SlideShare a Scribd company logo

Unit 3 Networking Basics of Ethical Hacking.docx

Download as DOCX, PDF
G
Guna Dhondwad

3.1 OSI and TCP/IP Models 3.2 IP Addressing and Subnetting 3.3 Common Network Protocols (HTTP, HTTPS, FTP, SMTP, etc.) 3.4 Network Addressing 3.5 Common Ports and Protocols

Technology
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
UNIT 3 SETTING UP AND CONFIGURATIONS 3.1 OSI Model The OSI (Open Systems Interconnection) model, developed in the 1980s, is a conceptual framework used for understanding network communication. While it's not fully implemented in practice, it remains a valuable reference today. The OSI model consists of seven interconnected layers, each adding its own layer of information as data passes through.  How It Works: 1. Data Movement: Data starts at the top layer and moves down through each layer, gaining additional information at each step. 2. Transmission: Once the data reaches the bottom layer, it is transmitted over the network. 3. Reception: On the receiving end, the process is reversed. The data moves up through the layers, shedding the added information until it reaches its original form at the top layer. This layered approach helps ensure seamless communication across different networking systems by standardizing how data is transmitted and received.  OSI Model Layers: The OSI model is composed of seven layers, each with a unique role in ensuring seamless data communication. Here's a breakdown of these layers from bottom to top: 1. Physical Layer: This is the foundation of the OSI model. It deals with the actual physical connections among devices, such as cables, switches, and the transmission of raw binary data. 2. Data Link Layer: This layer handles the node-to-node delivery of messages. It's responsible for error detection and correction to ensure reliable data transfer between adjacent network nodes. 3. Network Layer: Responsible for transmitting data from one host to another across multiple networks. It determines the best path for data to travel, ensuring it reaches the correct destination. 4. Transport Layer: This layer ensures that messages are delivered reliably and in the correct order across the network. It handles error recovery and flow control, making sure data is transferred without issues. 5. Session Layer: Focused on establishing, managing, and terminating sessions between devices. It keeps track of dialogue between two devices, ensuring continuous and organized communication. 6. Presentation Layer: This layer is responsible for data translation, encryption, and decryption. It transforms data into a format that can be used by the application layer, ensuring it is readable and secure. 7. Application Layer: The topmost layer, where users interact with the system. It provides various network services directly to end-users, such as email, file transfer, and web browsing.
 Application Layer - Layer 7: User interaction and network services  Presentation Layer - Layer 6: Data translation, encryption, and decryption  Session Layer - Layer 5: Session management between devices  Transport Layer - Layer 4: Reliable data transfer, error recovery  Network Layer - Layer 3: Data routing, addressing between networks  Data Link Layer - Layer 2: Node-to-node data transfer, error detection  Physical Layer - Layer 1: Physical connections, raw binary transmission  Data Flow in the OSI Model The OSI (Open Systems Interconnection) model describes how data is transmitted from one device to another through its seven layers. This process involves encapsulating data at each layer on the sender side, transmitting it over the network, and decapsulating it at each layer on the receiver side to ensure that data is received correctly and reliably.
Advantages  Supports Both Services: It supports both connection-oriented and connectionless services.  Flexibility: The model is quite flexible.  Independent Layers: Each layer operates independently from the others. Disadvantages  Complex Setup: Setting up the model can be a challenging task.  Protocol Compatibility: Fitting a new protocol into this model can sometimes be difficult.  Reference Use Only: It is mainly used as a reference model and not implemented entirely.  TCP/IP Model Originally, the OSI model was used for connectionless protocols like CLNS and CLMNP. However, with the introduction of TCP (a connection-oriented protocol), the TCP/IP model came into existence. In this new model, the Application, Presentation, and Session layers of the OSI model were combined to form the Application layer in the TCP/IP model. Similarly, the Data Link and Physical layers of the OSI model were combined to create the Network Access layer in the TCP/IP model. The Internet layer in the TCP/IP model is equivalent to the Network layer in the OSI model.  Layers of the TCP/IP Model 1. Network Access Layer:  The lowest layer of the TCP/IP model.  Combines the Physical and Data Link layers of the OSI model.  Facilitates data transmission within the same network. 2. Internet Layer:  Corresponds to the Network layer of the OSI model.  Responsible for moving data packets from the source to the destination across multiple networks. 3. Transport Layer:
 Similar to the Transport layer in the OSI model.  Ensures error-free delivery of messages. 4. Application Layer:  The topmost layer in the TCP/IP model.  Combines the functionalities of the Application, Presentation, and Session layers of the OSI model.  Provides various network services directly to end-users, such as email, file transfer, and web browsing.  Similarities Between the OSI and TCP/IP Models 1. Common Architecture: o Both the OSI and TCP/IP models are logical frameworks constructed with layers. They share a similar architecture, making it easier to understand and implement network protocols. 2. Defined Standards: o Both models have established standards and provide a framework for implementing these standards and devices. 3. Simplified Troubleshooting: o Both models simplify the troubleshooting process by breaking down complex functions into smaller, more manageable components. 4. Pre-Defined Standards: o The models do not redefine existing standards and protocols. Instead, they reference and use pre-defined standards. For example, the Ethernet standards defined by IEEE are used rather than being recreated by the models. 5. Similar Functionality of Transport and Network Layers: o The functions performed between the presentation and network layers in the OSI model are similar to those performed at the transport layer in both models.  Differences Between OSI and TCP/IP Models 1. Model Structure  OSI Model: The OSI (Open Systems Interconnection) model has seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.  TCP/IP Model: The TCP/IP (Transmission Control Protocol/Internet Protocol) model has four layers: Network Access, Internet, Transport, and Application. 2. Layer Functionality  OSI Model: o Physical Layer: Deals with the physical connection between devices. o Data Link Layer: Ensures reliable node-to-node data transfer. o Network Layer: Manages data routing and addressing between networks.
o Transport Layer: Provides end-to-end communication and error recovery. o Session Layer: Manages sessions between applications. o Presentation Layer: Translates, encrypts, and decrypts data. o Application Layer: Supports network applications and end-user processes.  TCP/IP Model: o Network Access Layer: Combines functionalities of the Physical and Data Link layers from the OSI model. o Internet Layer: Corresponds to the Network layer of the OSI model and handles packet forwarding and routing. o Transport Layer: Ensures reliable data transfer, similar to the OSI model's Transport layer. o Application Layer: Combines the Application, Presentation, and Session layers of the OSI model, providing network services to end-users. 3. Development and Usage  OSI Model: o Developed by ISO (International Organization for Standardization). o Primarily used as a reference model for understanding and designing network protocols.  TCP/IP Model: o Developed by the Defense Advanced Research Projects Agency (DARPA). o Widely implemented and used as the foundation for the internet. 4. Layer Independence  OSI Model: o Each layer has a distinct function and operates independently. o Changes in one layer do not affect the other layers.  TCP/IP Model: o Layers have more integrated and overlapping functions. o Changes in lower layers may affect the upper layers. 5. Protocol Specificity  OSI Model:  Specifies different protocols for each layer.  Provides a broader scope for the development of various networking protocols.  TCP/IP Model:  More protocol-specific, focusing on the protocols used for internet communication, such as TCP and IP. 3.2 IP Addressing and Subnetting Understanding IP Addresses and Subnetting
Network devices rely on IP addresses and subnets to identify where communications come from and where they're going. This helps manage network addresses efficiently.  IP Addresses IP addresses have two main parts:  Network Identifier (Network ID): This part identifies a network area where a device is located, much like an area code in a phone number.  Host Identifier (Host ID): This part specifies a particular device within that network area, similar to how a phone number identifies a specific phone within an area code. Most business networks still use IP version 4 (IPv4) addresses, which offer about 4.3 billion unique variations. With many of these addresses already in use, the newer IP version 6 (IPv6) standard provides more addresses and additional benefits.  IPv4 Addressing Computers handle IPv4 addresses as 32-bit binary strings, but humans usually convert them into dotted decimal addresses, which are easier to write and understand. For example:  Binary String: 11000000.00000000.00000010.00000010  IP Address: 192.0.2.2 Similarly, the associated subnet mask converts from binary to dotted decimal format:  Binary Subnet Mask: 11111111.11111111.11111111.11111100  Subnet Mask: 255.255.255.252  Subnet Masks Subnet masks help distinguish which part of the IP address is the network ID and which part is the host ID. Routers, computers, and network troubleshooters use IP addresses and subnet masks to manage network traffic, ensuring that information sent from one system arrives at its intended destination.  IP Address Fundamentals Network devices typically have three main identities: 1. Physical Address (MAC Address): This is the hardware address of a network interface. 2. Logical Address (IP Address): This is the unique identifier for a device on a network. 3. Hostname: A human-readable name that helps people recognize the device.  IP Addressing and Subnetting in Computer Networks
IP addressing and subnetting are crucial concepts in computer networking. An IP address is a unique identifier assigned to devices on a network to enable communication. It comprises two parts: the network identifier (network ID) and the host identifier (host ID). Subnetting, on the other hand, is a technique used to divide a larger IP network into smaller, more manageable sub-networks (subnets) to enhance efficiency and security in IP management. Both concepts are interconnected. What is IP Addressing? Every device that uses a network receives an IP address, a special identifier number. IP addresses are essential for routing data packets between devices and facilitating internet communication. The most common way to represent IP addresses is using dotted decimal notation, which consists of four sets of bits separated by periods. This notation makes IP addresses easier to read and understand. An IP address is 32 bits long, with each number corresponding to a byte of the address.  Types of IP Addresses There are two primary forms of IP addresses:  IPv4 (Internet Protocol version 4): This version uses 32-bit addresses, providing about 4.3 billion unique addresses. Due to the limited number of unique IPv4 addresses, subnetting and other methods have been developed to efficiently manage IP addresses.  IPv6 (Internet Protocol version 6): This version uses 128-bit addresses, offering a significantly larger number of unique addresses. IPv6 addresses provide many more unique addresses compared to IPv4 and come with additional benefits. By understanding and implementing IP addressing and subnetting, network administrators can effectively manage network resources, ensuring efficient and secure communication between devices. Advantages of IP Addressing  Unique Identification: IP addressing allows you to generate a unique identification number for each device on a network.  Data Routing: It is essential for routing data between different networks, ensuring effective communication.  Internet Access: IP addressing enables devices, servers, and other resources to be accessed over the internet. Disadvantages of IP Addressing  Limited IPv4 Addresses: There is a limited number of IPv4 addresses available, which can lead to shortages.  Configuration Complexity: Configuring IP addresses can be complex and requires careful management.  Security Risks: If IP addresses are exposed, there is a high risk of security threats, including unauthorized access and cyber-attacks. What is Subnetting?
