Term | Definition |
TCP - Transmission Control Protocol | OSI Layer 4, “
Reliable” delivery
• Recovery from errors
• Can manage out-of-order messages
or retransmissions |
Non-ephemeral ports | Permanent port numbers
• Ports 0 through 1,023
• Usually on a server or service |
Ephemeral ports | Temporary port numbers
• Ports 1,024 through 65,536
• Determined in real-time by the clients |
ICMP- Internet Control Message Protocol | • “Text messaging” for your network devices
• Another protocol carried by IP - Not used for data transfer |
tcp/22 | SSH - Secure Shell
• Encrypted communication link - tcp/22
• Looks and acts the same as Telnet |
udp/53 | DNS - Domain Name System
Converts names to IP addresses |
tcp/25 | SMTP - Simple Mail Transfer Protocol
• Used to send mail from a device to a mail server
• Commonly configured on mobile devices
and email clients
• Other protocols are used for clients to receive email
• IMAP, POP3 |
tcp/22 | SFTP - Secure FTP
Uses the SSH File Transfer Protocol
Provides file system functionality
Resuming interrupted transfers, directory listings,
remote file removal |
tcp/20 (active mode data) or tcp/21 (control) | FTP - File Transfer Protocols
Transfers files between systems
• Authenticates with a username and password
• Full-featured functionality (list, add, delete, etc.) |
udp/69 | TFTP – Trivial File Transfer Protocol
• Very simple file transfer application
• Read files and write files
• No authentication - Not used on production systems |
TCP/23 | Telnet - Telecommunication Network
• Login to devices remotely
• Console access
• In-the-clear communication
• Not the best choice for production systems |
udp/67, udp/68 | DHCP - Dynamic Host Configuration Protocol
• Automated configuration of IP address,
subnet mask and other options |
HTTP | Hypertext Transfer Protocol |
udp/161 | SNMP - Simple Network Management Protocol |
SNMP | • v1 – The original
• Structured tables, in-the-clear
• v2 – A good step ahead
• Data type enhancements, bulk transfers
• Still in-the-clear
• v3 – The new standard
• Message integrity, authentication, encryption |
tcp/3389 | RDP - Remote Desktop Protocol
Share a desktop from a remote location
Remote Desktop Services on many Windows versions
• Can connect to an entire desktop or just an application |
udp/123 | NTP - Network Time Protocol
• Switches, routers, firewalls, servers, workstations
• Every device has its own clock |
tcp/5060 and tcp/5061 | SIP - Session Initiation Protocol
• Voice over IP (VoIP) signaling |
tcp/445 | SMB - Server Message Block
Protocol used by Microsoft Windows
• File sharing, printer sharing
• Also called CIFS (Common Internet File System) |
TCP/110 | POP3 - Post Office Protocol version 3
Receive mail into a mail client |
Tcp/143 | IMAP4 - Internet Message Access Protocol v4
A newer mail client protocol |
tcp/389 | LDAP - Lightweight Directory Access Protocol -
A newer mail client protocol |
tcp/636 | LDAPS - Lightweight Directory Access ProtocoL SECURE
LDAP over SSL |
tcp/1720 | H.323 - ITU Telecommunica5on H.32x protocol series
Voice over IP signaling |
Layer 1 | Physical
Signaling, cabling, connectors (Cable, NIC, Hub) |
Layer 2 | Data Link
The Switching layer (Frame, MAC Address, EUI-48, EUI-64, Switch |
Layer 3 | Network
The routing Layer (IP Address, router, packet) |
Layer 4 | Transport
The post office layer (TCP SEGMENT, UDP DATAGRAM) |
Layer 5 | Session
Communication between devices( Control protocols, tunneling protocols) |
Layer 6 | Presentation
Encoding and encryption (SSL/TLS) |
Layer 7 | The layer we see
(Google Mail, Twitter, Facebook) |
Preamble | 7 bytes
56 alternating ones and zeros used for synchronization |
SFD | 1 bytes
Start Frame Delimiter - designates the end of the preamble |
Destination MAC Address | 6 bytes
Ethernet MAC address of the Destination device |
Source MAC Address | 6 bytes
Ethernet MAC address of the source device |
EtherType | 2 bytes
Describes the data contained the payload |
Payload | 46 - 1500 bytes
Layer 3 and higher data |
FCS | 4 bytes
Frame Check Sequence - CRC checksum of the frame |