TCP/UDP

Question 1

TCP

Answer 1

Transmission Control Protocol

Used by the transport layer to establish a connection, before communication can occur

Question 2

TCP three way handshake

Answer 2

1. SYN

Once the client has the server’s ip address, the client sends a syn message (Synchronised message)to server

2. SYN-ACK

Once the server receives the syn message it responds with a SYN-ACK message, letting the client know that it has recieved and acknoledges the client’s syn essage

3. ACK

Once the client recieves the server’s SYN-ACK message, it responds with an ACK message to acknowledge receiving the SYN-ACK. The session or connection becomes established as soon as the server receives the ACK message from the client.

Once the session has been established, information can be sent using other protocols like HTTP

Question 3

TCP 4 way disconect

Answer 3

1. FIN

server sends client FIN message to let it know that it is finished

2. FIN-ACK

The client acknowledges receiving the FIN message by sending a FIN-ACK message

3. FIN

The client will follow that message with another FIN message to let the server know that it is finished

4. The server then responds with a FIN-ACK message, acknowledging receipt of the clients FIN message, after which the connection is close, and the client may no longer send any requests

Question 4

TCP RESET

Answer 4

A quick way of disconnecting or closing a connection by sending an RST message

RST messages can also be sent by a firewall that sits in-between the client and the server

Question 5

UDP

Answer 5

User Datagram Protocol

Transport Layer protocol that is used for sending data

Unlike TCP, UDP does not establish a connection before making request, instead it simply sends a request for data and the server complies by sending data if it exists

With UDP there are no:

1. 3 way handshakes
2. reliable communication
3. sequence numbers
4. acknowledge numbers

Question 6

when is UDP more useful than tcp?

Answer 6

When sending small amounts of data

example:

DNS protocol - sending messages to a DNS server asking from the ip address associated with a domain name

Question 7

Transport layer addressing

Answer 7

Port numbers:

• 0 - 65
• 535

TCP headers always include source (ephemeral) and destination port (Well Known) numbers

2 types of port numbers:

1. Server Port Numbers
   - well known / registered
   - Port Numbers
2. Client Port Numbers
   - Ephemeral Port Numbers

Question 8

Range of Well Known Port Numbers

Answer 8

0 - 1023

HTTP: 80
HTTPs: 443
FTP: 20,21
SSH: 22
Telnet: 23

Question 9

Range of Registered Port Numbers

Answer 9

1024 - 49151

Custom Applications (official/ unofficial)

H.323
SIP
Radius

Question 10

Range of Ephemeral Port Numbers

Answer 10

49152 - 65535

Question 11

Protocol dependencies

Answer 11

Layer 7 protocols all have layer 4 port numbers assigned to them

the port numbers are assigned to a layer 4 protocol either TCP or UDP

All of the above uses the IP protocol at the network layer

Question 12

TCP Protocol dependencies

Answer 12

Layer 7

HTTP: 80
HTTPs: 443
FTP: 20,21
SFTP: 22
SMB: 445
POP3: 110,995
IMAP: 143/993
SMTP: 25/587
LDAPs: 636

Telnet:23
SSH: 22
RDP: 3389

Question 13

BOTH TCP and UDP protocol dependencies

Answer 13

Layer 7

LDAP: 389

DNS:53
SIP: 5060
H.323: 1719
SNMP: 161

Question 14

UDP protocol dependencies

Answer 14

Layer 7

TFTP: 69

DHCP: 68,69
NTP: 123