Subnetting is the process of dividing a larger network into smaller, more manageable sub-networks (subnets). This involves taking bits from the host part of an IP address to create a network part. The network part identifies the subnetwork as a whole, while the host part identifies the specific device within that subnetwork. Subnetting allows network managers to create more organized and secure networks tailored to their performance and security needs. For instance, a large enterprise could segment its network into subnets for different divisions or locations.  Advantages of Subnetting  Efficient Use of IP Addresses: Subnetting divides large networks into smaller ones, making more effective use of IP addresses.  Enhanced Security: Subnets can add an extra layer of security by isolating different parts of the network.  Improved Performance: By reducing network traffic, subnetting can enhance overall network performance.  Disadvantages of Subnetting  Complex Expansion: Expanding or changing the subnet structure can be challenging.  Planning and Calculations: Designing a subnetted network requires careful planning and precise calculations.  Potential Security Risks: Incorrect configuration of subnets can lead to external security threats.  Difference Between IP Addressing and Subnetting 1. Definition:  IP Addressing: IP addressing refers to assigning unique identifiers (IP addresses) to devices on a network to enable communication. An IP address consists of a network part and a host part.  Subnetting: Subnetting is the process of dividing a larger IP network into smaller, more manageable sub-networks (subnets). This helps improve network efficiency and security. 2. Purpose:  IP Addressing: The main purpose is to uniquely identify devices on a network and facilitate data routing between devices.  Subnetting: The main purpose is to segment a larger network into smaller sections to improve
management, security, and performance. 3. Components:  IP Addressing: Involves the network identifier (network ID) and host identifier (host ID). Examples include IPv4 and IPv6 addresses.  Subnetting: Involves creating subnets by modifying the host part of the IP address to create additional network IDs. 4. Benefits:  IP Addressing: Ensures unique identification for each device, enabling effective data communication and routing.  Subnetting: Enhances network efficiency, security, and performance by reducing network congestion and isolating network segments. 5. Complexity:  IP Addressing: Generally straightforward but can become complex with a large number of devices and networks.  Subnetting: More complex due to the need for careful planning and calculations to design and configure subnets. 6. Security:  IP Addressing: Basic security through unique identification, but exposed IP addresses can be vulnerable to threats.  Subnetting: Offers additional security by isolating different parts of the network, making it harder for unauthorized access. 7. Example:  IP Addressing: An IPv4 address like 192.168.1.1.  Subnetting: Dividing the IP address 192.168.1.1/24 into smaller subnets like 192.168.1.0/25 and 192.168.1.128/25 3.3 Common Network Protocols 1. HTTP (Hypertext Transfer Protocol)  Purpose: Used for transferring web pages and resources (HTML, CSS, JavaScript).  Port: 80 (HTTP), 443 (HTTPS).  Key Features: o Stateless protocol (does not remember previous requests). o Supports methods like GET, POST, PUT, DELETE, etc.  Example: Accessing a website (http://gyanarth.com). Difference Between HTTP and HTTPS
HTTP (Hyper-Text Transfer Protocol) and HTTPS (Hyper-Text Transfer Protocol Secure) are protocols used for transferring data over the web. The key distinction lies in the security features provided by HTTPS, which makes it more secure than HTTP. HTTP is a stateless protocol that operates at the application layer and transfers data in plaintext. This means that any data exchanged between the client and server can be intercepted and read by third parties. HTTP does not use encryption or require certificates, making it less secure for sensitive information. HTTPS, on the other hand, is an extension of HTTP that incorporates encryption using SSL/TLS (Secure Sockets Layer/Transport Layer Security). It ensures that data is transferred in ciphertext, making it unreadable to unauthorized parties. HTTPS operates at the transport layer and requires SSL certificates to establish a secure connection. This protocol is widely used for secure transactions, such as online banking and login credentials. Key Differences:  Security: HTTP is unsecure, while HTTPS provides encryption and data security.  Port Numbers: HTTP uses port 80, whereas HTTPS uses port 443.  Data Transfer: HTTP transfers data in plaintext, while HTTPS transfers data in ciphertext.  Certificates: HTTP does not require SSL/TLS certificates, but HTTPS mandates them.  Search Engine Ranking: HTTPS improves search rankings and user trust, while HTTP does not.  Performance: HTTP is faster due to the absence of encryption, but HTTPS is slower because of the computational overhead of encryption and decryption. 2. FTP (File Transfer Protocol)  Purpose: Transfers files between a client and a server.  Port: 20 (data), 21 (control).  Key Features: o Supports authentication (username/password). o Modes: Active and Passive FTP.  Example: Uploading a website to a server. 3. SMTP (Simple Mail Transfer Protocol)  Purpose: Sends emails from a client to a server or between servers.  Port: 25 (default), 587 (secure).  Key Features: o Works with protocols like IMAP and POP3 for retrieving emails. o Push protocol (sends data to a recipient).  Example: Sending an email using Gmail.
SMTP (Simple Mail Transfer Protocol) and SFTP (Secure File Transfer Protocol) are two distinct protocols designed for different purposes in network communication. Below is a detailed comparison to highlight their differences: Purpose SMTP is primarily used for sending, receiving, and forwarding emails between mail servers. It ensures that emails are delivered from the sender to the recipient's mail server. SFTP, on the other hand, is used for securely transferring files over a network. It is an extension of the SSH (Secure Shell) protocol, providing encryption for both authentication and data transfer. Security SMTP does not inherently provide encryption. However, modern implementations often use STARTTLS to secure the communication channel. Without encryption, SMTP is vulnerable to interception. SFTP is inherently secure as it operates over SSH. It encrypts both the data and the authentication process, ensuring confidentiality and integrity during file transfers. Port Numbers SMTP typically uses port 25 for communication. For encrypted connections, ports like 587 (STARTTLS) or 465 (SSL/TLS) are commonly used. SFTP operates on port 22, the same port used by SSH, ensuring secure communication by default. Protocol Type SMTP is a push protocol, meaning it pushes emails from the sender's server to the recipient's server. It is designed for text-based communication and email transfer. SFTP is a pull protocol, allowing users to upload or download files securely. It supports binary and text file transfers, making it versatile for various file types. Use Cases SMTP is ideal for email communication, such as sending notifications, newsletters, or transactional emails. SFTP is used for secure file transfers, such as uploading website files, transferring sensitive documents, or backing up data. Key Differences SMTP is focused on email delivery and does not handle file transfers. It is not designed for large data transfers or file management. SFTP is specialized for file transfer and management, offering features like directory listing, file deletion, and resumption of interrupted transfers. 4. DNS (Domain Name System)  Purpose: Resolves domain names (e.g., gyanarth.com) into IP addresses.  Port: 53.
 Key Features: o Hierarchical structure: Root, TLDs (e.g., .com), and Subdomains. o Records:  A Record: Maps domain to IPv4.  AAAA Record: Maps domain to IPv6.  MX Record: Mail exchange servers.  Example: Typing www.gyanarth.com in a browser, which resolves to its IP address. 5. HTTPS (Secure HTTP)  Purpose: Secure version of HTTP, encrypting data using SSL/TLS.  Port: 443.  Key Features: o Ensures confidentiality, integrity, and authentication.  Example: Online banking or e-commerce websites (https://flipkart.com). 6. POP3 (Post Office Protocol v3)  Purpose: Retrieves emails from a server to a local device.  Port: 110 (default), 995 (secure).  Key Features: o Downloads emails and deletes them from the server.  Example: Accessing emails via an old desktop mail client. 7. IMAP (Internet Message Access Protocol)  Purpose: Accesses emails stored on a mail server.  Port: 143 (default), 993 (secure).  Key Features: o Allows syncing across multiple devices. o Does not delete emails from the server unless specified.  Example: Using Gmail on both phone and laptop simultaneously. 8. SNMP (Simple Network Management Protocol)  Purpose: Manages and monitors network devices (routers, switches).  Port: 161 (default).  Key Features: o Uses MIB (Management Information Base) to store data. o Versions: SNMPv1, SNMPv2, SNMPv3 (secure). 9. Telnet  Purpose: Provides remote access to devices via text commands.  Port: 23.  Key Features:
o Unencrypted; not secure (replaced by SSH).  Example: Accessing a router’s configuration remotely. 10. SSH (Secure Shell)  Purpose: Provides encrypted remote login and file transfer.  Port: 22.  Key Features: o Secure alternative to Telnet.  Example: Administering a Linux server remotely. 3.4 Network Addressing Network addressing is a crucial responsibility of the network layer. Network addresses are always logical, meaning they are software-based addresses.  Host (End System): A host, or end system, has one link to the network. The boundary between the host and the link is known as an interface. Therefore, a host can have only one interface.  Router: Unlike a host, a router has two or more links that connect to it. When a router forwards a datagram, it sends the packet to one of its links. The boundary between the router and each link is also known as an interface. A router can have multiple interfaces, one for each link. Each interface must have an IP address to send and receive IP packets.  IP Address: Each IP address is 32 bits long and is represented in "dot-decimal notation," where each byte is written in decimal form and separated by periods. For example, the IP address 193.32.216.9 consists of:
 193: The decimal notation of the first 8 bits  32: The decimal notation of the second 8 bits  216: The decimal notation of the third 8 bits  9: The decimal notation of the fourth 8 bits In the described figure, a router has three interfaces labeled 1, 2, and 3, each with its own unique IP address. Similarly, each host on the network has its own interface and corresponding IP address. For the networks:  LAN 1: Interfaces connected to LAN 1 have IP addresses in the format 223.1.1.xxx.  LAN 2: Interfaces connected to LAN 2 have IP addresses in the format 223.1.2.xxx.  LAN 3: Interfaces connected to LAN 3 have IP addresses in the format 223.1.3.xxx. Each IP address consists of two parts: 1. Network Part: The first three bytes of the IP address specify the network. 2. Host Part: The last byte of the IP address identifies the specific host within that network. This structure ensures efficient data routing and clear identification of devices within each network.  Classful Addressing An IP address is 32-bit long. An IP address is divided into sub-classes:  Class A  Class B  Class C  Class D  Class E  An ip address is divided into two parts:  Network ID: It represents the number of networks.  Host ID: It represents the number of hosts.
