Chapter 5 - TCP and UDP Ports and Protocols
TCP (Transmission Control Protocol) establishes network connections with a three way handshake, a process that includes three steps
1. SYN: the client computer attempts to initiate a session to a server with a synchronize packet of information ( known as a SYN packet) 2. SYN+ACK: The server responds to the client request by sending a synchronization/acknowledgement packet (known as a SYN+ ACK packet) 3. ACK: The client sends an acknowledgment packet to the server. (This is known as an ACK packet)
RDP (Remote Desktop Protocol)works in 3 ways
1. Users can be given limited access to a remote computer's applications (such as Word or Excel) 2. Administrators can be given full access to a computer so that they can troubleshoot problems from another location 3. Another part of the program, known as Remote Assistance, allows users to invite a technician to view their desktops in hopes that the technician can fix any encountered problems
The RDP (Remote Desktop Protocol) port
3389 is also used by Remote Desktop Services, which is the server-based companion of Remote Desktop Connection
Which of the following is the default inbound port of a DHCPv4 server
67
Which ports are used by IMAP (internet message access protocol)
993
SFTP (Secure File Transfer Protocol)
A protocol available with the proprietary version of SSH that copies files between hosts securely. Like FTP, SFTP first establishes a connection with a host and then allows a remote user to browse directories, list files, and copy files. Unlike FTP, SFTP encrypts data before transmitting it. Provides file access over a reliable data stream that is generated and protected by SSH
FTP (File Transfer Protocol)
Allows computers to transfer files back and forth After connecting to an FTP server on port 21, a client would use port 20 for the actual data transfer
HTTPS (Hypertext Transfer Protocol Secure)
An encrypted version of HTTP. It uses port 443. Designed to keep a user's information private and to prevent tampering and eavesdropping It is recommended because of the secure connection it makes- which it does via a protocol such as Transport Layer Security (TLS) and using an encrypted certificate
FTPS (File Transfer Protocol Secure)
An extension of FTP that uses SSL or TLS encrypt FTP traffic. Some implementations of FTPS use ports 989 and 990
User Datagram Protocol (UDP)
Are known as connectionless sessions Example: UDP usage with streaming media sessions If a packet is dropped , it is not asked for again Does not use a handshake process or flow control It is expected to loose packets
To implement a Windows domain
At least on Windows server must be promoted to a domain controller When you do this , LDAP is installed and runs on inbound port 389 by default
SNMP (Simple Network Management Protocol)
By default uses port 161
HTTP (Hypertext Transfer Protocol)
Default Ports = 80 -used by web browsers and web servers to exchange files -information requesting and responding protocol -used to request web documents but can also be used as the protocol for communicating between agents using different IP protocols
SSH (Secure Shell)
Enables to remote control of computers and enables data to be exchanged between computers on a secure channel Offers a more secure replacement to FTP and Telnet To access a Secure Shell server, the server must have port 22 open Example of a connection-oriented protocol that uses TCP
A DNS (Domain Name System) server
Has an inbound port 53 open by default
IMAP (Internet Message Access Protocol)
Is an email protocol that enables messages to remain on the email server so they can be retrieved from any location Also supports folders, so users can organize their messages as desired Default port 993
DNS (Domain Name System)
Is the group of servers on the group of servers on the Internet that translates domain names to IP addresses Eg example.com might translate to IP address 93.184.216.34
NMS (Network Management System)
Is the main software that controls everything SNMP(simple network management protocol) based It is installed on a computer known as a manager
SNMP (Simple Network Management Protocol)
Is used as the standard for managing and monitoring devices on a network It is used to manage routers, switches, UPS devices, and computers and is often incorporated in software known as a network management system (NMS)
LDAP (Lightweight Directory Access Protocol)
Is used to access and maintain distributed directories of information (such as the kind involved with Microsoft domains) Microsoft refers to this as Active Directory (AD) and also directory services or domain services It includes the user accounts, computer accounts, groups , and the authentication and permissions involved with those accounts collectively known as Windows domain
DHCP (Dynamic Host Configuration Protocol)/BOOTP (bootstrap Protocol
Is used to automatically assign IP addresses to hosts ( computers, routers, printers, servers) A router uses DHCP to assign an IP address to the client computers ISP also uses DHCP to assign an IP address to you In a IPv4 network the DHCP server needs to have inbound port 67 open, and a DHCP client uses port 68 to connect out to that server( referred to as DHCPv4) server
