TCP/IP Model (1.1, 1.5, & 5.3)

Question 1

TCP/IP Model

Answer 1

o TCP/IP Model
▪ Also known as TCP/IP stack or the DoD Model
▪ Alternative to the OSI Model
▪ More relevant model for network designers since it’s based on TCP/IP
▪ Only a 4-layer model

Question 2

OSI Model to TCP/IP Model

Answer 2

Question 3

Network Interface (Layer 1) (Physical and Electrical characteristics / bits / coax, optic, twisted-pair)

Answer 3

▪ Physical and electrical characteristics
▪ Describes how to transmit bits across the network (1’s and 0’s)
▪ Determines how interface uses network medium
▪ Coaxial, Optical fiber, or Twisted-pair copper cabling
▪ Examples:
● Ethernet, Token Ring, FDDI, RS-232

Question 4

Internet (Layer 2) (data into IP datagrams -> routes across networks > external connection)

Answer 4

▪ Packages data into IP datagrams
● Contains source and destination IPs
● Forwards datagrams between hosts across the networks
▪ Routes IP datagrams across networks
▪ Connectivity occurs externally
▪ Examples:
● IP, ICMP, ARP, RARP

Question 5

Transport (Layer 3) (Communication session management / TCP / UDP / RTP)

Answer 5

▪ Provides communication session management between hosts
▪ Defines level of service and status of connection used for transport
▪ Examples:
● TCP
● UDP
● RTP

Question 6

Application (Layer 4)

Answer 6

▪ Defines TCP/IP application protocols
▪ Defines how programs interface with the transport layer service
▪ Layer with which the user interacts
▪ Examples:
● HTTP, TELNET, FTP, SNMP, DNS, SMTP, SSL, TLS, …

Question 7

Data Transfer Over Networks (0 - 65,535 / 0 - 1023 / Ephem = 1024 - 65,535)

(Ports)

Answer 7

o Ports
▪ Port numbers can be 0 to 65,535
▪ “Well-known” & Reserved Ports
● Ports 0 to 1023
▪ Ephemeral Ports
● Short-lived transport port that is automatically selected from a predefined range
● Ports 1024 to 65,535

Question 8

Data Transfer

Answer 8

Question 9

IPv4 Packets

Question 10

Overhead of TCP and UDP

Answer 10

Question 11

Ports and Protocols

Answer 11

o File Transfer Protocol FTP (Port 20, 21)

o Secure Shell SSH (Port 22)

o SSH File Transfer Protocol SFTP (Port 22)

o Telnet (Port 23)

o Simple Mail Transfer Protocol SMTP (Port 25)

o Domain Name Service DNS (Port 53)

o Dynamic Host Control DHCP (Port 67, 68)

o Trivial File Transfer TFTP (Port 69)

o Hyper Text Transfer HTTP (Port 80)

o Post Office Protocol v3 POP3 (Port 110)

o Network Time Protocol NTP (Port 123)

o NetBIOS (Port 139)

o Internet Mail Application IMAP (Port 143)

o Simple Network Management SNMP (Port 161)

o Lightweight Directory Access LDAP (Port 389)

o HTTP Secure HTTPS (Port 443)

o Server Message Block SMB (Port 445)

o System Logging Protocol Syslog (Port 514)

o Simple Mail Transfer Protocol Transport Layer Security SMTP TLS (Port 587)

o LDAP Secure LDAPS (Port 636)

o Internet Message Access Protocol over SSL IMAP over SSL (Port 993)

o Post Office Protocol Version 3 over SSL POP3 over SSL (Port 995)

o Structured Query Language Server Protocol SQL (Port 1433)

o SQLnet Protocol (Port 1521)

o MySQL (Port 3306)

o Remote Desktop Protocol RDP (Port 3389)

o Session Initiation Protocol SIP (Port 5060, 5061)

Question 12

Ports to Remember

Answer 12

Question 13

File Transfer Protocol FTP (Port 20, 21) (Transfers files / unsecure)

