reading notes 301 02 - carlosjorr/reading-notes GitHub Wiki

Readings: Network scanning with NMAP

What is a port? Describe it with an analogy that would help a family member understand.

Imagine a port as a door to a house. Just like a house has multiple doors for different purposes, a computer also has different "ports" that serve various functions. Each port is like a specific entrance point on a computer where different types of information can enter or exit.

What does a port scanner send to a port to check the current status?

A port scanner typically sends a specific type of network packet called a "SYN" packet to check the current status of a port.

When a port scanner sends a request to connect, what are the three possible responses? Describe them.

Open: If the port is open, it means the door is unlocked, and there's a service running on the computer that listens to that port. It's like finding a door open in a house, indicating that you can enter and communicate with the service running on that port.

Closed: If the port is closed, it means the door is locked, but the computer actively responds to the port scanner's request. It's like finding a door closed but receiving a response from someone inside, saying, "Sorry, the door is closed, but I'm here."

Filtered: If the port is filtered, it means the computer doesn't respond at all. It's like knocking on a door, but there's no response whatsoever. This can happen due to various reasons, such as a firewall blocking incoming connections.

What is the difference between TCP and UDP?

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are both communication protocols used in computer networks, but they have different characteristics:

TCP provides reliable, connection-oriented communication. It ensures that data packets are delivered in order, without errors, and with acknowledgement between the sender and receiver. It's like having a phone call where you can confirm that the other person received your message.

UDP, on the other hand, is a connectionless protocol. It focuses on fast and efficient communication without guaranteeing reliability. It's like sending a letter without requiring confirmation of receipt. UDP is often used for real-time applications like video streaming or online gaming, where a small delay in data delivery is acceptable.

In summary, TCP is like a careful conversation with confirmation, ensuring data integrity, while UDP is like a quick and efficient transmission without confirmation, prioritizing speed over reliability.

List and describe the ports used for the following:

Telnet:

Port: 23 (TCP) Telnet is a protocol that allows remote access to a computer or networking device for command-line-based communication. It provides a way to remotely control and manage devices. SSH (Secure Shell):

Port: 22 (TCP) SSH is a secure protocol used for secure remote administration and secure file transfers. It provides encrypted communication and secure authentication for accessing and managing remote systems. DNS (Domain Name System):

Port: 53 (TCP and UDP) DNS is a protocol used for translating domain names (like example.com) into IP addresses. It is responsible for resolving domain names to their corresponding IP addresses on the internet. SMTP (Simple Mail Transfer Protocol):

Port: 25 (TCP) SMTP is a protocol used for sending email messages between servers. It handles the sending and routing of emails across different mail servers on the internet. HTTP (Hypertext Transfer Protocol):

Port: 80 (TCP) HTTP is a protocol used for transmitting web pages and other resources over the internet. It is the foundation of data communication for the World Wide Web. HTTPS (Hypertext Transfer Protocol Secure):

Port: 443 (TCP) HTTPS is an extension of HTTP that adds security through the use of SSL/TLS encryption. It ensures secure communication between a client (e.g., a web browser) and a web server. RDP (Remote Desktop Protocol):

Port: 3389 (TCP) RDP is a protocol used for remote desktop access and control. It allows users to connect to and interact with a remote computer as if they were sitting in front of it. Ping (ICMP Echo Request):

There is no specific port for ping as it uses ICMP (Internet Control Message Protocol). Ping is a utility used to test the reachability and response time of a network host or IP address. It sends ICMP Echo Request packets and receives ICMP Echo Reply packets to determine if a host is reachable.