Term
| Describe the protocol type IP |
|
Definition
Internet Protocol: Used to transport data, using either UDP (User Datagram Protocol) or TCP (Transmission Control Protocol).
To know where to deliver the data, this protocol needs the IP addresses of the sender and client, which protocol to use: TCP or UDP, and a port number to determine where the data goes once it reaches the receiver's IP address. |
|
|
Term
| Describe how data is transferred |
|
Definition
Data is transferred by being packaged within a protocol: UDP/TCP, which is moved by IP across a network: ethernet/dsl/cable
[Ethernet header[IP[TCP[Data]]]Ethernet trailer] |
|
|
Term
| Describe the protocol type TCP |
|
Definition
|
|
Term
| Describe the protocol type UDP |
|
Definition
User Datagram Protocol
Connectionless protocol: just starts sending data without regard for the other system's availability
Unreliable: no feedback from the receiving device, so no flow control or data acknowledgement is possible. |
|
|
Term
| What are port numbers and how are they used? |
|
Definition
Used to determine where data is sent
TCP and UDP port numbers sets are different, so udp/80 and tcp/80 will not conflict
Non-ephemeral (permanent) ports: 0–1023. These are well-known ports used by applications or services on a server. Eg. 443 carries https traffic and 80 carries http traffic
Ephemeral ports: 1024–65535. Used by clients which use any open port it can find to send information back to a server |
|
|
Term
| Describe the protocol type ICMP? |
|
Definition
Internet Control Message Protocol
Carried by IP
Not used for data transfer.
Essentially used to send status messages between devices |
|
|
Term
| What is TelNet, and which port and protocol does it use? |
|
Definition
Telecommunication Network
tcp/23
An unencrypted Command Line Interface used to log into and administer devices (servers, routers, switches, etc infrastructure) |
|
|
Term
| What is SSH, and which port and protocol does it use? |
|
Definition
Secure Shell (Alternative to TelNet)
tcp/22
A console (CLI) used like TelNet, but it's encrypted |
|
|
Term
| What is DNS, and which port and protocol does it use? |
|
Definition
Domain Name System
udp/53
Converts names to IP addresses. eg: www.professormesser.com= 162.159.246.164 |
|
|
Term
| What is SFTP, and which port and protocol does it use? |
|
Definition
Secure File Transfer Protocol
tcp/22 (Transfers files using SSH as the underlying protocol, and so uses the same encrypted port)
Full featured: can provide directory listings, resume interrupted transfers, remote file removal |
|
|
Term
| What is FTP, and which port and protocol does it use? |
|
Definition
File Transfer Protocol
tcp/20 (active mode data)
tcp/21 (control)
Requires authentication with a user & pass
Full featured like SFTP but isn't secure |
|
|
Term
| What is TFTP, and which port and protocol does it use? |
|
Definition
Trivial File Transfer Protocol
udp/69
Simple features: reads and writes files
No authentication |
|
|
Term
| What is DHCP, and which port and protocol does it use? |
|
Definition
Dynamic Host Configuration Protocol
udp/67, udp/68
Assigns IP addresses, subnet mask, DNS settings and many other settings within the IP configuration
Requires a DHCP server
IP addresses assigned from a pool of IP available addresses with a preconfigured lease time, after which the device needs to re-lease, or the IP becomes available for other devices.
DHCP reservations (different from static IP which is set on a NIC) can reserve an IP to assign to a MAC address. Common with infrastructure devices like servers. (easier to change a device's IP from the DHCP instead of going to each device) |
|
|
Term
| What is HTTP(S), and which port and protocol does it use? |
|
Definition
Hyper Text Transfer Protocol (Secure)
HTTP: tcp/80 Web server communication
HTTPS: tcp/443 Web server communication with encryption
Typically used by browsers, but other applications can use these protocols as well |
|
|
Term
| What is SNMP, and which port and protocol does it use? |
|
Definition
Simple Network Management Protocol
udp/161
Gathers statistics from network devices
Versions
v1: sent requests and responses using structured tables in the clear
v2: sent bulk transfers of data in the clear
v3: sends encrypted bulk transfers of information with message integrity and authentication |
|
|
Term
| What is RDP, and which port and protocol does it use? |
|
Definition
Remote Desktop Protocol
tcp/3389
Allows remote sharing of the screen, mouse and keyboard |
|
|
Term
| What is NTP, and which port and protocol does it use? |
|
Definition
Network Time Protocol
udp/123
Can control how clocks are synced
Synchronizes clocks on Switches, routers, firewalls, servers, workstations to an accuracy better than one millisecond |
|
|
Term
| What is SMB, and which port and protocol does it use? |
|
Definition
Server Message Block (CIFS, Common Internet File System)
Direct over tcp/445 (NetBIOS-less)
Used by Microsoft Windows to share files and printers |
|
|
Term
| What is SMTP, and which port and protocol does it use? |
|
Definition
Simple Mail Transfer Protocol
tcp/25
authenticates with a fingerprint
Used to send email (IMAP or POP3 are used to receive) |
|
|
Term
| What is POP/IMAP, and which port and protocol does it use? |
|
Definition
Used to authenticate and receive emails from an email server
POP3 (Post Office Protocol 3) uses tcp/110
Basic mail transfer
IMAP4 (Internet Message Access Protocol version 4)
tcp/143
Most modern devices use this as it allows access and management from multiple clients |
|
|
Term
| What is LDAP, and which port and protocol does it use? |
|
Definition
Lightweight Directory Access Protocol
tcp/389
A server used to access a database of users, devices, and printers on a network |
|
|
Term
| What is LDAPS, and which port and protocol does it use? |
