Day 5

Question 1

ports

Answer 1

accomplish’s the task of allowing different services to use the same interface

Question 2

well known ports

Answer 2

0-1023

Question 3

ports usable by the client

Answer 3

1024-65535

Question 4

socket

Answer 4

an IP paired with a port number.

can be viewed using the netstat command

Question 5

common netstat states

Answer 5

Established—the socket has an established connection
Time_Wait—the socket is waiting after close to handle packets still in the network
Close—The socket is not being used.
Close_Wait—The remote end has shut down, waiting for the socket to close
Listen—the socket is listening for incoming connections
Closing—both sockets are shut down but we still don’t have all our data sent.
UNKNOWN—the state of the socket is unknown.

Question 6

Dynamic Host Configuration Protocol

Answer 6

a protocol used by a host to obtain an IP address from a DHCP server. Uses DORA process to obtain IP.
uses UDP 67/68

Question 7

Discover (of DORA)

Answer 7

client sends broadcast message asking for information from DHCP server

Question 8

Offer (of DORA)

Answer 8

DHCP server offers an IP address to the client

Question 9

Request (of DORA)

Answer 9

client accepts the offer and notifies server its using the address

Question 10

Acknowledge (of DORA)

Answer 10

server sends back an acknowledgement.

Question 11

Domain Name System (DNS)

Answer 11

a distributed name system that contains services to map computer names to IP addresses.

Question 12

Root name servers

Answer 12

machines that provide access to the root zone file containing information on all Top-Level Domains (TLD’s)

Question 13

Types of TLD’s within the DNS

Answer 13

Generic TLD (gTLD)---TLD's with three or more characters such as .com
Sponsored TLD (sTLD)---sponsored by organizations such as .mil by DOD
Country Code TLD (ccTLD)--- two letter country codes

Question 14

Fully qualified domain name (FQDN)

Answer 14

full name.
specifies an address exact location in the DNS hierarchy.
specifies all domain levels, including the root domain, top-level domain, parent domain, and host.

Question 15

FQDN examples

Answer 15

www.nsa.gov
Host/parentdomain/toplevel domain

somehost.nsa.gov
host/parent domain/toplevel domain

Question 16

DNS Servers

Answer 16

DNS servers store information about a portion of the domain name space called a zone.

Question 17

Start of Authority (SOA)

Answer 17

The SOA acts as the primary DNS server.

best source of information for the zone.

Question 18

name servers (NS’s)

Answer 18

any other autoritative server for the zone

Question 19

forward lookup

Answer 19

resolve names to IP address

Question 20

reverse lookup

Answer 20

resolve IP addresses to names

Question 21

DNS records

Answer 21

SOA – Start of Authority – best source of info for the zone
NS – Name Server – An authoritative name server for the zone
A – Host Records – All of the IPv4 host names
AAAA – IPv6 Host records – all hosts with names and IPv6 addresses
CNAME – Canonical name – an alias
MX – Mail exchange – used to identify mail servers
SRV – Service Record – Services can be named an dlinked to an A record
PTR – Pointer Record – Maps IP addresses to names for reverse lookups

Question 22

DNS queries

Answer 22

a resolver communicates with name servers
DNS queries utilze UDP 53
Interative–the client makes queries to DNS servers
recursive–DNS servers make queries on behalf of the client

Question 23

DNS forwarder servers

Answer 23

used to forward DNS queries to DNS servers outside of the network.

Question 24

DNS caching

Answer 24

allows a DNS server to respond to multiple queries more quickly for previously resolved domain or host.

Question 25

zone transfers

Answer 25

conducted when a primary DNS server transfers its cache/database to a secondary or back-up DNS server uses TCP 53

Question 26

Simple mail transport protocol (SMTP)

Answer 26

(send mail to people) used to send email | uses TCP 25

Question 27

Post office protocol version 3 (POP3)

Answer 27

retrieves email from a mail server | uses TCP 110

Question 28

Internet Message Access Protocol version 4 (IMAP4)

Answer 28

like pop3, retrieves email from a server enables a user to search through messages based on keywords. supports folders to organize email on a server uses TCP 143

Question 29

Hypertext transfer protocol (HTTP)

Answer 29

the set of rules for exchanging files and allows information exchange in a web based environment. uses TCP 80

Question 30

Hypertext transfer protocol secure (HTTPS)

Answer 30

rides over the Secure Sockets Layer (SSL) or Transport Layer Securty (TLS) protocols providing security to a web session. uses TCP 443

Question 31

Secure Sockets Layer (SSL)

Answer 31

resides at the presentation layer of the OSI model used to ensure the privacy of HTTP transactions. relies on the exchange of certificates to negotiate encryption/decryption

Question 32

Transport Layer Security (TLS)

Answer 32

an upgrade to SSL and is able to secure many more applications than SSL. used in VoIP and VPN's.

Question 33

File Transfer Protocol (FTP)

Answer 33

a robust file manipulation application used for exchanging and manipulating files over a tcp based computer network uses TCP 20(data) and 21 (control) has an active mode and passive mode.

Question 34

active mode

Answer 34

the server initiates the three way handshake

Question 35

passive mode

Answer 35

the client initiates the data connection | the client side firewall sees data from the FTP server as a reply back to the client, and will allow it to pass

Question 36

trivial file transfer protocol (TFTP)

Answer 36

a simple protocol that only provides for the reading and writing of files or mail uses udp 69

Question 37

Telecommunications netork (Telnet)

Answer 37

allows a user at one host to establish a virtual connection with another host uses TCP 23

Question 38

Remote login (RLogin)

Answer 38

a UNIX software utility often used as an alternative to telnet uses TCP 513

Question 39

secure shell (SSH)

Answer 39

a protocol that allows data to be exchanged using a secure channel between two networked devices. replaces unsecure remote shells like telnet and rlogin uses tcp 22

Question 40

Lightweight directory access protocol (LDAP)

Answer 40

an application layer protocol used to structure information on a directory server uses tcp 389

Question 41

Simple Network Management Protocol (SNMP)

Answer 41

used to manage and collect statistical network data such as performance statistics from remote devices through polling. the management information base (MIB) defines the type of information sent. uses udp 161/162

Question 42

band management

Answer 42

in band management--allows the management of a network device through the network or within normal communications channels. out of band management- allows management outside of normal communications channels

Question 43

Voice over IP (VoIP)

Answer 43

protocols used for the transmission of voice through the internet or other packet-switched networks.

Question 44

Real-time transport protocol (RTP)

Answer 44

defines how voice or data packets are transported over the internet. provides real time voice and data streams and is a foundation of VoIP

Question 45

Session initiation protocol (SIP) and H.323

Answer 45

both handle VoIP call initiation, setup, and delivery

Question 46

Skype

Answer 46

entirely proprietary and not compatible with any other VoIP solution.