Domain 1.5 Flashcards
(35 cards)
Describe UDP and TCP
UDP uses Datagrams to move data.
TCP uses segments to move data.
- Both UDP & TCP belong to Layer 4 of the OSI model.
- TCP and UDP data are encapsulated using the Internet Protocol or (IP) in order to be sent across the network
Both protocols support multiplexing, which allows for a single host to make use of both protocols simultaneously with different applications.
Describe TCP
Connection Orientated
3-Way handshake for establishing connections
Has error detection and correction
Has packet sequencing
Makes use of acknowledgement reply from recipient. This allows for packet resubmission due to loss or corruption
Flow control possible with windowing through use of Acknowledgement from recipient.
Descript UDP
Connection-less protocol
No error detection or correction
No flow control
No re-ordering of data
What are the well known ports or Non-Ephemeral ports
Ports: 0-1023
What are the Ephemeral ports, and how is their use determined
Ports: 1024-65,535
Real time use is determined by the clients using the port numbers.
What is ICMP
Internet Control Message Protocol -
“text messaging for network devices”
- Protocol carried by IP, not used for data transfer
-Allows devices to send and reply to administrative requests (ping and response from target)
-Devices can send messages when things do go well.
What is Telnet, and which port(s) does it use
TCP/23
Remote console access for devices
Sends data in the clear
What is SSH, and which port(s) does it use
TCP/22
Used for secure connections to host devices. This allows for a remote CLI session to be established.
Makes use Encryption
What is DNS, and which port(s) does it use
DNS UDP/53
Converts Names to IP addresses
Large transfers may use TCP/53
What is SMTP, and which port(s) does it use
Simple Mail Transfer Protocol TCP/25
Server to Server mail transfer
Also used to send mail from a device to a mail server.
Commonly configured on mobile devices and email clients
Other protocols are uses to receive email (IMAP, POP3)
What is IMAP, and what port does it use
Internet message Access protocol 4
TCP/143
Allows the management of an email inbox from multiple clients
EX: delete email from mailbox on phone, IMAP allows update to be reflected on a desktop email client.
What is POP3 and what port does it use
Post Office Protocol 3 TCP/110
Basic Mail Transfer Functionality
What is SFTP and what port does it use
TCP/22 Secure FTP
Makes use of the SSH protocol to send encrypted file transfer.
Provides File System Functionality:
Resume interrupted file transfers, Directory listings remote file removal
What is FTP and which ports does it use
TCP/20 for Active mode Data
TCP /21 for Control
-Transfers files between systems
-Authenticates with username and password
- Full featured File System functionality (list, add, delete)
What is TFTP? and which ports does it use
Trivial FTP UDP/69
-Very simple file transfer:
Read Write
-No authentication, so not common in production systems
What is DHCP and which ports does it use?
Dynamic Host Configuration Protocol
UDP/67 and UDP/68
Automated configuration of IP address, subnet masks and other options.
IP addresses are assigned real time from a pool of addresses.
Addresses are leased to devices and must be renewed.
Address can also be reserved.
This relies on MAC address entry and are managed from a single location (DHCP server client)
What is SNMP, and which port does it use
Simple Network Management protocol -
UDP/161
Gathers statistics from network devices.
Three versions exist
Describe SNMP v1, v2, and v3
SNMP v1 -
Structured tables of info. Data sent in the clear
SNMP v2 - Data enhancements, bulk transfers of data, but still sent in the clear
SNMP V3 - Message integrity, Message Encryption, and authentication
What is syslog, and what port does it use?
UDP/514 - System logging
Standard for message logging
-Allows for diverse system logging and log collection.
-Consists of centralized log server/collector.
-Typically integrated into SEIMs
-Requires significant disk space as logs move through their lifecycle.
What is RDP, and which port does it use
TCP/3389
RDP allows for an interactive GUI session between a Windows device and many other OSes such as Windows, Unix, or Iphone.
You can use RDP to get access to a Virtualized Desktop, or just a containerized application.
What is NTP and what port does it use
Network Time Protocol udp/123
-Every network device uses a clock. NTP allows for the synchronizing of those clocks.
-Essential for authentication, logging, outage details, event recreation/timeline construction.
Automatic updates, and allows for large amount of flexibility for administrators.
Very accurate.
What is SIP and what port does it use?
Session Initiation Protocol - TCP 5060 & TCP 5061
-Allows for VOiP Signaling
Setup and manage VOiP sessions:
-Call, Ring, Hang up
Also allows for “Extended voice communications”
-Such as Video conferencing, instant messaging, and file transfer.
What is SMB and what port does it use
TCP /445 Server Message Block
Protocol used by Windwows for file and printer sharing.
Modern implementations called CIFS (Common Internet File System)
What is LADP and LDAPs. Which port do they use?
Lightweight Directory Access Protocol -
TCP/389
Store and retrieve information in a network directory - 389 - insecure
LADPs - TCP/636
- Non-standard implementation of LDAP over SSL, which is still in use today