In the above diagram, we observe that each class have a specific range of IP addresses. The class of IP address is used to determine the number of bits used in a class and number of networks and hosts available in the class. Class A In Class A, an IP address is assigned to those networks that contain a large number of hosts.  The network ID is 8 bits long.  The host ID is 24 bits long. In Class A, the first bit in higher order bits of the first octet is always set to 0 and the remaining 7 bits determine the network ID. The 24 bits determine the host ID in any network. The total number of networks in Class A = 27 = 128 network address The total number of hosts in Class A = 224 - 2 = 16,777,214 host address Class B In Class B, an IP address is assigned to those networks that range from small-sized to large-sized networks.  The Network ID is 16 bits long.  The Host ID is 16 bits long. In Class B, the higher order bits of the first octet is always set to 10, and the remaining14 bits determine the network ID. The other 16 bits determine the Host ID. The total number of networks in Class B = 214 = 16384 network address The total number of hosts in Class B = 216 - 2 = 65534 host address Class C
In Class C, an IP address is assigned to only small-sized networks. o The Network ID is 24 bits long. o The host ID is 8 bits long. In Class C, the higher order bits of the first octet is always set to 110, and the remaining 21 bits determine the network ID. The 8 bits of the host ID determine the host in a network. The total number of networks = 221 = 2097152 network address The total number of hosts = 28 - 2 = 254 host address Class D In Class D, an IP address is reserved for multicast addresses. It does not possess subnetting. The higher order bits of the first octet is always set to 1110, and the remaining bits determines the host ID in any network. Class E In Class E, an IP address is used for the future use or for the research and development purposes. It does not possess any subnetting. The higher order bits of the first octet is always set to 1111, and the remaining bits determines the host ID in any network.  Rules for assigning Host ID: The Host ID is used to determine the host within any network. The Host ID is assigned based on the following rules:  The Host ID must be unique within any network.  The Host ID in which all the bits are set to 0 cannot be assigned as it is used to represent the network ID of the IP address.  The Host ID in which all the bits are set to 1 cannot be assigned as it is reserved for the multicast address.
 Rules for assigning Network ID: If the hosts are located within the same local network, then they are assigned with the same network ID. The following are the rules for assigning Network ID:  The network ID cannot start with 127 as 127 is used by Class A.  The Network ID in which all the bits are set to 0 cannot be assigned as it is used to specify a particular host on the local network.  The Network ID in which all the bits are set to 1 cannot be assigned as it is reserved for the multicast address. 3.5 Common Ports and Protocols Understanding Port Numbers A port number is a 16-bit numerical value ranging from 0 to 65535, divided into three types:  Well-known ports: 0-1023  Registered ports: 1024-49151  Dynamic ports: 49152-65535 Ports are used by software applications and operating system services to send and receive data over
networks (LAN or WAN) using specific protocols like TCP and UDP. For example, port 80 is used for HTTP (plain-text web browsing), while port 443 is used for HTTPS (encrypted web browsing).  Functions of Ports Ports serve as logical identifiers for system activities or various network services, facilitating local or network-based communications. 1. Interaction Over the Internet:  TCP and UDP protocols use ports to establish connections, reassemble data packets, and deliver them to applications on the recipient's device.  The operating system must install and open a gateway for the transfer, with each port having a unique code number.  After transmission, the receiving system uses the port number to determine the data's destination. Sender and receiver port numbers are always included in the data packet. 2. Port Assignment:  Ports are assigned sequentially from 0 to 65535.  Some port numbers are standardized for specific uses, known as well-known ports.  Registered ports are assigned to organizations or software developers for their applications by the Internet Assigned Numbers Authority (IANA).  Dynamic ports are temporarily assigned and reused, such as when browsers view websites.  Importance of Knowing Ports Understanding port numbers is crucial for security researchers, bug bounty hunters, and anyone working with service configuration. Knowledge of ports allows for more thorough scans, such as version detection or identifying vulnerabilities in outdated services, especially when using tools like Nmap. This information is invaluable for ensuring the security and proper configuration of network services. The following are some of the most common service names, transport protocol names, and port numbers used to differentiate between specific services that employ TCP, UDP, DCCP, and SCTP. Port Number Service name Transport protocol Description 7 Echo TCP, UDP Echo service 20 FTP-data TCP, SCTP File Transfer Protocol data transfer 21 FTP TCP, UDP, SCTP File Transfer Protocol (FTP) control connection
22 SSH-SCP TCP, UDP, SCTP Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding 23 Telnet TCP Telnet protocol—unencrypted text communications 25 SMTP TCP Simple Mail Transfer Protocol, used for email routing between mail servers 53 DNS TCP, UDP Domain Name System name resolver 69 TFTP UDP Trivial File Transfer Protocol 80 HTTP TCP, UDP, SCTP Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP 88 Kerberos TCP, UDP Network authentication system 102 Iso-tsap TCP ISO Transport Service Access Point (TSAP) Class 0 protocol 110 POP3 TCP Post Office Protocol, version 3 (POP3) 135 Microsoft EPMAP TCP, UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM 137 NetBIOS-ns TCP, UDP NetBIOS Name Service, used for name registration and resolution 139 NetBIOS-ssn TCP, UDP NetBIOS Session Service 143 IMAP4 TCP, UDP Internet Message Access Protocol (IMAP), management of electronic mail messages on a server 381 HP Openview TCP, UDP HP data alarm manager 383 HP Openview TCP, UDP HP performance data collector. 443 HTTP over SSL TCP, UDP, SCTP Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP. 464 Kerberos TCP, UDP Kerberos Change/Set password 465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) 22 SSH-SCP TCP, UDP, SCTP Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding
23 Telnet TCP Telnet protocol—unencrypted text communications 25 SMTP TCP Simple Mail Transfer Protocol, used for email routing between mail servers 53 DNS TCP, UDP Domain Name System name resolver 69 TFTP UDP Trivial File Transfer Protocol 80 HTTP TCP, UDP, SCTP Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP 88 Kerberos TCP, UDP Network authentication system 102 Iso-tsap TCP ISO Transport Service Access Point (TSAP) Class 0 protocol 110 POP3 TCP Post Office Protocol, version 3 (POP3) 135 Microsoft EPMAP TCP, UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM 137 NetBIOS-ns TCP, UDP NetBIOS Name Service, used for name registration and resolution 139 NetBIOS-ssn TCP, UDP NetBIOS Session Service 143 IMAP4 TCP, UDP Internet Message Access Protocol (IMAP), management of electronic mail messages on a server 381 HP Openview TCP, UDP HP data alarm manager 383 HP Openview TCP, UDP HP performance data collector. 443 HTTP over SSL TCP, UDP, SCTP Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP. 464 Kerberos TCP, UDP Kerberos Change/Set password 465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) 587 SMTP TCP Email message submission 593 Microsoft DCOM TCP, UDP HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services
and Microsoft Exchange Server 636 LDAP over TLS/SSL TCP, UDP Lightweight Directory Access Protocol over TLS/SSL 691 MS Exchange TCP MS Exchange Routing 902 VMware Server unofficial VMware ESXi 989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL 990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL 993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS) 995 POP3 over SSL TCP, UDP Post Office Protocol 3 over TLS/SSL 464 Kerberos TCP, UDP Kerberos Change/Set password 465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) 587 SMTP TCP Email message submission 593 Microsoft DCOM TCP, UDP HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services and Microsoft Exchange Server 636 LDAP over TLS/SSL TCP, UDP Lightweight Directory Access Protocol over TLS/SSL 691 MS Exchange TCP MS Exchange Routing 902 VMware Server unofficial VMware ESXi 989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL 990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL 993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS) 995 POP3 over SSL TCP, UDP Post Office Protocol 3 over TLS/SSL 1025 Microsoft RPC TCP Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end
of the service port range (1024+). 1194 OpenVPN TCP, UDP OpenVPN 1337 WASTE unofficial WASTE Encrypted File Sharing Program 1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP) 1725 Steam UDP Valve Steam Client uses port 1725 2082 cPanel unofficial cPanel default 2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL 2483 Oracle DB TCP, UDP Oracle database listening for insecure client connections to the listener, replaces port 1521 2484 Oracle DB TCP, UDP Oracle database listening for SSL client connections to the listener 2967 Symantec AV TCP, UDP Symantec System Center agent (SSC-AGENT) 989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL 990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL 993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS) 1025 Microsoft RPC TCP Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+). 1194 OpenVPN TCP, UDP OpenVPN 1337 WASTE unofficial WASTE Encrypted File Sharing Program 1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP) 1725 Steam UDP Valve Steam Client uses port 1725 2082 cPanel unofficial cPanel default 2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL 2483 Oracle DB TCP, UDP Oracle database listening for insecure client connections to the listener, replaces port 1521 1025 Microsoft RPC TCP Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+). 1194 OpenVPN TCP, UDP OpenVPN
1337 WASTE unofficial WASTE Encrypted File Sharing Program 1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP) 1725 Steam UDP Valve Steam Client uses port 1725 2082 cPanel unofficial cPanel default 2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL 2483 Oracle DB TCP, UDP Oracle database listening for insecure client connections to the listener, replaces port 1521 2484 Oracle DB TCP, UDP Oracle database listening for SSL client connections to the listener 2967 Symantec AV TCP, UDP Symantec System Center agent (SSC-AGENT) 3074 XBOX Live TCP, UDP Xbox LIVE and Games for Windows – Live 3306 MySQL TCP MySQL database system 3724 World of Warcraft TCP, UDP Some Blizzard games, Unofficial Club Penguin Disney online game for kids 4664 Google Desktop unofficial Google Desktop Search 5432 PostgreSQL TCP PostgreSQL database system 5900 RFB/VNC Server TCP, UDP virtual Network Computing (VNC) Remote Frame Buffer RFB protocol 6665-6669 IRC TCP Internet Relay Chat . 6881 BitTorrent unofficial BitTorrent is part of the full range of ports used most often 6999 BitTorrent unofficial BitTorrent is part of the full range of ports used most often 6970 Quicktime unofficial QuickTime Streaming Server 8086 Kaspersky AV TCP Kaspersky AV Control Center 8087 Kaspersky AV UDP Kaspersky AV Control Center 8222 VMware Server TCP, UDP VMware Server Management User Interface (insecure Web interface). 9100 PDL TCP PDL Data Stream, used for printing to certain network printers. 10000 BackupExec unofficial Webmin, Web-based Unix/Linux system administration tool (default port) 12345 NetBus unofficial NetBus remote administration tool (often Trojan horse). 27374 Sub7 unofficial Sub7 default 31337 Back Orifice unofficial Back Orifice 2000 remote administration tools

