Embedded Files
Network Protocols
Network protocols are the underlying technology which defines how a sender can package and format a message to be sent across a network to a destination.
Network protocols are simply the rules which describes how devices will format and addressing information, similarly to sending a letter via the local postal service.
For each protocol, there is usually an associate logical network port number.
A port number is simply a doorway which is used to allow either inbound or outbound traffic from a system.
Well-known ports: 0 - 1023.
Registered ports: 1024 - 49,151.
Dynamic ports: 49,152 - 65,535.
File Transfer Protocol (FTP)
FTP is a network protocol allows file transfers between an FTP client and a FTP server.
FTP does not provide data encryption, it sends data in plaintext.
FTP uses port 20 for data transfers.
FTP uses port 21 for control (commands) from the client to the server.
SSH Transfer Protocol (SFTP)
SFTP establishes an SSH session between the FTP client and the FTP server across the network.
SFTP allows all the FTP messages to be sent across the SSH tunnel between devices.
SFTP uses port 22 by default.
File Transfer Protocol Secure (FTPS)
FTPS uses Secure Sockets Layer (SSL) to encrypt the FTP messages as they are exchanged between the FTP client and the FTP server.
Trivial FTP (TFTP)
TFTP is a network protocol is a very light version of FTP which operates on port 69.
TFTP is commonly used quickly upload and download files between a client and a network device.
Network professionals commonly used TFTP to transfer the firmware to a network device to perform upgrades.
Server Message Block (SMB)
SMB is a network protocol which is used on Microsoft Windows environment for file shares services.
SMB operates on port 137 (UDP), 138 (UDP) and 445 (TCP).
Secure Shell (SSH)
Secure Shell (SSH) is a secure network protocol which provide data encryption.
SSH allows a user to securely access a remote system across a network.
SSH uses port 22 by default.
Telnet
Telnet is an unsecure network protocol which does not provide any data encryption features.
Telnet allows a user to access a remote system across a network, but the connection is not secure.
Telnet uses port 23 by default.
Remote Desktop Protocol (RDP)
RDP is a remote access network protocol which is designed for Microsoft Windows.
RDP operates on port 3389.
Email Protocols
Simple Mail Transfer Protocol (SMTP) - Sends outbound email messages and uses port 25 by default.
Post Office Protocol 3 (POP3) - Used to download email messages from an email server over port 110.
Internet Message Access Protocol 4 (IMAP4) - Used to synchronized emails between the client and server over port 143.
SMTPS 587 (TLS)
IMAPS 993 (SSL)
POP3S 995 (SSL)
HTTP & HTTPS
Hypertext Transfer Protocol (HTTP) is an unsecure protocol which allows a web browser to communicate with a web server.
Web servers uses port 80 by default.
HTTP over SSL (HTTPS) allows a web browser to establish a secure connection to a web server.
The connection can use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
HTTPS uses port 443 by default.
SQL Databases
SQL Server operates on port 1433.
SQLNet operates on port 1521.
MySQL operates on port 3306.
Dynamic Host Configuration Protocol (DHCP)
DHCP is a network protocol which allows a DHCP server to automatically distribute IP addresses to client systems on a network.
A DHCP client send DHCP messages with a source port of 68.
A DHCP server uses port 67 by default.
A DHCP relay agent is any host that forwards DHCP packets between clients and servers.
Domain Name System (DNS)
Domain Name System (DNS) is a network protocol which is used to resolve a hostname to an IP address.
DNS operates on port 53 by default.
Since everything on a network has an IP address, it can be difficult to remember the IP addresses of every device on a network.
Hostnames are assigned to systems and devices which makes it easier for us to remember.
A DNS server is a server which contains various records about hostnames-to-IP address mapping.
Network Time Protocol (NTP)
Network Time Protocol (NTP) is used to sync time on a network.
NTP is unsecure by default, allowing attackers to exploit its vulnerabilities.
NTP operates on port 123.
Simple Network Management Protocol (SNMP)
SNMP is a network protocol which is used to manage network devices.
SNMP is able to gather information about devices on a network.
SNMP is able to perform network monitoring and apply device configurations.
SNMP has 3 components: Manager, Agent and Management Information Based (MIB).
SNMPv1 - Has bad security features.
SNMPv2 - Has bad security features.
SNMPv3 - Supports encryption and authentication.
SNMP uses port 161.
Lightweight Directory Access Protocol (LDAP)
LDAP is used to perform read, write and query a directory server over a network.
LDAP operates on port 389.
Uses the X.500 standard, defines how information is stored on a directory.
LDAP is not secure by default and send unencrypted data across a network.
LDAPS (LDAP Secure) uses SSL to provide data encryption.
LDAPS operates on port 636.
Syslog
Whenever an event, either major or minor, occurs on a device, a system message is generated containing details about the event, this is known as Syslog.
Syslog uses UDP port 514.
A Syslog message provides the following:
The ability to gather logging information for monitoring and troubleshooting
The ability to select the type of logging information that is captured
The ability to specify the destinations of captured syslog messages
Every syslog message contains a severity level and a facility.
Session Initiation Protocol (SIP)
This protocol provides real-time transmission of voice and video traffic across a network.
Operates on port 5060 (unsecure) and 5051 (secure).
Network Protocol Type
The network protocol type is simply the set of rules which are used to describe how a system communicates with another devices over a network.
If 2 devices wants to exchange a message, both systems needs to negotiate on a common set of rules which is the network protocol type.
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP) defined by RFC 792 is typically used to provide error reporting on a network.
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP) defined by RFC 793 is a connection-oriented protocol which operates are the Transport Layer of both the Open Systems Interconnection (OSI) reference model and the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack.
It is designed to provide reliable transportation of the datagrams over a network.
It provides reassurance by initializing a 3-way handshake before communicating data between the sender the receiver.
User Datagram Protocol (UDP)
User Datagram Protocol (UDP), defined by RFC 768 is a connectionless protocol.
This protocol also operates at the Transport Layer of both the Open Systems Interconnection (OSI) reference model and the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack.
However, unlike Transmission Control Protocol (TCP), the User Datagram Protocol (UDP) does not provide any guarantee or reassurance of the delivery of datagrams across a network.
Not all protocols at the Application Layer uses TCP, there are many Layer 7 protocols which uses the User Datagram Protocol (UDP).
Internet Protocol (IP)
IP is defined by RFC 791 was created for operations in interconnected systems of packet-switched computer communication networks.
Connectionless
Uses Best Effort
Media Independent
Generic Routing Encapsulation (GRE)
GRE is a unsecure Virtual Private Network (VPN) protocol which operates on port 47.
Internet Protocol Security (IPSec)
IPsec is a VPN framework which provides confidentiality, integrity, origin authentication and non-repudiation.
IPsec uses the following encapsulation protocols to secure network traffic:
Authentication Header (AH) operates on port 51.
Encapsulating Security Payload (ESP) operates on port 50.
Page updated
Google Sites
Report abuse