Section 4: TCP/IP Model (w-Ports)

Question 1

TCP/IP Model

Answer 1

Alternative to OSI Model that offers network designers a more relevant model since it is based on TCP/IP.
(a.k.a. TCP/IP Stack or DoD Model.)

Question 2

TCP/IP Model Layer 1

Answer 2

Network Interface Layer:
Incorporates features of OSI Layers 1 (Physical) and 2 (Data Link)
Physical and Electrical Characteristics; How to transmit bits; How the interface uses the medium.

Question 3

TCP/IP Model Layer 2

Answer 3

Internet:
Similar to OSI Layer 3 (Network)
▪ Packages data into IP datagrams
- Contains source and destination IPs
- Forwards datagrams between hosts across the networks
▪ Routes IP datagrams across networks
▪ Connectivity occurs externally

Question 4

TCP/IP Model Layer 3

Answer 4

Transport: Similar to OSI Layer 4 (Transport)
▪ Provides communication session management between hosts
▪ Defines level of service and status of connection used for transport

Question 5

TCP/IP Model Layer 4

Answer 5

Application: Combined features of OSI Layers 5 (Session), 6 (Presentation), and 7 (Application)
▪ Defines TCP/IP application protocols
▪ Defines how programs interface with the transport layer service
▪ Layer with which the user interacts

Question 6

TCP/IP Model Layer 2 (Internet) - Examples

Answer 6

▪ IP - Internet Protocol
▪ ICMP - Internet Control Message Protocol (network devices use to communicate problems with data transmission - Number 1 use is reporting errors.)
▪ ARP - Address Resolution Protocol (IP address to MAC address)
▪ RARP - Reverse Address Resolution Protocol (MAC Address to IP address)

Question 7

TCP/IP Model Layer 3 (Transport) - Examples

Answer 7

▪ TCP - Transmission Control Protocol is a transport protocol that is used on top of IP to ensure reliable transmission of packets.
▪ UDP - User Datagram Protocol is a transport protocol that is used on top of IP but removes error-checking. (Low latency)
▪ RTP - Real-time Transport Protocol (RTP) for delivering audio and video over IP networks.

Question 8

TCP/IP Model Layer 4 (Application) - Examples

Answer 8

▪ HTTP, TELNET, FTP, SNMP, DNS, SMTP, SSL, TLS, …

Question 9

TCP/IP Model to OSI Model Map

Answer 9

Network Interface
1. Physical Layer
2. Data Link Layer
Internet
3. Network Layer
Transport
4. Transport Layer
Application
5. Session Layer
6. Presentation Layer
7. Application Layer

Question 10

ICMP

Answer 10

Internet Control Message Protocol - Network devices use to communicate problems with data transmission - Number one use is reporting errors.

Question 11

ARP

Answer 11

Address Resolution Protocol - IP address to MAC address. (Layer 2 - Data Link to Layer 3 - Network Layer)

Question 12

RARP

Answer 12

Reverse Address Resolution Protocol - MAC Address to IP address. (Layer 3 - Network to Layer 2 - Data Link)

Question 13

Port number range

Answer 13

0 - 65,535

Question 14

Reserved Ports (Well-known)

Answer 14

0 - 1023

Question 15

Ephemeral Ports (Dynamic)

Answer 15

1024 - 65,535

Question 16

Overhead of TCP

Answer 16

20 bytes

Question 17

Overhead of UDP

Answer 17

8 bytes

Question 18

FTP / Port(s)

Answer 18

File Transfer Protocol / Ports 20, 21
▪ Transfers files between a client and server
▪ Unsecure method
▪ Data transferred in the clear

Question 19

SSH / Port(s)

Answer 19

Secure Shell / Port 22
▪ Cryptographic network protocol for operating network services securely over an unsecured network
▪ Best known for remote login to computer systems by users

Question 20

SFTP / Port(s)

Answer 20

Secure Shell File Transfer Protocol / 22
▪ Provides file access, file transfer, and file management over any reliable data stream

Question 21

Telnet / Port(s)

Answer 21

Port 23
▪ Provides bidirectional interactive text-oriented communication using a virtual terminal connection
▪ Like SSH, but unsecure

Question 22

SMTP / Port(s)

Answer 22

Simple Mail Transfer Protocol / Port 25
▪ Internet standard for sending electronic mail

Question 23

DNS / Port(s)

Answer 23

Domain Name Service / 53
▪ Hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network
▪ Converts domain names to IP addresses

Question 24

DHCP / Port(s)

Answer 24

Dynamic Host Control Protocol / 67, 68
▪ DHCP server dynamically assigns an IP address and other network configuration parameters to a client
▪ Enables computers to request IP addresses and networking parameters automatically
▪ Reduces burden on network administrators

Question 25

TFTP / Port(s)

Answer 25

Trivial File Transfer Protocol / Port 69
▪ Transmits files in both directions of a client-server application
▪ Used for booting an operating system from a local area network file server
▪ Doesn’t provide user authentication or directory visibility
▪ A stripped-down version of FTP

Question 26

HTTP / Port(s)

