Networking Fundamentals Study Guide for the CompTIA Network+

Page 5

Ports and Protocols

In a network environment, there are numerous ports and protocols that are standardized. You should be able to identify common protocols, their functionality, and their associated port number assignments, as well as the encrypted alternatives for the protocol.

Note: Some secure protocol alternatives will be mentioned without their associated port numbers, since you will not need to know these port numbers.

IP Protocol Types

IP is how data is sent and received over the internet at the network layer (Layer 3) of the OSI model. IP itself provides the addressing data for a data packet, while the transport protocol used with IP dictates how the data is sent across the network. There are multiple IP and transport protocols that can be used to send data on the internet.

Internet Control Message Protocol (ICMP)

ICMP is a management and messaging protocol used by IP to provide information about a network. ICMP messages are encapsulated in IP datagrams and are commonly used to send messages such as “destination unreachable” and “buffer full.” ICMP messages are also used for tracing the route of data and pinging other machines for connectivity information.

Transmission Control Protocol (TCP)

TCP is a transport layer protocol that is used to ensure transport and receipt of data over a pre-established connection. TCP uses a connection-oriented session to send data, which it separates into sections with corresponding number values to indicate position in the data stream in its entirety. TCP sends a segment of data and waits for acknowledgment that the packet has been received. If the packet is lost, TCP resends that portion until all data has been received before the connection is terminated.

User Datagram Protocol (UDP)

UDP, also known as a thin protocol, does not require a verified connection between hosts prior to transmission and does not number packet segments prior to sending. UDP sends all transmissions without verifying receipt or order of receipt on the receiving end, which makes it an unreliable protocol. UDP is used when speed is needed over accuracy, such as with VoIP calls or live video streams.

Generic Routing Encapsulation (GRE)

GRE is a protocol that is used to create a tunnel, most commonly using IP, for other protocols to run through. While it can be used for the encapsulation of any Layer 3 protocol, GRE is stateless and does not offer security or flow control.

Internet Protocol Security (IPSec)

IPSec is similar in functionality to GRE, but is a more secure method for tunneling via IP. However, there are Layer 3 protocols, such as IP broadcasts and IP multicasts, that IPSec does not support.

Authentication Header (AH)/Encapsulating Security Payload (ESP)

IPSec uses two protocols to provide security. The AH protocol creates a hash upon sending the packet, which the recipient recreates to ensure authentication. If the two hash values are the same, the packet is authenticated. AH is designed to authenticate the validity of the entire packet, not what is inside the packet. ESP provides that function.

The ESP protocol provides confidentiality via symmetric encryption, data integrity via checksums, data origin authentication, anti-replay service by checking the sequence number field for duplication, and traffic flow confidentiality.

Protocol Purposes and Their Associated Ports

A networking port is a logical number that is associated with a specific protocol (a set of rules for data formatting, sending, and receiving) that receives and transmits data. Standardized protocols and their associated ports allow for all devices, regardless of their OS, software, or hardware, to communicate effectively with one another.

The most common ports use either TCP or UDP.

ports 20/21: File Transfer Protocol (FTP)—The FTP is a protocol designed for the transmission of files across a network in plain text. TCP Port 20 and 21 are used for FTP, with port 21 establishing the connection between the two devices and the transfer of data occurring on port 20.

port 22: Secure Shell (SSH)— SSH is a protocol that establishes a secure, encrypted Telnet session over TCP/IP. SSH can be used to create secure connections that other, unsecure protocols can use for data transmission. SSH runs on TCP port 22.

port 22: Secure File Transfer Protocol (SFTP)—SFTP is used for transmitting files securely through the SSH protocol, and as such, SFTP also uses TCP port 22.

port 23: Telnet—Telnet is a terminal emulation protocol that allows for one machine, the client, to access another machine, the server, and use its resources. Telnet uses TCP port 23 and is insecure with no security or encryption capabilities. To run a secure Telnet session, TCP port 22 is used.

port 25: Simple Mail Transfer Protocol (SMTP)—SMTP is designed for the transmission of email. SMTP is only a transmitting protocol. SMTP uses TCP port 25 and is insecure, offering very little to no authentication or security capabilities. SMTP Transport Layer Security (TLS) is the secure version of SMTP and runs on TCP port 587.

port 53: Domain Name System (DNS) 53—DNS is a protocol that is used to resolve hostnames into IP addresses. For example, when “Google.com” is typed into an address bar, a DNS server receives the hostname and directs the transmission to IP 172.16.23.254. DNS uses TCP or UDP port 53 and is not secure. DNS over TLS and DNS over Hypertext Transfer Protocol Secure (HTTPS) are secure DNS protocols.

