Project CompTIA
Starting with A+ here is a prototype to get a CompTIA study group going.
https://go.screenpal.com/watch/cZf0cqVM6nJ
Sydonie Bot “10-Minute CompTIA” presenter
Page 28 of 343
2.0 Networking
2.1 Compare and contrast Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, protocols, and their purposes.
• Ports and protocols
FTP - File Transfer Protocol
- 20/21 – File Transfer Protocol (FTP)
§ SFTP= SSH with FTP (20/21/22)
§ FTPS= FTP over SSL (secure socket layer- web browser traffic) (most secure) (990)
• tcp/20 (active mode data), tcp/21 (control) – Transfers files between systems
• Authenticates with a username and password
– Some systems use a generic/anonymous login
• Full-featured functionality - List, add, delete, etc.
SSH - Secure Shell
- 22 – Secure Shell (SSH) remote access (most basic)
• Encrypted communication link - tcp/22
• Looks and acts the same as Telnet
Telnet
- 23 – Telnet - unsecure, text based, remote access (do not select)
• Telnet – Telecommunication Network - tcp/23
• Login to devices remotely – Console access
• In-the-clear communication
– Not the best choice for production systems
SMTP - Simple Mail Transfer Protocol
- 25 – Simple Mail Transfer Protocol (SMTP) - sends/relays email
• SMTP - Simple Mail Transfer Protocol
- Server to server email transfer - tcp/25
• Also used to send mail from a device to a mail server
- Commonly configured on mobile devices and email clients
• Other protocols are used for clients to receive email
– IMAP, POP3
DNS - Domain Name System
- 53 – Domain Name System (DNS) - converts FQDNs (websites) to IP address
• Converts names to IP addresses - udp/53
- www.professormesser.com = 162.159.246.164
• These are very critical resources
- Usually multiple DNS servers are in production
DHCP - Dynamic Host Configuration Protocol
- 67/68 – Dynamic Host Configuration Protocol (DHCP) - automatically assigns IP address
• Automated configuration of IP address, subnet mask and other options - udp/67, udp/68
- Requires a DHCP server
- Server, appliance, integrated into a SOHO router, etc.
• Dynamic / pooled
- IP addresses are assigned in real-time from a pool
- Each system is given a lease and must renew at set intervals
• DHCP reservation
- Addresses are assigned by MAC address in the DHCP server
- Manage addresses from one location
HTTP and HTTPS
- 80 – Hypertext Transfer Protocol (HTTP) - basic internet traffic (not secured)
- 443 – Hypertext Transfer Protocol Secure (HTTPS) - secure web traffic
• Hypertext Transfer Protocol
- Communication in the browser
- And by other applications
• In the clear or encrypted
- Supported by nearly all web servers and clients
POP3 / IMAP
- 110 – Post Office Protocol 3 (POP3)
• Receive emails from an email server
- Authenticate and transfer
• POP3 - Post office Protocol version 3
- tcp/110
- Basic mail transfer functionality
*- receives email, but does not save copy on server (secure port 995)
- 143 – Internet Mail Access Protocol (IMAP)
• IMAP4 - Internet Message Access Protocol v4
- tcp/143
- Includes email inbox management from multiple clients
* receives email and does save copy on server (secure port 993)
SMB - Server Message Block
- 137/139 – Network Basic Input/ Output System (NetBIOS)/NetBIOS over TCP/IP (NetBT)
· Protocol used by Microsoft Windows
- File sharing, printer sharing
- Also called CIFS (Common Internet File System)
• Using NetBIOS over TCP/IP Network Basic Input/Output System)
– udp/137 - NetBIOS name services (nbname)
tcp/139 - NetBIOS session service (nbsession)
- 445 – Server Message Block (SMB)/Common Internet File System (CIFS)
* allows PCs to transfer/request data from server file shares
• Direct over tcp/445 (NetBIOS-less)
– Direct SMB communication over TCP without the NetBIOS transport
SNMP - Simple Network Management Protocol
- 161/162 – Simple Network Management Protocol (SNMP)
load management/diagnostic software over a network
• Gather statistics from network devices
- Queries: udp/161
- Traps: udp/162
• v1 – The original
- Structured tables
- In-the-clear
• v2 – A good step ahead
