Skip to main content

Section 4.3 Transport Layer Protocols

Subsection 4.3.1 TCP

Transmission Control Protocol (TCP) is at the heart of most networks. It provides for reliable communication via a three way hand shake, breaks large data segments into packets, ensures data integrity, and provides flow control for those packets. This all comes at a cost of course, and this connection-oriented protocol typically has higher latency than its counterparts. Given the complex nature of TCP is has often been targeted for attacks. TCP stacks are constantly adapting and changing (within the parameters of the protocol) to avoid DoS and MitM attacks.

Note 4.3.1.

For an interesting example of how you can change but still follow a protocol, check out SYN cookies
 1 
en.wikipedia.org/wiki/SYN_cookies
.

Subsection 4.3.2 UDP

User Datagram Protocol (UDP) is a connectionless protocol designed for instances where TCP may have too much latency. UDP achieves this performance boost by not having handshaking or flow control. The result is a speedy protocol that sometimes drops datagrams. UDP is often used as the basis for gaming or streaming protocols where the timing of the packets is more important that whether or not they all arrive. UDP does still employ checksums so you can be sure of the integrity of any UDP packets that you do receive.

Subsection 4.3.3 Common Ports and Services

Port numbers are used in a transport layer connection to specify which service to connect to. This allows a single host to have multiple services running on it. Ports 0 to 1023 are well-known ports and typically support a commonly used service. In most operating systems it takes administrative privileges to bind to a Well-known port and listen for connections. Registered ports range from 1024 to 49151 and do not require administrative privileges to run a service on. You may find many things listening on these ports as any user can have a service on them. Lastly ports 49152 to 65535 are used dynamically by applications as needed.
It is important to know some commonly used ports as the services running on these ports may be subject to an attack. When scanning a machine, only necessary ports should be open.
Table 4.3.2. Common Port Numbers and Their Usage
Port Number L4 Protocol Usage
20 TCP File Transfer Protocol (FTP) Data Transfer
21 TCP FTP Command Control
22 TCP Secure Shell (SSH)
23 TCP Telnet Remote Login Service
25 TCP Simple Mail Transfer Protocol (SMTP) E-Mail
53 TCP, UDP Domain Name System (DNS)
67, 68 UDP Dynamic Host Configuration Protocol (DHCP)
69 UDP Trivial File Transfer Protocol (TFTP)
80 TCP Hypertext Transfer Protocol (HTTP)
110 TCP Post Office Protocol (POP3) E-Mail
119 TCP, UDP Network News Transfer Protocol (NNTP)
123 UDP Network Time Protocol (NTP)
137–139 TCP, UDP NetBIOS
143 TCP Internet Message Access Protocol (IMAP) E-Mail
161, 162 TCP, UDP Simple Network Management Protocol (SNMP)
194 TCP, UDP Internet Relay Chat (IRC)
389 TCP, UDP Lightweight Directory Access Protocol (LDAP)
443 TCP HTTP Secure (HTTPS) — HTTP over TLS/SSL
3389 TCP, UDP Microsoft Terminal Server (RDP)
You have attempted 1 of 1 activities on this page.