Protocols of the TCPIP Suite Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:02
>> Let's take a look at some of these protocols that
00:02
are a part of the TCP/IP suite.
00:02
The first one we'll take a look at is
00:02
FTP, File Transfer Protocol.
00:02
This is for uploading and downloading files.
00:02
A few things mentioned,
00:02
first there's a reference to the port numbers,
00:02
port 20 and 21.
00:02
We have to know those.
00:02
I also mentioned a specific fact about FTP.
00:02
It's not secure. Credentials traverse
00:02
the network in plain text.
00:02
So that's always going to be
00:02
a problem when you think about network security.
00:02
We don't ever want passwords
00:02
on the network in plain sight.
00:02
We really need to focus on securing the FTP,
00:02
which is coming up on the slide.
00:02
One of the tools that we can use to
00:02
secure FTP is a protocol called SSH.
00:02
SSH is Secure Shell.
00:02
Secure Shell is going to provide us
00:02
security over an unsecured network.
00:02
Secure Shell uses TCP port 22,
00:02
and this was designed to replace some of
00:02
the remote administration protocols,
00:02
like Telnet and FTP,
00:02
or if you work with Unix,
00:02
their utility is called the R utilities.
00:02
All of those have traditionally sent
00:02
passwords across the network in plain text.
00:02
By using SSH instead of plain FTP,
00:02
you get a more secure connection.
00:02
If you're replacing FTP with secure FTP,
00:02
then that now uses port 22,
00:02
also because SSH is really
00:02
the protocol that's providing
00:02
the transport and the security.
00:02
I will also mention that another protocol SCP,
00:02
Secure Copy Protocol,
00:02
uses SSH also port 22.
00:02
They love to ask questions about
00:02
this on the exam because it's
00:02
not just SSH that uses port 22,
00:02
it's SCP and S/FTP,
00:02
which can be something that's tricky to remember.
00:02
Make sure you know these.
00:02
Just spoke about Telnet and said
00:02
that Telnet is also another one of
00:02
those protocols that transmits
00:02
data across the wire and plain text.
00:02
We don't like that.
00:02
Telnet instead of telnetting into a system, we SSH.
00:02
Telnet uses TCP port 23.
00:02
SMTP, Simple Mail Transfer Protocol.
00:02
You have several different mail protocols.
00:02
What SMTP is for is sending
00:02
mail from mail server to mail server.
00:02
When you're talking about sending
00:02
mail from your system up
00:02
or from side-to-side, that's SMTP.
00:02
We've got other protocols that download
00:02
our mail for us or allow us to view our mail,
00:02
but when we're talking about sending, SMTP.
00:02
A friend of mine says to think of it
00:02
as send mail to people,
00:02
and that's exactly right.
00:02
SMTP though really stands for
00:02
Simple Mail Transfer Protocol, port 25.
00:02
Another protocol that we can look at
00:02
is really a protocol and a service.
00:02
It's called TACACS Plus.
00:02
TACACS Plus is port 49,
00:02
and this is a remote authentication server.
00:02
When clients are trying to access
00:02
your network from a remote location,
00:02
maybe they're connecting in a VPN,
00:02
a wireless access point,
00:02
even the back in the day when we used to dial up,
00:02
there needed to be a system
00:02
where we could centralize control,
00:02
and that system was TACACS Plus.
00:02
We'll talk about that more with
00:02
remote access in just a bit.
00:02
An important service on the network.
00:02
DNS, Domain Name Service,
00:02
or you could hear Domain Naming Service.
00:02
You and I like user-friendly names.
00:02
However, for systems to connect,
00:02
they need IP addresses.
00:02
We have to have some reference point
00:02
that we can go to and say,
00:02
"Hey, what's the IP address for weather.com?"
00:02
Or whatever it is we're looking for.
00:02
That's our DNS server.
00:02
Our DNS server provides us with
00:02
name resolutions that we can
00:02
connect to via IP address to host.
00:02
DNS works at port 53.
00:02
Now in a little bit,
00:02
we'll talk about the DNS database and how it works.