- Data type enhancements
- Bulk transfers
- Still in-the-clear
• v3 – A secure standard
- Message integrity
- Authentication
- Encryption
LDAP
- 389 – Lightweight Directory Access Protocol (LDAP) - remote access protocol to search for objects
* (like phone book for IP addresses)
• LDAP (Lightweight Directory Access Protocol) - tcp/389
• Store and retrieve information in a network directory
- Commonly used in Microsoft Active Directory
RDP - Remote Desktop Protocol
- 3389 – Remote Desktop Protocol (RDP) - remote access protocol to control another PC
(windows+ R, MSTC)
• Share a desktop from a remote location over tcp/3389
• Remote Desktop Services on many Windows versions
• Can connect to an entire desktop or just an application
• Clients for Windows, macOS, Linux, Unix, iPhone, Android, and others
2.1 Introduction to IP
A series of moving vans
• Efficiently move large amounts of data
– Use a shipping truck
• The network topology is the road
– Ethernet, DSL, cable system
• The truck is the Internet Protocol (IP)
– We’ve designed the roads for this truck
• The boxes hold your data
– Boxes of TCP and UDP
• Inside the boxes are more things
– Application information
TCP and UDP
• Transported inside of IP
– Encapsulated by the IP protocol
• Two ways to move data from place to place
– Different features for different applications
• OSI Layer 4
– The transport layer
• Multiplexing
– Use many different applications at the same time
– TCP and UDP
• TCP vs. UDP
- Connection-oriented
§ HTTPS
§ SSH
TCP – Transmission Control Protocol
• Connection-oriented
– A formal connection setup and close
• “Reliable” delivery
– Recovery from errors
– Can manage out-of-order messages or retransmissions
• Flow control
– The receiver can manage how much data is sent
· Work at layer 4 OSI model
· Verified connectivity; connection oriented
· Example: emails
UDP – User Datagram Protocol
- Connectionless
§ DHCP
§ Trivial File Transfer Protocol (TFTP)
• Connectionless - No formal open/close to the connection
• “Unreliable” delivery
– No error recovery
– No reordering of data or retransmissions
• No flow control
– Sender determines the amount of data transmitted
· Does not verify connectivity; connectionless
· Video streaming; gaming
Why would you ever use UDP?
• Real-time communication
– There’s no way to stop and resend the data
– Time doesn’t stop for your network
• Connectionless protocols
– DHCP (Dynamic Host Configuration Protocol)
– TFTP (Trivial File Transfer Protocol)
Communication using TCP
• Connection-oriented protocols prefer a “return receipt”
– HTTPS (Hypertext Transfer Protocol Secure)
– SSH (Secure Shell)
• The application doesn’t worry about out of order frames or missing data
– TCP handles all of the communication overhead
– The application has one job
Speedy delivery
• The IP delivery truck delivers from one (IP) address to another (IP) address
– Every house has an address, every computer has an IP address
• Boxes arrive at the house / IP address
– Where do the boxes go?
– Each box has a room name
• Port is written on the outside of the box
– Drop the box into the right room
Lots of ports
• IPv4 socket
– Server IP address, protocol, server application port number
– Client IP address, protocol, client port number
• Non-ephemeral ports – permanent port numbers
– Ports 0 through 1,023
– Usually on a server or service
• Ephemeral ports – temporary port numbers
– Ports 1,024 through 65,535
– Determined in real-time by the client
Port numbers
• TCP and UDP ports can be any number between 0 and 65,535
• Most servers (services) use non-ephemeral (not-temporary) port numbers
– This isn’t always the case
– It’s just a number.
• Port numbers are for communication, not security
• Service port numbers need to be “well known”
• TCP port numbers aren’t the same as UDP port numbers
• Well-known port number
– Client and server need to match
• Important for firewall rules - Port-based security
• A bit of rote memorization
– Becomes second nature after a while
• Make sure you know port number, protocol, and how the protocol is used
