Protocols

Question 1

TCP and UDP

Answer 1

Transported inside of IP
– Encapsulated by the IP protocol
* Two ways to move data from place to place
– Different features for different applications
* OSI Layer 4
– The transport layer
* Multiplexing
– Use many different applications at the same time
– TCP and UDP

Question 2

TCP

Answer 2

Transmission Control Protocol
Connection-oriented network communication
* Connection-oriented
– A formal connection setup and close
* “Reliable” delivery
– Recovery from errors
– Can manage out-of-order messages or retransmissions
* Flow control
– The receiver can manage how much data is sent

Question 3

UDP

Answer 3

User Datagram Protocol
Connectionless network communication
* Connectionless
– No formal open or close to the connection
* “Unreliable” delivery
– No error recovery
– No reordering of data or retransmissions
* No flow control

Question 4

ICMP

Answer 4

Internet Control Message Protocol
– “Text messaging” for your network devices
* Another protocol carried by IP - Not used for data transfer
* Devices can request and reply to administrative requests
– Hey, are you there? / Yes, I’m right here.
* Devices can send messages when things don’t go well
– That network you’re trying to reach is not reachable from here
– Your time-to-live expired, just letting you know

Question 5

SNMP

Answer 5

Simple Network Management Protocol - udp/161 - Gathers statistics from network devices
* v1 – The original – Structured tables, in-the-clear
* v2 – A good step ahead – Data type enhancements, bulk transfers – Still in-the-clear
* v3 – The new standard – Message integrity, authentication, encryption

Question 6

ARP

Answer 6

Address Resolution Protocol - Resolves IP (logical) address to MAC (physical)

Question 7

DNS

Answer 7

Domain Name System - udp/53 - Converts names to IP addresses - Large transfers may use tcp/53

Question 8

DHCP

Answer 8

Dynamic Host Configuration Protocol - udp/67, udp/68
* Automated configuration of IP address, subnet mask and other options. Requires a DHCP server
* Dynamic / pooled
– IP addresses are assigned in real-time from a pool
– Each system is given a lease
– Must renew at set intervals
* Reserved
– Addresses are assigned by MAC address
– Quickly manage addresses from one location

Question 9

HTTP

Answer 9

Hypertext Transfer Protocol - tcp/80
– Communication in the browser
– And by other applications
* In the clear
– Supported by nearly all web servers and clients

Question 10

HTTPS

Answer 10

Hypertext Transfer Protocol - tcp/443
– Communication in the browser
– And by other applications
* encrypted (over TLS/SSL)
– Supported by nearly all web servers and clients

Question 11

LDAP

Answer 11

LDAP (Lightweight Directory Access Protocol) - tcp/389
– Store and retrieve information in a network directory

Question 12

LDAPS

Answer 12

(LDAP Secure) - tcp/636
– A non-standard implementation of LDAP over SSL
– Still in use today

Question 13

Syslog

Answer 13

udp/514
* Standard for message logging
– Diverse systems, consolidated log
* Usually a central log collector
– Integrated into the SIEM
* You’re going to need a lot of disk space
– Data storage from many devices over an extended timeframe

Question 14

NTP

Answer 14

Network Time Protocol - udp/123
* Switches, routers, firewalls, servers, workstations
– Every device has its own clock
* Synchronizing the clocks becomes critical
– Log files, authentication information, outage details
* Automatic updates
* Flexible - You control how clocks are updated
* Very accurate
– Accuracy is better than 1 millisecond

Question 15

IMAP4

Answer 15

Internet Message Access Protocol v4 - tcp/143
– Manage email inbox from multiple clients
* Receive emails from an email server
– Authenticate and transfer

Question 16

POP3

Answer 16

Post office Protocol version 3 - tcp/110
– Basic mail transfer functionality
* Receive emails from an email server
– Authenticate and transfer

Question 17

SMTP

Answer 17

Simple Mail Transfer Protocol tcp/25
– Server to server email transfer
* Also used to send mail from a device to a mail server
– Commonly configured on mobile devices and email clients
* Other protocols are used for clients to receive email
– IMAP, POP3

Question 18

TFTP

Answer 18

Trivial File Transfer Protocol – udp/69
– Very simple file transfer application
* Read files and write files
– No authentication - Not used on production systems

Question 19

FTP

Answer 19

File Transfer Protocol – tcp/20 (active mode data), tcp/21 (control)
– Transfers files between systems
– Authenticates with a username and password
– Full-featured functionality (list, add, delete, etc.)

Question 20

SFTP

Answer 20

Secure FTP - tcp/22
* Uses the SSH File Transfer Protocol
* Provides file system functionality
– Resuming interrupted transfers, directory listings, remote file removal

Question 21

SIP

Answer 21

Session Initiation Protocol - tcp/5060 and tcp/5061
* Voice over IP (VoIP) signaling
* Setup and manage VoIP sessions
– Call, ring, hang up
* Extend voice communication
– Video conferencing

Question 22

SMB

Answer 22

Server Message Block - tcp/445
* Protocol used by Microsoft Windows
– File sharing, printer sharing
– Also called CIFS (Common Internet File System)
* Direct over tcp/445 (NetBIOS-less)
* Direct SMB communication over TCP

Question 23

Telnet

Answer 23

Telnet – Telecommunication Network - tcp/23
Remote console login to network devices
* Login to devices remotely
* Console access
* In-the-clear communication
* Not the best choice for production systems

Question 24

SSH

Answer 24

Secure Shell - tcp/22
* Encrypted communication link
* Looks and acts the same as Telnet

Question 25

RDP

Answer 25

Remote Desktop Protocol - tcp/3389
* Share a desktop from a remote location
* Remote Desktop Services on many Windows versions
* Can connect to an entire desktop or just an application
* Clients for Windows, MacOS, Linux, iPhone, and others

Question 26

MySQL

Answer 26

MySQL free and open-source database - tcp/3306
Oracle’s open-source SQL services
– Ultimately acquired by Oracle

Question 27

MS-SQL

Answer 27

Microsoft SQL Server tcp/1433
– MS-SQL (Microsoft Structured Query Language)

Question 28

SQL *Net

Answer 28

Oracle SQL *Net tcp/1521
Oracle SQL services
– Also called Oracle Net or Net8

Question 29

TCP and UDP ports can be any number
between ____ and ____

Answer 29

0 and 65,535

Question 30

Non-ephemeral ports –permanent port numbers

Answer 30

Ports 0 through 1,023

Question 31

Ephemeral ports – temporary port numbers

Answer 31

Ports 1,024 through 65,535, Determined in real-time by the clients

Question 32

IPv4 socket is

Answer 32

Server IP address, protocol, server application port number
Client IP address, protocol, client port number