CompTIA Network+ N10-008 – TCP/IP Model
TCP/IP Model The TCP/IP model Now, if you remember all the way back when we did the OSI model overview, I mentioned that the OSI model was a reference model, but it wasn’t the only reference model out there. The other big one that we’re going to talk about here for Network Plus is the TCP/IP model. This is also known as the TCPIP stack or the DoD model. Now this is an alternative to the OSI model. And the nice thing is that it’s only four layers, so it’s…
The TCP/IP model Now, if you remember all the way back when we did the OSI model overview, I mentioned that the OSI model was a reference model, but it wasn’t the only reference model out there. The other big one that we’re going to talk about here for Network Plus is the TCP/IP model. This is also known as the TCPIP stack or the DoD model.
Now this is an alternative to the OSI model. And the nice thing is that it’s only four layers, so it’s a little bit easier for most people to understand and learn. It is actually more relevant than the OSI model because today’s networks are all TCP/IP-based, and the TCP/IP model refers to it specifically in its four layers, whereas in the OSI model sometimes things get a little bit more blurred. So how does the OSI model compare to the TCP/IP model? Well, it’s actually pretty simple. If I take layers 5, 6, and 7, the top three layers, and merge them all together, I get the application layer. So application, presentation, and session—all of those functions occur under application. in the TCP/IP model. Transport gets carried right over, and networking gets carried right over. But we call it the Internet instead of the network because it is really all about routing to external networks, or the Internet.
And then the final two are the bottom two layers, which are data link and physical, which are all about your internal network. And so we call that the network interface, which is how you, the end user, interface with the network. So that’s how it is. It’s pretty simple when you start looking at it that way. Take the top three, squish them together; take the bottom two, squish them together; and that’s how you get the four layers of your TCP/IP model. Now for the exam, you do need to understand the TCP/IP model. And so if you can draw this diagram, you’re going to be covered there as you go through the test. The network interface layer, layer one, is all about physical and electrical characteristics. just like in the OSI model. It’s going to describe how to transmit bits across the networks, those ones and zeros that we had in the physical layer. And it’s going to determine how the network medium is going to be used, whether it’s going to be coax, optical fiber, or twisted paracopper cabling. This includes Ethernet token-ring fibre distribution networks and Rs 232. All of that gets put together inside the network interface.
Now layer two here is the Internet layer. This is where we take the data and package it into IP datagrams, like we did at layer three of the OSI model. It’s going to contain your source and destination IPS and forward those datagrams between hosts across the network. These datagrams are going to be pushed around the networks through routing, and this connectivity is going to occur externally. This is where your Internet connection is made—internal versus external. Examples of this are going to be IP, ICMP, ARP, and Reverse ARP, and we will talk about all of those as we go through switching and routing in the next section of this course. Layer three here is going to be the transport layer, and it’s exactly the same as transport and OSI. It gives you communication session management between hosts, and it’s going to define the level of service and the status of the connection using TCP, UDP, or RTP. The real-time protocol, which is used for voice and video applications, or layer four, is going to combine the top three layers of the OSI model and define the application protocols being used. It’s going to tell you how the programmes are going to interact with the transport layer, and that’s going to be the layer that the user is going to interact with. Now, examples of this come from layers five, six, and seven of the OSI model. Again, correct, because we squashed those. This would be things like HTTP for web browsing, telnet for remote control, FTP for file transfer protocol, SNMP for network management, DNS for domain name resolution, SMTP for sending mail, and SSL and TLS for secure web browsing and encryption. All of these things are going to be found here in layer 4, the application layer.
Transfer over networks. So when we transfer data over networks, we have to have a way to tell it where it’s going to go. Now we use IP addresses to get you to the system, but how does it know which applications are listening on that system? Well, that’s where a port comes in, and ports are going to be numbered from zero all the way up to 65,536. That’s a lot of ports. So even though you only have one IP on a machine, you can have over 65,000 different openings for you to be able to run services on. Now we break these up into two buckets.
