Understanding TCP/IP networking protocols

In the previous video we learned about how IP addresses are used to identify network devices. While those addresses do point requests in the right direction, there are still two more things you'll need to specify to ensure successful data transfers, the network protocol and network port. The network protocol defines how devices will communicate with each other, including how to establish connections, organize packets of data, and in some cases, how to compress or encrypt data. The three protocols the LPIC expects you to understand are TCP, UDP, and ICMP.

Perhaps the most common higher level protocol you will use is the Transmission Control Protocol TCP. In fact, the original Internet Protocol Suite, will often be referred to as TCP/IP. Largely because of it's built-in reliability, TCP is used to carry most web traffic, emails, and file transfers. Data is automatically broken down into small packets, transferred, and then reassembled at the target. TCP includes packet verification in its data stream deliveries.

For transfers that don't require error checking, like streaming audio and video or VOIP, the quicker and connection-less User Datagram Protocol UDP is often used, while UDP has no delivery conformation or verification, it does provide checksums.

The Internet Controlled Message Protocol, ICMP, is a very simple way for network devices to quickly exchange some basic information. The ping tool uses ICMP to check if a host is online and available for connectivity. You point ping to an IP or DNS address and it will send small packages with a request that they be echoed back. ping will immediately report its results. Network ports allow a single IP address to be used for multiple purposes. They can also be used to make it harder for unauthorized users to gain access to your resources.

Becoming familiar with standard and non-standard networking ports

There are, by accepted convention, three kinds of network ports. Well known ports, that we'll explore in a minute; ICANN registered ports that have been reserved for specific commercial protocols; and dynamic ports that are available for anyone to use on an ad hoc basis. All well known ports fall between ports one and 1,023. ICANN registered ports can lie between 1024 and 49,151. Dynamic ports start at 49,152 and continue up to the highest port number, 65,535. You must be aware of these rules to avoid conflicts or security vulnerabilities. When you address traffic to a host using a non-standard port, they'll need to specify the port after a colon that follows the address itself. If a single address is host to more than one service you may have to specify which service you're after.

This host can be used for either HTTP or FTP access. Technically speaking you should have to add a port like 80 or 443 to web addresses that you visit, but your browser will usually do that for you invisibly.

As advertised, we'll now look at some of the more common well known ports. The LPIC exam expects you to be familiar with the function of each of these. Port 20 is used for FTP file transfers, while 21 is for FTP data control. Port 22 is used by SSH, which is something you'll definitely need to know if you plan to set up virtual private networks, VPCs, on Amazon's AWS. 23 is used by Telnet, bear in mind that while Telnet is still useful for certain temporary and local functions it is inherently insecure and is not appropriate for most purposes. Port 25 is set aside for SMTP, the Simple Mail Transfer Protocol. 53, is a port used for domain name service, DNS. A fact that explains why AWS named its DNS service Root 53.

80, is for insecure HTTP traffic. The kind that for now at least makes up the majority of web traffic. There is currently a growing movement to convince all website administrators around the internet to switch their sites to secure HTTP or HTTPS, which as we'll see in a minute uses Port 443. Port 110 is for the POP3 post office protocol for retrieving email messages over a TCP/IP connection. 123 is used by NTP, Network Time Protocol. 139 is for NetBios, which controls local communications at the session layer. The Internet Message Access Protocol, IMAP, uses Port 143. IMAP, like POP3, allows for the retrieval of email messages. 161 is used by Simple Network Managing Protocol SNMP, a protocol for managing devices on IP networks. SNMP activity can be controlled by SNMP trap, which uses the next port up, 162. Port 389 is used for LDAP, Lightweight Directory Access Protocol. 443 is, as we mentioned earlier, for secure HTTP traffic and 465 is for Sysco's URL Rendezvous directory. Port 514 when accessed using the UDP protocol is often monitored for system data by Syslog. Since UDP is unreliable its usage now recommends using TCP, supporting Transport Layer Security, TLS, on Port 6514. Port 514 can also be used over TCP for automatic authentication for shell session. Port 636 is used for secure LDAP using SSL. 993 is for secure IMAP, IMAP-S and 995 is for secure POP3.