|
Definition
Lightweight Directory Access Protocol secure
tcp/636
Uses SSL to encrypt LDAP communication |
|
|
Term
| What is SIP, and which port and protocol does it use? |
|
Definition
Session Initiation Protocol
tcp/5060
tcp/5061
Used to manage VoIP (Voice over IP) sessions: call, ring, hang up
Supports instant messaging, file transfer and video conferencing; plus other applications |
|
|
Term
| What is H.323, and which port and protocol does it use? |
|
Definition
tcp/1720
Used to manage VoIP sessions: call, ring, hang up
One of the earliest VoIP standards still in use today |
|
|
Term
|
Definition
Open Systems Interconnection Reference Model (this is not the OSI protocol suite)
Used as a guide to understand the flow of data by separating the network architecture into seven layers, each layer serving the layer above it. |
|
|
Term
| Mnemonic for the OSI model |
|
Definition
(1)Please (2)Do (3)Not (4)Trust (5)Sales (6)People's (7)Answers
(1)Physical (2)Data link (3)Network (4)Transport (5)Session (6)Presentation (7)Application |
|
|
Term
| Describe the Physical layer |
|
Definition
Physical (Layer 1): The physics of the network
It's the signal itself and it's where everything begins and ends on a network: signaling, cabling, connectors, hardware, fibre
If there's a physical layer problem, we would run loopback tests on cables or adapter cards, for example. |
|
|
Term
| Describe the Data link layer |
|
Definition
Data Link (Layer 2): The basic network "language"
Data Link Control (DLC) protocols
On an Ethernet network, this layer references the MAC (Media Access Control) addresses to have two devices switching or bridging or communicating
Frame, MAC address, Extended Unique Identifier (EUI-48, EUI-64), Switch |
|
|
Term
| Describe the Network layer |
|
Definition
Network (Layer 3): The routing layer, the Internet Protocol layer
IP address, router, packet
IP Fragmentation: this layer fragments data packets (frames) into sizes supported by the network to allow them to traverse |
|
|
Term
| Describe the Transport layer |
|
Definition
Transport (Layer 4): The post office layer
Transfers the packets using TCP segment or UDP datagram |
|
|
Term
| Describe the Session layer |
|
Definition
Session (Layer 5): Communication management between devices: start, stop, restart
Control protocols, tunneling protocols |
|
|
Term
| Describe the Presentation layer |
|
Definition
Presentation (Layer 6): the layer before you see the application, and often combined with layer 7
Character encoding, Application encryption, SSL/TLS (Secure Sockets Layer/Transport Layer Security) |
|
|
Term
| Describe the Application layer |
|
Definition
| Application (Layer 7): The layer we see and use: browsers, email clients, HTTP, FTP, DNS, POP3 |
|
|
Term
| Give an example of what can be found by analyzing an individual packet |
|
Definition
Layer 1 | Physical | Electrical signals: Frame data and how many bytes were captured from those sent
Layer 2 | Data Link: MAC addresses associated with the ethernet communication
Layer 3 | Network: IP encapsulation—the IP addresses used to send information
Layer 4 | Transport: TCP encapsulation and what ports were used
[Layers 5, 6, 7, handle application communication]
Layer 5 | Session: linking the presentation layer to the transport layer
Layer 6 | Presentation: performing SSL encryption
Layer 7 | Application: If we were seeing the browser using this packet, we would see something like https://mail.google.com |
|
|
Term
|
Definition
The MAC (Media Access Control) address: The physical address unique to a device's Ethernet adapter
8c:2d:aa:4b:98:a7 or 8c-2d-aa-4b-98-a7
48bits/6bytes long, the first 3bytes are the OIU, Organizationally Unique Identifier that tells the manufacturer and the second 3bytes are Network Interface Controller-specific (the serial number) |
|
|
Term
|
Definition
Duplex: when connecting an ethernet device to a network, you may specify which duplex to use
Half-Duplex (used on older devices like hubs)
Can send and receive but not simultaneously
Typically used to conserve bandwidth, but very uncommon
Full-Duplex (used on contemporary devices like switches)
Sends and receives simultaneously
Properly configured switches tend to be full-duplex |
|
|
Term
| Describe half-duplex ethernet and its CSMA/CD operation |
|
Definition
Half-Duplex Ethernet
Devices are all connected to the hub which doesn't direct data, it just repeats anything it receives to all other connected devices
If two devices communicate simultaneously, there's a collision
CSMA/CD operation, Carrier Sense Multiple Access / Collision Detect: only referenced on half-duplex networks, which tend not to be used
CS listens for a signal that's available to carry data if the network isn't busy. There's no queue or prioritization, devices just send if the signal is clear
MA just means more than one device is on the network
CD if a collision occurs, a jam signal is sent, perform a back-off function, wait a random time and then retry |
|
|
Term
| Describe full-duplex ethernet and its CSMA/CA function |
|
Definition
Full-Duplex Ethernet
On a switch network, the switch can simultaneously direct traffic according to source and destination MAC addresses
Collisions don't happen
Wireless networks
CSMA/CA function, Carrier Sense Multiple Access/Collision Avoidance
Devices in these networks effectively overload receivers so sending stations cannot hear other stations.
Wireless networks use RTS/CTS, Ready to Send / Clear to Send, where Access Points need to give permission to devices to send data, and then only that device can send before another requests CTS |
|
|
Term
| What is the hidden node problem? |
|
Definition
| Hidden node problem: Station A can't hear Station B, but both stations can hear the AP to which they are both connected. RTS/CTS solves this issue. |
|
|