More Related Content

PPTX
Osi model
Priyanka Sharma
 
PPTX
OSI Pankaj yadav
BBAU Lucknow University
 
DOCX
OsI reference model
LakshmiSamivel
 
PPTX
computer science OSI and seven models or layers
BSc.
 
PPTX
Sargation university's open system interconnection
KingPinYT
 
PDF
Network Reference Model (Computer Networks) - Cybernetics Robo Academy
TutulAhmed3
 
PPTX
Protocols
Aashima Wadhwa
 
PPTX
OSI model.pptx computer networking ,OSI model
snarajpoot6
 
Osi model
Priyanka Sharma
 
OSI Pankaj yadav
BBAU Lucknow University
 
OsI reference model
LakshmiSamivel
 
computer science OSI and seven models or layers
BSc.
 
Sargation university's open system interconnection
KingPinYT
 
Network Reference Model (Computer Networks) - Cybernetics Robo Academy
TutulAhmed3
 
Protocols
Aashima Wadhwa
 
OSI model.pptx computer networking ,OSI model
snarajpoot6
 

Similar to Unit 3 Networking Basics of Ethical Hacking.docx (20)

PPTX
Osi reference model and the tcp
Agrippa Mungazi
 
DOCX
Osi model
GLIM Digital
 
PDF
1.The Open Systems Interconnect (OSI) model has seven layers.The mod.pdf
anandatalapatra
 
PDF
Ccna notes
Dreams Design
 
PDF
OSI Model.pdf
Madhumitha J
 
PPT
open system interconnection referencemodel.ppt
AnkitaAggarwal68
 
DOCX
Class 3
AsmaulCSE
 
PPT
PC 106 PPT-06
MLG College of Learning, Inc
 
PPT
Osi
Ganesh Bhosale
 
PPTX
Networking Models
Aftab Mirza
 
PPTX
Computer networking
Mahbubur Rahman Shimul
 
PPTX
network plus comptia chapter two project
AliAzarifar
 
PDF
osireferencemodel-lecture-2-220403060223.pdf
GearishSalam
 
PPTX
OSI Reference Model-Lecture-2.pptx
vishal choudhary
 
PDF
Ccna notes
Panos Brinias
 
PPTX
7. Lecture_OSI Model.pptx ssdddsdsssssss
avinavsah2612
 
PPTX
BAPANKAR15800121011 SOFT.pptx
BapanKar2
 
PPTX
2- lec_2.pptxDesigning with Type, SpacingDesigning with Type, SpacingDesignin...
ZahouAmel1
 
PPT
Osi and tcp ip model
Muhammad Nadeem Rana
 
PPTX
Osi model
ShubhamMishra485
 
Osi reference model and the tcp
Agrippa Mungazi
 
Osi model
GLIM Digital
 
1.The Open Systems Interconnect (OSI) model has seven layers.The mod.pdf
anandatalapatra
 
Ccna notes
Dreams Design
 
OSI Model.pdf
Madhumitha J
 
open system interconnection referencemodel.ppt
AnkitaAggarwal68
 
Class 3
AsmaulCSE
 
PC 106 PPT-06
MLG College of Learning, Inc
 
Osi
Ganesh Bhosale
 
Networking Models
Aftab Mirza
 
Computer networking
Mahbubur Rahman Shimul
 
network plus comptia chapter two project
AliAzarifar
 
osireferencemodel-lecture-2-220403060223.pdf
GearishSalam
 
OSI Reference Model-Lecture-2.pptx
vishal choudhary
 
Ccna notes
Panos Brinias
 
7. Lecture_OSI Model.pptx ssdddsdsssssss
avinavsah2612
 
BAPANKAR15800121011 SOFT.pptx
BapanKar2
 
2- lec_2.pptxDesigning with Type, SpacingDesigning with Type, SpacingDesignin...
ZahouAmel1
 