00:02
But for now, remote naming to
00:02
IP addresses, to IP addresses,
00:02
to user-friendly names, to IP addresses,
00:02
that's DNS port 53.
00:02
DHCP, another important network service.
00:02
DHCP provides IP addresses to clients automatically.
00:02
Rather than having an administrator
00:02
walk around from host to host,
00:02
IP not and an assigned IP address,
00:02
a client comes online,
00:02
pairs the DHCP server and gets an IP address.
00:02
That's very helpful.
00:02
One of the things we'll talk about is how
00:02
DHCP works and the process called DORA,
00:02
Discover Offer Requests Acknowledge.
00:02
That's coming up in just a bit.
00:02
DHCP operates on port 67 and 68.
00:02
Now an alternative to FTP,
00:02
we talked about this one a little bit earlier
00:02
when we were at Layer 4 of the OSI model.
00:02
We talked about an alternative to FTP called TFTP,
00:02
Trivial File Transfer Protocol.
00:02
TFTP is used in some environments when we're
00:02
looking to download operating systems for devices.
00:02
For example, if I'm doing an operating
00:02
system upgrade on a router or something,
00:02
I might use TFTP.
00:02
A lot of the times we think to use FTP or other means.
00:02
This is port 69, and if you'll remember,
00:02
the difference of TFP,
00:02
it piggybacks on UDP, which is connectionless.
00:02
FTP piggybacks on TCP,
00:02
which is connection oriented.
00:02
Lots of letters in this class.
00:02
[LAUGHTER] I hope you're keeping up.
00:02
HTTP, I think we're all
00:02
familiar with web traffic, Hypertext Transfer Protocol.
00:02
This is port 80.
00:02
If we're communicating with web traffic,
00:02
we're using port 80.
00:02
I'll mention that HTTP is not secure and in of itself.
00:02
We're going to have to add some security in just a bit.
00:02
For now, HTTP is port 80.
00:02
POP, Post Office Protocol.
00:02
I mentioned to you that SMTP was for sending mail.
00:02
When you're downloading email to your devices,
00:02
you're feeling those devices,
00:02
perhaps even on the server.
00:02
What we're looking at is using
00:02
>> one of the two protocols.
00:02
>> POP is very common and we're on Version 3, POP3.
00:02
There's also a protocol called IMAP,
00:02
which will come up in just a minute,
00:02
but that's Internet Mail Application Protocol.
00:02
That would be an alternative to POP3.
00:02
POP3 uses port 110.
00:02
Network Time Protocol.
00:02
Network Time Protocol is really important because it
00:02
controls the synchronization of devices on the network.
00:02
Many network services,
00:02
particularly Kerberos and several others,
00:02
require that our systems be in sync.
00:02
Network Time Protocol is
00:02
a service running on your domain controller that
00:02
helps ensure everybody's using
00:02
the same time clock and that we're synchronized.
00:02
NTP uses port 1,
00:02
2, 3. You know what?
00:02
I was going to tell you guys an NTP joke,
00:02
but my time is always off.
00:02
[LAUGHTER] I hope you enjoyed that.
00:02
I'll be here all week, folks.
00:02
There's our friend IMAP that we talked about earlier.
00:02
An alternative to POP.
00:02
Downloads mail from the server and uses port 143.
00:02
SNMP, Simple Network Management Protocol,
00:02
this is a protocol that
00:02
allows us to capture information on our networks,
00:02
that way we can monitor and be aware of
00:02
the traffic and the various events that are going on.
00:02
With SNMP, we have three main elements, an agent,
00:02
a central manager, and an MIB,
00:02
which is our management information base.
00:02
Our agent is whatever
00:02
network devices are running the SNMP software.
00:02
The central manager, which is ultimately
00:02
your management system that's
00:02
pulling all the information together,
00:02
and then our management information base.
00:02
All your agents contain
00:02
an information database specific to
00:02
the various parameters and
00:02
the information that's being captured.
00:02
This is the database that's used to request
00:02
the agent for specific information and
00:02
then make sure that information is transmitting
00:02
it and formatting in such a way that can be useful.
00:02
That's the management information database.
00:02
A Simple Network Management Protocol uses port 161.
Up Next