2.1 - Compare and contrast Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, protocols, and their purposes.

DoD Model

Process/Application layer, Host-to-Host layer, Internet layer, Network Access layer

What protocols in the TCP/IP suite operate at the process/application layer of the DoD model?

Telnet, FTP, LPD, SNMP, TFTP, SMTP, NFS, HTTP

Internet Layer Protocols

Internet Protocol (IP), Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), Reverse Address Resolution Protocol (RARP), Proxy ARP

ICMP (Internet Control Message Protocol)

A core protocol in the TCP/IP suite that notifies the sender that something has gone wrong in the transmission process and that packets were not delivered.

Address Resolution Protocol (ARP)

Part of the TCP/IP protocol for determining the MAC address based on the IP address.

RARP (Reverse Address Resolution Protocol)

Resolves MAC addresses to IP addresses

TCP vs UDP

TCP is a connection oriented protocol where UDP isn't. TCP is suitable for connections the require high reliability and transmission time is less critical. TCP establishes a connection with counterpart where UDP doesn't have any guarantee that the packets sent made it to the destination. TCP uses error checking, where UDP does not. TCP uses sequencing (putting frames in the right order) where UDP does not.

FTP (File Transfer Protocol)

20, 21

SSH (Secure Shell)

22

Telnet

23

SMTP (Simple Mail Transfer Protocol)

25

DNS

53

DHCP (Dynamic Host Configuration Protocol)

67, 68 UDP

TFTP (Trivial File Transfer Protocol)

UDP 69

HTTP (Hypertext Transfer Protocol)

80

POP3

110

NetBIOS/NetBT (Network Basic Input/Output System)

137-139

IMAP4

143

SNMP (Simple Network Management Protocol)

UDP 161

LDAP (Lightweight Directory Access Protocol)

TCP 389

HTTPS (Hypertext Transfer Protocol Secure)

443

SMB/CIFS

445

RDP (Remote Desktop Protocol)

3389

Port 20/21—File Transfer Protocol (FTP)

Both a protocol and application, lets you copy files, list and manipulate directories, and view file contents.

Provides insecure file transfers

Downside is it's unsecure. Use alternatives for secure file transfers. Transmits usernames and passwords in plain text, meaning no encryption. Don't use same password for FTP servers as other important services.

Port 22: Secure Shell (SSH)

Provides secure remote control of another machine using a text-based environment such as a command shell

Connection-oriented protocol that can be used to set up a secure Telnet session for remote logins or for remotely executing programs and transferring files., using encryption

Best known for its use as a remote login capability

RWE: Change configuration of my web server, I can login from my house in Puerto Rico to my file server in California over the internet

Port 23 (Telnet)

Provides insecure remote control of another machine using a text-based environment

Used to provide bidirectional interactive text-oriented communication using virtual terminal connections (convoluted way of saying it provides us remote access via the command prompt)

Similar to SSH, has been around forever, but is unsecure like FTP.

Port 25: Simple Mail Transfer Protocol (SMTP)

Designed to send only, considered a "push" protocol. Email client locates its email server by querying the DNS server for a mail exchange (MX) record. Once located, this protocol pushes the message to the email server, which will then process the message for delivery.

Port 53: (DNS) Domain name system

Resolve host names to IP addresses

URL (Uniform Resource Locator)

A location or address identifying where documents can be found on the Internet; a Web address

Port 67/68—Dynamic Host Configuration Protocol (DHCP)

Dynamically assigns IP addresses and other IP configuration information; subnet mask, default gateway, and the DNS server, to network clients.

Port 69: Trivial File Transfer Protocol (TFTP)

Similar to FTP, only simpler and faster. No authentication required, UDP (connectionless), 5 commands vs 70, and it's primary use is transmitting configurations to and from network devices.

Port 80 (Hypertext Transfer Protocol)

Foundation of data communication for the worldwide web and is used for insecure web browsing

Manages communication between a web server and a client but is not secure and has been supplanted by HTTPS.

Port 110 Post Office Protocol (POP3)

Used for receiving incoming emails, was the preferred protocol for downloading email. Has been replaced by IMAP4.

Uses a "store and forward method of communication". So if somebody sends you an email, it will go to your email server where it will wait until you're ready to receive it.

