Chapter 9: TCP/IP Applications

Ace your homework & exams now with Quizwiz!

Process Explorer

Another great tool for discovering PID

Internet Application Security

For an internet appliance to be secure, it must have the following: Authentication: User names and passwods Encryption: Stirring up the data so others can't read it. Nonrepudiation: Source is not able to deny a sent message.

Exam Tip 9.1

HTML is the most well-known markup language, but many roam the Web today, adding to HTML's capabilities. Expect to see the Extensible Markup Language (XML) on the exam, XML provides basic format or mark up language for everything from RSS feeds to Microsoft Office documents.

Hypertext transfer Protocol over SSL (HTTPS)

HTTPS uses TCP port 443

Internet Information Services (IIS)

IIS enables you to set a maximum connection limit on your Web server based on available bandwidth and memory.This enables you to protect your network against an overwhelming number of requests due to a particularly popular page or type of malicious attack called DoS. . Only commands 11% of active Websites

Post Office Protocol version 3 (POP3)

Is one of the two protocols that receive email from SMTP serers. uses TCP port 110. Is on its way ut today.

Internet Message Access Protocol version 4 (IMAP4)

Is preferred alternative to POP3. Like POP3, it retrieves e-mail from email server, uses TCP port 143 and supports some features not supported in POP3 such as searching through messages on the mail server to find specific keywords and select messages you want to download onto your machine. Also supports the concepts of folders you can place on ____ server to organize your e-mail. Some POP3 e-mail clients have folders but that's not part of POP3 just a feature added to the client.

FIN (Finished)

Once the server finished sending the Web page it sends a FIN. Client sends an ACK and the a FIN. Server then responds with an ACK and the session is closed.

Publishing Web Pages

Once you've designed and created an HTML document, you can share it with the rest of the world, you would need to find a web server to host the page. Most ISP provide Web servers of their own, or you can find relatively inexpensive Web hosting service companies. The price of Web hosting usually cost around $10 a month for simple Web sites.

Passive FTP

Passive FTP doesn't use port 20, instead the client sends an Ftp request on port 21, but then the server sends back a random port number, telling the client which it's listening on for data request. Because the client initiates all conversations, the NAT router knows where to send the packet.

User Datagram Protocol

Perfect for the types of sessions that don't require all the connection-oriented stuff. Connectionless packets are sent using UDP.

Ping of death

Ping had a bug that allowed malicious users to send malformed ping packets to a destination, this would cause the recipient computer to crash.

Registered ports

Ports numbers from 1024-49151 are called _____.

Internet Group Message Protocol (IGMP)

Protocol that routers use to communicate with hosts to determine a "group" membership in order to determine which computers want to receive a multicast. Once a multicast has started, IGMP is responsible for maintaining the multicast as well as terminating at completion.

Well-known port numbers

Ranging from 0 and 1023

Configuring Telnet/SSH Client

Requires host name, valid login name, and the password. Some computers, usually universities libraries with online catalog, have an open system that enable you to log in with Yelnet

Transport Layer Security (TLS)

SSL has been replaced by TLS over the last few years. HTTPS uses TLS now.

Secure Socket Layer (SSL)

SSL is a protocol developed by Netscape for transmitting private documents over the internet. SSL works by using a public key to encrypt communication. Web pages that use Https:// use SSL. All popular web browsers and web servers support SSL.

Netstat -b

Shows the connection status and the program's name Ex. [chrome.exe] TCP 192.168.4:53994 62:https ESTABLISHED in Linux you can use the PS command. Need to run in administrative mode.

Netstat examples

TCP 0.0.0.0:445 0.0.0.0:0 Listening Shows that a listening port is ready for incoming packets that have a destination port number of 445. My IP is 192.168.4.27 and another computer on my network is 192.168.4.83, if the other computer is accessing the shared folders it would look like this. TCP 192.168.4.27:445 192.168.4.83:1073 Established When the computer is done accessing the shared folder, the established port closes it will now be TCP 192.168.4.27:445 192.168.4.83:1073 Close_wait If data is going back and forth between computers it can look like this TCP 192.168.4.27:52312 74.125.47.108:80 Established Now you may think it's a connection to a Web Server, but what program on the computer is sending it? Enter netstat - ano, ano shows the process ID TCP 192.168.4.27:52312 74.125.47.108:80 Established PID: 112092 Every running program on your computer gets a process ID (PID) a number used by the OS to track all your running programs. Not very useful to you, because you want to know the name of the running program. Netstat -b

Exam Tip 9.4

Telnet and SSH enable you to control a remote computer from a local computer over a network. Except SSH enables you to do it securely. SSH replaced Telnet for any serious Terminal emulation.

Socket pairs/endpoint

Terms for the connection data stored on two computers about the same connection.

socket/endpoint

Terms for the session information (IP address and port number) stored on a single computer.

Connection/Session

Terms for the whole interconnection.

Network Time Protocol/Simple Network Time Protocol (NTP/SNTP)

These protocols synchronize the clocks of devices on a network. Computers need to use the same time so things like kerberos authentication work properly. NTP/SNTP uses port 123.

dynamic or private port numbers

They are port numbers ranging from 49,152-65535, IANA recommends using these ports as ephemeral port numbers.

