Networking Fundamentals​, Quick Notes – Protocols Part 2

TCP & UDP

  • TCP (Transmission Control Protocol)
    • Operates at Layer 4.
    • Provides reliable, orderly, flow-controlled and error-checked delivery of packets.
    • Connection Oriented.
    • Suitable for critical applications that require guaranteed delivery of packets.
    • Popular applications that utilize TCP include Webbrowsers, email client software, etc.
  • UDP (User Datagram Protocol)
    • Operates at Layer 4.
    • Connection-less.
    • No error checking or orderly delivery of packets, not reliable.
    • Suitable for non-critical & bandwidth intensive applications.
    • Application to be programmed totake care of error checking, if UDP is used.
    • Used where no error checking is required, such as DNS requests, etc.

TCP

UDP

Reliable

Unreliable

Connection Oriented

Connection-less

Segment Sequencing

No Sequencing

Acknowledge Segments

No Acknowledgment

Segment re-transmission and Flow control

No re-transmission

TCP Handshake

TCP requires connection to be established before communication, referred to as TCP Handshake:

  • Clients initiate by sending “SYN” packet to a server.
  • Server responds by replying with “SYN, ACK” to the client.
  • Client sends “ACK” packet to the server (Acknowledgment).

TCP states – TCP connections goes through different changes between end-points:

  • CLOSE_WAIT
  • CLOSED
  • ESTABLISHED
  • FIN_WAIT_1
  • FIN_WAIT_2
  • LAST_ACK
  • LISTEN
  • SYN_RECEIVED
  • SYN_SEND
  • TIMED_WAIT

For example, LISTEN indicates that a computer/device is waiting for an incoming request.

Reference(s):

Ports & Sockets

  • Logical path between network applications, similar to a pipeline.
  • Port uses 16-bit scheme, 216= 65,536 ports.
  • Port “0” reserved, usable ports 1 – 65,535 for each IP address.
  • Network application may use a single port or, a range of ports for communication.
  • Protocol may use TCP or UDP.
  • IP Address + Port Number = Socket.

Web Browser sending request from port 23000 to a HTTP server listening on port 80

Example:

  1. A HTTP Server “listens” for incoming requests on Port 80 (Default HTTP Port) or 443 (HTTPS).
  2. A HTTP Client (Typically a web browser) sends request from a random port to the HTTP Server.
  3. HTTP Server replies to HTTP Client.

Run multiple services using a Single IP address through multiple ports, serve multiple clients and/or client applications

 

Multiple ports usage between computers on a network

Ports are classified:

  • Well-known ports: 0 – 1023
  • Registered ports: 1024 – 49151
  • Dynamic ports: 49152 – 65535

Port

Description

20

FTP

21

FTP

23

Telnet

25

SMTP

53

DNS

69

TFTP

80

HTTP

110

POP3

119

NNTP

143

IMAP

443

HTTPS

Port

Description

1080

SOCKS

1194

OpenVPN

1220

QuickTime

1293

Internet Protocol Security (IPSec)

1433

Microsoft SQL Server

1503

Windows Live Messenger

1512

Windows Internet Name Service (WINS)

1761

Novell ZENworks

Well Known Ports, Examples

Registered Ports, Examples

Note: Well-known ports serve as a guide for network application programmers and are industry standards. A network application can use any port number as defined by the administrator, instead of standard port numbers. For example, a web server can use port 14000 instead of standard port 80, but the client must send request to port 14000 instead of 80 (web browsers are programmed to send requests to port 80 by default).

Application Layer Protocols

Protocol

Description

HTTP

Hypertext Transfer Protocol, foundation for World Wide Web

FTP

File Transfer Protocol, used for transferring files using TCP

TFTP

Trivial File Transfer Protocol, used for transferring files using UDP

NTP

Network Time Protocol, used for synchronizing time

NNTP

Network News Transfer Protocol, used in USENET applications (articles)

SMTP

Simple Mail Transfer Protocol, used for sending & relaying messages

POP

Post Office Protocol, used for retrieving emails

IMAP

Internet Message Access Protocol, similar to POP designed for multiple email clients

LDAP

Lightweight Directory Access Protocol, used for directory information services

RDP

Remote Desktop Protocol, used for remote connections in Microsoft Windows

SNMP

Simple Network Management Protocol, used for managing devices

SSL

Secure Sockets Layer, cryptographic protocol provides security

TLS

Transport Layer Security, supersedes SSL

NETSTAT command is used for viewing network protocol statistics, routing tables, etc.

  • View Ethernet Statistics:
    • CMD > netstat -e

Output displaying Ethernet statistics

  • View statistics (display FQDN):
    • CMD > netstat -f

Output listing open ports with domain names, a) Anti-virus software update from a server

  • View statistics (resolved to IP):
    • CMD > netstat -n

Output displaying resolved IP addresses

  • View IPv4 Statistics:
    • CMD > netstat -s -p ip

Output listing IPv4 Statistics

  • View IPv6 Statistics:
    • CMD > netstat -s-p IPv6

Output listing IPv6 Statistics

  • View TCP Statistics for IPv4:
    • CMD > netstat -s-p tcp

Output listing TCP, IPv4 Statistics

  • View TCP Statistics for IPv6:
    • CMD >netstat -s -p tcpv6

Output listing TCP, IPv6 Statistics

  • View UDP Statistics for IPv4:
    • CMD > netstat-s -p udp

Output listing UDP, IPv4 Statistics

  • View UDP Statistics for IPv6:
    • CMD > netstat-s -p udpv6

Output listing UDP, IPv6 Statistics

  • View ICMP statistics (IPv4):
    • CMD > netstat -s -p icmp

Output listing ICMP statistics for IPv4

  • View ICMP statistics (IPv6):
    • CMD > netstat -s -p icmpv6

Output listing ICMP statistics for IPv6

  • View all Active TCP Connections for IPv4 (Open Ports):
    • CMD >netstat -a -p tcp

Output listing open TCP ports (IPv4)

  • View all Active TCP Connections for IPv6 (Open Ports):
    • CMD > netstat -a -p tcpv6

Output listing open TCP ports (IPv6)

  • View all Active UDP Connections for IPv4 (Open Ports):
    • CMD > netstat -a -p udp

Output listing open UDP ports (IPv4)

  • View all Active UDP Connections for IPv6 (Open Ports):
    • CMD >netstat -a -p udpv6

Output listing open UDP ports (IPv6)

  • View statistics (used by a particular executable):
    • CMD > netstat -b

Output listing ports used by programs (executable) a) Mozilla Firefox & b) AVG Anti-virus update

  • View statistics (used by a particular executable by process ID):
    • CMD > netstat -o

Output listing ports by process ID

  • START > RUN > TASKMGR > Details Tab

Output listing Process Name, Process ID (Find matching process ID) in Task Manager

  • View statistics for all protocols

CMD > netstat -e -s

Leave a Comment

Shopping Cart