POP3 (Post Office Protocol version 3)
Is very common and is used by email clients to retrieve incoming email from a mail server The default port is 995
Once the server receives the ACK packet
It acknowledges the session, and the network connection is established- also known as a TCP socket connection
Exam alert
Know your protocols and their functions for the exam! Commit them to memory
Exam alerts
Know your secure ports! SMTP - 445, 586 POP3 - 995 IMAP- 993
Transmission Control Protocol (TCP)
Known as connection-orientation sessions (means that every packet that is sent is checked for delivery); if packet is not received, the receiving computer cannot assemble the message and will ask the sending computer to transmit the packet again
Exam alert
Objective 2.1 concentrates on the following concepts: ports, and protocols such as FTP, SSH, Telnet, SMTP, DNS, DHCP, HTTP, POP3, NetBIOS/NetBT, IMAP, SNMP, LDAP, HTTPS, SMB/CIFS, and RDP It also covers the differences between TCP and UDP
DHCP (Dynamic Host Configuration Protocol)
Original port (server) - 67; client - 68 UDP (user Datagram protocol)
POP3 (Post Office Protocol version 3)
Original port - 110 Secure port - 995 TCP (transmission control protocol)
FTP (File Transfer Protocol)
Original port - 21 Secure port - 989/990 TCP (Transmission Control Protocol)
SSH (Secure Shell)
Original port - 22 Secure port - 22 TCP (transmission control protocol) or UDP (User Datagram protocol)
RDP (Remote Desktop Protocol)
Original port - 3389 TCP/ UDP
LDAP (Lightweight Directory Access Protocol)
Original port - 389 Secure port - 636 TCP/UDP
DNS (Domain Name System)
Original port - 53 TCP (transmission control protocol)
IMAP (Internet Message Access Protocol)
Original port -143 Secure port 993 TCP(transmission control protocol)
NetBIOS/NetBT (Network Basic Input/Output System)
Original port 137-139 TCP (transmission control protocol)
SNMP (Simple Network Management Protocol)
Original port- 161 UDP (user Datagram protocol)
SNMPTRAP - Simple Network Management Protocol Trap
Original port- 162 TCP/UDP
Telnet (Telecommunication Network)
Original port- 23 Secure port - not considered a secure port TCP (transmission control protocol) or UDP (user Datagram protocol)
SMTP (Simple Mail Transfer Protocol)
Original port- 25 Secure port - 587 or 465 TCP ( Transmission Control Protocol)
HTTP (Hypertext Transfer Protocol)
Original port- 80 Secure port - 443 ( HTTPS) TCP (transmission control protocol)
SMB (Server Message Block)
Original port-445 TCP
Email clients include
Outlook Thunderbird Gmail
SNMP (Simple Network Management Protocol) traps use
Port 162
SMB (Server Message Block) protocol
Provides access to shared items such as files and printers Know as Common Internet File System (CIFS) protocol in the past Actual packets that authenticate remote computers through what are known as interprocess communication (IPC) mechanisms They can communicate directly over TCP using port 445 or by working with legacy NetBios/NetBT protocol using a port between 137 and 139
A more secure version of LDAP (Secure LDAP)
Runs on port 636
A user can receive email but cannot send any. Which protocol is not configured property
SMTP (simple mail transfer protocol)
Email protocols
SMTP, IMAP, POP3
Which protocol uses port 22
SSH(secure shell)
SMTP (Simple Mail Transfer Protocol)
Sends email- when you send email client , it goes to an SMTP server and is then sent off to its destination Acronym- Send mail to people (SMTP) Use port 587 or port 465
Network sessions on an IP network are either
TCP ( Transmission Control Protocol) or UDP (User Datagram Protocol)
RDP (Remote Desktop Protocol)
To facilitate connections to remote computers and allow full remote control Microsoft uses the Remote Desktop Connection program which is based on Remote Desktop Protocol (RDP)
Exam alert
Typical DHCPv4 servers use port 67 and clients use port 68 Remember that DHCP is considered connectionless (as it uses UDP)
Which of these would be used for streaming media
UDP( user Datagram protocol)
Exam alert
Use HTTPS for web servers whenever possible- usually on port 443 Also remember HTTPS is connection oriented (as it uses TCP)
HTTP and HTTPS
Use TCP as their connection mechanism
DHCP (Dynamic Host Configuration Protocol)v6 servers
Use port 547 and clients use port 546 Connectionless - which means they use UDP as the main transport protocol
TCP (Transmission Control Protocol)
Uses a method known as flow control which prevents a sender from overwhelming a se4ver by sending too many packets too quickly
Both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
Utilize protocols and ports to make connections
Telnet (Telecommunication Network)
provides remote access to other hosts using the command-line interface (CLI) it uses port 23 but is an insecure and deprecated protocol Generally disabled even if it exists in the OS Quick check for it in the Services console window (Run > services.msc) if not listed then it is disabled Enable/disable in the Turn Windows features on or off
