is a MAC address

Answer 49

Media Access Control address. Unique identifier assigned to network interfaces for communications on the physical network segment.

Question 50

How do you assure that a computer using a DHCP server will get the same IP address everytime?

Answer 50

You would need to associate the machines MAC address with a specific IP address within the DHCP server. It will associate that MAC address with the correct IP. If not it will just assign a random IP from its pool of IP addresses

Question 51

How does BOOTP work?

Answer 51

When a client machine turned on it would get a address from BOOTP but it would also boot up from there as well. (earlier form of DHCP) there was no hard drive or media on the terminal.

Question 52

What is ICMP?

Answer 52

Internet Control Message Protocol

Question 53

What is Internet Control Message Protocol (ICMP) used for?

Answer 53

Management messages, not data payload. Most common is a “ping”. Basically checking to see if the devices on the network are awake and working. The requested machine would send an “echo” acknowledgment

Question 54

What is RTP? (VoIP Protocols)

Answer 54

Real-time Transport Protocol

Question 55

What does Real-time Transport Protocol do?

Answer 55

Defines type of packets used to move voice or data from a server to clients

Question 56

What is SIP (VoIP Protocols)?

Answer 56

Session Initiation Protocol and H.323

Question 57

What does Session Initiation Protocol and H.323 do?

Answer 57

Runs on top of Real-time Transport Protocol (RTP). It handles the initiation, setup, and delivery of VoIP sessions.

Question 58

What is RTSP (VoIP Protocols)?

Answer 58

Real-time Streaming Protocol

Question 59

What does Real-time Streaming Protocol (RTSP) do?

Answer 59

Runs on top of RTP.

Question 60

What is VoIP?

Answer 60

Voice over IP.

Question 61

What technology allows for specific phones to plug into the network and communicate using the normal computer network?

Answer 61

Voice over IP. (VoIP).

Question 62

What protocols allow for VoIP systems to run on the network?

Answer 62

Real-time Transport Protocol (RTP)
Session Initiation Protocol (and H.323) (SIP)
Real-time Streaming Protocol (RTSP)

Question 63

What is DNS?

Answer 63

Domain Name Service (U53)

*Runs over port 53.

Question 64

What does Domain Name Service (DNS) do?

Answer 64

Translates human friendly names to machine friendly addresses.

Question 65

What are some potential attacks is Domain Name Service (DNS) susceptible to?

Answer 65

Redirect, intercept, or deny services

Question 66

What are some CONS to Domain Name Service (DNS)

Answer 66

No integrity, confidentiality, or authentication.

Question 67

What is LDAP?

Answer 67

Lightweight Directory Access Protocol

*Runs on Port T389

Question 68

What is Lightweight Directory Access Protocol (LDAP) used for?

Answer 68

Used for lookups (queries) over a network.

*Looks up many things to include user authentication info.

Question 69

What is NetBOIS?

Answer 69

Network Basic Input Output System

*Ports U/T 135 - 139

Question 70

What is a common attack for NetBOIS?

Answer 70

Worm attacks

Question 71

What was the Predecessor for LDAP?

Answer 71

NetBOIS

Question 72

When talking about Ports U/T 135 - 139, what does the U and T stand for?

Answer 72

U= UTP, T = TCP. It means that the protocol that runs on ports 135 -139 run on both UTP and TCP ports.

Question 73

What is NTP? And What port(s) does it run on?

Answer 73

Network Time Protocol

*U123

Question 74

What is IGMP, and what port(s) does it run on?

Answer 74

Internet Group Management Protocol

* Not sure about the port :/

Question 75

What is SNMP, and what port does it run on?

Answer 75

Simple network management protocol

*port T/U 161

Question 76

What is IM?

Answer 76

Instant Messaging.

Question 77

Instant Messaging (IM) allows peer to peer communication. What are the “peers”?

Answer 77

Computers.

Question 78

In IM, one computer sends a message to another. Those computers use a brokered messenger server. What does that mean?