The first is called the well-known and reserved ports. These are ports from zero through 1024. These might be things like file transfer protocol on port 21, web browsing on port 80, and things like that. Ephemeral ports, on the other hand, are short-lived temporary ports that are open for a short time within this predefined range. And these ports can be anything from 1025 all the way up to 65,536, For example, as I’m recording this lecture, I record the audio on my iPad. The iPad then acts as a file server, selecting a random port number in the 600s. And my web browser on my laptop can then access that and download the audio file that is opened, just as long as I download the file. And then it closes again just that quickly. Now, data transfer occurs using these IP addresses and these ports. So what does this look like in the real world? Well, as you can see here, I have a client on the left and a website on the right.
The client is at the address 192-1681, dot 24. The website is at 64, 82, 46, dot 21. So when the client sends a request to the website, it will come from the source IP, that 192 address, and a port, just a random port from those ephemeral ports. In this case, it shows 4900 and 163. It’s going to send it to the destination of the website, which is that 64-dot dot dot address on the web server, which is that destination IP. What port does it go to? The default one for websites is port 80. Now the website, on the other hand, is going to reverse that and go from its source and its port 80 back to the client on its random high port 49,163. And so you can see how this communication will happen to establish the session and communicate over that port. Whenever we’re done transmitting this website, that random port that was opened on your client gets closed, and another random one will be opened. But port 80 will always be sitting there on that web server, ready to serve requests from anybody else who wants a website.
Now, IP version 4 packets are going to consist of the source address, which is the IP of the sender, a destination address, which is the IP of the receiver, and the IP flags, which will allow packet fragmentation and other special things. And what about the protocol? Will it be TCP or UDP? All of those things will go into making up this packet header. And you can see it here, shown on the screen in blue. Do you have to memorise this packet header? No, no, don’t worry about it. But do understand that your header is going to contain your source and destination, as well as the port, the protocol, and things of that nature, so your packets know where to be routed to. Now, back when we talked about TCP and UDP, we talked about the fact that TCP had a lot more overhead. Now, what does that really look like? Well, that’s what I have here on the screen. Up top, we have the TCP header, which is 20 bytes in length. And you can see it contains things like the source port, the destination port, the sequence number, the acknowledgement number, and then a bunch of other flags. All of that, along with the check sum and the pointers, adds to the overall length, making it a pretty bulky protocol. Now compare that to UDP, which is at the bottom. It only has four pieces of information: the source port, the destination port, the length of the packet, and the checksum. That’s it. And it’s only eight bytes long. So you can see that there’s less data in UDP because there’s less that needs to be contained. And so it allows us to have a faster, more efficient protocol.
And protocols. Now, I’m going to apologise in advance because this is a lengthy lecture, and it’s probably one you’re going to want to go through two or three times because the information in this lecture is going to make up a good percentage of your test. In fact, I’d probably say five to 10% of your test questions could come from this lecture alone. And that’s why it’s really important to really learn it. So if there are any of these lecture structures you’re going to memorise, this is going to be the one for you. So I’m going to go through each of the different ports and protocols that you need to be aware of, and each one has a specified port number. So let’s go ahead and get started, and I want to tell you what you need to remember. So here’s an example: File transfer protocol, or FTP It operates on ports 20 and 21. So what do you need to know about FTP for the exam? Well, you should know FTP stands for file transfer protocol. You should know the port number, and you should know basically what it does. In the case of the file transfer protocol, it’s going to allow you to transfer files between a client and a server on a computer network.