Port 137/139 - Network Basic Input/Output System (NetBIOS)/NetBIOS over TCP/IP (NetBT)

Used for file or printer sharing in a Windows network, conducting name querying, sending of data, and other functions

Application programming interface (API) that allows computers to communicate with each other over the network. Works in Layer 5 of the OSI model. Because of this, it needs to work with anohter network protocol to handle the functions of Layer 4 and below.

NetBIOS (Network Basic Input/Output System)

Protocol that operates at the Session layer of the OSI seven-layer model. This protocol creates and manages connections based on the names of the computers involved.

Port 143 - Internet Mail Access Protocol (IMAP)

A newer method of retrieving incoming emails which improves upon the older POP3

Secure protocol designed to download email.

Advantages over POP3 include:
works in connected and disconnected modes, allows storage on the server, allows multiple clients to be simultaneously connected to the same inbox.

Port 161-162 - Simple Network Management Protocol (SNMP)

Used to collect data about network devices and monitor their status, including devices such as routers, switches, VoIP phones

Gathers and manages network performance information.

Port 389 - Lightweight Directory Access Protocol (LDAP)

Open vendor-neutral industry standard for accessing and maintaining distributed directory information services for your network

Active Directory in Windows but it's not JUST AD in Windows. AD is microsoft's proprietary version of LDAP

Delivery services protocol based on the X.500 standard. Designed to access information stored in an information directory typically called...?

Port 445 - Server Message Block (SMB)

Used for Windows file and printer sharing services, operating a lot with NetBIOS. NetBIOS does the authentication over port 139 and then SMB will handle the actual passing out of those files

Provides share access to files, printers, and other network resources. in a Windows based network

Common Internet File System (CIFS)

A method for accessing data in Windows networks. CIFS is a public version of Server Message Block (SMB) that was invented by Microsoft.

Port 3389 - Remote Desktop Protocol (RDP)

Provides graphical remote control of another client or server

Allows users to connect to remote computers and run programs on them.

connectionless protocol

A type of Transport layer protocol that services a request without requiring a verified session and without guaranteeing delivery of data.

Audio/video streaming, DHCP, and TFTP

connection-oriented protocol

A type of Transport layer protocol that requires the establishment of a connection between communicating nodes before it will transmit data.

SSH, HTTP, or HTTPS? Why do we require connection-oriented protocols here? Because with SSH, we are doing two-way remote control with a remote server or wks. If we want to reboot the server, if we are using ssh, we know that command got there.

TCP (Transmission Control Protocol)

A connection-oriented,
reliable data transmission
communication service that operates
at the transport layer of the OSI
model. TCP is part of the TCP/IP
suite. Features flow control.

Connection-oriented protocols are HTTPS and SSH.

UDP (User Datagram Protocol)

Protocol that operates instead of TCP in applications where delivery speed is important and quality can be sacrificed. DHCP and TFTP.

Unreliable and it transmits segments called datagrams

Great for streaming because the constant three-way handshake is not occuring

Connectionless, unreliable delivery with no error recovery or flow control

Service Location Protocol (SLP)

Port 427

protocol or method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. This is an alternative protocol to LDAP in newer networks.

Network Time Protocol (NTP)

Port 123, Networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

System Logging Protocol (Syslog)

Port 514
Used to send logging data back to a centralized server

Well Known Ports

Ports 0 to 1023 are considered well-known and are assigned by the Internet Assigned Numbers Authority (IANA)

Registered Ports

Ports 1024 to 49151 are considered registered and are usually assigned to proprietary protocols

Have to be used by vendors for their own proprietary protocols and each vendor is going to register them with IANA prior to using them

Dynamic or Private Ports

Ports 49152-65535 can be used by any application without being registered with IANA

Usually used by your client whenever it picks a random high number port for its application

Commonly used for gaming, instant messaging, and chat

Port 22 - Secure File Transfer Protocol (SFTP)

Provides secure file transfers and operates on the exact same port we use for SSH because all we are doing is tunneling the FTP protocol

Port 443 Hypertext Transfer Protocol - Secure (HTTPS)

Used as a secure and encrypted version of web browsing, providing browsing over an encrypted tunnel. This tunnel can either use a Secure Socket Layer (SSL) or Transport Layer Security (TLS) to operate.

Three Way Handshake (TCP)

A three-step process in which Transport layer protocols establish a connection between nodes. The three steps are: Node A issues a SYN packet to node B, node B responds with SYN-ACK, and node A responds with ACK.