Answer 13

▪ Transfers computer files between a client and server on a computer network
▪ Unsecure method
▪ Data transferred in the clear

Question 14

Secure Shell SSH (Port 22) (Network services securely over unsecured network / remote login by users)

Answer 14

▪ Cryptographic network protocol for operating network services securely over an unsecured network
▪ Best known for remote login to computer systems by users

Question 15

SSH File Transfer Protocol SFTP (Port 22) (file transfer/management/access over reliable data steram)

Answer 15

▪ Provides file access, file transfer, and file management over any reliable data stream

Question 16

Telnet (Port 23) (bidirectional text-oriented communication via virtual terminal / like ssh but insecure)

Answer 16

▪ Provides bidirectional interactive text-oriented communication facility using a virtual terminal connection
▪ Like SSH, but insecure

Question 17

Simple Mail Transfer Protocol SMTP (Port 25) (sending electronic mail)

Answer 17

▪ Internet standard for sending electronic mail
▪ RFC 821 was defined originally in 1982
▪ RFC 5321 developed in 2008 (current version)

Question 18

Domain Name Service DNS (Port 53) (naming system / domain names into IP addresses)

Answer 18

▪ Hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network
▪ Converts domain names to IP addresses

Question 19

Dynamic Host Control DHCP (Port 67, 68) (dynamically assigns IP address / able to request IP / easier on net admins)

Answer 19

▪ DHCP server dynamically assigns an IP address and other network configuration parameters to a client
▪ Enables computers to request IP addresses and networking parameters automatically?
▪ Reduces burden on network administrators

Question 20

Trivial File Transfer TFTP (Port 69) (Transmits files / used for booting OS from LAN server / no user authentication / stripped-down va. of FTP )

Answer 20

▪ Transmits files in both directions of a client-server application
▪ Used for booting an operating system from a local area network file server
▪ Doesn’t provide user authentication or directory visibility
▪ Essentially a stripped-down version of FTP

Question 21

Hyper Text Transfer HTTP (Port 80) (data communication for WWW. / collaborative and hypermedia )

Answer 21

▪ Foundation of data communication for WWW
▪ Designed for distributed, collaborative, and hypermedia presentation across many devices

Question 22

Post Office Protocol v3 POP3 (Port 110) (local email)

Answer 22

▪ Used by local e-mail

Question 23

Network Time Protocol NTP (Port 123) (clock synchronization / created in 1985)

Answer 23

▪ Provides clock synchronization between computer systems over packet-switched, variable-latency data networks
▪ Created in 1985, one of the oldest Internet protocols in current use

Question 24

NetBIOS (Port 139) (file and printer sharing / Netbasic input/output system)

Answer 24

▪ Network Basic Input/Output System
▪ Provides services allowing applications on separate computers to communicate over a local area network for file and printer sharing

Question 25

Internet Mail Application IMAP (Port 143) (accessing your email board from a mail server or service)

Answer 25

▪ Provides e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection
▪ Allows the end user to view and manipulate the messages as if they’re stored locally

Question 26

Simple Network Management SNMP (Port 161) (collecting and organizing information about managed devices / can modify information as well)

Answer 26

▪ Provides collection and organization of information about managed devices on IP networks
▪ Can modify that information to change device behavior, commonly used in network devices

Question 27

Lightweight Directory Access LDAP (Port 389) (Communicates with Active Directory / used to store data, authentication and policy of an organization)

Answer 27

▪ Open, vendor-neutral, industry standard for accessing and maintaining distributed directory information services
▪ LDAP and Active Directory use this port

Question 28

HTTP Secure HTTPS (Port 443) (ecommerce of WWW / adds security to the insecure HTTP protocol)

Answer 28

▪ Foundation of ecommerce on WWW
▪ Designed for adding security to the insecure HTTP protocol

Question 29

Server Message Block SMB (Port 445) (provides access to files, printers, and miscellaneous communications between devices)

Answer 29

▪ Provides shared access to files, printers, and miscellaneous communications between devices on a network