Osi and tcp ip model
Muhammad Nadeem Rana
 
Osi model
ShubhamMishra485
 

More from Guna Dhondwad (20)

DOCX
Unit 5 Web Application and Hacking Techniques.docx
Guna Dhondwad
 
DOCX
Unit 4 InformationGathering and Network Discovery.docx
Guna Dhondwad
 
DOCX
unit 2 Intoduction to Tools and Platforms.docx
Guna Dhondwad
 
DOCX
Unit 1 Introduction to Cyber Securiyt Attacks.docx
Guna Dhondwad
 
PPTX
Unit -1 cryptography contiues with algorithm.pptx
Guna Dhondwad
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
PPTX
Unit 3 -Symmetric Key Cryptographic Algorithms – I.pptx
Guna Dhondwad
 
PPTX
Network and Internet Security.pptx
Guna Dhondwad
 
PPTX
Computer Security Essentials.pptx
Guna Dhondwad
 
PPTX
Deadlocks and Deadlock Detection Other Issues
Guna Dhondwad
 
DOCX
Concurrency : Mutual Exclusion and Synchronization
Guna Dhondwad
 
PDF
Process And Scheduling Algorithms in os
Guna Dhondwad
 
DOCX
A brief introduction about an operating system and its architecture
Guna Dhondwad
 
PPTX
operating systems and it's services.pptx
Guna Dhondwad
 
PPTX
Introductions to Problem solvings.pptx
Guna Dhondwad
 
PPTX
Introduction to computer and its fundamentals.pptx
Guna Dhondwad
 
PPTX
Internet Networking with its working.pptx
Guna Dhondwad
 
PPTX
Wi-Fi Hacking with the help of various tools.pptx
Guna Dhondwad
 
PPTX
Web Application Hacking tools .pptx
Guna Dhondwad
 
PPTX
Privilege Escalation in Ethical Hacking.pptx
Guna Dhondwad
 
Unit 5 Web Application and Hacking Techniques.docx
Guna Dhondwad
 
Unit 4 InformationGathering and Network Discovery.docx
Guna Dhondwad
 
unit 2 Intoduction to Tools and Platforms.docx
Guna Dhondwad
 
Unit 1 Introduction to Cyber Securiyt Attacks.docx
Guna Dhondwad
 
Unit -1 cryptography contiues with algorithm.pptx
Guna Dhondwad
 
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Unit 3 -Symmetric Key Cryptographic Algorithms – I.pptx
Guna Dhondwad
 
Network and Internet Security.pptx
Guna Dhondwad
 
Computer Security Essentials.pptx
Guna Dhondwad
 
Deadlocks and Deadlock Detection Other Issues
Guna Dhondwad
 
Concurrency : Mutual Exclusion and Synchronization
Guna Dhondwad
 
Process And Scheduling Algorithms in os
Guna Dhondwad
 
A brief introduction about an operating system and its architecture
Guna Dhondwad
 
operating systems and it's services.pptx
Guna Dhondwad
 
Introductions to Problem solvings.pptx
Guna Dhondwad
 
Introduction to computer and its fundamentals.pptx
Guna Dhondwad
 
Internet Networking with its working.pptx
Guna Dhondwad
 
Wi-Fi Hacking with the help of various tools.pptx
Guna Dhondwad
 
Web Application Hacking tools .pptx
Guna Dhondwad
 
Privilege Escalation in Ethical Hacking.pptx
Guna Dhondwad
 

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Encapsulation theory and applications.pdf
gurumoop
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Cloud computing and distributed systems.
kkkkkhan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 

