Protocols Flashcards
TCP
TCP is connection-oriented protocol. Best for using when reliability is needed. Let’s say HTTP, HTTPS, SSH, FTP – those all utilize TCP. The more common protocol you will be scanning is TCP.
TCP works on what’s called three-way handshake. We’re going to first send a SYN packet and we are going to receive SYN ACK packet, finally we are going to send an ACK packet. If you go to your neighbor and say “hello”, that’s a SYN. SYN ACK will be the response “Hey John, I acknowledge you (waiving back)”, and you are good to go, start the conversation, that’s the acknowledgement ACK. We think of this in the terms of ports. Port is item that can be open in a machine and it’s a way to communicate to certain protocols. HTTPS runs on port 443. Let’s say you want to connect to port 443 on a website. SYN > SYN ACK > ACK. You are going to send a SYN packet on that website “I want to connect to you in port 443”, if port 443 is available for connection they will say “You can connect to me” (SYN ACK) and when you actually want to establish that connection, you’re going to send the acknowledgment packet back (ACK).
UDP
User Datagram Protocol is
Connectionless protocol. Streaming service or DNS or voice over IP, that’s connectionless.
FTP
FTP (21) – File Transfer Protocol, that means we can get logged in the server, we can put a file, or we can get the file off the server.
SSH
SSH (22) – Secure Shell does the same thing as Telnet, the only difference is that SSH is the encrypted version of that. With SSH you are encrypted.
Telnet
Teletype Network (23) - This is the ability to log into machine remotely. With Telnet you are with clear text. (SSH)
SMTP
SMTP (25) – Simple Mail Transfer Protocol, ALL THREE ARE EMAIL RELATED.
POP3
POP3(110) – Post Office Protocol 3, ALL THREE ARE EMAIL RELATED.
IMAP
IMAP (143) – Internet Message Access Protocol, ALL THREE ARE EMAIL RELATED.
DNS
DNS (53) – Domain Name System is a way to resolve IPv4: 8.8.8.8 (and/or 8.8.4.4) to names. Let’s say the IP address and google.com. . DNS is both TCP and UDP protocol.
HTTP/HTTPS
HTTP (80) / HTTPS (443) – most of everything is on HTTPS or port 443. HyperText Transfer Protocol on port 80 you may see sometime because that’s the unsecure and unencrypted version of the protocol.
SMB
(139 + 445) – Originally Server Message Block was only port 139 and in the latest versions of Windows, they put 445. This relates to file shares. You might also hear this as SAMBA. You gotta think about all this crazy exploits we have. Like the “Wanna cry” virus also known as “eternal blue”, that exploit utilize SMB exploit to navigate though it networks. It became very vicious (злостен, ужасен, зъл) very quick because SMB is open so frequently on networks.
DHCP
(67, 68) – When it comes to IP addresses, Dynamic Host Configuration Protocol associate you with IP address kind of random. What’s the opposite of that is, what’s a static address. With DHCP you plug in let’s say, your home network and the internet just fire up. Guess what, DHCP is probably running at the background. It just picks a number between a range “This is your IP address, I’m going to list that out 8 hrs or day or week, whatever your time is set for, and that IP address is yours”. The opposite of that is static. If I want to plug in with a static IP address and anytime, I plug in in this specific computer, go ahead and give it this IP address. How are you going to know that? Most likely with the MAC address.
TFTP
TFTP (69) – Trivial FTP, it utilizes UDP instead of TCP.
SNMP
TFTP (69) – Trivial FTP, it utilizes UDP instead of TCP.