ports 67/68 Dynamic Host Configuration Protocol (DHCP)—DHCP is a protocol used to assign IP addresses to hosts on a network from information obtained from a server. DHCP servers use UDP port 67 for communications, while DHCP clients use UDP port 68. DHCP is an insecure protocol that does not have a secure counterpart. Additional layers of security, such as authentication, need to be added to secure DHCP.

port 69: Trivial File Transfer Protocol (TFTP)—TFTP is a file transfer protocol that can be used to send and receive files. TFTP does not have the same additional capabilities as FTP and is insecure, so it is rarely used and not supported on all systems. TFTP uses UDP port 69. The secure version of TFTP is SFTP run through SSH on TCP port 22.

port 80: Hypertext Transfer Protocol (HTTP)—HTTP is the protocol that is used to send transmissions between web browsers and web servers. HTTP is insecure and runs on TCP port 80. The secure version of HTTP is HTTPS on TCP port 443.

port 110: Post Office Protocol v3 (POP3)—POP is an email-receiving protocol. When an email is sent, POP3 receives and stores the transmission until it is called for. Transmission download is not selective, and all queued emails will be downloaded when called. POP3 is not secure and runs over TCP port 110. The more secure version of POP3 is IMAP on TCP port 143.

port 123: Network Time Protocol (NTP)—NTP is a time synchronization protocol used to synchronize devices to a standard time. NTP runs on UDP port 123. NTP itself is insecure, and additional layers of security need to be added to secure NTP.

port 143: Internet Message Access Protocol (IMAP)—IMAP is an email retrieval protocol that allows for discrimination in the email download process, increasing its security. IMAP provides added functionality over storage, file links, retrieval, and user groups. IMAP runs on TCP port 143. While IMAP is more secure than POP, IMAP with added security is run over SSL on TCP port 993.

ports 161/162: Simple Network Management Protocol (SNMP)—SNMP is used for collecting, securing, and managing network data. SNMP uses UDP port 161 to send and receive solicited messages from SNMP agents, while UDP port 162 is used to receive traps (unsolicited messages) from SNMP agents. SNMPv3 is the secure version of SNMP.

port 389: Lightweight Directory Access Protocol (LDAP)—LDAP is used for network directory access and query functions. LDAP is an insecure protocol and runs on TCP port 389. The secure version of LDAP is LDAPS, which runs on TCP port 636.

port 443: Hypertext Transfer Protocol Secure (HTTPS) - Secure Sockets Layer (SSL)— HTTPS is used for secure communications between web browsers and web servers. HTTPS can use SSL to encrypt web traffic to provide secure transmissions. HTTPS using SSL runs on TCP port 443.

port 443: HTTPS - Transport Layer Security (TLS)—HTTPS can also use TLS to encrypt web transmissions, which is also run on TCP port 443. SSL is the predecessor to TLS, and TLS provides more security than SSL.

port 445: Server Message Block (SMB)—SMB is a Windows OS protocol that allows for the sharing of network resources, such as files and printers, between network devices. SMB is considered a secure protocol and runs on TCP port 445.

port 514: Syslog—The syslog server is a portion of a network that is designed to record and capture network messages and data, such as information from network routers and switches. The syslog server can be accessed via UDP port 514 and is insecure. The secure version of syslog runs on TCP port 6514 using TLS.

port 587: SMTP TLS— SMTP TLS is the secure version of SMTP and uses TLS to send encrypted email messages out. SMTP TLS uses TCP port 587.

port 636: Lightweight Directory Access Protocol over SSL (LDAPS)—LDAPS is the secure version of LDAP and runs over SSL on TCP port 636.

port 993: IMAP over SSL—IMAP over SSL is a more secure version of IMAP and runs on TCP port 993.

port 995: POP3 over SSL—POP3 over SSL is the more secure version of POP and runs on TCP port 995.

port 1433: Structured Query Language (SQL) Server—An SQL server is a relational database server with Microsoft SQL Server being one of the most common SQL servers. Access to the SQL server runs on TCP port 1433.

port 1521: SQLnet—SQLnet is the networking software Oracle uses to allow access between Oracle databases. SQLnet runs on TCP port 1521.

port 3306: MySQL—MySQL is a SQL-based relational database management system commonly used with cloud-based databases. MySQL runs on TCP port 3306.

port 3389: Remote Desktop Protocol (RDP)—RDP is a Microsoft proprietary protocol (although it is not limited to only Windows machines) used for remote access to network-attached devices via a graphical user interface (GUI) rather than the command line. RDP is considered secure and runs on TCP port 3389.

ports 5060/5061: Session Initiation Protocol (SIP)—SIP is used to create and tear down connections for multimedia connections such as VoIP calls, online games, and streaming. SIP on UDP or TCP port 5060 is insecure, with SIP secure running over TLS on TCP port 5061.

