Download The Networking Protocols Cheat Sheet and more Cheat Sheet Computer Networks in PDF only on Docsity!
THE NETWORK PROTOCOL
CHEATSHEET
Riddhi Suryavanshi
(^1) University of Delhi, 2 Lucideus Technologies
riddhisuryavanshi11@gmail.com
I. INTRODUCTION
This document is intended for students and security professionals as a quick reference for networking protocols. It covers 50 protocols classified according to the OSI Layer they operate on. The corresponding RFC has been provided to further check for parameters/commands of a particular protocol. From security perspective, the corresponding attacks/vulnerabilities are also included in this cheatsheet.
II. KEY TERMS
Protocol, Port, RFC, OSI Layer, Attack, Vulnerability
III. DEFINITIONS
[1] Protocol- A protocol is a standard set of rules that allow electronic devices to communicate with each other. [2] Port- A logical construct that identifies a specific process or a type of network service. [3] RFC- A formal document from the Internet Engineering Task Force that is the result of committee drafting and subsequent review by interested parties. [4] OSI Layer- One of the seven layers of the Open Systems Interconnection Model that describes how information from a software application in one computer moves through a physical medium to the software application in another computer. [5] Attack: An information security threat that involves an attempt to obtain, alter, destroy, remove, implant or reveal information without authorized access or permission. [6] Vulnerability: A flaw in a system that can leave it open to attack.
IV. ABBREVIATIONS
DoS – Denial of Service MitM – Man in the Middle b/w – between MAC – Media Access Control VPN – Virtual Private Network N/W – Network VoIP – Voice over IP Aka – Also known as DROWN – Decrypting RSA using Obsolete and Weakened Encryption DDoS – Distributed Denial of Service
S
No.
PROTOCOL PORT(s) TCP/UDP port
RFC OSI LAYER DESCRIPTION ATTACKS/
VULNERABILI
TES
1 IEEE 802.11 - -^ -^ Physical^ Specifies MAC & physical layer protocols for implementing WLAN Wi- Fi.
DoS by MAC address spoofing
2 PPTP (Point- to-Point Tunneling Protocol)
1723 Both 2637 Data Link (^) Implements VPN Uses TCP control channel and Generic Routing Encapsulation(GRE)
MitM Bit flipping
3 L2TP (Layer 2 Tunneling Protocol)
1701 Both 2661, 3931
Data Link Extension of PPP Uses UDP to avoid TCP meltdown problem.
DoS
4 PPP ( Point to Point Protocol)
- 1661 Data Link (^) Provides communication b/w 2 routers directly without any host or networking. Provides connection authentication, transmission encryption & compression.
Format string attack
5 ARP (Address Resolution Protocol)
- 826 Layer 2.5 Discovers the MAC address. Creates a communication in internal N/W.
ARP cache poisoning
6 RARP
(Reverse Address Resolution Protocol)
- 903 Layer 2.5 (^) Resolves MAC address to an IP address.
ARP Poisoning
7 ICMP
(Internet Control Message Protocol)
- 792 Network Used by ping & traceroute utility to report info. about network connectivity. Uses a data packet with 8- byte header. Each packet has a Type & Code. No port used as N/W software itself interprets all ICMP messages.
Ping sweep Ping flood ICMP tunneling Forged ICMP redirects
8 IGMP
(Internet Group Management Protocol)
- 3376 Network (^) Used by TCP/IP suite to achieve dynamic multicasting. Class D IP addresses are used.
DoS
9 OSPF^ (Open Shortest Path First)
Network (^) Routing protocol for IP networks. Uses link state routing algorithm. Part of interior gateway protocols (IGPs).
DoS Local authentication bypass
10 NAT
(Network Address Translation)
- 3022 Network (^) Maps one IP address space to another. Modifies network address in IP header of packets. Helps to conserve global address space.
DoS Interception of internal & external traffic due to improper configuration.
21 RTP^ (Real- time Transport Protocol) , SRTP
Both 3550, 3711
Session (^) VoIP protocol. Delivers audio & video over IP networks.
RTP flooding attack RTP bleed
22 SSL (Secure Sockets Layer)
- 6101 Presentation (^) Establishes encrypted communication b/w client & server. Created by Netscape.
