Managing Ports and Protocols

© Jetking Infotrain Ltd. 2020

 Pre-class activities - (18 Minutes)
• Yoga (5 Minutes)
• Attendance marking (2 Minutes)
• Recall (5 Minutes)
• Presentation (6 Minutes)

© Jetking Infotrain Ltd. 2020

 Module Overview
• Overview of TCP and UDP Protocol
• Port Scanners and Protocol Analyzers
• Overview of DNS

© Jetking Infotrain Ltd. 2020

 What is Header
• Header information, or overhead data, is only used in the transmission
process, it is stripped from the packet when it reaches its destination.
• The header identifies the source and destination of the packet, while
the actual data is referred to as the payload.
• TCP header ==> minimum size of 20 bytes and maximum of 60 bytes.
• IP header ==> minimum size of 20 bytes and maximum of 24 bytes.
•  UDP headers are limited to 8 bytes in size.

© Jetking Infotrain Ltd. 2020

 Headers

© Jetking Infotrain Ltd. 2020

 TCP Protocol
• Transmission Control Protocol (TCP)
– Transport layer Protocol
– Supports Segmentation
– Connection-oriented Protocol
– Manage Flow control

© Jetking Infotrain Ltd. 2020

TCP Three-way Handshake & Flow Control
• TCP Three-way Handshake

© Jetking Infotrain Ltd. 2020

 TCP Header Format
Field Explanation
Source port TCP port of sending host.
Destination port TCP port of destination host.
Sequence number The ID number of the current segment (the sequence number of the last byte
in the segment).
Ack number The sequence number of the next segment expected from the other host
(that is, the sequence number of the last segment received +1).

Data length Length of the TCP segment.

Flags Type of content in the segment (ACK, SYN, FIN, and so on).
Window The amount of data the host is willing to receive before sending another
acknowledgement (used for flow control).

© Jetking Infotrain Ltd. 2020

 TCP Header Format
Field Explanation
Checksum Ensures validity of the segment. The checksum is calculated on the value of
not only the TCP header and payload but also part of the IP header, notably
the source and destination addresses. Consequently, the mechanism for
calculating the checksum is different for IPv6 (128-bit addresses) than for
IPv4 (32-bit addresses).

Urgent Pointer If urgent data is being sent, this specifies the end of that data in the segment.

Options Allows further connection parameters to be configured. The most important

of these is the Maximum Segment Size. This allows the host to specify how
large the segments it receives should be, minimizing fragmentation as they
are transported over data link frames.

© Jetking Infotrain Ltd. 2020

 UDP
• UDP (User Datagram Protocol)
– Works at transport layer
– It is a connectionless method of communication
– No guarantee regarding the delivery of messages
– Send small amounts of data in each packet and do not require
acknowledgement of receipt
– Structure of a UDP datagram
Field Explanation
Source port UDP port of sending host.
Destination port UDP port of destination host.
Message length The size of this UDP message.
Checksum Verify the datagram.
© Jetking Infotrain Ltd. 2020
 TCP vs. UDP
TCP
Connection-oriented, reliable delivery with error
correction.
20-byte header and connection control
mechanisms add substantial overhead to data
transmissions (slower).
Hosts must use resources to track connections in a
state table.
Can be used only for unicast transmission.
Used by applications where reliability is
paramount (for example, HTTP, FTP, SMTP, and
IMAP).
© Jetking Infotrain Ltd. 2020
UDP
Connectionless, non-guaranteed delivery.
Reliability and error correction must be processed
at the Application layer.
8-byte header and no connection control means
less bandwidth is consumed by overheads (faster).
No connection control.
Can be used for unicast, broadcast, and multicast
transmission.
Used by applications where speed is paramount
(such as Voice over IP and media streaming) and
for multicast/broadcast communication (for
example, DHCP and router traffic).
 Port Number

• Port Number
– Internet Assigned numbers Authority (IANA) maintains a list
of port number assignment
• It is 16 bit integers, range from 0 -65535
• Well-known ports from 0-1023
• Registered Ports from 1024-49151
• Dynamic or Private Ports from 49152-65535
– Combination of IP address and port number is called a
Socket address

© Jetking Infotrain Ltd. 2020

 Port Scanners

• Port Scanners
– It is software design to find out TCP and UDP ports status
• Netstat
– This command allows to check the state of ports on the local host
– Check service misconfiguration
– Check suspicious IP address ranges

© Jetking Infotrain Ltd. 2020

 NMAP Tool

• NMAP Tool
– The NMAP is used for scanning remote hosts and networks
– It is open source software
– It uses diverse methods for host discovery
• Can operate stealthily and serve to defeat security mechanism
– Firewalls and Intrusion Detection

© Jetking Infotrain Ltd. 2020

 Protocol Analyzers
• Protocol Analyzers
• Can decode a captured frame to reveal its contents in a readable format
• Analyzing protocol data at the packet level will help to identify
protocol or service misconfiguration
• Perform traffic analysis to monitor statistics related to communications
flows such as bandwidth consumed, link utilization and reliability

© Jetking Infotrain Ltd. 2020

 Demonstration
• Using netstat commands to verify TCP connections
• NMAP tools to find out port & protocol status
• Using Wireshark tool for Protocol analysing

© Jetking Infotrain Ltd. 2020

 Question for GD - (3 Minutes)

• Discuss the differences between TCP and UDP.