Connectionless vs. Connection-Oriented

A connectionless IP protocol, such as UDP, does not require the establishment of a verified connection prior to transmission. A connection-oriented protocol, such as TCP, uses a three-way handshake to verify connection prior to data transmission. A connection-oriented protocol will also tear down the connection once the transmission is complete.

Network Services

When designing a network, you will use multiple network devices, each providing different services. You will need to be able to explain the purpose of each of these devices as well as their use within a network.

Dynamic Host Configuration Protocol (DHCP)

A DHCP server is a network device that assigns IP addresses automatically to network-connected hosts. When a new client requests an IP address from a DHCP server, a broadcast signal is sent to the DHCP server, which then assigns a valid IP address to the client based on a pool that is pre-configured by a network administrator.

Scope

The scope of a DHCP server refers to the consecutive range of IP addresses that a DHCP server can assign to a client. The network administrator can define scope parameters in the DHCP server.

Exclusion Ranges

An exclusion range is a set of IP addresses that can be assigned as off limits to clients requesting IP addresses, such as IP addresses that are statically assigned or reserved, like router IP addresses, for instance.

Reservation

A reservation is an IP address that is set aside for a particular network device’s solitary use, ensuring the device receives the same IP address every time it queries the DHCP server. Reservations are typically based on the device’s MAC address, which is why reservations are also called MAC reservations.

Dynamic Assignment

Dynamic assignment is the automatic allocation of IP addresses based on the pre-configured scope of the DHCP server. With a dynamically assigned IP address, the IP address assigned to a host can change each time it queries the DHCP server.

Static Assignment

A static IP assignment is preset on the DHCP server. This means that the static IP address assigned to a device will not change unless changed by a network administrator, and that static IP address is unavailable for use by other clients in the network.

Lease Time

The lease time refers to how long an IP will be assigned to a client before the IP is released. If the client does not renew the lease before its expiration, it will need to request a new IP address from the DHCP server.

Scope Options

Scope options for a DHCP server include the IP address, subnet mask, and default gateway. They may also include information such as the time-to-live (TTL) duration, the DNS server, and the TFTP server, which the client will be assigned to use. Scope options can be defined by the network administrator within the DHCP server’s configurations.

Available Leases

Available leases refer to the IP addresses within the scope of IP addresses that are not currently assigned and can be assigned to incoming clients querying the DHCP server.

DHCP Relay

A DHCP relay is the forwarding of a DHCP request to the DHCP server from devices that are not on the LAN of the DHCP server for IP address allocation. For example, a client device that is not directly in contact with the DHCP server can send out a broadcast signal requesting an IP address from the DHCP server, and the router connected to the client will receive that request and relay the request to the DHCP server.

23-DHCP-Relay-FIXED.png

Retrieved from: https://commons.wikimedia.org/wiki/File:DHCP_Relay.svg License: http://creativecommons.org/licenses/by-sa/3.0/

IP Helper/UDP Forwarding

IP helper and UDP forwarding are both used to configure relaying devices, such as routers, to send DHCP requests to a predefined bank of DHCP servers for IP allocation.

Domain Name System (DNS)

A DNS server is a network device that translates hostnames into IP addresses through a process called name resolution. While a DNS server can be used internally, it is most often used externally on the internet. A hostname and its associated domain name, which is connected with a specific IP address on the internet, is called a fully qualified domain name (FQDN).

Record Types

A DNS record type is a method of organizing DNS listings into different categories depending on the function of the entry. All record types include information on a specific hostname or domain name. DNS records are stored in zone files, which are text files.

address (A vs. AAAA)—An address record shows the hostname or domain name and its associated IP address. An A record is used to show IPv4 addresses, while an AAAA record is used for IPv6 addresses. For example, an A record for example.com returns an IP address of 93.184.216.34.

canonical name (CNAME)—A CNAME record points to an alternate domain name, also known as an alias, to another domain name and its corresponding A or AAAA record. For example, ng.example.com returns a CNAME record of example.com, which can be used to retrieve its A record.

mail exchange (MX)—An MX record is a DNS record that shows where email messages for a domain name should be routed to.

start of authority (SOA)—An SOA record is a record that stores admin information for a domain name as well as when the domain was last updated.

pointer (PTR)—A PTR record is used for reverse lookup. A PTR record stores the IP address with the domain name instead of storing a domain name with the IP address like an A record.

text (TXT)—A TXT record is used by the domain name owner to store text values that can be used to verify domain ownership.

service (SRV)—A SRV record allows for the storage of IP addresses and assigned ports for specific services.

name server (NS)—An NS record stores the location of the definitive DNS server for a domain name. In other words, the NS record is used to point a query to the correct DNS server, which can provide the A record for a domain.