Unit 3 Networking Basics of Ethical Hacking.docx

  • 1. UNIT 3 SETTING UP AND CONFIGURATIONS 3.1 OSI Model The OSI (Open Systems Interconnection) model, developed in the 1980s, is a conceptual framework used for understanding network communication. While it's not fully implemented in practice, it remains a valuable reference today. The OSI model consists of seven interconnected layers, each adding its own layer of information as data passes through.  How It Works: 1. Data Movement: Data starts at the top layer and moves down through each layer, gaining additional information at each step. 2. Transmission: Once the data reaches the bottom layer, it is transmitted over the network. 3. Reception: On the receiving end, the process is reversed. The data moves up through the layers, shedding the added information until it reaches its original form at the top layer. This layered approach helps ensure seamless communication across different networking systems by standardizing how data is transmitted and received.  OSI Model Layers: The OSI model is composed of seven layers, each with a unique role in ensuring seamless data communication. Here's a breakdown of these layers from bottom to top: 1. Physical Layer: This is the foundation of the OSI model. It deals with the actual physical connections among devices, such as cables, switches, and the transmission of raw binary data. 2. Data Link Layer: This layer handles the node-to-node delivery of messages. It's responsible for error detection and correction to ensure reliable data transfer between adjacent network nodes. 3. Network Layer: Responsible for transmitting data from one host to another across multiple networks. It determines the best path for data to travel, ensuring it reaches the correct destination. 4. Transport Layer: This layer ensures that messages are delivered reliably and in the correct order across the network. It handles error recovery and flow control, making sure data is transferred without issues. 5. Session Layer: Focused on establishing, managing, and terminating sessions between devices. It keeps track of dialogue between two devices, ensuring continuous and organized communication. 6. Presentation Layer: This layer is responsible for data translation, encryption, and decryption. It transforms data into a format that can be used by the application layer, ensuring it is readable and secure. 7. Application Layer: The topmost layer, where users interact with the system. It provides various network services directly to end-users, such as email, file transfer, and web browsing.
  • 2.  Application Layer - Layer 7: User interaction and network services  Presentation Layer - Layer 6: Data translation, encryption, and decryption  Session Layer - Layer 5: Session management between devices  Transport Layer - Layer 4: Reliable data transfer, error recovery  Network Layer - Layer 3: Data routing, addressing between networks  Data Link Layer - Layer 2: Node-to-node data transfer, error detection  Physical Layer - Layer 1: Physical connections, raw binary transmission  Data Flow in the OSI Model The OSI (Open Systems Interconnection) model describes how data is transmitted from one device to another through its seven layers. This process involves encapsulating data at each layer on the sender side, transmitting it over the network, and decapsulating it at each layer on the receiver side to ensure that data is received correctly and reliably.
  • 3. Advantages  Supports Both Services: It supports both connection-oriented and connectionless services.  Flexibility: The model is quite flexible.  Independent Layers: Each layer operates independently from the others. Disadvantages  Complex Setup: Setting up the model can be a challenging task.  Protocol Compatibility: Fitting a new protocol into this model can sometimes be difficult.  Reference Use Only: It is mainly used as a reference model and not implemented entirely.  TCP/IP Model Originally, the OSI model was used for connectionless protocols like CLNS and CLMNP. However, with the introduction of TCP (a connection-oriented protocol), the TCP/IP model came into existence. In this new model, the Application, Presentation, and Session layers of the OSI model were combined to form the Application layer in the TCP/IP model. Similarly, the Data Link and Physical layers of the OSI model were combined to create the Network Access layer in the TCP/IP model. The Internet layer in the TCP/IP model is equivalent to the Network layer in the OSI model.  Layers of the TCP/IP Model 1. Network Access Layer:  The lowest layer of the TCP/IP model.  Combines the Physical and Data Link layers of the OSI model.  Facilitates data transmission within the same network. 2. Internet Layer:  Corresponds to the Network layer of the OSI model.  Responsible for moving data packets from the source to the destination across multiple networks. 3. Transport Layer:
  • 4.  Similar to the Transport layer in the OSI model.  Ensures error-free delivery of messages. 4. Application Layer:  The topmost layer in the TCP/IP model.  Combines the functionalities of the Application, Presentation, and Session layers of the OSI model.  Provides various network services directly to end-users, such as email, file transfer, and web browsing.  Similarities Between the OSI and TCP/IP Models 1. Common Architecture: o Both the OSI and TCP/IP models are logical frameworks constructed with layers. They share a similar architecture, making it easier to understand and implement network protocols. 2. Defined Standards: o Both models have established standards and provide a framework for implementing these standards and devices. 3. Simplified Troubleshooting: o Both models simplify the troubleshooting process by breaking down complex functions into smaller, more manageable components. 4. Pre-Defined Standards: o The models do not redefine existing standards and protocols. Instead, they reference and use pre-defined standards. For example, the Ethernet standards defined by IEEE are used rather than being recreated by the models. 5. Similar Functionality of Transport and Network Layers: o The functions performed between the presentation and network layers in the OSI model are similar to those performed at the transport layer in both models.  Differences Between OSI and TCP/IP Models 1. Model Structure  OSI Model: The OSI (Open Systems Interconnection) model has seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.  TCP/IP Model: The TCP/IP (Transmission Control Protocol/Internet Protocol) model has four layers: Network Access, Internet, Transport, and Application. 2. Layer Functionality  OSI Model: o Physical Layer: Deals with the physical connection between devices. o Data Link Layer: Ensures reliable node-to-node data transfer. o Network Layer: Manages data routing and addressing between networks.
  • 5. o Transport Layer: Provides end-to-end communication and error recovery. o Session Layer: Manages sessions between applications. o Presentation Layer: Translates, encrypts, and decrypts data. o Application Layer: Supports network applications and end-user processes.  TCP/IP Model: o Network Access Layer: Combines functionalities of the Physical and Data Link layers from the OSI model. o Internet Layer: Corresponds to the Network layer of the OSI model and handles packet forwarding and routing. o Transport Layer: Ensures reliable data transfer, similar to the OSI model's Transport layer. o Application Layer: Combines the Application, Presentation, and Session layers of the OSI model, providing network services to end-users. 3. Development and Usage  OSI Model: o Developed by ISO (International Organization for Standardization). o Primarily used as a reference model for understanding and designing network protocols.  TCP/IP Model: o Developed by the Defense Advanced Research Projects Agency (DARPA). o Widely implemented and used as the foundation for the internet. 4. Layer Independence  OSI Model: o Each layer has a distinct function and operates independently. o Changes in one layer do not affect the other layers.  TCP/IP Model: o Layers have more integrated and overlapping functions. o Changes in lower layers may affect the upper layers. 5. Protocol Specificity  OSI Model:  Specifies different protocols for each layer.  Provides a broader scope for the development of various networking protocols.  TCP/IP Model:  More protocol-specific, focusing on the protocols used for internet communication, such as TCP and IP. 3.2 IP Addressing and Subnetting Understanding IP Addresses and Subnetting
  • 6. Network devices rely on IP addresses and subnets to identify where communications come from and where they're going. This helps manage network addresses efficiently.  IP Addresses IP addresses have two main parts:  Network Identifier (Network ID): This part identifies a network area where a device is located, much like an area code in a phone number.  Host Identifier (Host ID): This part specifies a particular device within that network area, similar to how a phone number identifies a specific phone within an area code. Most business networks still use IP version 4 (IPv4) addresses, which offer about 4.3 billion unique variations. With many of these addresses already in use, the newer IP version 6 (IPv6) standard provides more addresses and additional benefits.  IPv4 Addressing Computers handle IPv4 addresses as 32-bit binary strings, but humans usually convert them into dotted decimal addresses, which are easier to write and understand. For example:  Binary String: 11000000.00000000.00000010.00000010  IP Address: 192.0.2.2 Similarly, the associated subnet mask converts from binary to dotted decimal format:  Binary Subnet Mask: 11111111.11111111.11111111.11111100  Subnet Mask: 255.255.255.252  Subnet Masks Subnet masks help distinguish which part of the IP address is the network ID and which part is the host ID. Routers, computers, and network troubleshooters use IP addresses and subnet masks to manage network traffic, ensuring that information sent from one system arrives at its intended destination.  IP Address Fundamentals Network devices typically have three main identities: 1. Physical Address (MAC Address): This is the hardware address of a network interface. 2. Logical Address (IP Address): This is the unique identifier for a device on a network. 3. Hostname: A human-readable name that helps people recognize the device.  IP Addressing and Subnetting in Computer Networks
  • 7. IP addressing and subnetting are crucial concepts in computer networking. An IP address is a unique identifier assigned to devices on a network to enable communication. It comprises two parts: the network identifier (network ID) and the host identifier (host ID). Subnetting, on the other hand, is a technique used to divide a larger IP network into smaller, more manageable sub-networks (subnets) to enhance efficiency and security in IP management. Both concepts are interconnected. What is IP Addressing? Every device that uses a network receives an IP address, a special identifier number. IP addresses are essential for routing data packets between devices and facilitating internet communication. The most common way to represent IP addresses is using dotted decimal notation, which consists of four sets of bits separated by periods. This notation makes IP addresses easier to read and understand. An IP address is 32 bits long, with each number corresponding to a byte of the address.  Types of IP Addresses There are two primary forms of IP addresses:  IPv4 (Internet Protocol version 4): This version uses 32-bit addresses, providing about 4.3 billion unique addresses. Due to the limited number of unique IPv4 addresses, subnetting and other methods have been developed to efficiently manage IP addresses.  IPv6 (Internet Protocol version 6): This version uses 128-bit addresses, offering a significantly larger number of unique addresses. IPv6 addresses provide many more unique addresses compared to IPv4 and come with additional benefits. By understanding and implementing IP addressing and subnetting, network administrators can effectively manage network resources, ensuring efficient and secure communication between devices. Advantages of IP Addressing  Unique Identification: IP addressing allows you to generate a unique identification number for each device on a network.  Data Routing: It is essential for routing data between different networks, ensuring effective communication.  Internet Access: IP addressing enables devices, servers, and other resources to be accessed over the internet. Disadvantages of IP Addressing  Limited IPv4 Addresses: There is a limited number of IPv4 addresses available, which can lead to shortages.  Configuration Complexity: Configuring IP addresses can be complex and requires careful management.  Security Risks: If IP addresses are exposed, there is a high risk of security threats, including unauthorized access and cyber-attacks. What is Subnetting?