Answer 78

One computer doesn’t send a message directly to another, instead it sends it to a messenger server, which then sends it to the recipient.

Question 79

There are many IM programs that work in different ways, what does that mean in regards to what ports you would expect an IM protocol to located on?

Answer 79

There can be any number of ports used in this case. However, many run over port 80.

Question 80

What is IRC, and what port will you find it on?

Answer 80

Internet Relay Chat

* located on port 6667

Question 81

What is IRC an early form of?

Answer 81

Instant messaging, internet chatting.

*text only

Question 82

How can IRC be integrated on an attack?

Answer 82

A malicious user can implant a BOT on your computer, and then send control instructions to the computer using this Internet Relay Chat.

Question 83

What is NNTP, and what port will you find it?

Answer 83

Network News Transfer Protocol

* 119

Question 84

What is SMTP and what port will you find it?

Answer 84

Simple Mail Transfer Protocol

* T25

Question 85

What is POP, and what server will you find it?

Answer 85

Post Office Protocol

* T110

Question 86

What is IMAP, and what port will you find it?

Answer 86

Internet Message Access Protocol

* T143

Question 87

What protocol sends mail to a mail server?

Answer 87

Simple Mail Transfer Protocol (SMTP)

Question 88

What protocol(s) are used to retrieve the mail that was sent to the mail server using Simple Mail Transfer Protocol (SMTP).

Answer 88

Post Office Protocol (POP) and Internet Message Access Protocol (IMAP)

Question 89

What is TELNET? What port will you find it?

Answer 89

TCP/IP Terminal Emulation Protocol

*T23

Question 90

What is RLOGIN?

Answer 90

Remote Login

Question 91

What is RSH?

Answer 91

Remote Shell

Question 92

What is RCP?

Answer 92

Remote Copy.

Question 93

What is X11?

Answer 93

X Window System

Question 94

What did the TELNET and R suite of tools (RLOGIN, RSH, RCP) allow the user to do?

Answer 94

Remotely access another terminal without physically sitting at it.
*lacked security. No encryption or authentication.

Question 95

What does X11 allow the user to do?

Answer 95

Forward a display. Normally the computer would use the video cable to send a display to the computer’s monitor. X11 allows you to use your network to send a display to another terminal on the network.
*unencrypted, so all the movements could be monitored.

Question 96

When you use a insecure program like X11, what would you need to do to make it secure?

Answer 96

Run it through a Secure Shell.

Question 97

What is CIFS, and SMB?

Answer 97

Common Internet File System and Server Message Block. This is a file sharing protocol, a server hosts files that clients can download
* various authentication methods are used.

Question 98

What is NFS?

Answer 98

Network File System. This is another file sharing system.

* authentication is possible through Secure RPC (Remote

Question 99

Which file sharing systems are considered Windows based?

Answer 99

Common Internet File System (CIFS) and Server Message Block (SMB)

Question 100

Which file sharing system is UNIX LINIX Based?

Answer 100

Network File System (NFS)

Question 101

What is SNFS?

Answer 101

Secure Network File System

*Authenticates each request, which increases the overhead from NFS.

Question 102

Why wasn’t Secure Network File System (SNFS) widely adopted?

Answer 102

They used time synchronized servers, meaning if the times weren’t synced up the communication would not happen.

Question 103

What is SFTP?

Answer 103

Secure FTP

• part of the Secure Shell Suite
• You can do everything that was possible with FTP (File Transfer Protocol) but now its encrypted.

Question 104

What port does Secure FTP (SFTP) run off of?

Answer 104

TCP Port 22

*default port for secure shell suite

Question 105

What is HTTP, and what port would it be found?

Answer 105

Hypertext Transfer Protocol

• T80
• Standard web based communications
• Unencrypted

Question 106

What is HTTPS, and what port would it be found.