Global Hierarchy

The global hierarchy is the scheme by which domain name parts are categorized from most important to least. The DNS hierarchy is as follows: root level, top-level domains, second-level domains, subdomains, and host. The root level is indicated by the dot (.) and points to one of the 13 root DNS nameservers. The top-level domains are organized either by organizational hierarchy (com, net, org) or geographic hierarchy (uk, fr, jp) and are the first place looked at to resolve a DNS query. The second-level domain is the primary domain name, such as Google or Amazon. In the subdomain are the aliases that a domain can be known by. Finally, there is the host or individual clients of a domain.

23A Global Hierarchy-FIXED.jpeg

Retrieved from: https://commons.wikimedia.org/wiki/File:Sjsu-edu-domain.jpg under this license: http://creativecommons.org/licenses/by-sa/3.0/

root DNS servers—The root DNS servers are the servers that are responsible for providing DNS information on all domains in their root zone. There are currently 13 root DNS servers that are responsible for all top-level domains on the internet.

Internal vs. External

An internal DNS server can be located in a screened subnet, also referred to as a demilitarized zone (DMZ), or on the intranet of an enterprise. Internal DNS servers contain the records of devices within the defined zone of the DNS server. For example, an internal DNS server located in the DMZ would only contain records of devices within the DMZ, while an internal DNS server located on the intranet would contain records of devices within that intranet. An external DNS server resides outside of the network and is accessible to anyone on the internet. External DNS servers may also be located in the cloud.

Zone Transfers

A zone transfer is a mechanism used by DNS servers to replicate DNS records across zones. Zone transfers will transfer the records from a primary zone to a secondary zone when initiated, creating redundancy.

Authoritative Name Servers

An authoritative name server is responsible for containing the records of domain names and their associated IP addresses. The authoritative name server is also responsible for responding to recursive DNS server requests. Once the request is received, the authoritative name server looks up the appropriate IP address and sends the response back to the recursive name server to relay to the client.

Time to Live (TTL)

DNS TTL is a time value applied to DNS response that indicates how long the receiving DNS can store the result before a new request needs to be submitted. For example, if the response provided by the DNS server has a TTL of one hour, the local device will store the information about the A record for one hour in its local cache before forgetting the information.

DNS Caching

DNS caching is the storage of DNS record responses from previous DNS queries on the OS of the device requesting the information for the set TTL period.

Reverse DNS/Reverse Lookup/Forward Lookup

A reverse DNS or reverse lookup occurs when an IP address is resolved into a domain name, while a forward lookup occurs when a domain name is resolved into an IP address.

Recursive Lookup/Iterative Lookup

A recursive lookup, or recursive DNS query, occurs when the receiving DNS server for a query communicates with multiple DNS servers to locate the corresponding IP address of a queried domain name. An iterative lookup, or iterative DNS query, only queries one DNS server at a time until the appropriate DNS server with the IP information of the domain name is reached.

24 Recursive Lookup.jpg

Retrieved from: https://commons.wikimedia.org/wiki/File:Recursive.jpg License: http://creativecommons.org/licenses/by-sa/3.0/

25 Iterative Lookup.jpg

Retrieved from: https://commons.wikimedia.org/wiki/File:Iterative.jpg License: http://creativecommons.org/licenses/by-sa/3.0/

Network Time Protocol (NTP)

NTP is a synchronization protocol that synchronizes all devices on a network to a specific time. NTP ensures network synchronicity and is used for security and log tracking.

Stratum

The stratum is a valuation of how accurate a time source is, with a stratum value of 0 being the most accurate and 15 the least. The stratum level increases the further away a time source is from the master time source. For example, if the master time source is a nuclear clock on a device, it has a stratum level of 0. An NTP that pulls its time from the nuclear clock would be a level 1. Another NTP that pulls its time from the level 1 NTP will result in a level 2, and so forth.

Clients

An NTP client queries an NTP server to set its time. If multiple clients query the same NTP server for their time, all will be synchronized.

Servers

An NTP server is hardware that pulls time from a stratum 0 device or via the internet. This server is then used for NTP queries of other devices on the network for time synchronization.

Previous Next

All Study Guides for the CompTIA Network+ are now available as downloadable PDFs

Upgrade to Premium