Cyber-Security: TCP/IP Concepts

This layer includes network services and client software

TCP/UDP

This layer is responsible for getting data packets to and from the Application layer by using port numbers. TCP also verifies packet delivery by using acknowledgments. The Trasport layer is where data is encapsulated into segments.

This layer uses IP addresses to route packets to the correct destination network. The Internet Lyaer is responsible for routing a packet to a destination address.

This layer represents the physical network pathway and the network interface card

The primary protocol used to communicate over the Web

Allows different OSs to transfer files between one another

The main protocol for transmitting e-mail messages across the Internet

Primarily used to monitor devices on a network, such as monitoring a router’s state remotely

Enables users to securely log on to a remote server and issue commands interactively

Enables multiple users to communicate over the Internet in discussion forums

Enables users to insecurely log on to a remote server and issue commands interactively

The synchronize flag signifies the beginning of a session

The acknowledgement flag acknowledges a connection and is sent by a host after receiving a SYN-ACK packet

The push flag is used to deliver data directly to an application. Data isn’t buffered; it’s sent immediately

This flag is used to signify urgent data

The reset flag resets or drops a connection

The finish flag signifies that the connection is finished

The Initial Sequence Number (ISN) is a 32-bit number that tracks packets received by a node and allows reassembling large packets that have been broken up into smaller packets

A TCP packet has two 16-bit fields containing the source and destination port numbers. A port is the logical, not physical, components of a TCP connection and can be assigned to a process that requires network connectivity.

FTP has been around as long as the internet. It was the standard for moving or copying large files and is till used today, although to a lesser extent because of the popularity of HTTP. FTP uses port 20 for data transfer and port 21 for control. FTP requires entering a login name and password and is more secure than Trivial File Transfer Protocol.

Simple Mail Transfer Protocol - Email servers listen to this port. If you attempt to send e-mail to a remote user, your workstation connects to port 25 on a mail server.

Domain Name System - If a server on your network uses DNS, it’s using port 53. Most networks require a DNS server so that users can connect to Web sites with URLs instead of IP addresses.

Trivial File Transfer Protocol - Many network engineers use TFTP service to transfer router and backup router configurations

Hypertext Transfer Protocol - Most certification exams have a question about port 80 being used for HTTP. Port 80 is used when you connect to a web server. If security personnel decided to filter out HTTP traffic, almost every user would notice a problem on the network.

Secure Hypertext Transfer Protocol - Port 443, like port 80, is usedwhen you connect to a Web server. However, 443 typically is reserved for secure connections.

ICMP is used to send messages related to network operations. ICMP makes it possible for network professionals to troubleshoot network connectivity problems and track the route a packet traverses from a source IP address to a destination IP address.