SECTION 4 : TCP/IP MODEL

Question 1

How many layers in the TCP/IP model? And what is their names ?

Answer 1

Four.
Layer 5-6-7 are smashed together to form the application layer.
The transport layer is the same.
The network layer becomes the internet layer.
Datalink and physical are called the network interface layer.

Most modern computer networks are TCP/IP based.

Question 2

What is the nerwork interface layer ?

Answer 2

Describes how to transmit bits across a network and déterminés how the network medium is going to be used.

Question 3

What is the internet layer ?

Answer 3

Where data is taken and packaged into IP datagrams. IP, IMCP, ARP and reverse ARP.

Question 4

What is the transport layer ?

Answer 4

Defines the level of service and the status of the connection being used by TCP UDP or RTP.

Question 5

What is the application layer ?

Answer 5

Dictates how programs are going to interface with the transport layer by conducting session management.
Layer 5-6-7
HTTP, Telnet, FTP, SSH, SNMP, DNS, SMTP, SSL/TLS

Question 6

What is a port ?

Answer 6

A logical opening on a system representing a service or application that’s listening and waiting for traffic.

It’s a room of a house (IP adress)

Question 7

How many ports ? And How many groupes ?

Answer 7

0 —> 65.535
Well-known and réserved ports (FTP,
25, 80) : 0 —> 1024
Ephemeral ports : 1024 —> 65.535

Question 8

How does data transfer works works when it comes to ports ?

Answer 8

If we want to transfer data to a website we open port 49.163 and go to an IP port 80. These are source and destination. Because this is default port. The website will reverse the process.
Thé port 80 will always be opened.

Question 9

What is an IP v4 packet ?

Answer 9

Consists of a source address, destination address, IP flags and protocol (TCP/UDP) No need to memorize a full IP header.

Question 10

Compare UDP and TCP header

Answer 10

TCP header (40 bytes) whereas UDP is 8 bytes.
Both have source and destination port. But UDP has much less information (only checksum) that ex plains why UDP is faster.

Question 11

What is FTP ?

Answer 11

Operates on port 20 and 21 and provides insecure file transfers.
Unencrypted.

Question 12

What is SSH ?

Answer 12

Operates on port 22 and provides secure remote control of another machine using a text-based environment.

You use a command shell and it is a cryptographic network protocol.

SSH is for secure shell.

Question 13

What is SFTP ?

Answer 13

Secure FTP.
Port 22.
Provides secure file transfers.

Question 14

What is Telnet ?

Answer 14

Provides insecure remote control of another machine using a text-based envieonement.
Port 23
Considered insecure and not to use on the internet.

Question 15

What is SMTP ?

Answer 15

Simple mail transfer protocol. Port 25
Provides the ability to send emails over the network. Old protocol.,

Question 16

What is DNS ?

Answer 16

Port 53.
Domain Name System convert domain names to IP addresses and inversely.
Really important.

Question 17

What is DHCP ?

Answer 17

Dynamic Host Control Protocol.
Operates over 67 and 68.
Automatically provides network parameters to your clients such as their assigned IP address, subnet, mask, default gateway and the DNS server they should use.

Question 18

What is TFTP ?

Answer 18

Trivial file transfer protocol.
Port 69.
Used as a lightweight file transfer method for sending configuration files or network booting of an OS.

Question 19

What is HTTP ?

Answer 19

Operates over port 80.
Used for insecure web browsing.

Question 20

What is Pop3?

Answer 20

Post Office protocol.
Used for receiving incoming emails.
Port 110.

Used by local email clients to retrieve email from a remote server over a TCP/IP connection.

Question 21

What is NTP ?

Answer 21

Network Time protocol.
Operates on port 123.
Used to keep accurate time for clients on a network.

Oldprotocol (1995) sync up time and date.

Question 22

What is NetBIOS ?

Answer 22

Network basic Input/Output system
Port 139
Used for file or printer sharing in a windows network.

Application to communicate over a LAN.

Question 23

What is IMAP ?

Answer 23

Internet Mail Application Protocol.
Port 143
A newer method of retrieving incoming emails which improves upon the older POP3. Keeps more information synchronized over different devices.

Question 24

What is SNMP ?

Answer 24

Simple Network Management Protocol.
Port 161 and 162
Used to collect data about network devices and monitor their status.

Includes information about devices and can monitor uptime.

Question 25

What is LDAP ?

Answer 25

Lightweight Directory Access Protocol
Port 389
Used to provide directory service to your network.

Vendor neutral. It’s like AD but not delimited to the windows environement. But AD also uses 389. If you’re looking for contacts you use LDAP

Question 26

What is HTTPS ?

Answer 26

Port 443
Used for secure web browsing.
Encrypted tunnel with SSL or TLS. TLS is the newer and secure method. End to end tunnel.

Question 27

What is SMB ?

Answer 27

Server Message Block
445
Used for Windows file and printer sharing services.
It operates a lot of time with NetBIOS.

Question 28

What is Syslog ?

Answer 28

Port 514
Used to send logging data back to a centralized server for monitoring.

Question 29

What is SMTP TLS ?

Answer 29

Port 587
Encrypted version of SMTP. Make sûre that you use encryption END to end TLS tunnel.

Question 30

What is LDAPS ?

Answer 30

Port 636
Provides secure directory services. Just like LDAP does operate but adds an Encrypted tunnel.

Question 31

What is IMAP over SSL ?

Answer 31

Port 993.
Secure version of IMAP service. Like IMAP it can update the read/unread status

Question 32

What is POP3 over SSL ?

Answer 32

Port 995.
Secure version of POP3.
Older protocol that couldn’t maintain the read/unread status.

Question 33

What is SQL ?

Answer 33

Structured Query Language
Port 1433
Used for communication from a client to the database engine. Notably for SQL Microsoft Server.

Question 34

What is the SQLnet Protocol?

Answer 34

Port 1521
Used for communication from a client to an Oracle database.

Question 35

What is MySQL ?

Answer 35

Port 3306
Used for communication from a client to the MySQL data base engine. Open source protocol.

Question 36

What is RDP ?

Answer 36

Port 3389
Provides graphical remote control of another client or server.
Proprietary protocol developed by Microsoft.
Kind of similar to SSH or Telnet but RDP provides a full graphical user interface.

Question 37

What is SIP ?

Answer 37

Port 5060, 5061
Provides signaling and controling media communication sessions. Used to initiate VoIP and vidéo calls.

Question 38

What is Nmap?

Answer 38

Popular command line tool that maps the network. Used for trouble shoooting. And we can find open ports by entering the IP address.
Zenmap is the same but with graphical interface.

Question 39

What is the IP protocol types of the TCP/IP model V

Answer 39

• TCP
• UDP
• GRÉ
• ICMP
• IPSEC

Question 40

What is GRÉ ??

Answer 40

Generic routing encapsulation protocol. Used as a simple and effecitve way to create a tunnel, called à GRE tunnel over a public network.
Developped by CISCO.
It doesn’t provide any encryption.

Question 41

What is IPSEC?

Answer 41

Used to protect one or more dataflows between peers. It is a TCP protocol. It lets you encrypt your tunnel to protect your data from prying eyes.
IPSEC uses two protocols :
- AH (authentication header) allowing to match and verify integrity.
- ESP (encapsulating security payload) : provides encryption and integrity for thé data packets sent over IPsec