  • 8. Subnetting is the process of dividing a larger network into smaller, more manageable sub-networks (subnets). This involves taking bits from the host part of an IP address to create a network part. The network part identifies the subnetwork as a whole, while the host part identifies the specific device within that subnetwork. Subnetting allows network managers to create more organized and secure networks tailored to their performance and security needs. For instance, a large enterprise could segment its network into subnets for different divisions or locations.  Advantages of Subnetting  Efficient Use of IP Addresses: Subnetting divides large networks into smaller ones, making more effective use of IP addresses.  Enhanced Security: Subnets can add an extra layer of security by isolating different parts of the network.  Improved Performance: By reducing network traffic, subnetting can enhance overall network performance.  Disadvantages of Subnetting  Complex Expansion: Expanding or changing the subnet structure can be challenging.  Planning and Calculations: Designing a subnetted network requires careful planning and precise calculations.  Potential Security Risks: Incorrect configuration of subnets can lead to external security threats.  Difference Between IP Addressing and Subnetting 1. Definition:  IP Addressing: IP addressing refers to assigning unique identifiers (IP addresses) to devices on a network to enable communication. An IP address consists of a network part and a host part.  Subnetting: Subnetting is the process of dividing a larger IP network into smaller, more manageable sub-networks (subnets). This helps improve network efficiency and security. 2. Purpose:  IP Addressing: The main purpose is to uniquely identify devices on a network and facilitate data routing between devices.  Subnetting: The main purpose is to segment a larger network into smaller sections to improve
  • 9. management, security, and performance. 3. Components:  IP Addressing: Involves the network identifier (network ID) and host identifier (host ID). Examples include IPv4 and IPv6 addresses.  Subnetting: Involves creating subnets by modifying the host part of the IP address to create additional network IDs. 4. Benefits:  IP Addressing: Ensures unique identification for each device, enabling effective data communication and routing.  Subnetting: Enhances network efficiency, security, and performance by reducing network congestion and isolating network segments. 5. Complexity:  IP Addressing: Generally straightforward but can become complex with a large number of devices and networks.  Subnetting: More complex due to the need for careful planning and calculations to design and configure subnets. 6. Security:  IP Addressing: Basic security through unique identification, but exposed IP addresses can be vulnerable to threats.  Subnetting: Offers additional security by isolating different parts of the network, making it harder for unauthorized access. 7. Example:  IP Addressing: An IPv4 address like 192.168.1.1.  Subnetting: Dividing the IP address 192.168.1.1/24 into smaller subnets like 192.168.1.0/25 and 192.168.1.128/25 3.3 Common Network Protocols 1. HTTP (Hypertext Transfer Protocol)  Purpose: Used for transferring web pages and resources (HTML, CSS, JavaScript).  Port: 80 (HTTP), 443 (HTTPS).  Key Features: o Stateless protocol (does not remember previous requests). o Supports methods like GET, POST, PUT, DELETE, etc.  Example: Accessing a website (http://gyanarth.com). Difference Between HTTP and HTTPS
  • 10. HTTP (Hyper-Text Transfer Protocol) and HTTPS (Hyper-Text Transfer Protocol Secure) are protocols used for transferring data over the web. The key distinction lies in the security features provided by HTTPS, which makes it more secure than HTTP. HTTP is a stateless protocol that operates at the application layer and transfers data in plaintext. This means that any data exchanged between the client and server can be intercepted and read by third parties. HTTP does not use encryption or require certificates, making it less secure for sensitive information. HTTPS, on the other hand, is an extension of HTTP that incorporates encryption using SSL/TLS (Secure Sockets Layer/Transport Layer Security). It ensures that data is transferred in ciphertext, making it unreadable to unauthorized parties. HTTPS operates at the transport layer and requires SSL certificates to establish a secure connection. This protocol is widely used for secure transactions, such as online banking and login credentials. Key Differences:  Security: HTTP is unsecure, while HTTPS provides encryption and data security.  Port Numbers: HTTP uses port 80, whereas HTTPS uses port 443.  Data Transfer: HTTP transfers data in plaintext, while HTTPS transfers data in ciphertext.  Certificates: HTTP does not require SSL/TLS certificates, but HTTPS mandates them.  Search Engine Ranking: HTTPS improves search rankings and user trust, while HTTP does not.  Performance: HTTP is faster due to the absence of encryption, but HTTPS is slower because of the computational overhead of encryption and decryption. 2. FTP (File Transfer Protocol)  Purpose: Transfers files between a client and a server.  Port: 20 (data), 21 (control).  Key Features: o Supports authentication (username/password). o Modes: Active and Passive FTP.  Example: Uploading a website to a server. 3. SMTP (Simple Mail Transfer Protocol)  Purpose: Sends emails from a client to a server or between servers.  Port: 25 (default), 587 (secure).  Key Features: o Works with protocols like IMAP and POP3 for retrieving emails. o Push protocol (sends data to a recipient).  Example: Sending an email using Gmail.
  • 11. SMTP (Simple Mail Transfer Protocol) and SFTP (Secure File Transfer Protocol) are two distinct protocols designed for different purposes in network communication. Below is a detailed comparison to highlight their differences: Purpose SMTP is primarily used for sending, receiving, and forwarding emails between mail servers. It ensures that emails are delivered from the sender to the recipient's mail server. SFTP, on the other hand, is used for securely transferring files over a network. It is an extension of the SSH (Secure Shell) protocol, providing encryption for both authentication and data transfer. Security SMTP does not inherently provide encryption. However, modern implementations often use STARTTLS to secure the communication channel. Without encryption, SMTP is vulnerable to interception. SFTP is inherently secure as it operates over SSH. It encrypts both the data and the authentication process, ensuring confidentiality and integrity during file transfers. Port Numbers SMTP typically uses port 25 for communication. For encrypted connections, ports like 587 (STARTTLS) or 465 (SSL/TLS) are commonly used. SFTP operates on port 22, the same port used by SSH, ensuring secure communication by default. Protocol Type SMTP is a push protocol, meaning it pushes emails from the sender's server to the recipient's server. It is designed for text-based communication and email transfer. SFTP is a pull protocol, allowing users to upload or download files securely. It supports binary and text file transfers, making it versatile for various file types. Use Cases SMTP is ideal for email communication, such as sending notifications, newsletters, or transactional emails. SFTP is used for secure file transfers, such as uploading website files, transferring sensitive documents, or backing up data. Key Differences SMTP is focused on email delivery and does not handle file transfers. It is not designed for large data transfers or file management. SFTP is specialized for file transfer and management, offering features like directory listing, file deletion, and resumption of interrupted transfers. 4. DNS (Domain Name System)  Purpose: Resolves domain names (e.g., gyanarth.com) into IP addresses.  Port: 53.
  • 12.  Key Features: o Hierarchical structure: Root, TLDs (e.g., .com), and Subdomains. o Records:  A Record: Maps domain to IPv4.  AAAA Record: Maps domain to IPv6.  MX Record: Mail exchange servers.  Example: Typing www.gyanarth.com in a browser, which resolves to its IP address. 5. HTTPS (Secure HTTP)  Purpose: Secure version of HTTP, encrypting data using SSL/TLS.  Port: 443.  Key Features: o Ensures confidentiality, integrity, and authentication.  Example: Online banking or e-commerce websites (https://flipkart.com). 6. POP3 (Post Office Protocol v3)  Purpose: Retrieves emails from a server to a local device.  Port: 110 (default), 995 (secure).  Key Features: o Downloads emails and deletes them from the server.  Example: Accessing emails via an old desktop mail client. 7. IMAP (Internet Message Access Protocol)  Purpose: Accesses emails stored on a mail server.  Port: 143 (default), 993 (secure).  Key Features: o Allows syncing across multiple devices. o Does not delete emails from the server unless specified.  Example: Using Gmail on both phone and laptop simultaneously. 8. SNMP (Simple Network Management Protocol)  Purpose: Manages and monitors network devices (routers, switches).  Port: 161 (default).  Key Features: o Uses MIB (Management Information Base) to store data. o Versions: SNMPv1, SNMPv2, SNMPv3 (secure). 9. Telnet  Purpose: Provides remote access to devices via text commands.  Port: 23.  Key Features:
  • 13. o Unencrypted; not secure (replaced by SSH).  Example: Accessing a router’s configuration remotely. 10. SSH (Secure Shell)  Purpose: Provides encrypted remote login and file transfer.  Port: 22.  Key Features: o Secure alternative to Telnet.  Example: Administering a Linux server remotely. 3.4 Network Addressing Network addressing is a crucial responsibility of the network layer. Network addresses are always logical, meaning they are software-based addresses.  Host (End System): A host, or end system, has one link to the network. The boundary between the host and the link is known as an interface. Therefore, a host can have only one interface.  Router: Unlike a host, a router has two or more links that connect to it. When a router forwards a datagram, it sends the packet to one of its links. The boundary between the router and each link is also known as an interface. A router can have multiple interfaces, one for each link. Each interface must have an IP address to send and receive IP packets.  IP Address: Each IP address is 32 bits long and is represented in "dot-decimal notation," where each byte is written in decimal form and separated by periods. For example, the IP address 193.32.216.9 consists of:
  • 14.  193: The decimal notation of the first 8 bits  32: The decimal notation of the second 8 bits  216: The decimal notation of the third 8 bits  9: The decimal notation of the fourth 8 bits In the described figure, a router has three interfaces labeled 1, 2, and 3, each with its own unique IP address. Similarly, each host on the network has its own interface and corresponding IP address. For the networks:  LAN 1: Interfaces connected to LAN 1 have IP addresses in the format 223.1.1.xxx.  LAN 2: Interfaces connected to LAN 2 have IP addresses in the format 223.1.2.xxx.  LAN 3: Interfaces connected to LAN 3 have IP addresses in the format 223.1.3.xxx. Each IP address consists of two parts: 1. Network Part: The first three bytes of the IP address specify the network. 2. Host Part: The last byte of the IP address identifies the specific host within that network. This structure ensures efficient data routing and clear identification of devices within each network.  Classful Addressing An IP address is 32-bit long. An IP address is divided into sub-classes:  Class A  Class B  Class C  Class D  Class E  An ip address is divided into two parts:  Network ID: It represents the number of networks.  Host ID: It represents the number of hosts.
