TCP/IP Applications
- TCP and UDP
- Ethernet frames are used by switches & routers.
- PDU (Protocol Data Units) are the information used by the different protocols provided in frame segments.
- TCP is connection-oriented, 2-way communication initiated by a 3-way handshake process (syn, syn-ack, ack).
- UDP is connectionless-oriented protocol, has low overhead with one-way communication.
- ICMP & IGMP
- ICMP (Internet Control Message Protocol) works at the Internet (2) Layer in the TCP/IP model, & the network (3) layer in the OSI model.
- IGMP (Internet Group Management Program) provides multicasting support.
- Multicast addresses always start with “224”.
- Handy Tools
- Both ‘tracert’ (Windows), and ‘traceroute’ (Linux) commands display the hops through a router to reach a destination.
- Using the alternative command ‘pathping’ can get a quicker ping response from the routers.
- Bandwidth speed testing helps verify the upload & download speeds to an individual computer.
- Run these commands when things are operating normally so you can get a sense of your network, & help pinpoint when a problem does arise.
- Introduction to Wireshark
- Wireshark is a protocol analyzer, integrated with a frame capture tool.
- Wireshark allows us to really dismantle the packages & inspect to see what’s going on in the system.
- Wireshark displays the traffic flow of Ethernet frames, and can drill down into the frame-viewing various protocols, ports, timelines, & services.
- Wireshark can segment & organize the data into consumable information to help in troubleshooting.
- (Note: Some people may choose to use alternative capture tools like ‘tcpdump’ instead of Wireshark’s included capture tool. (‘tcpdump’ has additional features.))
- Introduction to Netstat
- The “netstat” command lists all open ports & network connections on a computer.
- Run “netstat” at the command prompt.
- Make sure to know certain netstat switches:
- ex: ‘netstat -n’ presents the results numerically.
- ex: ‘netstat -b’ shows the executable for every connection. These can also be combined, or contantonated together like ‘netstat -bn’!!!
- ex: ‘netstat -o’ shows the executable & process id for every connection.
- Note: Every program running has a process id associated with it.
- ex: ‘netstat -a’ shows all the active ports.
- Port 445 is also referred to as SMB 445.
- ex: ‘netstat -r’ shows the local routing table (You can look at the routing table on your own individual computer!)
- ‘netstat -r’ is identical to typing the command ‘route print’.
- Note: “Process Explorer” and “TCPView” are other available tools (from ‘SysInternal’ website)
- Web Servers
- Web servers host web sites; web clients access web servers.
- HTTP uses TCP port 80 by default.
- HTTPS use TCP port 443 by default.
- Primary Web server software: Microsoft IIS (Internet Information Service) and Apache (open-source).
- Run ‘netstat -a’ to check if a web server is running on our local machine (the client) (Is Port 80 ‘listening’?)
- Network+ exam is more interested in web clients than web servers.
- FTP
- FTP is a file transfer protocol, consider SFTP as a more secure method
- Secure FTP uses SSL & TLS to encrypt the FTP stream itself.
- FTP servers listen on port 21 & send data back to the clients on port 20.
- FTP is NOT encrypted so all passwords & data are sent in the clear.
- Anonymous accounts enable public access to FTP servers.
- FTP can also be accessed from a web browser or CLI.
- In CLI, the “GET” command downloads & the “PUT” command uploads.
- TFTP (trivial FTP) uses UDP port 69.
- Email Servers & Clients
- SMTP uses port 25 (Simple Mail Transfer Protocol). (Sending mail.)
- POP3 uses port 110 (Post Office Protocol version 3)
- IMAP uses port 143 (Internet Message Access Protocol v4)
- It very common to have one piece of software that acts as both an SMTP server & as well as a POP3 or IMAP server. Very common.
- SMTP, POP3, & IMAP are NOT encrypted protocols.
- Secure Email
- TLS (Transport Layer Security)
- SMTP, POP3, & IMAP are unencrypted e-mail protocols.
- Implementing unencrypted e-mail protocols with TLS has complex port assignments.
- The STARTTLS extension uses only one port (587) for encrypted communications. STARTTLS is at no time in an unencrypted state.
- Two different versions: TLS & StartTLS
- TLS was the 1st version; TLS started unencrypted & then went to encrypted
- STARTTLS is the current approach to running secure email protocols.
- Telnet & SSH–terminal emulation applications that run on both client & server.
- Telnet is unencrypted and runs over TCP port 23.
- SSH (Secure SHell) runs over TCP port 22.
- SSH is fully encrypted & has almost completely replaced telnet.
- Telnet enables you to access a remote computer.
- ‘freeSSH’ is a free server side tool to use.
- PUTTY is a free, robust telnet/SSH client. (If you want to access a telnet server, you will need a telnet client.)
- Telnet (unsecure) and SSH (secure) are both terminal emulators.
- Telnet is the original remote connectivity tool. Telnet is arguably the oldest application there is on the internet (argued against email!)
- SSH uses an authentication key
- ‘rlogin’ is not secure; uses port 513–it was replaced with SSH.
- Network Time Protocol (NTP)
- (Note: Incorrect system time or out of sync time can be an issue.)
- NTP is a networking protocol for clock synchronization.
- NTP uses port 123. NTP is used by programs & protocols.
- There are hundreds of NTP servers worldwide.
- Ex’s are time.nist.gov and time.windows.com.
- Network Service Scenarios
- DHCP scope ranges need to consider gateway, printers, & other types of hosts to provide for IP reservations.
- MAC reservations can be used to define devices that have top priority for address assignment.
- IPAM (IP Address Management)–IPAM tools are designed to keep track of all IP address no matter where they’re happening or what they’re doing & take care of the needs of addressing for your system.
- IPAM tools are very powerful:
- they can automatically create new DHCP scopes
- they can set reservations
- they can generate new blocks of addresses (with your range)
- IPAM is more used in servers, huge farms of virtual machines, than it is used in individual desktops, to take care of addressing scenarios.
- IPAM tools track & manage allotted IP addresses, keeping address requirement available for server & VM farms.