TCP/IP Applications–Making TCP/IP Work–NETWORKING, SECURITY, & MORE ESSENTIALS—CompTIA Network+ (N10-007) NETWORK-PLUS Certification Prep Course Notes

TCP/IP Applications

• TCP and UDP
  • Ethernet frames are used by switches & routers.
  • PDU (Protocol Data Units) are the information used by the different protocols provided in frame segments.
  • TCP is connection-oriented, 2-way communication initiated by a 3-way handshake process (syn, syn-ack, ack).
  • UDP is connectionless-oriented protocol, has low overhead with one-way communication.

• ICMP & IGMP
  • (Note: Ping uses ICMP.)
  • ICMP (Internet Control Message Protocol) works at the Internet (2) Layer in the TCP/IP model, & the network (3) layer in the OSI model.
  • IGMP (Internet Group Management Program) provides multicasting support.
  • Multicast addresses always start with “224”.
    • ex: 224.x.x.x

• Handy Tools
  • Both ‘tracert’ (Windows), and ‘traceroute’ (Linux) commands display the hops through a router to reach a destination.
  • Using the alternative command ‘pathping’ can get a quicker ping response from the routers.
  • Bandwidth speed testing helps verify the upload & download speeds to an individual computer.
  • Run these commands when things are operating normally so you can get a sense of your network, & help pinpoint when a problem does arise.

• Introduction to Wireshark
  • Wireshark is a protocol analyzer, integrated with a frame capture tool.
    • Wireshark allows us to really dismantle the packages & inspect to see what’s going on in the system.
  • Wireshark displays the traffic flow of Ethernet frames, and can drill down into the frame-viewing various protocols, ports, timelines, & services.
  • Wireshark can segment & organize the data into consumable information to help in troubleshooting.
  • (Note: Some people may choose to use alternative capture tools like ‘tcpdump’ instead of Wireshark’s included capture tool. (‘tcpdump’ has additional features.))

• Introduction to Netstat
  • The “netstat” command lists all open ports & network connections on a computer.
  • Run “netstat” at the command prompt.
  • Make sure to know certain netstat switches:
    • ex: ‘netstat -n’ presents the results numerically.
    • ex: ‘netstat -b’ shows the executable for every connection. These can also be combined, or contantonated together like ‘netstat -bn’!!!
    • ex: ‘netstat -o’ shows the executable & process id for every connection.
      • Note: Every program running has a process id associated with it.
    • ex: ‘netstat -a’ shows all the active ports.
      • Port 445 is also referred to as SMB 445.
    • ex: ‘netstat -r’ shows the local routing table (You can look at the routing table on your own individual computer!)
      • ‘netstat -r’ is identical to typing the command ‘route print’.
    • Note: “Process Explorer” and “TCPView” are other available tools (from ‘SysInternal’ website)

• Web Servers
  • Web servers host web sites; web clients access web servers.
  • HTTP uses TCP port 80 by default.
  • HTTPS use TCP port 443 by default.
  • Primary Web server software: Microsoft IIS (Internet Information Service) and Apache (open-source).
  • Run ‘netstat -a’ to check if a web server is running on our local machine (the client) (Is Port 80 ‘listening’?)
  • Network+ exam is more interested in web clients than web servers.

• FTP
  • FTP is a file transfer protocol, consider SFTP as a more secure method
    • Secure FTP uses SSL & TLS to encrypt the FTP stream itself.
  • FTP servers listen on port 21 & send data back to the clients on port 20.
  • FTP is NOT encrypted so all passwords & data are sent in the clear.
  • Anonymous accounts enable public access to FTP servers.
  • FTP can also be accessed from a web browser or CLI.
  • In CLI, the “GET” command downloads & the “PUT” command uploads.
  • TFTP (trivial FTP) uses UDP port 69.

• Email Servers & Clients
  • SMTP uses port 25 (Simple Mail Transfer Protocol). (Sending mail.)
  • POP3 uses port 110 (Post Office Protocol version 3)
  • IMAP uses port 143 (Internet Message Access Protocol v4)
  • It very common to have one piece of software that acts as both an SMTP server & as well as a POP3 or IMAP server. Very common.
  • SMTP, POP3, & IMAP are NOT encrypted protocols.

• Secure Email
  • TLS (Transport Layer Security)
  • SMTP, POP3, & IMAP are unencrypted e-mail protocols.
  • Implementing unencrypted e-mail protocols with TLS has complex port assignments.
  • The STARTTLS extension uses only one port (587) for encrypted communications. STARTTLS is at no time in an unencrypted state.
  • Two different versions: TLS & StartTLS
    • TLS was the 1st version; TLS started unencrypted & then went to encrypted
    • STARTTLS is the current approach to running secure email protocols.

• Telnet & SSH–terminal emulation applications that run on both client & server.
  • Telnet is unencrypted and runs over TCP port 23.
  • SSH (Secure SHell) runs over TCP port 22.
  • SSH is fully encrypted & has almost completely replaced telnet.
  • Telnet enables you to access a remote computer.
  • ‘freeSSH’ is a free server side tool to use.
  • PUTTY is a free, robust telnet/SSH client. (If you want to access a telnet server, you will need a telnet client.)
  • Telnet (unsecure) and SSH (secure) are both terminal emulators.
  • Telnet is the original remote connectivity tool. Telnet is arguably the oldest application there is on the internet (argued against email!)
  • SSH uses an authentication key
  • ‘rlogin’ is not secure; uses port 513–it was replaced with SSH.

• Network Time Protocol (NTP)
  • (Note: Incorrect system time or out of sync time can be an issue.)
  • NTP is a networking protocol for clock synchronization.
  • NTP uses port 123. NTP is used by programs & protocols.
  • There are hundreds of NTP servers worldwide.
  • Ex’s are time.nist.gov and time.windows.com.

• Network Service Scenarios
  • DHCP scope ranges need to consider gateway, printers, & other types of hosts to provide for IP reservations.
  • MAC reservations can be used to define devices that have top priority for address assignment.
  • IPAM (IP Address Management)–IPAM tools are designed to keep track of all IP address no matter where they’re happening or what they’re doing & take care of the needs of addressing for your system.
  • IPAM tools are very powerful:
    • they can automatically create new DHCP scopes
    • they can set reservations
    • they can generate new blocks of addresses (with your range)
    • IPAM is more used in servers, huge farms of virtual machines, than it is used in individual desktops, to take care of addressing scenarios.
  • IPAM tools track & manage allotted IP addresses, keeping address requirement available for server & VM farms.