TCP/IP Transport Layer: Protocols, Ports, and Security

Posted on Jan 10, 2025 in Computers

TCP/IP Transport Layer

The Transport Layer, the third in the TCP/IP model, commonly uses TCP, but also UDP as an alternative.

UDP: Connectionless Communication

UDP provides simple, connectionless communication between applications. It is a direct, unreliable transmission method where messages can be lost or damaged. The unit of transmission is a UDP datagram. UDP is often used for real-time video and audio transmission, and not for DHCP.

TCP: Connection-Oriented and Reliable

TCP is connection-oriented, requiring a connection to be established before transmitting data. It ensures reliable delivery, guaranteeing that information reaches its destination correctly. This reliability means applications don’t have to analyze the information for errors. The unit of transmission is a TCP segment. TCP is used by most upper-layer protocols.

Ports and Sockets

Ports are essential for organizing incoming and outgoing server connections. They identify inbound or outbound applications. Each connection is associated with a 16-bit number, resulting in 65,536 possible ports. The combination of an IP address and a port number is called a socket (e.g., 111.111.1.1:345). Sockets are used to index connection endpoints.

Types of Ports

  • Well-known ports: Assigned by ICANN, ranging from 0 to 1023 (typically used).
  • Other ports: Used temporarily.

Port States

  • Listening: Waiting for a connection.
  • Closed Stealth: Does not respond, making it unclear if the host is connected.
  • Established CLOSE_WAIT: Connection established, but no communication is open.
  • TIME_WAIT: Connection closed.

Application Layer

The application layer includes higher-level protocols for email, file transfer, browsing, and more. The number of applications is constantly growing. Users interact directly with the application layer, but also use programs that simplify its complexity.

Application Protocols

Examples include HTTP, HTTPS, IMAP, DHCP, SMB, NTP, POP3, SMTP, FTP, SSH, NFS, and DNS.

Well-Known Ports

  • 1: Service multiplexing TCP port
  • 20/21: FTP (File Transfer Protocol) data
  • 23: Telnet (remote terminal access)
  • 25: SMTP (Simple Mail Transfer Protocol)
  • 53: DNS (Domain Name System)
  • 443: HTTPS (HyperText Transfer Protocol Secure)
  • 113: UDP (User Datagram Protocol)
  • 546/547: DHCP (Dynamic Host Configuration Protocol) Client/Server

Network Monitoring

The NETSTAT command displays a list of active connections, both inbound and outbound. It visualizes connections, ports, and statistics.

NETSTAT Options

  • ethernet-n-o: Sample with process ID.
  • identifiers-p: Shows connections for a specific protocol.
  • especificadon-r: Shows the routing table.
  • table-s: Statistics for the protocol.

Network Security

Network security ensures data integrity, privacy, availability, anti-rejection, and authentication.

Security Principles

  • Integrity: Ensures data is correct.
  • Privacy: Ensures only authorized users access resources or data.
  • Availability: Ensures proper functioning of systems.
  • Anti-rejection: Ensures operations cannot be denied.
  • Authentication: Ensures only authorized users have access.

Network security includes preventing unauthorized access, protecting against malicious actions, preventing unintentional user errors, securing data against failures, and ensuring uninterrupted services.

Insecurities

  • Active state: Lack of knowledge.
  • Passive state: Ignorance of security mechanisms by the administrator.

How to Protect Yourself

  • Keep OS and applications updated.
  • Limit network access using firewalls.
  • Limit entry points.
  • Define an internal security policy.
  • Use security utilities.

Firewalls

A firewall protects a computer or network from intrusions by filtering data packets exchanged between networks.

Firewall Definition

A firewall is a software or hardware system that acts as an intermediary between a local network and external networks. It can be installed on a PC if the machine has sufficient capacity to process the traffic. The system should be secure, with only the packet filtering service running on the server. Hardware firewalls are also available (e.g., routers).

Firewall Operation

Firewalls use a set of rules to allow, authorize, block, or reject connections.

Security Policy

There are two types of security policies: authorization of only authorized connections and rejection of prohibited connections.