Transport Layer Protocol Flashcards
Port
- Unique indentification number used to direct incoming packets to appropriate service or application
- Multiple can be run simultaneously
- 0-1023 are preassigned to well known server applications
- Others must be assigned to applications to track requests
Socket
- Port number used in conjunction with source IP.
- Each socket is bound to software purpose.
- Only one process can operate a socket at a given time
- Connection is formed when client socket requests service from server socket.
- Server socket can serve a number of client sockets.
TCP
Transmission Control Protocol
- Works at Transport layer to provide connection-orients, guaranteed communications with acknowledgements confirm delivery.
- Can be used for Unicast only
- Missing packets can be resent
TCP Segment
- Data from application layer is divided up and given header
- Becomes payload for underlying Datagrams
Source Port
- Part of TCP segment header
- TCP Port Sending Host
Destination Port
- Part of TCP segment header
- TCP port of destination host
Sequence Number
- Part of TCP segment header
- ID number of the current TCP segment
- Allows receiver to rebuild message and deal with out of order packets
ack number
- Part of TCP segment header
- Sequence number of next segment expected from other host
- allows for retransmission of missing data
- Negative Acknowledgment (NAK or NACK) forces retransmission
Data length
- Part of TCP segment header
- Length of TCP Segment
Flags
- Part of TCP segment header
- Type of conent in segment (ACK, SYN, FIN etc.)
Window
- Part of TCP segment header
- Amount of data host is willing to receive before sending another ack
- TCPs flow control can slow down traffic if one side is getting overwhelmed
Checksum
- Part of TCP segment header
- Ensures validity of segment
- Calculated on the TCP header and payload but also part of IP header (source and destination addresses)
- Process is different to calculate for IPV4 and v6
Urgent Pointer
- If urgent data is being sent, specifies end of that data in segment
Options
- Allows further connection parameters to be configured
- Most important is Maximum Segment Size
- Allows host to specify the size of segments to minimize fragmentation
TCP Handshake 1
- Client sends segment with TCP flag SYN set to server with randomly generated number sequence. Client enters SYN-SENT state
TCP Handshake 2
- Server (currently in LISTEN state) responds with SYN/ACK segment
- segment contains random number sequence
- Server enters SYN-RECEIVED state
TCP Handhsake 3
- Client responds with an ACK segment
- Client assumes the connection is ESTABLISHED
TCP Handshake 4
Server opens connection with Client and enters ESTABLISHED state
TCP Teadown 1
- Client sends FIN segment to server and enters FIN-WAIT1 state
TCP Teardown 2
Server responds with an ACK segments and enters CLOSE-WAIT state
TCP Teardown 3
- Client receives the ACK segment and enters FIN-WAIT2 state.
- Server sends its own FIN segment to the client and goes to the LAST-ACK state
TCP Teardown 4
- Client responds with an ACK and enters TIME-WAIT state. After a defined period, client closes its connection
TCP Teardown 5
- Serve cloes connection when it recieves ACK form client
RST segment
- Can be used to end TCP sessions abruptly
- Not typical behavior and should be investigated
- Could be a faulty application or a sign of suspicious scanning activity
UDP
User Datagram Protocol
- Works on Transport Layer
- Connectionless, not a guaranteed method of communication
- No acknowledgments or flow control
- Used to send small amounts of data in each packet
- Used by application layer protocols to send multicast and broadcast traffic
- Also used for time-sensitive data that do not need complete reliability, voice, and video.
- Faster overall delivery
Port 20
Transport Protocol: TCP
Service: ftp-data
Description: File Transfer Protocol - Data
Port 21
Transport Protocol: TCP
Service: ftp
Description: File Transer Protocol - Control
Port 22
Transport Protocol: TCP
Service: ssh/sftp
Description: Secure Shell/FTP over SSH
Port 23
Transport Protocol: TCP
Service: Telnet
Description: Telnet
Port 25
Transport Protocol: TCP
Service: smtp
Description: Simple Mail Transfer Protocol
Port 53
Transport Protocol: TCP/UDP
Service: domain
Description: Domain Name System
Port 69
Transport Protocol: UDP
Service: tftp
Description: Trivial File Transfer Protocol
Port 80
Transport Protocol: TCP
Service: http
Description: HTTP
Port 110
Transport Protocol: TCP
Service: POP
Description: Post Office Protocol
Port 123
Transport Protocol: UDP
Service: ntp/sntp
Description: Network Time Protocol/Simple NTP
Port 143
Transport Protocol: TCP
Service: imap
Description: Internet Message Access Protocol
Port 161
Transport Protocol: UDP
Service: snmp
Description: Simple Network Managment Protocol
Port 389
Transport Protocol: TCP/UDP
Service: ldap
Description: Lightweight Directory Access Protocol
Port 443
Transport Protocol: TCP
Service: https
Description: HTTP-Secure (Secure Sockets Later(SSL)/ Transport Later Security (TLS)
Port 445
Transport Protocol: TCP
Service: smb
Description: Server Message Block over TCP/IP
Port 514
Transport Protocol: UDP
Service: syslog
Description: Syslog
Port 587
Transport Protocol: TCP
Service: smtps
Description: SMTP-Secure
Port 636
Transport Protocol: TCP
Service: ldaps
Description: LDAP-Secure
Port 1521
Transport Protocol: TCP
Service: sqlnet
Description: Oracle SQL*Net
Port 3389
Transport Protocol: TCP
Service: rdp
Description: Remote Desktop Protocol
5060 and 5061
Transport Protocol: TCP/UDP
Service: sip and sips
Description: SIP and SIP-Secure
