1.4 Ports, Protocols, Services & Traffic

What does IP do?

It efficiently moves large amounts of data to an address.

Why is encapsulation needed in IP?

To package data properly for transmission between systems.

What layer of the OSI model is IP?

The Network Layer (Layer 3).

Is IP connectionless or connection-oriented?

Connectionless.

What protocol ensures data arrives when using IP?

TCP.

Why does IP fragment and reassemble data?

Because there's a limit to the size of data that can be transmitted at once.

What does RFC stand for?

Request for Comments; formal documents outlining networking standards.

What does an IP packet include to reach the correct destination?

IP address (to the device) and TCP/UDP port (to the specific service).

What is connection-oriented communication?

A method where packets are resent if not received, ensuring reliable delivery.

What is connectionless communication?

A method where data is sent once without resending, used for faster transmission like audio/video.

What is overhead in data transmission?

Extra info and processing like headers and acknowledgments added to data.

What do TCP and UDP have in common?

They are both transport layer protocols encapsulated inside IP.

Which OSI layer are TCP and UDP part of?

Layer 4 (Transport Layer).

Can TCP and UDP be sent simultaneously?

Yes, this is called multiplexing.

Is TCP connection-oriented or connectionless?

Connection-oriented.

How does TCP establish a connection?

Using a three-way handshake (SYN, SYN-ACK, ACK).

What RFC defines TCP?

RFC 793.

How many fields are in a TCP packet?

14 fields.

What is flow control in TCP?

Mechanism to control data transmission speed between sender and receiver.

Is UDP connection-oriented?

No, it is connectionless.

Does UDP provide flow control?

No, it does not.

How many fields are in a UDP packet?

4 fields.

Why is UDP more economical than TCP?

It has less overhead and no need for connection setup/teardown.

What is a socket in networking?

A combination of IP address, protocol (TCP/UDP), and port number.

What is an ephemeral port?

A temporary port (range: 1024–65535) used by client devices for communication.

What is a non-ephemeral port?

A permanent, well-known port (range: 0–1023) used by services.

Why must service port numbers be well-known?

So that browsers and applications can find them easily.

What is the purpose of FTP?

File Transfer Protocol for transferring files between systems.

What port does FTP use for control information?

TCP/21.

What port does FTP use for actual file transfer?

TCP/20.

Can FTP allow anonymous login?

Yes, for public access without accounts.

What security issue does FTP have?

It uses plaintext communication, which is insecure.

What is a secure alternative to FTP?

SFTP or FTP over SSH.

What is an example of an FTP client?

FileZilla, CuteFTP, or SmartFTP.

What OSI layer is FTP part of?

Application Layer (Layer 7).

What data mode does FTP use by default?

ASCII mode; binary mode must be set manually for non-text files.

What is SFTP?

Secure File Transfer Protocol, encrypted with SSH.

What port does SFTP use?

TCP/22.

What is SSH used for?

Secure Shell; to securely connect to a remote device from the console.

What port does SSH use?

TCP/22.

Is SSH encrypted?

Yes.

What protocol did SSH replace for secure communication?

Telnet.

What are the differences between SSH1 and SSH2?

SSH2 is more secure and incompatible with SSH1.

What is Telnet used for?

To connect to remote devices like routers; now mostly replaced by SSH.

What port does Telnet use?

TCP/23.

Is Telnet secure?

No, it transmits data in plaintext.

What is SMTP used for?

Simple Mail Transfer Protocol; used for sending emails.

What port does plaintext SMTP use?

TCP/25.

What port does encrypted SMTP (using TLS) use?

TCP/587.

Can SMTP send mail from clients to servers?

Yes, it's used for client-to-server and server-to-server email transfers.

What other protocols are used for viewing emails?

IMAP and POP3.

What does SMTP require for sending emails?

The destination host must be available.

What is SMTPS?

Secure SMTP using TLS to encrypt SMTP communication.

What is DNS?

Domain Name System; it converts human-readable names to IP addresses.

What ports does DNS use?

UDP/53 (primary), TCP/53 (for large transfers).

Why are multiple DNS servers used?

To ensure availability and reliability as it's a critical resource.

What protocol does DNS usually use?

UDP, unless the transfer is large (then TCP).

What is the OSI model?

A conceptual model that standardizes network functions into 7 layers.

What layer is SMTP part of in the OSI model?

Application Layer (Layer 7).

What layer is DNS part of in the OSI model?

Application Layer (Layer 7).

What does DHCP stand for?

Dynamic Host Configuration Protocol

What is the purpose of DHCP?

Automated configuration of IP address, subnet mask, and other options

What ports does DHCP use?

UDP/67 (server), UDP/68 (client)

What is a DHCP lease?

A temporary IP address assignment that must be renewed at intervals

What is DHCP reservation?

A setting to ensure a device always gets the same IP address

What is a DHCP scope?

A range or group of IP addresses defined on a DHCP server

What does TFTP stand for?

Trivial File Transfer Protocol

What is the purpose of TFTP?

Simple file transfer, often for config files or firmware updates

What port does TFTP use?

UDP/69

What are TFTP’s limitations?

No authentication, no directory navigation, minimal features

Is TFTP secure?

No, it lacks authentication and encryption

What does HTTP stand for?

Hypertext Transfer Protocol

What port does HTTP use?

TCP/80

What does HTTPS stand for?

Hypertext Transfer Protocol Secure

What port does HTTPS use?

TCP/443

How does HTTPS secure communication?

Using TLS (formerly SSL) encryption

What does NTP stand for?

Network Time Protocol

What port does NTP use?

UDP/123

Why is NTP important?

Synchronizes time across networked devices for logs and auth

How accurate is NTP?

Accurate to within 1ms under optimal conditions

What does SNMP stand for?

Simple Network Management Protocol

What port does SNMP use for polling?

UDP/161

What port does SNMP use for traps?

UDP/162

What are SNMP traps?

Alerts sent from network devices to a manager

Name one use case of SNMP

Monitoring bandwidth or triggering alerts on threshold events

What is SNMPv1 like?

Uses structured tables, single queries, no encryption

What improvements came with SNMPv2?

Bulk transfers, improved data types, still no encryption

What does SNMPv3 add?

Authentication, encryption, message integrity

What is the SNMP manager?

Central system that communicates with SNMP-enabled devices

What is the SNMP agent?

Software on a device that responds to SNMP manager commands

What is a Management Information Base (MIB)?

Database that defines what SNMP parameters can be read/written

What are SNMP communities?

Groups of devices that share SNMP access and roles (public/private)

What does SNMPv2c stand for?

SNMP version 2 with community-based authentication

What does LDAP stand for?

Lightweight Directory Access Protocol

What port does LDAP use?

TCP/389

What port does LDAPS use?

TCP/636

What is LDAP used for?

Querying and managing directory services like Active Directory

What structure does LDAP use?

Hierarchical (tree-like) structure for devices/users

What does SMB stand for?

Server Message Block

What port does SMB use (without NetBIOS)?

TCP/445