Section 4: TCP/IP Model (w-Ports) Flashcards
TCP/IP Model
Alternative to OSI Model that offers network designers a more relevant model since it is based on TCP/IP.
(a.k.a. TCP/IP Stack or DoD Model.)
TCP/IP Model Layer 1
Network Interface Layer:
Incorporates features of OSI Layers 1 (Physical) and 2 (Data Link)
Physical and Electrical Characteristics; How to transmit bits; How the interface uses the medium.
TCP/IP Model Layer 2
Internet:
Similar to OSI Layer 3 (Network)
▪ Packages data into IP datagrams
- Contains source and destination IPs
- Forwards datagrams between hosts across the networks
▪ Routes IP datagrams across networks
▪ Connectivity occurs externally
TCP/IP Model Layer 3
Transport: Similar to OSI Layer 4 (Transport)
▪ Provides communication session management between hosts
▪ Defines level of service and status of connection used for transport
TCP/IP Model Layer 4
Application: Combined features of OSI Layers 5 (Session), 6 (Presentation), and 7 (Application)
▪ Defines TCP/IP application protocols
▪ Defines how programs interface with the transport layer service
▪ Layer with which the user interacts
TCP/IP Model Layer 2 (Internet) - Examples
▪ IP - Internet Protocol
▪ ICMP - Internet Control Message Protocol (network devices use to communicate problems with data transmission - Number 1 use is reporting errors.)
▪ ARP - Address Resolution Protocol (IP address to MAC address)
▪ RARP - Reverse Address Resolution Protocol (MAC Address to IP address)
TCP/IP Model Layer 3 (Transport) - Examples
▪ TCP - Transmission Control Protocol is a transport protocol that is used on top of IP to ensure reliable transmission of packets.
▪ UDP - User Datagram Protocol is a transport protocol that is used on top of IP but removes error-checking. (Low latency)
▪ RTP - Real-time Transport Protocol (RTP) for delivering audio and video over IP networks.
TCP/IP Model Layer 4 (Application) - Examples
▪ HTTP, TELNET, FTP, SNMP, DNS, SMTP, SSL, TLS, …
TCP/IP Model to OSI Model Map
Network Interface
1. Physical Layer
2. Data Link Layer
Internet
3. Network Layer
Transport
4. Transport Layer
Application
5. Session Layer
6. Presentation Layer
7. Application Layer
ICMP
Internet Control Message Protocol - Network devices use to communicate problems with data transmission - Number one use is reporting errors.
ARP
Address Resolution Protocol - IP address to MAC address. (Layer 2 - Data Link to Layer 3 - Network Layer)
RARP
Reverse Address Resolution Protocol - MAC Address to IP address. (Layer 3 - Network to Layer 2 - Data Link)
Port number range
0 - 65,535
Reserved Ports (Well-known)
0 - 1023
Ephemeral Ports (Dynamic)
1024 - 65,535
Overhead of TCP
20 bytes
Overhead of UDP
8 bytes
FTP / Port(s)
File Transfer Protocol / Ports 20, 21
▪ Transfers files between a client and server
▪ Unsecure method
▪ Data transferred in the clear
SSH / Port(s)
Secure Shell / Port 22
▪ Cryptographic network protocol for operating network services securely over an unsecured network
▪ Best known for remote login to computer systems by users
SFTP / Port(s)
Secure Shell File Transfer Protocol / 22
▪ Provides file access, file transfer, and file management over any reliable data stream
Telnet / Port(s)
Port 23
▪ Provides bidirectional interactive text-oriented communication using a virtual terminal connection
▪ Like SSH, but unsecure
SMTP / Port(s)
Simple Mail Transfer Protocol / Port 25
▪ Internet standard for sending electronic mail
DNS / Port(s)
Domain Name Service / 53
▪ Hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network
▪ Converts domain names to IP addresses
DHCP / Port(s)
Dynamic Host Control Protocol / 67, 68
▪ DHCP server dynamically assigns an IP address and other network configuration parameters to a client
▪ Enables computers to request IP addresses and networking parameters automatically
▪ Reduces burden on network administrators
TFTP / Port(s)
Trivial File Transfer Protocol / Port 69
▪ Transmits files in both directions of a client-server application
▪ Used for booting an operating system from a local area network file server
▪ Doesn’t provide user authentication or directory visibility
▪ A stripped-down version of FTP
HTTP / Port(s)
Hyper Text Transfer Protocol / 80
▪ Designed for distributed, collaborative, and hypermedia presentation across many devices
POP3 / Port(s)
Post Office Protocol v3 / Port 110
▪ Used by local e-mail clients to retrieve e-mail from a remote server over TCP/IP connection
NTP / Port(s)
Network Time Protocol / Port 123
▪ Provides clock synchronization between computer systems over packet-switched, variable-latency data networks
NetBIOS / Port(s)
Network Basic Input-Output System / Port139
▪ Services allowing applications on separate computers to communicate over a local area network for file and printer sharing
IMAP / Port(s)
Internet Mail Application / Port 143
▪ Provides e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection.