Answer 106

Hypertext Transfer Protocol over SSL or TLS

• T443
• SSL is Secure Socket Layer Connection
• Takes all the web based communications you would find in HTTP and puts a layer of encryption over it.

Question 107

What is S-HTTP

Answer 107

Secure Hypertext Transfer Protocol

*not the same as HTTPS

Question 108

What kind of security protocols can you implement on Layer 1?

Answer 108

Physical security (like placing a locked box over a cable outlet)(door locks). Choosing more protected cables.

Question 109

What kind of security protocols can you implement on Layer 2.

Answer 109

PPTP, Layer 2 Forwarding, Layer 2 Tunneling Protocol, wireless network security, MPLS.
*you can protect layer 2 traffic using tunneling protocols

Question 110

What kind of security protocols can you implement on Layer 3?

Answer 110

GRE (Generic Routing Encapsulation), IPSec (IP Security)

Question 111

What kind of security protocols can you implement on Layer 4?

Answer 111

SSL (Secure Socket Layer), TLS (Transport Layer Security), WTLS ( Wireless Transport Layer Security), SSH (Secure Shell Protocol), SOCKS (Socket Secure).
*This is where TCP is. So when we set up the 3way handshake we can add more handshakes that set up the encryption.

Question 112

What kind of security protocol can you implement on Layer 5+?

Answer 112

This is the application layer. You can have add on’s to the application itself. S-RPC, DNSSEC, S-HTTP

Question 113

In regards to Layer 2 security what is PPTP?

Answer 113

Point to point tunneling protocol.

• I’m going to encapsulate more headers on my layer 2 frame, and the encapsulated headers are going to handle encryption between point A to point B.
• “tunnel” this layer 2 traffic in more encryption

Question 114

What is L2F?

Answer 114

Layer 2 Forwarding

• Not IP dependent
• Relies on PPP for authentication (tunnels PPP traffic)
• Used for VPNs
• No encryption by itself.

Question 115

What is IPSec?

Answer 115

Internet protocol security
* Encapsulates at Layer 3 ( Network Layer)
* Mutual node authentication
* Can authenticate users but requires L2TP
* Crypto implementation agnostic
* Client to client, or node to node.
* Mandatory for IPv6 implementation
Does not work with NAT (unless NAT-Transversal is used)

Question 116

What is GRE?

Answer 116

Generic Route Encapsulation

• Encapsulates Layer 3 (Network Layer) packets in IP tunnel
• Used to secure VPNs
• Creates a virtual point to point link with destination
• Supports multicast protocols (IPSec doesn’t)

Question 117

What is SOCKS?

Answer 117

Socket Security

• Allows internal clients to access external resources
• Allows external access to internal clients
• Provides authentication and encryption
• A type of proxy server that gets in the way between Point A and Point B and requires me to authenticate before I can get to the end resource (Point B)
• When one person in the office has access to a certain website, but nobody else does, this allows that user to access that point after authentication.

Question 118

What is SSH

Answer 118

Secure Shell

• Creates tunnels that other applications can use
• Provides server and client authentication and encryption

Question 119

What is SSL and TLS?

Answer 119

Secure Socket Layer and Transport Layer Security

• Encrypts client-server communication
• Used by protocols (e.g HTTPS) for security
• Server authentication to client mandatory
• Client authentication to server optional

Question 120

What does a SSL(Secure Socket Layer) and TLS (Transport Layer Security) handshake include?

Answer 120

• Encryption negotiation
• Identification of server and/or client
• Key exchange

Question 121

What is S-RPC

Answer 121

Secure Remote Procedure Call

• Based on DES (Data Encryption Standard) encryption algorithm
• Uses public key scheme for encryption
• Laying encryption on top of RPC which is just one computer giving instruction to another.

Question 122

What is DNSSEC?

Answer 122

Domain Name System Security

• Provides authentication and integrity of DNS (Domain Name System) answers
• Designed to protect against cache poisoning
• Uses public key schemes, but does not do encryption