Network Essentials Chapter 9

Total Flash Cards » 41
Text Size: S | M | L
session
in the networking world any single communication btw computer and another computer
Transmission Control Protocol TCP
is how TCP/IP does connection-oriented communication. TCP is by far the most common type of session on a typical TCP/IP network. Used because connection-oriented sessions are designed to check for errors. If a receiving computer detects a missing packet, it just asks for a repeat as needed.
SYN ACK FIN RST
synchronize acknowledge finish reset
User Datagram Protocol (UDP)
runs a distant second place to TCP in terms of the number of applications that use it, but don't let that make you think UDP is not important. UDP is perfect for the types of sessions that don't require the overhead of all that connection-oriented stuff. Best example of an application that uses UDP is Dynamic Host Configuration Protocol (DHCP) can't assume there's another pc ready on either side of the session, so each step of a DHCP session just sends the info for that step wo any confirmation
Trivial File Transfer Protocol (TFTP)
ex of a protocol with which you can transfer files from one machine to another. But TFTP using UDP doesn't have any data protection so you would never use TFTP btw computers across the internet. TFTP is popular for moving files btw computers on the same LAN, where the chances of losing packets is very small.
ICMP Internet Control Message Protocol

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers' operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.
ICMP[1] relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute.
ICMP for Internet Protocol version 4 (IPv4) is also known as ICMPv4. IPv6 has a similar protocol, ICMPv6.
IGMP Internet Grup Management Protocol

IGMP is the glue that routers use to communicate with hosts to determine a group membership.
The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships.
It is an integral part of the IP multicast specification, operating above the network layer, though it does not actually act as a transport protocol.[1] It is analogous to ICMP for unicast connections. IGMP can be used for online streaming video and gaming, and allows more efficient use of resources when supporting these types of applications. IGMP is vulnerable to some attacks[2][3][4][5], and firewalls commonly allow the user to disable it if not needed.
IGMP is only needed for IPv4 networks, as multicast is handled differently in IPv6 networks.
NAT

In computer networking, network address translation (NAT) is the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.
Most often today, NAT is used in conjunction with network masquerading (or IP masquerading) which is a technique that hides an entire address space, usually consisting of private network addresses (RFC 1918), behind a single IP address in another, often public address space. This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing Internet Protocol (IP) packets on exit so that they appear to originate from the router. In the reverse communications path, responses are mapped back to the originating IP address using the rules ("state") stored in the translation tables. The translation table rules established in this fashion are flushed after a short period without new traffic refreshing their state.
As described, the method enables communication through the router only when the conversation originates in the masqueraded network, since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a web site in the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the 'outside' network to reach designated hosts in the masqueraded network.
Because of the popularity of this technique (see below), the term NAT has become virtually synonymous with the method of IP masquerading.
Network address translation has serious consequences (Drawbacks, Benefits) on the quality of Internet connectivity and requires careful attention to the details of its implementation. As a result, many methods have been devised to alleviate the issues encountered. See article on NAT traversal.
Port Number
a 16-bit value btw 0 and 65,535. Web servers use port no 80. Port nos 0-1023 are called well-known port numbers and are reserved for specific TCP/IP applications. Web client's source port number is generated pseudo-randomly by the Web client computer. This value varies by os, but generally falls w/in the values 1024-5000 - the port numbers classically assigned as ephemeral port numbers and 49152-65535 the dynamic or private port numbers.
IANA Internet Assigned Numbers Authority
recommends using only ports 49152-65535 as ephemeral port numbers.
Ephemeral port numbers

An ephemeral (short-lived) port is a transport protocol port for Internet Protocol (IP) communications allocated automatically from a predefined range by the TCP/IP stack software. It is typically used by the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or the Stream Control Transmission Protocol (SCTP) as port for the client end of a client-server communication when the application doesn't bind the socket to a specific port number, or by a server application to free up a service's well-known listening port and establish a service connection to the client host. The allocations are temporary and only valid for the duration of the connection. After completion of the communication session the ports become available for reuse, although most implementations simply increment the last used port number until the ephemeral port range is exhausted.
The IANA suggests 49152 to 65535 as "dynamic and/or private ports."[1]
The Berkeley Software Distribution (BSD) uses ports 1024 through 4999 as ephemeral ports, though it is often desirable to increase this allocation.
Many Linux kernels use 32768 to 61000. The file system path /proc/sys/net/ipv4/ip_local_port_range contains the range in use.
Microsoft Windows operating systems through Server 2003 use the range 1025 to 5000 as ephemeral ports.[2] Windows Vista and Server 2008 use the IANA range.[3]
FreeBSD uses the IANA port range since release 4.6.
Registered Ports
the port numbers from 1024 to 49151 are called registered ports. Less-common TCP/IP apps can register their ports with the IANA
Well known port numbers
0-1023
Regostered ports
1024-49151
Dynamic or private ports
49152-65535
socket or endpoint
ea pc on ea side of a session must keep track of the status of the communication. In the tcp/ip world the session info stored in ram is called a socket or endpoint.
A session or connection
refers to the connection in general rather than specific to tcp/ip. Many people still use the term session.
terms for the connection data stored on a single computer. Terms for the whole interconnection.
socket pairs or endpoints
terms for the connection data stored on two computers about the same connection
NETSTAT

