LAB 9.

01 Step 1: TCP or Transmission Control Protocol enable connection-oriented communication in networks using the TCP/IP protocol suite. All TCP applications require a client and server. Every popular or well-known TCP application uses a designated port number, such as port 80 for web server communication, to route packets to correct applications. TCP stores information about sessions, also known as connections, on both ends in RAM. This info is called a socket or endpoint. TCP works on the transport layer of both models. Popular applications that use TCP are: HTTP/HTTPS, E-mail protocols (SMTP, POP3, IMAP4), and FTP. Step 2: UDP is non connection-oriented, and does not have as many applications as TCP, but still uses port numbers the same. UDP also functions on the transport layer or OSI and TCP/IP models. Popular applications are: DHCP, NTP/SNTP, TFTP. Step 3: ICMP works on layer 3 to handle mostly single connectionless packets. ICMP handles mundane issues to inform the other end of the session on whats going on. Ping is a very useful application that uses ICMP. Step 4: IGMP enables routers to communicate with groups of hosts based on memberships. This is used when handling multicasts, and addresses a small subnet. Instead of assigning IP addresses, a group is instead assigns a subnet that contains hosts that choose whether or not to receive a multicast. In the TCP/IP model, IGMP operate on the internet layer. In the OSI model, IGMP operates on the network layer. Used for multi-cast and real-time applications.

LAB 9.02 Step 1: The function of a TPC/UDP port is to identify which protocol is used for communication and identify which application packets should be sent to. For instance, packets with port 80 are used for web communication and will be sent to a web server or client. Step 2: Application SMTP TFTP FTP HTTP HTTPS POP3 IMAP4 SSH Telnet Port 25 69 20 / 21 80 443 110 143 22 23

Step 3: netstat a: Displays all connections and listening ports. netstat b: Displays the executable involved with each conection. netstat n: dispalys addresses and port numbers in numerical form. netstat o: Displays the owning process ID associated with each connection. Step 4: Netstat can be used to see if there are any connections being made or attempted by a Trojan, which could be stealing extremely private information. There is 1 established connection, one Time_Wait, and 1 Close_Wait. These connections are added when Microsoft is opened:

Step 5: 80 HTTP 123 Network Time Protocol 1863 Fiorano MsgSvc 3389 MS WBT Server 445 Microsoft-DS 1214 KAZAA 3689 Digital Audio Access Protocol (iTunes)

Step 6: TCPView shows all processes, PID numbers, Protocols, Local address and ports, remote address and ports, and the state of every connection the host has made and is making. IT also updates in real time, showing new connections highlighted in green, and lost connections highlighted in red. Step 7: Only one process starts, conhost.exe.