CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [80]
IP is used to route the information from one host to another through a network. The four layers of TCP/IP encapsulate the information into a valid IP packet that is then transmitted across the network. Figure 3.15 illustrates the key components of a TCP packet requesting the home page of a website. The data will be returned from the website to port 1024 on the originating host.
FIGURE 3.15 A TCP packet requesting a web page from a web server
The source port is the port that is addressed on the destination. The destination port is the port to which the data is sent. In the case of a web application, the data for port addresses would both contain 80. A number of the fields in this packet are used by TCP for verification and integrity, and you need not be concerned with them at this time.
However, the data field contains the value Get/. This value requests the home or starting page from the web server. In essence, this command or process requested the home page of the site 192.168.0.100 port 80. The data is formed into another data packet that is passed down to IP and sent back to the originating system on port 1024.
The connections to most services using TCP/IP are based on this port model. Many of the ports are well documented, and the protocols to communicate with them are well known. If a vendor has a technological weakness or implements security poorly, the vulnerability will become known and exploited in a short time.
Working with E-Mail
E-mail is one of the most popular applications in use on the Internet. Several good e-mail servers and clients are available. Figure 3.16 demonstrates the process of transferring an e-mail message.
FIGURE 3.16 E-mail connections between clients and a server
The most common e-mail systems use the following protocols, which use the TCP protocol for session establishment:
Simple Mail Transport Protocol Simple Mail Transport Protocol (SMTP) is a mail delivery protocol that is used to send e-mail between an e-mail client and an e-mail server as well as between e-mail servers. Messages are moved from client to server to client via the Internet. Each e-mail message can take a different path from the client to the server. In the case of Figure 3.16, the clients are on two different e-mail servers; they could both be on the same server, and the process would appear transparent to the user. SMTP uses port 25 and TCP for connections.
Post Office Protocol Post Office Protocol (POP) is a newer protocol that relies on SMTP for message transfer to receive e-mail. POP provides a message store that can be used to store and forward messages. If a server isn’t operating, the originating server can store a message and try to resend it later. POP3, the newest version of POP, allows messages to be transferred from the waiting post office to the e-mail client. The current POP standard uses port 109 for POP2 and 110 for POP3. The POP protocol uses TCP for connections.
Internet Message Access Protocol Internet Message Access Protocol (IMAP) is the newest player in the e-mail field, and it’s rapidly becoming the most popular. Like POP, IMAP has a store-and-forward capability. However, it has much more functionality. IMAP allows messages to be stored on an e-mail server instead of being downloaded to the client. It also allows messages to be downloaded based on search criteria. Many IMAP implementations also allow connections using web browsers. The current version of IMAP (IMAP 4) uses