  • 15. In the above diagram, we observe that each class have a specific range of IP addresses. The class of IP address is used to determine the number of bits used in a class and number of networks and hosts available in the class. Class A In Class A, an IP address is assigned to those networks that contain a large number of hosts.  The network ID is 8 bits long.  The host ID is 24 bits long. In Class A, the first bit in higher order bits of the first octet is always set to 0 and the remaining 7 bits determine the network ID. The 24 bits determine the host ID in any network. The total number of networks in Class A = 27 = 128 network address The total number of hosts in Class A = 224 - 2 = 16,777,214 host address Class B In Class B, an IP address is assigned to those networks that range from small-sized to large-sized networks.  The Network ID is 16 bits long.  The Host ID is 16 bits long. In Class B, the higher order bits of the first octet is always set to 10, and the remaining14 bits determine the network ID. The other 16 bits determine the Host ID. The total number of networks in Class B = 214 = 16384 network address The total number of hosts in Class B = 216 - 2 = 65534 host address Class C
  • 16. In Class C, an IP address is assigned to only small-sized networks. o The Network ID is 24 bits long. o The host ID is 8 bits long. In Class C, the higher order bits of the first octet is always set to 110, and the remaining 21 bits determine the network ID. The 8 bits of the host ID determine the host in a network. The total number of networks = 221 = 2097152 network address The total number of hosts = 28 - 2 = 254 host address Class D In Class D, an IP address is reserved for multicast addresses. It does not possess subnetting. The higher order bits of the first octet is always set to 1110, and the remaining bits determines the host ID in any network. Class E In Class E, an IP address is used for the future use or for the research and development purposes. It does not possess any subnetting. The higher order bits of the first octet is always set to 1111, and the remaining bits determines the host ID in any network.  Rules for assigning Host ID: The Host ID is used to determine the host within any network. The Host ID is assigned based on the following rules:  The Host ID must be unique within any network.  The Host ID in which all the bits are set to 0 cannot be assigned as it is used to represent the network ID of the IP address.  The Host ID in which all the bits are set to 1 cannot be assigned as it is reserved for the multicast address.
  • 17.  Rules for assigning Network ID: If the hosts are located within the same local network, then they are assigned with the same network ID. The following are the rules for assigning Network ID:  The network ID cannot start with 127 as 127 is used by Class A.  The Network ID in which all the bits are set to 0 cannot be assigned as it is used to specify a particular host on the local network.  The Network ID in which all the bits are set to 1 cannot be assigned as it is reserved for the multicast address. 3.5 Common Ports and Protocols Understanding Port Numbers A port number is a 16-bit numerical value ranging from 0 to 65535, divided into three types:  Well-known ports: 0-1023  Registered ports: 1024-49151  Dynamic ports: 49152-65535 Ports are used by software applications and operating system services to send and receive data over
  • 18. networks (LAN or WAN) using specific protocols like TCP and UDP. For example, port 80 is used for HTTP (plain-text web browsing), while port 443 is used for HTTPS (encrypted web browsing).  Functions of Ports Ports serve as logical identifiers for system activities or various network services, facilitating local or network-based communications. 1. Interaction Over the Internet:  TCP and UDP protocols use ports to establish connections, reassemble data packets, and deliver them to applications on the recipient's device.  The operating system must install and open a gateway for the transfer, with each port having a unique code number.  After transmission, the receiving system uses the port number to determine the data's destination. Sender and receiver port numbers are always included in the data packet. 2. Port Assignment:  Ports are assigned sequentially from 0 to 65535.  Some port numbers are standardized for specific uses, known as well-known ports.  Registered ports are assigned to organizations or software developers for their applications by the Internet Assigned Numbers Authority (IANA).  Dynamic ports are temporarily assigned and reused, such as when browsers view websites.  Importance of Knowing Ports Understanding port numbers is crucial for security researchers, bug bounty hunters, and anyone working with service configuration. Knowledge of ports allows for more thorough scans, such as version detection or identifying vulnerabilities in outdated services, especially when using tools like Nmap. This information is invaluable for ensuring the security and proper configuration of network services. The following are some of the most common service names, transport protocol names, and port numbers used to differentiate between specific services that employ TCP, UDP, DCCP, and SCTP. Port Number Service name Transport protocol Description 7 Echo TCP, UDP Echo service 20 FTP-data TCP, SCTP File Transfer Protocol data transfer 21 FTP TCP, UDP, SCTP File Transfer Protocol (FTP) control connection
  • 19. 22 SSH-SCP TCP, UDP, SCTP Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding 23 Telnet TCP Telnet protocol—unencrypted text communications 25 SMTP TCP Simple Mail Transfer Protocol, used for email routing between mail servers 53 DNS TCP, UDP Domain Name System name resolver 69 TFTP UDP Trivial File Transfer Protocol 80 HTTP TCP, UDP, SCTP Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP 88 Kerberos TCP, UDP Network authentication system 102 Iso-tsap TCP ISO Transport Service Access Point (TSAP) Class 0 protocol 110 POP3 TCP Post Office Protocol, version 3 (POP3) 135 Microsoft EPMAP TCP, UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM 137 NetBIOS-ns TCP, UDP NetBIOS Name Service, used for name registration and resolution 139 NetBIOS-ssn TCP, UDP NetBIOS Session Service 143 IMAP4 TCP, UDP Internet Message Access Protocol (IMAP), management of electronic mail messages on a server 381 HP Openview TCP, UDP HP data alarm manager 383 HP Openview TCP, UDP HP performance data collector. 443 HTTP over SSL TCP, UDP, SCTP Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP. 464 Kerberos TCP, UDP Kerberos Change/Set password 465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) 22 SSH-SCP TCP, UDP, SCTP Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding
  • 20. 23 Telnet TCP Telnet protocol—unencrypted text communications 25 SMTP TCP Simple Mail Transfer Protocol, used for email routing between mail servers 53 DNS TCP, UDP Domain Name System name resolver 69 TFTP UDP Trivial File Transfer Protocol 80 HTTP TCP, UDP, SCTP Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP 88 Kerberos TCP, UDP Network authentication system 102 Iso-tsap TCP ISO Transport Service Access Point (TSAP) Class 0 protocol 110 POP3 TCP Post Office Protocol, version 3 (POP3) 135 Microsoft EPMAP TCP, UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM 137 NetBIOS-ns TCP, UDP NetBIOS Name Service, used for name registration and resolution 139 NetBIOS-ssn TCP, UDP NetBIOS Session Service 143 IMAP4 TCP, UDP Internet Message Access Protocol (IMAP), management of electronic mail messages on a server 381 HP Openview TCP, UDP HP data alarm manager 383 HP Openview TCP, UDP HP performance data collector. 443 HTTP over SSL TCP, UDP, SCTP Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP. 464 Kerberos TCP, UDP Kerberos Change/Set password 465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) 587 SMTP TCP Email message submission 593 Microsoft DCOM TCP, UDP HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services
  • 21. and Microsoft Exchange Server 636 LDAP over TLS/SSL TCP, UDP Lightweight Directory Access Protocol over TLS/SSL 691 MS Exchange TCP MS Exchange Routing 902 VMware Server unofficial VMware ESXi 989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL 990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL 993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS) 995 POP3 over SSL TCP, UDP Post Office Protocol 3 over TLS/SSL 464 Kerberos TCP, UDP Kerberos Change/Set password 465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) 587 SMTP TCP Email message submission 593 Microsoft DCOM TCP, UDP HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services and Microsoft Exchange Server 636 LDAP over TLS/SSL TCP, UDP Lightweight Directory Access Protocol over TLS/SSL 691 MS Exchange TCP MS Exchange Routing 902 VMware Server unofficial VMware ESXi 989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL 990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL 993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS) 995 POP3 over SSL TCP, UDP Post Office Protocol 3 over TLS/SSL 1025 Microsoft RPC TCP Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end
  • 22. of the service port range (1024+). 1194 OpenVPN TCP, UDP OpenVPN 1337 WASTE unofficial WASTE Encrypted File Sharing Program 1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP) 1725 Steam UDP Valve Steam Client uses port 1725 2082 cPanel unofficial cPanel default 2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL 2483 Oracle DB TCP, UDP Oracle database listening for insecure client connections to the listener, replaces port 1521 2484 Oracle DB TCP, UDP Oracle database listening for SSL client connections to the listener 2967 Symantec AV TCP, UDP Symantec System Center agent (SSC-AGENT) 989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL 990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL 993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS) 1025 Microsoft RPC TCP Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+). 1194 OpenVPN TCP, UDP OpenVPN 1337 WASTE unofficial WASTE Encrypted File Sharing Program 1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP) 1725 Steam UDP Valve Steam Client uses port 1725 2082 cPanel unofficial cPanel default 2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL 2483 Oracle DB TCP, UDP Oracle database listening for insecure client connections to the listener, replaces port 1521 1025 Microsoft RPC TCP Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+). 1194 OpenVPN TCP, UDP OpenVPN
  • 23. 1337 WASTE unofficial WASTE Encrypted File Sharing Program 1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP) 1725 Steam UDP Valve Steam Client uses port 1725 2082 cPanel unofficial cPanel default 2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL 2483 Oracle DB TCP, UDP Oracle database listening for insecure client connections to the listener, replaces port 1521 2484 Oracle DB TCP, UDP Oracle database listening for SSL client connections to the listener 2967 Symantec AV TCP, UDP Symantec System Center agent (SSC-AGENT) 3074 XBOX Live TCP, UDP Xbox LIVE and Games for Windows – Live 3306 MySQL TCP MySQL database system 3724 World of Warcraft TCP, UDP Some Blizzard games, Unofficial Club Penguin Disney online game for kids 4664 Google Desktop unofficial Google Desktop Search 5432 PostgreSQL TCP PostgreSQL database system 5900 RFB/VNC Server TCP, UDP virtual Network Computing (VNC) Remote Frame Buffer RFB protocol 6665-6669 IRC TCP Internet Relay Chat . 6881 BitTorrent unofficial BitTorrent is part of the full range of ports used most often 6999 BitTorrent unofficial BitTorrent is part of the full range of ports used most often 6970 Quicktime unofficial QuickTime Streaming Server 8086 Kaspersky AV TCP Kaspersky AV Control Center 8087 Kaspersky AV UDP Kaspersky AV Control Center 8222 VMware Server TCP, UDP VMware Server Management User Interface (insecure Web interface). 9100 PDL TCP PDL Data Stream, used for printing to certain network printers. 10000 BackupExec unofficial Webmin, Web-based Unix/Linux system administration tool (default port) 12345 NetBus unofficial NetBus remote administration tool (often Trojan horse). 27374 Sub7 unofficial Sub7 default 31337 Back Orifice unofficial Back Orifice 2000 remote administration tools