Apache HTTP Server

UNIX/Linux based OS run Apache HTTP server. Servers ~50% of the active Web sites on the internet. ngix is ranked 2nd and Google Web Server is ranked 4th (8%)

Sendmail

Used on Linux, Unix OS. Most used email-server, controls about 20% of email servers. Only uses SMTP and you must run a POP3 or IMAP4 server program to support e-mail clients. Microsot has Microsoft Exchange Server which runs exclusively on Windows.

Simple Mail Transfer Protocol (SMTP)

Used to send e-mail, travels over TCP port 25 and is used by clients to send messages

Web Server

is a computer that delivers Web pages, web servers listen on port 80, fetching requested HTML pages and sending them to browsers. You can turn any computer into a web server by installing server software, Microsoft's server is Internet Information Services (IIS)

File Transfer Protocol (FTP)

is the originally protocol used on the internet for transferring files. HTTP can be used to transfer files as well, but FTP can do the transfer with better security and data integrity. FTP used TCP ports 21 and 20 by default, passive FTP uses port 21 for a default.

netstat -an

tells netstat to show all used ports, the -n swtich instructs netstat to show raw port numbers and IP addresses.

Port numbers

16 bit value ranging between 0 and 65,535.

Note 9.1

A dumb terminal is a local system, generally a monitor, keyboard, and mouse, enables you to access a distant system that has all the computing power.

TCPView

A powerful endpoint tool program for windows. Linux uses Net Activity Viewer.

Telnet Protol

A program tat enables users on the Internet to log onto remote systems from their own host systems. You should never use telnet on the internet, instead use Secure Shell. Uses TCP port 23

Secure Shell (SSH)

A terminal emulation program that looks exactly lie Telnet, but encrypts the data, SSH replaced Telnet on the Internet. Uses TCP port 22

Active FTP

Active FTP works great unless your client uses NAT. Since your client didn't initiate the incoming port 20, your NAT router has no idea where to send this incoming packet.

EXAMTIP 2

Before connections to the Web became fast, many people used a completely different Internet service for swapping information, ideas, and files. USENET enjoyed popularity for some years, though it barely survives today. Clients use the Network News Transfer Protocol (NNTP) to access USENEt over TCP port 119

Exam Tip 9.5

Comptia views Web-based e-mail as one of many web services. Web Services also include applications that you applications that you would access on the internet, like google docs and google sheets, online word processing and spreadsheet programs.

Transmission Control Protocol

Enables connection-orientated communication in network that use TCP/IP protocol suite. TCP is by far the most common type of session on a typical TCP/IP network.

Trivial File Transfer Protocol (TFTP)

Enables you to transfer from one machine to another, uses UDP, doesn't have any data protection, you would never use TFTP between computers across the Internet. Popular for moving files between computers on the same LAN. TFTP uses port 69.

Netstat -ano

Every running program on your computer gets a process ID (PID) a number used by the OS to track all your running programs, because you want to know the name of the running program. If you want to find out the PID of a process, open up task manager, seect the processes tab, select the View menu, and click select columns and add PID.

TCP Three-way handshake

Example, one computer (Server) runs a webpage, and the other (Client) runs a web browser. Client first sends a singly SYN packet. If Server get that packet, it returns a single SYN, ACK packet. Client then starts Server a single ACK packet and request that Server begin sending the Web Page.

EXAM TIP 3

HTTP is the perfect example of a common network vulnerability and threat, an unsecured protocol. Other vulnerabilities include open ports and other unsecured protocols.

Echo Request

When you ping, a single ICMP packet sent to an IP you specify and all computers than run on TCP/IP (assuming no firewall is involved) respond to echo requests with an echo reply.

Netstat -n

Windows, Linux, and OS X command, this will show you a list of endpoints between the connection of your system and the other. Shows the IP and the port they are using for that connection. Enables you to see active tCP/IP connections at a glance.

Internet Control Message Protocol (ICMP)

Works at Layer 3 to deliver connectionless packets. ICMP handles mundane issues such as disconnect messages that applications use to let the other side of a session know what's happening. Pinging uses ICMP

e-mail client

a program that runs on a computer and enables you to send, receive and organize e-mail. The e-mail client communicates with the SMTP e-mail servers to send mail and communicates with the POP3 or IMAP4 server to download the messages from the e-mail server to the client computer. The two most popular of which are Microsoft Outlook and Mozilla Thunderbird.

Mailboxes

are special separate holding areas for each user's e-mail

request timed out

caused by a slow network, ecess traffic, a downed router, and more.

Hyper Text Markup Language (HTTP)

is the underlying protocol used by the Web, and it runs, by default on TCP port 80. When you enter http:// at the beginning of a Web server's IP address, you are identifying how messages are formatted and transmitted, requesting and responding to the transfer of HTML-formatted file. HTTP defines what actions Web servers and browsers should take in response to various commands. Other technologies exist to help HTTP relay commands and support more intelligent web sites, these technologies include JavaScript/AJAX, server-side scripting, adobe flash, and cookies.


Related study sets

HOST 170 Ch 12-20 (South America)

View Set

emotion & emotion regulation lesson 11 (Neuro exam 2)

View Set