This is an unsecure method, and data is transmitted in the clear, meaning there is no encryption. As a result, it is no longer safe to use. And we don’t really use the file transfer protocol for anything that should be confidential or encrypted. So for the exam, File Transfer Protocol transfers files over ports 20 and 21. The next one we have is secure. Shell or SSH and this operates on port 22. What does SSH do? Well, it allows you to take remote control of another computer using a command shell. It is best known for this remote log-on capability, and it is going to give you a cryptographic network protocol here, which means it does use encryption. So it is safe to use even an unsecured network like the Internet. So, for example, if I wanted to go and change the configuration of my web server, I could actually login through SSH from my house in Maryland to my file server sitting in California over the Internet using SSH and be assured that it’s secure because I have encryption on both ends of that. So secure. SSH port 22 (Shell) Secure remote control of another machine using a text-based environment The next one we have is SecureShell File Transfer Protocol, or SFTP.
And this is another way to do file transfers and do them securely. It’s going to operate on port 22, the same port that we use for SSH, because honestly, all it’s doing is tunnelling the FTP protocol through SSH to give it that file transfer using an encrypted method to keep it secure. Next, we have Telnet, and it works a lot like the way SSH does. In fact, Telnet came out many years before SSH. The problem with Telnet is it is insecure. It provides bidirectional, interactive, text-oriented communication using a virtual terminal connection. That’s a lot of words for remote access via command prompt. Okay? The problem is that everything is sent in the clear, just like FTP is insecure. For that reason, so is Telnet. You should never use telnet over an insecure network like the Internet because people can read your username, password, and every other command that you type in. Just don’t do it. Next, we have the Simple Mail Transfer Protocol, or SMTP. This operates on port 25. It is the Internet standard for sending electronic messages. So it all started with the RFC, or request for comments eight, two, and one. Back in 1982 and again in 2008, the current version came out, which uses RFC 5321.
Now, do you need to know these RFCs? No, don’t worry about it. That’s just to give you an idea of how long we’ve been using this stuff, from 1982 to 2008, and now, in 2018, when you hear SMTP, I want you to think of Send mail. I’m sending mail out and using port 25 of the DomainName Service, or DNS, which is port 53. DNS is what gives us a hierarchical, decentralised naming system for computers, services, and other resources connected to private networks and the Internet. This is going to convert domain names to IP addresses. So, for example, if you go to deontraining.com, that’s a lot easier to remember than 6612-5485. That would be hard for you to remember. It’s easier to remember DEONtraining.com, right? or Wikipedia.org, and it will go through. And we’ll talk more about DNS in a future lecture. The next one we have is DHCP, or Dynamic HostControl Protocol, and this operates on ports 67 and 68. DHCP servers automatically assign IP addresses and other network configuration parameters to your network clients. This is going to allow your computers to get IP addresses and network parameters automatically, which is really, really awesome. It makes your life as a network administrator much, much easier. We’ll talk about the methods that DHCP uses to get those between the discovery, the offer, the request, and the acknowledgement in a separate lecture. So just hold on for that. for right now. I want you to remember DHCP is on ports 67 and 68, and it automatically assigns IPS. If you remember those three things right now, you’re good to go.
The next one is trivial file transfer protocol (TFTP), which runs on port 69. This is going to transmit files in both directions of a client-server application. It’s used for booting things like operating systems off a network file server, and it doesn’t provide any authentication or directory visibility. It’s a very stripped-down version of FTP. Where do we use this? Usually when sending or requesting configuration files from routers and switches, or, as I said, booting up an operating system off a network drive, Next, we have the hypertext transfer protocol, or HTTP, which operates on port 80. This is the foundation of data communication for the World Wide Web. It’s designed for distributed, collaborative, and hypermedia presentation across many devices. When you hear port 80, I want you to think of HTTP, which is unsecured web browsing. We’ll get to secured web browsing in a little bit. PostOffice Protocol version 3, or POP 3, comes next. This is port 10 or 110. It is used by local email clients to retrieve email from a remote server over a TCP/IP connection. When you hear “pop 3,” I want you to think of downloading email because that’s what it’s used server oWe have network time. protocol or NTP. NTP runs on ports 1-3. Now, I like that because it’s easy to remember, right? Think of it like you’re counting 1, 2, 3, just like I’m watching time fly. Network Time Protocol (NTP) network Time Protocol will allow you to synchronise clocks between different computer systems over packet-switched, variable-latency data networks.