▪ Allows the end user to view and manipulate the messages as if they’re stored locally
SNMP / Port(s)
Lightweight Directory Access Protocol / Port 389
▪ Vendor-neutral, industry standard for accessing and maintaining distributed directory information services (usernames, passwords, email addresses, printer connections, and other static data within directories)
▪ Active Directory use this port
LDAP / Port(s)
Lightweight Directory Access Protocol / Port 389
▪ Vendor-neutral, industry standard for accessing and maintaining distributed directory information services (usernames, passwords, email addresses, printer connections, and other static data within directories)
▪ Active Directory use this port
HTTPS / Port(s)
Hypertext Transfer Protocol Secure / Port 443
▪ Adds security to the unsecure HTTP protocol
SMB / Port(s)
Server Message Block / Port 445
▪ Shared access to files, printers, and miscellaneous communications between devices
RDP / Port(s)
Remote Desktop Protocol / Port 3389
▪ Proprietary protocol developed by Microsoft
▪ Provides a graphical interface to connect to another computer over a network connection
SIP / Port(s)
Session Initiation Protocol / Ports 5060, 5061
▪ For Internet telephony for voice and video calls, VOIP, and instant messaging
SysLog / Port
System Logging Protocol Syslog / Port 514
▪ Used to send logging data back to a centralized server
SMTP TLS / Port
Simple Mail Transfer Protocol Transport Layer Security / Port 587
▪ Secure and encrypted way to send emails
IMAP over SSL / Port
Internet Message Access Protocol over SSL / Port 993
▪ Secure and encrypted way to receive emails
POP3 over SSL / Port
Post Office Protocol Version 3 over SSL / Port 995
▪ Secure and encrypted way to receive emails
SQL Server / Port
Structured Query Language Server Protocol / Port 1433
▪ Used for communication from a client to the database engine
SQLNet / Port
SQLnet Protocol / Port 1521
▪ Used for communication from a client to an Oracle database
MySQL / Port
MySQL / Port 3306
▪ Used for communication from a client to the MySQL database engine
RDP / Port
Remote Desktop Protocol / Port 3389
▪ Developed by Microsoft, provides a graphical interface to connect to another computer
▪ User employs RDP client software for this purpose and the other computer must run RDP server software
TCP
Transmission Control Protocol
▪ A transport protocol that operates at layer 4 of the OSI model
▪ Used on top of the Internet Protocol (IP) for the reliable packet transmission
▪ Operates by conducting a three-way handshake between a client and a server
▪ TCP is a connection-oriented method of communication
UDP
User Datagram Protocol
▪ A lightweight data transport protocol that also works on top of IP
▪ Can detect if its packets are corrupted using a checksum, but there is no connection and no sequencing to the UDP segments
▪ Great for some applications, like streaming audio and video, but does NOT provide reliable delivery of the data
ICMP
Internet Control Message Protocol
▪ A network level protocol that is used to communicate information about network connectivity issues back to the sender
▪ ICMP is used for troubleshooting, but also used by attackers to conduct ping scans and network mapping
GRE
Generic Routing Encapsulation protocol
▪ A tunneling protocol developed by Cisco to encapsulate a wide variety of network layer protocols inside a virtual point-to-point or point-to-multipoint link over an Internet Protocol network
▪ Important to set a smaller maximum transmission unit or MTU size on the tunnel
▪Does not provide any encryption
IPSec
Internet Protocol Security protocol
▪ Set of secure communication protocols at the network or packet processing layer used to protect data flows between peers
LDAPS / Port(s)
Lightweight Directory Access Protocol Secure / Port 636
▪ LDAPS is the secure version of the LDAP protocol where the LDAP connection is encrypted during network transmission.