BEAST
SSL
Renegotiation
23 TLS (Transport Layer Security)
- 2246 Presentation (^) Establishes encrypted communication b/w client & server. Created by IETF.
DROWN
ROBOT
POODLE
Heartbleed 24 Kerberos^88 Both^1964 Presentation^ Provides security & authentication. Uses symmetric key distribution using symmetric encryption to access file server. Helps nodes to prove their identity to one another.
DoS Arbitrary code execution. Buffer Overflow.
25 WPA (Wi-Fi Protected Access)
- Presentation (^) Security standard that provides better encryption & authentication than WPA.
KRACK
26 MIME
(Multipurpose Internet Mail Extensions)
Presentation Supports text in multiple character sets; as well as attachments of audio, video, apps & images.
XSS using MIME Sniffing
27 ECHO 7 Both 862 Application (^) Used for testing & measurement of round trip timings in IP networks. Server sends back identical copy of the data it received.
Can perform DoS
28 DHCP
(Dynamic Host Configuration Protocol)
67 UDP 2131,
Application (^) A network management protocol used to automate the process of configuring devices on IP networks.
Remote code execution Bogus DHCP client & server
29 BOOTP (Bootstrap Protocol)
67,68 Both 951 Application (^) Older version of DHCP. Automatically assigns IP address to network devices from a configuration server.
BootpD BOOTP server impersonation
30 HTTP (Hyper Text Transfer Protocol)
80 Both 1945 Application (^) Used for communication over World Wide Web.
MitM attack
31 HTTPS
(Hyper Text Transfer Protocol Secure)
443 Both - Application (^) HTTPS with SSL for security.
SSL Stripping DROWN attack
32 FTP (File Transfer Protocol)
20,21 Both 959, 2228
Application File transfer Uses TCP, hence file delivery is guaranteed.
Brute force attack Packet capture Anonymous authentication Directory traversal attack
33 FTPS^ (FTP
with SSL)
989,990 Both 4217 Application (^) Uses command channel & opens new connections for data transfer. Requires a certificate.
MitM
34 SFTP^ (SSH
File Transfer Protocol)
22 Both 913 Application (^) Uses encrypted credentials to authenticate. SSH keys can also be used to authenticate.
Brute force attack
35 POP3^ (Post Office Protocol)
110,995 Both 937, 1939
Application (^) Store-and-forward client/server protocol. Deletes mail on server as soon as user has downloaded it.
Buffer overflow in POP3 servers can cause DoS.
36 SSH (Secure Shell)
22 Both 4251 Application (^) Cryptographic network protocol for operating network services securely over an unsecured network.
Static SSH keys Embedded SSH keys can provide backdoor. 37 Telnet (TELecommun ication NETwork)
23 Both 15, 854, 855
Application (^) Allows to connect to remote computers over a TCP/IP network.
Brute force attack Stealing credentials by sniffing. SSH and SMTP banner grabbing. 38 NTP (Network Time Protocol)
123 Both 1059, 1119, 1305
Application (^) Synchronizes clock among devices.
NTP
Amplification DDoS attack. 39 IMAP/S (Internet Message Access Protocol)
Both 1176, 1730
Application Allows user to create folders & assign messages to folders. User can obtain just the message header (useful in low-bandwidth connection).
Password spraying attacks.
40 DNS (Domain Name System)
53 Both 1034, 1035
Application Resolute names in TCP/IP network.
Typosquatting DNS Poisoning. 41 SOAP (Simple Object Access Protocol)
80 Both - Application XML based messaging protocol to exchange info. Characteristics: extensibility, neutrality & independence.
SOAP injection Unauthenticated romote access
42 SNMP/S
(Simple Network Management Protocol)
Both 1157, 1441, 2570
Application (^) Allows network manager to monitor networking equipment & remotely modify settings & configuration.
Sniffing of plain text password. Modification of packet header.
43 SMTP/S (Simple Mail Transfer Protocol)
Both; TCP
5321 Application Transfers mail from sender’s mail server to recipient’s mail server.
Account enumeration. E-mail header disclosures. Helps find internal IPs. 44 SNTP^ (Simple Network Time Protocol)
Application (^) Used when full implementation of NTP is not needed. Synchronizes a computer's system time with a server that has already been
DoS via a crafted NTP packet.
