Jason Dion Network + Section 4: TCP/IP Model

What is the TCP/IP Model?

Alternative to the OSI Model, made up of 4 layers.
1. Network Interface Layer
2. Internet Layer
3. Transport Layer
4. Application Layer

How does the OSI model compare to the TCP/IP Model?

1. The application, presentation, and session layers become the application layer in the TCP/IP Model.
2. Transport remains the same.
3. Network's name is changed to Internet
4. Data link and physical become the Network Interface Layer

Describe the network interface layer of the TCP/IP model.

Describes how to transmit bits across a network and determines which network medium will be used.

Describe the internet layer of the TCP/IP model.

Where data is taken and packaged into IP datagrams and forwards the data.

Describe the transport layer of the TCP/IP model.

Describes the service level and the status of the connection being used by UDP, TCP, or RTP.

Describe the application layer of the TCP/IP model.

Decides how programs will interface with the transport layer through session management. Mainly through using different protocols, HTTP, SMTP, FTP, etc.

What is a port?

A logical connection on a system that a application or service listens on and waits for traffic.

What is the range of ports?

0 through 65535

What are well-known/reserved ports?

Ports 0-1023, ports used for standard protocols like FTP, SSH, etc.

What are ephemeral ports.

Ports 1024-65,535, used as ports for temporary connections by systems for sessions.

What is a IPv4 packet?

Packet that contains a source address, destination address, IP flags, and protocol.

Describe File Transfer Protocol (FTP).

Protocol for file transfers between a server and client, is insecure. Uses ports 20 and 21.

Describe Secure Shell (SSH).

Protocol for establishing secure remote control over another machine using a command line. Uses port 22.

Describe Secure File Transfer Protocol (SFTP).

Secure version of FTP, uses SSH for encryption. Uses port 22.

Describe Telnet.

Insecure protocol for establishing remote control over a machine like SSH. Uses port 23.

Describe Simple Mail Transfer Protocol (SMTP).

Protocol for sending email over a network. Uses port 25.

Describe Domain Name System (DNS).

Protocol for resolving domain names to IP addresses and visa versa. Uses port 53.

Describe the Dynamic Host Configuration Protocol (DHCP).

Automatically provides network parameters to clients, like IP addresses, subnet maks, default gateway, and the DNS server. Uses ports 67 and 68.

Describe the Trivial File Transfer Protocol (TFTP).

Protocol used for lightweight file transferring of configuration files or network booting of an operating system. Uses port 69.

Describe the Hypertext Transfer Protocol (HTTP).

Used for insecure web browsing, uses port 80.

Describe Post Office Protocol Version 3 (POP3).

Used for receiving incoming emails only. Uses port 110.

Describe the network time protocol (NTP).

Used to keep accurate time for clients on a network. Uses port 123.

Describe the Network Basic Input/output System (NetBIOS) protocol.

Use for file or printer sharing in a Windows network. Uses port 139.

Describe the Internet Mail Application Protocol (IMAP).

A protocol for sharing/accessing mail anywhere you may be. Uses port 143.

Describe the Simple Network Management Protocol (SNMP).

Used to collect data about network devices and monitor their status (routers, switches, etc). Uses ports 161 and 162.

Describe the Lightweight Directory Access Protocol (LDAP).

Protocol for directory services on a network. Uses port 389.

Describe the Hypertext Transfer Protocol - Secure (HTTPS).

Secure version of HTTP. Uses port 443. Uses TLS.

Describe the Server Message Block (SMB) protocol.

Protocol for Windows file and printer sharing services. Uses port 445.

Describe the System logging protocol (Syslog).

Protocol used for sending logging data back to a centralized server. Uses port 514.

Describe the Simple Mail Transfer Protocol Transport Layer Security (SMTP TLS).

Secure version of SMTP, uses port 587. Uses TLS.

Describe Lightweight Directory Access Protocol - Secure (LDAPS).

Secure version of LDAP. Uses port 636.

Describe the Internet Message Access Protocol over SSL (IMAPS).

Secure version of IMAP, uses port 993.

Describe the Post Office Protocol Version 3 over SSL (POPS3).

Secure version of POP3, uses port 995.

Describe the Structured Query Language Server Protocol (SQL).

Used for communication from a client to the database engine. Uses port 1433.

Describe the SQLnet Protocol.

Protocol used for communication from a client to an Oracle database. Uses port 1521.

Describe the MySQL protocol.

Open source version of SQL used for communication from a client to a MySQL database engine. Uses port 3306.

Describe the Remote Desktop Protocol (RDP).

Protocol for remote GUI-based connections that offer remote control. Uses port 3389.

Describe the Session Initiation Protocol (SIP).

Used to start VoIP and video calls. Uses port 5060 and 5061.

What is Nmap?

A command line tool for mapping a network and seeing which ports and service are open. Has a GUI-based version called Zenmap.

What is the Generic Routing Encapsulation (GRE) Protocol?

Protocol used to create a tunnel, called a GRE tunnel, over a public network. Developed by Cisco. Does not provide encryption.

Describe Internet Protocol Security (IPSec).

A set of secure communication protocols used to protect data flows over a network. TCP based. Provides confidentiality, integrity, origin authentication, and anti-replay.

What are the two underlying mechanisms IPSec uses?

1. Authentication Headers (AH): Gives integrity and authentication by hashing the normal header and payload to form an AH header.
2. Encapsulating Security Payload (ESP): Provides encryption and integrity for the data packets sent over IPSec.