Chapter 9 Explaining Transport Layer Protocol

Ace your homework & exams now with Quizwiz!

IP Scanners

Special tools that allow a network administrator to scan the entire network to find all connected devices and their IP addresses. Perform host discovery. Performs hosts and topology discover to maximize network visibility. IP Address Management (IPAM)

NetStat

A TCP/IP troubleshooting utility that displays statistics and the state of current TCP/IP connections. It also displays ports, which can signal whether services are using the correct ports. Using a switch includes ports in the listening state in the output. Skip name resolutions, show process, report statistics. Windows versus Linux syntax differences. iproute2 ss and nstat commands replace netstat

Stateful DHCPv6

A method of obtaining an IPv6 address and other configuration values from a DHCPv6 server. Provides routable IPv6 address

User Datagram Protocol (UDP)

A protocol for sending packets quickly with minimal error-checking and no resending of dropped packets. Connectionless, non guaranteed (best effect) communication. Used by protocol that can tolerate lost or out of order packets.

Transmission Control Protocol (TCP)

A protocol for sending packets that does error-checking to ensure all packets are received and properly ordered. Connection oriented guaranteed delivery. Segments win head fields to track sequence and acknowledgements.

WireShark conversation

Allow the analyst to look at various protocol statistics: Ethernet, IPv4, IPv6, TCP, and UDP

DHCP Server Configuration

Appliance versus NOS implementation

Session Termination (Steps)

RST

IP helper

Cisco command supporting operation of DHCP relay. Can forward various types of broadcast traffic (not just DHCP).

Connection

Client IP and port connected to server IP and port

Three Way Handshake (TCP)

Client SYN, Server SYN/ACK, Client ACK

DHCPv6 Server Configuration

Client uses multicast ff:02::1:2 to locate server over port UDP/ Port 546 (client) and UDP/ Port 547 (server)

UDP / Port 546

DHCPv6-Client

UDP/ Port 547

DHCPv6-Server

TCP/UDP/ Port 53

DNS

Protocol Analyzer

Decode frames captured by sniffer. Live capture or saved capture file (PCAP). Parse header field to reveal packet metadata. Reconstruct TCP streams

TCP/ Port 20

FTP data. File transfer protocol.

Wireshark

Follow TCP stream contest command to reconstruct the packet contents for TCP session. Statistic menu to access traffic analysis tools

DHCP Relay

Forwards DHCP packets between clients and servers. Forwards responses from server back to appropriate client subnet

TCP/ Port 80

HTTP (Hypertext Transfer Protocol)

Scope

Range of IP addresses available to lease to clients on a particular subnet. Defined by start and end IP addresses and netmask. Redundant DHCP services should use non-overlapping address pools

TCP/ Port 443

HTTPS (Hypertext Transfer Protocol Secure)

Scan types

Half Open, Full connect, UDP, Port range

Stateless DHCP v6

Host obtains prefix from router advertisement(RA). RA advertises presence of DHCPv6 server to provide additional options.

TCP 143

IMAP (Internet Message Access Protocol)

Transport layer ports and connections

Identify individual applications as port number

TCP Connect (-sT)

Is a half-open scan that reuqires Nmap to have privileged access to the Network driver so that it can craft packets

TCP SYN (-sS)

Is fast technique (also referred to as half-open scanning) as the scanning host requests a connection without acknowledge it

TCP Window

Is the amount of data the host is willing to receive before sending acknowledgement

TCP/UDP/ Port 389

LDAP (Lightweight Directory Access Protocol)

UDP/ Port 123

NTP (Network Time Protocol)

DHCP Options

Options that are assigned when the addresses are assigned or renewed, including the default gateway and the primary and secondary DNS servers. IP address(es) of DNS servers. DNS suffix(domain name) to be used by the client. Time synchronization (NTP), file transfer(TFTP), voIP Proxy

Analyze Traffic Stream

Per-host utilization. Per protocol utilization

Determining "up" status

Ping, arp, traceroute. Simple network management protocol (SNMP). Query DHCP/ DNS

TCP 3389

RDP (Remote Desktop Protocol)

Remote Port Scanner

Report port status from a remote host

UDP/ Port 161

SNMP (Simple Network Management Protocol)

TCP / Port 22

SSH (Secure Shell), SCP (Secure Copy), SFTP (Secure File Transfer Protocol)

The ack number

Sequence number of the next segment expected from the other hosts, that is, the sequence number of the last segments received plus 1

TCP 25

Simple Mail Transfer Protocol (SMTP), which the network administrator should include when searching for email traffic.

Socket

Source IP plus port located to software process

DHCP Reservation and Exclusions

Static assignments and exclusions. Use IP address outside address pool. Exclude specific IP address from pool range MAC/ IP reservation. Always allocate a device the same pre-selected IP Automatic allocation. Lease any IP address from the pool to the same client persistently

TCP

System sending urgent printer data, specifies the end of that data in the segments

UDP / Port 69

TFTP (Trivial File Transfer Protocol)

TCP /Port 23

Telnet

-sV Switch

To probe a host more intensively to discover the software or software version operating each port

Protocol Hierarchy Tool

To view the most active protocols on a network link

Graceful Teardown

Uses a four-way handshake, with each side of the connection terminating independently. FIN, ACK, FIN, ACK

UDP scans (-sU)

scan UDP ports. As these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so UDP scanning can take a long time. A UDP scan can be combined with a TCP scan.


Related study sets

Mastering Biology Pollinators II: Chapter 13

View Set

chapter 10 international finance

View Set

oxygen dissociation curve (MIDTERM 2)

View Set

Chapter One: A First look at Anatomy

View Set

Histology of Accessory Digestive Organs

View Set