Answer 26

Hyper Text Transfer Protocol / 80
▪ Designed for distributed, collaborative, and hypermedia presentation across many devices

Question 27

POP3 / Port(s)

Answer 27

Post Office Protocol v3 / Port 110
▪ Used by local e-mail clients to retrieve e-mail from a remote server over TCP/IP connection

Question 28

NTP / Port(s)

Answer 28

Network Time Protocol / Port 123
▪ Provides clock synchronization between computer systems over packet-switched, variable-latency data networks

Question 29

NetBIOS / Port(s)

Answer 29

Network Basic Input-Output System / Port139
▪ Services allowing applications on separate computers to communicate over a local area network for file and printer sharing

Question 30

IMAP / Port(s)

Answer 30

Internet Mail Application / Port 143
▪ Provides e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection.
▪ Allows the end user to view and manipulate the messages as if they’re stored locally

Question 31

SNMP / Port(s)

Answer 31

Lightweight Directory Access Protocol / Port 389
▪ Vendor-neutral, industry standard for accessing and maintaining distributed directory information services (usernames, passwords, email addresses, printer connections, and other static data within directories)
▪ Active Directory use this port

Question 32

LDAP / Port(s)

Answer 32

Lightweight Directory Access Protocol / Port 389

▪ Vendor-neutral, industry standard for accessing and maintaining distributed directory information services (usernames, passwords, email addresses, printer connections, and other static data within directories)
▪ Active Directory use this port

Question 33

HTTPS / Port(s)

Answer 33

Hypertext Transfer Protocol Secure / Port 443

▪ Adds security to the unsecure HTTP protocol

Question 34

SMB / Port(s)

Answer 34

Server Message Block / Port 445

▪ Shared access to files, printers, and miscellaneous communications between devices

Question 35

RDP / Port(s)

Answer 35

Remote Desktop Protocol / Port 3389

▪ Proprietary protocol developed by Microsoft
▪ Provides a graphical interface to connect to another computer over a network connection

Question 36

SIP / Port(s)

Answer 36

Session Initiation Protocol / Ports 5060, 5061

▪ For Internet telephony for voice and video calls, VOIP, and instant messaging

Question 37

SysLog / Port

Answer 37

System Logging Protocol Syslog / Port 514

▪ Used to send logging data back to a centralized server

Question 38

SMTP TLS / Port

Answer 38

Simple Mail Transfer Protocol Transport Layer Security / Port 587

▪ Secure and encrypted way to send emails

Question 39

IMAP over SSL / Port

Answer 39

Internet Message Access Protocol over SSL / Port 993

▪ Secure and encrypted way to receive emails

Question 40

POP3 over SSL / Port

Answer 40

Post Office Protocol Version 3 over SSL / Port 995

▪ Secure and encrypted way to receive emails

Question 41

SQL Server / Port

Answer 41

Structured Query Language Server Protocol / Port 1433

▪ Used for communication from a client to the database engine

Question 42

SQLNet / Port

Answer 42

SQLnet Protocol / Port 1521

▪ Used for communication from a client to an Oracle database

Question 43

MySQL / Port

Answer 43

MySQL / Port 3306

▪ Used for communication from a client to the MySQL database engine

Question 44

RDP / Port

Answer 44

Remote Desktop Protocol / Port 3389

▪ Developed by Microsoft, provides a graphical interface to connect to another computer
▪ User employs RDP client software for this purpose and the other computer must run RDP server software

Question 45

TCP

Answer 45

Transmission Control Protocol
▪ A transport protocol that operates at layer 4 of the OSI model
▪ Used on top of the Internet Protocol (IP) for the reliable packet transmission
▪ Operates by conducting a three-way handshake between a client and a server
▪ TCP is a connection-oriented method of communication

Question 46

UDP

Answer 46

User Datagram Protocol
▪ A lightweight data transport protocol that also works on top of IP
▪ Can detect if its packets are corrupted using a checksum, but there is no connection and no sequencing to the UDP segments
▪ Great for some applications, like streaming audio and video, but does NOT provide reliable delivery of the data

Question 47

ICMP

Answer 47

Internet Control Message Protocol

▪ A network level protocol that is used to communicate information about network connectivity issues back to the sender
▪ ICMP is used for troubleshooting, but also used by attackers to conduct ping scans and network mapping

Question 48

GRE

Answer 48

Generic Routing Encapsulation protocol

▪ A tunneling protocol developed by Cisco to encapsulate a wide variety of network layer protocols inside a virtual point-to-point or point-to-multipoint link over an Internet Protocol network
▪ Important to set a smaller maximum transmission unit or MTU size on the tunnel
▪Does not provide any encryption

Question 49

IPSec

Answer 49

Internet Protocol Security protocol

▪ Set of secure communication protocols at the network or packet processing layer used to protect data flows between peers

Question 50

LDAPS / Port(s)

Answer 50

Lightweight Directory Access Protocol Secure / Port 636

▪ LDAPS is the secure version of the LDAP protocol where the LDAP connection is encrypted during network transmission.