Question 30

System Logging Protocol Syslog (Port 514) (sends log data to centralized sever)

Answer 30

▪ Used to send logging data back to a centralized server

Question 31

Simple Mail Transfer Protocol Transport Layer Security SMTP TLS (Port 587) (secure/encrypted way to send emails)

Answer 31

▪ Secure and encrypted way to send emails

Question 32

LDAP Secure LDAPS (Port 636)

Answer 32

▪ Open, vendor-neutral, industry standard for accessing and maintaining distributed directory information services
Provides secure directory services

Question 33

Internet Message Access Protocol over SSL IMAP over SSL (Port 993) (secure/encrypted way of receiving emails)

Answer 33

▪ Secure and encrypted way to receive emails

Question 34

Post Office Protocol Version 3 over SSL POP3 over SSL (Port 995)

Answer 34

▪ Secure and encrypted way to receive emails

Question 35

Structured Query Language Server Protocol SQL (Port 1433)

Answer 35

▪ Used for communication from a client to the database engine

Question 36

SQLnet Protocol (Port 1521)

Answer 36

▪ Used for communication from a client to an Oracle database

Question 37

MySQL (Port 3306)

Answer 37

▪ Used for communication from a client to the MySQL database engine

Question 38

Remote Desktop Protocol RDP (Port 3389) (connect to another computer via network connection )

Answer 38

▪ Proprietary protocol developed by Microsoft
▪ Provides a user with a graphical interface to connect to another computer over a network connection
▪ User employs RDP client software for this purpose and the other computer must run RDP server software

Question 39

Session Initiation Protocol SIP (Port 5060, 5061) (used for internet voice/video calls, VOIP and messaging)

Answer 39

▪ Provides signaling and controlling multimedia communication sessions in applications
▪ Used for Internet telephony for voice and video calls, VOIP, and instant messaging

Question 40

Ports to Remember

Answer 40

Question 41

IP Protocol Types

Answer 41

o Transmission Control Protocol (TCP)

o User Datagram Protocol (UDP)

o Internet Control Message Protocol (ICMP)

o Generic Routing Encapsulation protocol (GRE)

o Internet Protocol Security protocol (IPsec)

Question 42

Transmission Control Protocol (TCP)

Answer 42

▪ A transport protocol that operates at layer 4 of the OSI model
▪ Used on top of the Internet Protocol for the reliable packet transmission
▪ Operates by conducting a three-way handshake between a client and a server, and then establishing the connection
▪ TCP is considered a connection-oriented method of communication

Question 43

User Datagram Protocol (UDP)

Answer 43

▪ A lightweight data transport protocol that also works on top of IP
▪ Can detect if its packets are corrupted when they are received by a client using a checksum, but there is no connection and no sequencing to the UDP segments
▪ Great for some applications, like streaming audio and video, but it definitely does NOT provide reliable delivery of the data

Question 44

Internet Control Message Protocol (ICMP)

Answer 44

▪ A network level protocol that is used to communicate information about network connectivity issues back to the sender
▪ ICMP is used a lot by network technicians during troubleshooting, but it is also used by attackers to conduct ping scans and network mapping

Question 45

Generic Routing Encapsulation protocol (GRE)

Answer 45

▪ A tunneling protocol that was developed by Cisco to encapsulate a wide variety of network layer protocols inside a virtual point-to-point or point-to-multipoint link over an Internet Protocol network
▪ Important to set a smaller maximum transmission unit or MTU size on the tunnel
▪ It does not provide any encryption

Question 46

Internet Protocol Security protocol (IPsec)

Answer 46

▪ Set of secure communication protocols at the network or packet processing layer that is used to protect data flows between peers

● Authentication Header (AH)
o A protocol within IPSec that provides integrity and authentication
● Encapsulating security payload (ESP)
o Provides encryption and integrity for the data packets sent over IPsec
o Backwards-compatible with most IP routers including those that were not designed to work with IPsec initially