Network Protocols

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/13

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

14 Terms

1
New cards

LDAP (Lightweight Directory Access Protocol)

  • Ports:

    389 for LDAP (unencrypted)

    636 for LDAPS (LDAP over SSL/TLS)

  • Purpose: Used to access and manage directory information services like Microsoft Active Directory.

  • How It Works: Clients query the directory server to authenticate users or find resources like printers, groups, etc.

  • Use Cases: Single Sign-On (SSO), centralized user authentication.

  • Security Concerns: LDAP traffic is unencrypted by default. Secure it with LDAPS.

  • Ports:

    • 389 for LDAP (unencrypted)

    • 636 for LDAPS (LDAP over SSL/TLS)

2
New cards

SMB (Server Message Block)

  • Ports:

    • TCP 445

  • Purpose: Allows file and printer sharing over a network, especially in Windows environments.

  • How It Works: SMB lets applications read/write files and request services on remote servers.

  • Use Cases: Network drives, printer sharing, accessing shared folders.

  • Security Concerns: Older versions (SMBv1) are vulnerable (e.g., WannaCry used SMBv1). Always disable SMBv1 and use SMBv2/3.

  • Ports:

    • TCP 445

3
New cards

Syslog

  • Port:

    UDP 514

  • Purpose: A standard for sending event or log messages from devices to a centralized log server.

  • How It Works: Devices send logs over UDP or TCP to a syslog server, which collects and stores them for monitoring or auditing.

  • Use Cases: Security log collection, incident response, compliance audits.

  • Security Concerns: Basic syslog is unencrypted. For sensitive environments, use syslog over TLS or VPNs.

  • Port:

    • UDP 514

4
New cards

SQL (Structured Query Language)

Ports (common ones):

TCP 1433 (Microsoft SQL Server)

TCP 3306 (MySQL)

TCP 5432 (PostgreSQL)

Purpose: Language used to manage and query relational databases.

How It Works: Clients send SQL queries to a database server which returns results from structured data.

Use Cases: Web apps, logging systems, financial databases, etc.

Security Concerns: SQL Injection is one of the most common web app vulnerabilities. Always use input validation and prepared statements.

Ports (common ones):

TCP 1433 (Microsoft SQL Server)

TCP 3306 (MySQL)

TCP 5432 (PostgreSQL)

5
New cards

Remote Desktop Protocol (RDP)

Port:

TCP 3389

Purpose: Provides remote graphical access to Windows machines.

How It Works: Sends keyboard/mouse input from the client to the remote computer and returns the screen back to the user.

Use Cases: Remote work, server administration, helpdesk access.

Security Concerns: Exposing RDP directly to the internet is a huge risk. Use strong passwords, network-level authentication, and VPNs.

Port:

TCP 3389

6
New cards

SIP (Session Initiation Protocol)

  • Ports:

    UDP/TCP 5060 (unencrypted)

    TCP 5061 (TLS encrypted)

  • Purpose: Initiates, maintains, and terminates VoIP (Voice over IP) calls and multimedia sessions.

  • How It Works: SIP handles signaling — it sets up the call. The actual media (audio/video) is transmitted over RTP.

  • Use Cases: VoIP phone systems, video conferencing, softphones.

  • Security Concerns: SIP is often targeted for eavesdropping or abuse. Use SIP over TLS and media over SRTP when possible.

  • Ports:

    • UDP/TCP 5060 (unencrypted)

    • TCP 5061 (TLS encrypted)

7
New cards

ICMP (Internet Control Message Protocol)

  • Purpose: Used for diagnostic and error messages, not for data transfer.

  • How It Works: ICMP messages are used by tools like ping and traceroute to test connectivity and report errors.

  • Use Cases: Network troubleshooting and diagnostics.

  • Security Concerns: ICMP can be abused for reconnaissance (like ping sweeps) or used in DoS attacks. Often rate-limited or blocked at firewalls.

  • Port: None — ICMP is a Layer 3 protocol and doesn’t use ports.

8
New cards

DNS (Domain Name System)

Ports:

UDP 53 for standard queries

TCP 53 for zone transfers or large responses

DNS (Domain Name System)

Purpose: Converts domain names (like example.com) into IP addresses.

How It Works: When you type a URL, your computer queries a DNS server to find the corresponding IP. If it’s not cached, the server goes through a chain (root → TLD → authoritative) to resolve it.

Use Cases: Browsing the web, accessing internal systems via hostnames.

Security Concerns: DNS spoofing, cache poisoning. Use DNSSEC or secure DNS over HTTPS/TLS to reduce risk.

Ports:

UDP 53 for standard queries

TCP 53 for zone transfers or large responses

9
New cards

DHCP (Dynamic Host Configuration Protocol)

Ports:

UDP 67 (server)

UDP 68 (client)

Purpose: Automatically assigns IP addresses and network settings to devices.

How It Works: New devices send a broadcast looking for a DHCP server. The server responds with an IP and settings like subnet mask, default gateway, and DNS servers.

Use Cases: Plug-and-play networking in homes, offices, enterprise networks.

Security Concerns: Rogue DHCP servers can assign malicious settings. Mitigate with DHCP snooping.

Ports:

UDP 67 (server)

UDP 68 (client)

10
New cards

TFTP (Trivial File Transfer Protocol)

  • Port: UDP 69

  • Purpose: Simple file transfers without authentication or encryption.

  • How It Works: Uses UDP for lightweight file uploads/downloads. Often used in device booting or firmware updates.

  • Use Cases: PXE boot, router/switch firmware distribution.

  • Security Concerns: No security at all — avoid in modern environments unless on isolated networks.

  • Port: UDP 69

11
New cards

HTTP (Hypertext Transfer Protocol)

  • Port: TCP 80

  • Purpose: Transfers web content between browsers and servers in plaintext.

  • How It Works: A browser sends an HTTP request (like GET or POST), and the server responds with the requested resource (like a web page or image).

  • Use Cases: Web browsing, API communication (non-sensitive).

  • Security Concerns: Everything is sent unencrypted — visible to attackers. Don’t use for sensitive data.

  • Port: TCP 80

12
New cards

SSH (Secure Shell)

Port: TCP 22

Purpose: Secure command-line access to remote systems, and encrypted file transfers.

How It Works: Uses asymmetric encryption to start a session, then switches to symmetric encryption. Supports password and key-based auth.

Use Cases: Server administration, secure tunneling, file transfers via SFTP or SCP.

Security Concerns: Secure when properly configured. Use strong keys and disable root login.

Port: TCP 22

13
New cards

Telnet

Port: TCP 23

Purpose: Remote command-line access to devices.

How It Works: Opens a plaintext terminal session with no encryption.

Use Cases: Rare today; sometimes found in legacy systems or old networking equipment.

Security Concerns: Completely insecure — anyone can intercept commands and credentials. Always disable if possible.

Port: TCP 23

14
New cards

FTP (File Transfer Protocol)

  • Ports:

    • TCP 21 (control)

    • TCP 20 (data, active mode)

  • Purpose: Transfers files between a client and server.

  • How It Works: Uses a command (control) channel and a separate data channel. Operates in active or passive mode depending on who opens the data connection.

  • Use Cases: Uploading website files, moving large data between servers.

  • Security Concerns: Plaintext login and file data. Vulnerable to sniffing. Avoid in favor of SFTP/FTPS.

  • Ports:

    • TCP 21 (control)

    • TCP 20 (data, active mode)