universal show me the endpoint utility. works at the command line; enables you to see active tcp/ip connections at a glance.
netstat -an gives a list of your listening ports
open port or listening port
a socket that is prepared to respond to any ip packets destined for that socket's port number. Every serving app has an open port. If you're running a web server on a pc, it will have an open port 80.
PID
Process ID every running program on your computer gets a PID
Rules for Determining Good vs. Bad Communications
Memorize a bunch of known ports for common tcp/ip apps.
Learn how to use netstat to see what's happening on your computer. Learn to use switches such as -a, -n, and -o to help you define what your're looking for.
Take the time to learn the ports that normally run on your operating sys. When you see a connection using ports you don't recognize, figure out the process running the connection using a utility such as Process Explorer for Windows.
Take time to learn the processes that ormally run on your os. Most os have their own internal programs such as Windows SVCHOST.exe that are normal and important processes.
When you see a process you don't recognize, just enter the filename of the process in a web search. There are hundreds of web sites dedicated to researching mystery processes that will tell you what the process does.
Get rud of bad processes.
HTML
Hypertext Markup Language has been around for a long time and as a result has gone thru many versions. Today many pages are being written in an updated html version called extensible html which is html with an xml syntax.
Dynamic Naming system DNS
web site text addresses use this naming protocol
Hypertext Transfer Protocol HTTP
is the underlying protocol used by the web and it runs by default on tcp port 80. When you enter http:// aat the beginning of a web servThe problem with this is that web designers continue to design more complex and truly interactive web pages. HTTP is pretty dumb when it comes to remembering what people have done on a web site. Other tecnologies exist to help HTTP relay cmds and thus support more interactive, intelligent Web sites. ie javascript/ajax. HTTP is not a secure protocol.
Web server
is a computer that delivers or serves up web pages. Web servers listen on port 80, fetching requested html pages and sending them to browsers. You can turn any computer into a Web server by installing server software and connecting the machine to the internet, but you need to consider the os and web server program you'll use to serve your web site. MS pushes IIS Internet Information Services
Internet Information Services IIS
a MS app that enables you to set a max connection limit on your web server based on available bandwidth and memory. This enables you to protect your network against an overwhelming no of reqs due to a particularly popular page or a type of malicious attack.
Denial of Service DOS
malicious attack on a web site
Apache HTTP Server
unix/linux based os serves well over 50% of the web sites on the internet. Apache is incredibly popular, runs on multi os, including windows and best of all, its free. Apache is nothing more than an exe prgm and a bunch of text files so it isn't much to look at.
Web clients
are the programs used to surf the Web. A client program aka a web browser reads web pages supplied by the web server.
HTTPS Hypertest Transfer Protocol over SSL Secure Sockets Layer
uses TCP port 443. SSL is a protocol developed by Netscape for transmitting private docs over the inet. SSL works by using a public key to encrypt sensitive data. This encrypted data is sent over an ssl connection and then decrypted at the receiving end using a private key. Web pages that use an SSL connection start with HTTPS instead of http. You can also look for a small lock icon in the lower-right corner.
Telnet
runs on tcp port 23 enabling you to connect to a telnet server and run commands on that server as if you were sitting right in front of it. Reqs username and password. Does not have any form of encryption. Replaced by Secure Shell (SSH) a terminal emulation program that looks exactly like telnet but encrypts the data.
Telnet
(teletype network) is a network protocol used on the Internet or local area networks to provide a bidirectional interactive communications facility. Typically, telnet provides access to a command-line interface on a remote host via a virtual terminal connection which consists of an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). User data is interspersed in-band with TELNET control information.
Secure Shell (SSH)
replaced telnet and is a terminal emulation program that looks exactly like telnet but encrypts the data.
Telnet client
computer from which you log onto the remote server.
PuTTy

PuTTY is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols. The name "PuTTY" has no definitive meaning[1], though 'tty' is the name for a terminal in the Unix tradition, usually held to be short for teletype.
PuTTY was originally written for Microsoft Windows, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and Mac OS X, and unofficial ports have been contributed to platforms such as Symbian [2] [3] and Windows Mobile.
PuTTY was written and is maintained primarily by Simon Tatham and is currently beta software.
Rlogin, RSH Remote Shell and RCP Remote Copy
These are three old school programs in the UNIX world. The R stands for remote and like telnet and SSH, these programs provide remote access and control of servers. Also like Telnet, they do no encrypt data and thus should not be used across the Internet.
SMTP Simple Mail Transfer Protocol
is used to send email. SMTP travels over TCP port 25 and is used by clients to send messages.
POP3 Post Office Protocol version 3
is one of the two protocols that receive email from SMTP servers. POP3 uses TCP port 110. Most email clients use this protocol, although some use IMAP4.
IMAP4 Internet Message Access Protocol version 4
is an alternative to POP3. Like POP3, IMAP4 retrieves email from an email server. IMAP4 uses TCP port 143 and supports some features that are not supported in POP3. Ex. enables you to search through messages on the mail server to find specific keywords, and select the messages you want to download onto your machine. IMAP4 also supports the concept of folders that you can place on the IMAP4 server to organize your email. Some POP3 email clients have folders, but that's not a part of POP3, just a nice feature added to the client.
FTP File Transfer Protocol
is the orig protocol used on the inet for transferring files. Although http can be used to transfer files as well, the transfer is often not as reliable or as fast as with ftp. ftp can do the transfer with security and data integrity. ftp uses tcp ports 21 and 20 by default. ftp sites are either anonymous sites, meaning that anyone can log on, or secured sites, meaning that you must have a user name and password to be able to access the site.
Review tool to help remember Internet Applications
http tcp port 80 the web
https tcp port 443 the web security
telnet tcp port 23 terminal emulation
ssh tcp port 22 secure terminal emulation
smtp tcp port 25 sending email
pop3 tcp port 110 email delivery
imap4 tcp port 143 email delivery
ftp tcp port 20/21 file transfer
tftp udp port 69 file transfer