And it was created back in 1985, making it one of the oldest Internet protocols still in use today. NTP is useful to be able to sync up our times, and in fact, your computer uses NTP all the time, whether you knew it or not. Next we have NetBIOS, which is on port one three nine. NetBIOS is the network basic input-output system, and it provides a service for allowing applications on a separate computer to communicate over a local area network to share files and printers. If you use file or printer sharing on a Windows network, your port 139 is probably open because you’re using Net BIOS. Next we have the Internet Mail Application Protocol, or IMAP, and it operates on port 143. It’s going to provide email clients with the ability to retrieve email messages from a mail server over a TCP/IP connection. It’s going to allow the end user to view and manipulate the messages as if they were stored locally on their machine.
So, if I logged in from my laptop and my tablet, pop three would show unread on one and red on the other. With iMapp, it keeps them all synchronized, which is much better for modern communication. Simple Network Management Protocol, or SNMP, which operates on Port 161, This is going to provide you with a collection and organisation of information about the managed devices on IP networks, such as your routers, switches, and other devices. It can modify the information by changing the device’s behavior, and it is commonly used in these network devices. We will talk about SNMP much later in this course in its own lecture as well, because it is important to network management. Next we have the lightweightdirectory access protocol, or LDAP.LDAP, which is accessible via port 389. This is an open, vendor-neutral industry standard for accessing and maintaining distributed directory information services. So LDAP and Active Directory will both use this port. So when you go to your email program, like Microsoft Outlook at work, and you try to look up somebody’s name in the address book, you’re actually using LDAP. Now we’re back to secure Web browsing, which is https for secure. This is going to use TLS or SSL to encrypt your connection and allow you to do things like e-commerce and password logins over the Web securely. It’s designed to add a security layer to the insecure HTTP protocol. HTTPS runs on port 443. Following that is the server message block, which is SMB port 44.5. Server message block is going to provide you with shared access to files, printers, and other types of communication between devices on the network. It frequently communicates with NetBIOS on port 1 3 9, where NetBIOS handles the authentication and the server message block handles the file transfer. Next.
We have LDAP secured. Just like most things, we have a secure and an unsecured version. And the port number for LDAP secure, or LDAPS, is 6 3 6. It, again, is going to operate just like LDAP did. Active Directory can operate on it, and it’s going to be that directory structure. Just here, we’re going to add TLS or SSL and that encryption layer to make it more secure. And next we have the Remote Desktop Protocol, or RDP. It operates on port 3389. Be careful here because, as you can see, 3389 looks a lot like 389, which we use for LDAP, and students frequently confuse the two numbers. RDP is a proprietary protocol developed by Microsoft, and it allows the user to have a graphical interface and be able to remotely control another computer over the network. So with SSH and Telnet, we have this command-line text-based information, but with RDP, I can actually look at this thing remotely. As you can see here, I have an Android phone that’s actually RDPing in through the Web browser and is able to see this Windows machine and control it remotely. This allows users with RDP client software to be able to access their computer from anywhere they are over the Internet or inside the network over port 3389. Next, we have the session initiation protocol, or SIP.
And SIP operates on ports 5060 and 5061. This will enable signalling and control of media communication sessions for applications. This is used in VoIP video calls and voice calls, as well as instant messaging. And so if you’re using something like Skype or a VoIP service for your work, this is probably using SIP to initiate that communication. Now, that was a lot of information. And the next two slides I have for you are charts. So if you print out these two charts and memorise them, you’re going to be good for test day. This is one of those things that I would dump when you sit down to take the exam on that piece of paper they give you. This is going to have all of your services, a short description of what they are, and the port number. And you can see here that the ports from FTP to pop 3 are 20 through 110. And on the next slide, I have NTP through SIP, which is ports 123 down to 50 and 61. If you can remember both of these slides, that’s going to be a great summary of this lecture and health. You get lots of points. Come tested.
SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.