© Jetking Infotrain Ltd. 2020

 Computer Names Assigned to Computers
A hostname is a computer name that is added to a domain name
and top level domain to make a fully qualified domain name
(FQDN)
Hostname Domain Top level

AcctDirPC jetking com

Fully qualified domain name = AcctDirPC.jetking.com

NetBIOS names are rarely used and are being deprecated in
Windows operating systems
© Jetking Infotrain Ltd. 2020
 Use of DNS (Domain Name System)

DNS can be used to:

– Resolve host names to IP addresses and
vice-versa
– Locate domain controllers and global catalog servers
– Locate mail servers during email delivery

© Jetking Infotrain Ltd. 2020

 How Internet DNS Names Are Resolved?

.root DNS
What is the IP address of
www.jetking.com?
2

3
Local DNS Server
Workstation

The IP address is
207.46.230.219

4 .com DNS (Jetking.com)

© Jetking Infotrain Ltd. 2020

 DNS Zones
A DNS zone is a specific portion of DNS namespace
that contains DNS records

Zone types:
• Forward lookup zone
• Reverse lookup zone

© Jetking Infotrain Ltd. 2020

 Forward & Reverse Lookup Zones
A forward lookup zone is the most common type of zone.
DNS clients can use this zone to obtain such information as
IP addresses that correspond to DNS domain names or
services that is stored in the zone.

A reverse lookup is the opposite of a forward lookup: It

returns the fully qualified domain name of a host based on
its IP address. It provides mapping from IP addresses back
to DNS domain names

© Jetking Infotrain Ltd. 2020

 DNS Records
DNS Records
Resource records in forward lookup zones include:
• A, MX, SRV, NS, SOA, and CNAME

Resource records in reverse lookup zones include:

• PTR

Address Mapping records (A) - The record A resolve

hostname (FQDN) to IP Address

Canonical Name records (CNAME) - The CNAME

record specifies a domain name that has to be queried in
order to resolve the original DNS query.
© Jetking Infotrain Ltd. 2020
 DNS Records
DNS Records
Mail exchanger record (MX) - The MX resource record
specifies a mail exchange server for a DNS domain name.

Service locator (SRV) - Generalized service location

record, used for newer protocols instead of creating
protocol-specific records such as MX.

Name server record (NS) - Delegates a DNS zone to use

the given authoritative name servers

© Jetking Infotrain Ltd. 2020

 DNS Records
DNS Records
Start of authority record (SOA) -
Specifies authoritative information about a DNS zone,
including the primary name server, the email of the domain
administrator, the domain serial number, and several timers
relating to refreshing the zone

PTR - You can think of the PTR record as an opposite of

the A record. While the A record points a domain name to
an IP address, the PTR record resolves the IP address to a
domain/hostname.

© Jetking Infotrain Ltd. 2020

 Demonstration
• Nslookup command for verifying DNS records
• Using PowerShell for Name Resolution

© Jetking Infotrain Ltd. 2020

 Question for GD - (3 Minutes)
• What are different DNS records?

© Jetking Infotrain Ltd. 2020

 Mind Map - (5 minutes)

• Draw a Mind Map to summarize the session.

© Jetking Infotrain Ltd. 2020

 Summary
• Transmission Control Protocol (TCP)
– Transport layer Protocol
– Supports Segmentation
– Connection-oriented Protocol
– Manage Flow control
• NMAP Tool
– The NMAP is used for scanning remote hosts and networks
– It is open source software
– It uses diverse methods for host discovery
• Can operate stealthily and serve to defeat security mechanism
– Firewalls and Intrusion Detection

© Jetking Infotrain Ltd. 2020

 Summary

DNS can be used to:

– Resolve host names to IP addresses and
vice-versa
– Locate domain controllers and global catalog servers
– Locate mail servers during email delivery

© Jetking Infotrain Ltd. 2020

 Summary
• Resource records in forward lookup zones include:
– A, MX, SRV, NS, SOA, and CNAME

• Resource records in reverse lookup zones include:

– PTR
– Address Mapping records (A) - The record A resolve hostname
(FQDN) to IP Address
– Canonical Name records (CNAME) - The CNAME record
specifies a domain name that has to be queried in order to resolve
the original DNS query.

© Jetking Infotrain Ltd. 2020

• List of Labs
– Connect systems and check TCP flags
– Use NMAP tools and perform host discovery, port scanning
and OS fingerprinting
– Configure DNS and records

© Jetking Infotrain Ltd. 2020

 Image References
• http://www.overturerede.in/skills/cloud_computing
• http://www.root2cloud.com/project-management--solution.html
• http://image.slidesharecdn.com/objectstoragediscussion-150814151445-lva1-app6892/95/
ecscloud-object-storage-devops-day-5-638.jpg?cb=1439565435

• http://www.smartdatacollective.com/asher-ross/150686/10-ways-know-how-cloud-compu
ting-benefits-your-company

© Jetking Infotrain Ltd. 2020