Protocols Flashcards
TCP and UDP
Transported inside of IP
– Encapsulated by the IP protocol
* Two ways to move data from place to place
– Different features for different applications
* OSI Layer 4
– The transport layer
* Multiplexing
– Use many different applications at the same time
– TCP and UDP
TCP
Transmission Control Protocol
Connection-oriented network communication
* Connection-oriented
– A formal connection setup and close
* “Reliable” delivery
– Recovery from errors
– Can manage out-of-order messages or retransmissions
* Flow control
– The receiver can manage how much data is sent
UDP
User Datagram Protocol
Connectionless network communication
* Connectionless
– No formal open or close to the connection
* “Unreliable” delivery
– No error recovery
– No reordering of data or retransmissions
* No flow control
ICMP
Internet Control Message Protocol
– “Text messaging” for your network devices
* Another protocol carried by IP - Not used for data transfer
* Devices can request and reply to administrative requests
– Hey, are you there? / Yes, I’m right here.
* Devices can send messages when things don’t go well
– That network you’re trying to reach is not reachable from here
– Your time-to-live expired, just letting you know
SNMP
Simple Network Management Protocol - udp/161 - Gathers statistics from network devices
* v1 – The original – Structured tables, in-the-clear
* v2 – A good step ahead – Data type enhancements, bulk transfers – Still in-the-clear
* v3 – The new standard – Message integrity, authentication, encryption
ARP
Address Resolution Protocol - Resolves IP (logical) address to MAC (physical)
DNS
Domain Name System - udp/53 - Converts names to IP addresses - Large transfers may use tcp/53
DHCP
Dynamic Host Configuration Protocol - udp/67, udp/68
* Automated configuration of IP address, subnet mask and other options. Requires a DHCP server
* Dynamic / pooled
– IP addresses are assigned in real-time from a pool
– Each system is given a lease
– Must renew at set intervals
* Reserved
– Addresses are assigned by MAC address
– Quickly manage addresses from one location
HTTP
Hypertext Transfer Protocol - tcp/80
– Communication in the browser
– And by other applications
* In the clear
– Supported by nearly all web servers and clients
HTTPS
Hypertext Transfer Protocol - tcp/443
– Communication in the browser
– And by other applications
* encrypted (over TLS/SSL)
– Supported by nearly all web servers and clients
LDAP
LDAP (Lightweight Directory Access Protocol) - tcp/389
– Store and retrieve information in a network directory
LDAPS
(LDAP Secure) - tcp/636
– A non-standard implementation of LDAP over SSL
– Still in use today
Syslog
udp/514
* Standard for message logging
– Diverse systems, consolidated log
* Usually a central log collector
– Integrated into the SIEM
* You’re going to need a lot of disk space
– Data storage from many devices over an extended timeframe
NTP
Network Time Protocol - udp/123
* Switches, routers, firewalls, servers, workstations
– Every device has its own clock
* Synchronizing the clocks becomes critical
– Log files, authentication information, outage details
* Automatic updates
* Flexible - You control how clocks are updated
* Very accurate
– Accuracy is better than 1 millisecond
IMAP4
Internet Message Access Protocol v4 - tcp/143
– Manage email inbox from multiple clients
* Receive emails from an email server
– Authenticate and transfer
POP3
Post office Protocol version 3 - tcp/110
– Basic mail transfer functionality
* Receive emails from an email server
– Authenticate and transfer
SMTP
Simple Mail Transfer Protocol tcp/25
– Server to server email transfer
* Also used to send mail from a device to a mail server
– Commonly configured on mobile devices and email clients
* Other protocols are used for clients to receive email
– IMAP, POP3
TFTP
Trivial File Transfer Protocol – udp/69
– Very simple file transfer application
* Read files and write files
– No authentication - Not used on production systems
FTP
File Transfer Protocol – tcp/20 (active mode data), tcp/21 (control)
– Transfers files between systems
– Authenticates with a username and password
– Full-featured functionality (list, add, delete, etc.)
SFTP
Secure FTP - tcp/22
* Uses the SSH File Transfer Protocol
* Provides file system functionality
– Resuming interrupted transfers, directory listings, remote file removal
SIP
Session Initiation Protocol - tcp/5060 and tcp/5061
* Voice over IP (VoIP) signaling
* Setup and manage VoIP sessions
– Call, ring, hang up
* Extend voice communication
– Video conferencing
SMB
Server Message Block - tcp/445
* Protocol used by Microsoft Windows
– File sharing, printer sharing
– Also called CIFS (Common Internet File System)
* Direct over tcp/445 (NetBIOS-less)
* Direct SMB communication over TCP
Telnet
Telnet – Telecommunication Network - tcp/23
Remote console login to network devices
* Login to devices remotely
* Console access
* In-the-clear communication
* Not the best choice for production systems
SSH
Secure Shell - tcp/22
* Encrypted communication link
* Looks and acts the same as Telnet
RDP
Remote Desktop Protocol - tcp/3389
* Share a desktop from a remote location
* Remote Desktop Services on many Windows versions
* Can connect to an entire desktop or just an application
* Clients for Windows, MacOS, Linux, iPhone, and others
MySQL
MySQL free and open-source database - tcp/3306
Oracle’s open-source SQL services
– Ultimately acquired by Oracle
MS-SQL
Microsoft SQL Server tcp/1433
– MS-SQL (Microsoft Structured Query Language)
SQL *Net
Oracle SQL *Net tcp/1521
Oracle SQL services
– Also called Oracle Net or Net8
TCP and UDP ports can be any number
between ____ and ____
0 and 65,535
Non-ephemeral ports –permanent port numbers
Ports 0 through 1,023
Ephemeral ports – temporary port numbers
Ports 1,024 through 65,535, Determined in real-time by the clients
IPv4 socket is
Server IP address, protocol, server application port number
Client IP address, protocol, client port number
