Hey amazing hackers,
Today, I am going to cover about network protocols/Services. The heart of the internet, every ethical hacker ought to understand common network protocols to being able to be conscious of the architecture of computers. If you are ready, lets get started.
Do not forget; One of the most important skills to become an ethical hacker is networking skills. A computer cannot without connections thus hackers either :) its important to have to have networking knowledge in order to be acquainted with the structure.
This blog will be for beginners friendly :)
SMTP, which stands for (simple message transfer protocol), is an email protocol used for sending email messages. Defined as RFC 5321, is at the heart of interconnection mail. SMTP is much older than HTTP, but it is still used by normal users. In order to support email services, a protocol pair is required, comprising of SMTP and POP/IMAP.
SMTP uses three basic function:
- It verifies who is sending email through the SMTP server.
- It also sends outgoing email.
- When the message is not able to send the message to the receiver, the message sends return to the sender.
POP, or “Post Office Protocol” and IMAP, “Internet Message Access Protocol”. These protocols are important, in order to send a message to the receiver, it uses IMAP which is responsible for the transfer of email between the server and the client.
The main difference between POP and IMAP is that, POP is simplistic approach of downloading inbox messages. Where IMAP will synchronise the current inbox, with new mail on the server, downloading anything new.
How does SMTP work?
Once an SMTP server is established, email clients can connect to and communicate with it. When the user hits “send” on an email message, the email client opens an SMTP connection to the server so it can send. The role of the SMTP server in this service, is to act as the sorting office, the email (letter) is picked up and sent to this server, which then directs it to the recipient.
SMTP works in application layer protocol
SMB, which stands for (server message block protocol). This protocol is a client-server protocol used for sharing and tranfering data, and access to files.
This server makes it accessible to view files, API, printers, and other resources.
This protocol is also known as a request-response protocol which means it transmits data/messages between the client and server.
SMB works in Application layer or a Presentation layer.
Once you have established a connection with SMB protocol, you are able to view, transfer, get resources from that server.
Credential is required, if the user has set password on it
What runs SMB?
Since Windows Operating System 95 came in early 1995, they have included client and server SMB protocol support called “SAMBA”. It runs on UNIX system.
SMB works in Application layer or a Presentation layer..
Telnet, which stands for (teletype network protocol) unsecure version of SSH(which we will talk later) telnet is a protocol which allows you to make a connection to the server, and execute commands, that’s hosting telnet server. When you established a connection with Telnet, the client will then become a virtual terminal- allowing you to interact with the remote host.
Telnet is slightly used by companies, because of security reasons. Most companies have been using SSH(secure shell host) because however, it is visible when you are entering your credentials. It has now been replaced by SSH
How does Telnet work?
When you want to connect to Telnet server, its really easy to use it. “Telnet [ip] [port]” will be enough to be able to connect with it.
FTP, which stands for (file transfer protocol) as you can understand from this, that it allows you to transfer files to this service remotely. It uses client-server model.
How does FTP work?
FTP operates two methods:
- Command channel
- A data type.
Command channel → The command channel is used for transmitting commands as well as replies to those commands
A data type → the data channel is used for transferring data.
It is always recommended by security researchers to make port 21 (FTP) unavailable, because of security reasons.
When the service is open, you are able to make a connectivity between the client and server.
the FTP server might support active or passive either.
- Active FTP server, connects to a port number for incoming connections randomely
- Passive FTP server, opens a connection to a specific port and IP address to listen passively and clients to connect to it.
You can find more information on : https://www.ietf.org/rfc/rfc959.txt
DNS, which stands for (domain name system). This service provides us a simple way to communicate with devices on the internet without remembering complex numbers, values.
example: https://www.google.com this corresponds to “126.96.36.199”
Subdomain is an additional part of main domain. Subdomains are created to organize and manage to different sections of your website for example
admin.example.com → subdomain,
example.com → main domain
DNS is an application layer protocol.
Secure Shell (SSH) is a network security protocol that employs encryption and authentication mechanisms to implement services such as secure access and file transfer. The initial version , SSH1 was focused on providing a secure remote logon facility to replace TELNET and other remote logon schemes that provided no security. SSH also provides a more general client-server capability and can be used for such network functions.
Its much more secure than TELNET, because it uses encryption and autentication mechanism to be accessed to the server.
Server authentication occurs at the transport layer, based on the server possessing a public/private key pair
Transport Layer Secure
How does SSH work ?
Its really easy to use it
SSH is an application layer protocol.
ARP, which stands for (address resolution protocol). This protocol is responsible for allowing devices to identify themselves on a network. Its one of the most important protocols in the network layer.
How does ARP work
ARP has a important ledger within network to store information, which is called a “cache”
It works with MAC address and IP. The ARP sends two type of messages.
- ARP request
- ARP reply
When an ARP request is sent, a message is broadcasted to every other device found on a network by the device. This is nothing but broadcasting a packet over the network to validate whether we came across the destination MAC address or not.
an ARP reply is returned to the initial device to acknowledge this. The MAC address response that the source receives from the destination which aids in further communication of the data.
ARP is in layer 2 protocol
DHCP, which stands for (Dynamic Host Configuration Protocol). When a device wants connect to a network. if it has not already been manually assigned an IP.
DHCP is based on a client-server model and based on discovery, offer, request, and ACK.
DHCP sends out a request which called as (DHCP discover ) to see if any DHCP servers are on the network. When a DHCP client boots up, it automatically sends out a special DHCP discover message using the broadcast address. This DHCP discover message asks, “are there any DHCP servers out there” ?
DHCP is an application-layer protocol
MAC, which stands for (media access control) . A MAC address is the unique identifier that is assigned by the manufacturer to a piece of network hardware.
A MAC address consists of six sets of two characters like 00:12:ED:4B:16:5E. Would you like to see your NIC , if you have a windows operating sytem type “ipconfig \all” from a command prompt to display the physical address, which is important distinction.
This is not mine ::)
The MAC address is a layer 2 (data link) layer.
ICMP, which stands for (Internet Control Message Protocol) is one of the most important fundamentals in network, because no ICMP means no replies:) and that means no connectivity. Mostly when you type “ping google.com” you will see TTL(time to live) that means ICMP packets travelling between measured by ping such as your home network or the website that you want to travel.
The easiest way to look at ICMP on the illustrated Network is with ping and traceroute, but traceroute will also be used for analyzing data, which travels from source to its destination address
As illustrated above, ttl is 112
ICMP is shown as a layer 3 protocol.
NAT, which stands for (network address translation).Orginally used to address the shortage of IPv4 addresses, is now used to conceal public IPv4 addresses. To access the Internet, one public IP address is needed, but we can use a private IP address in our private network. The idea of NAT is to allow multiple devices to access the Internet through a single public address.
With NAT, a network could support 500 or so hosts with private addresses, and the NAT router could translate these to the public address range when the client needed internet access. After all, the remote server replied blindly to the source IP.
NAT is on layer 3
IP, which stands for (Internet Protocol). The primary job is just delivering messages between devices, and like any good delivery service, it cannot do its job too well if it does not know where the recipients are located. such as sending mail, streaming video, or connecting to a website.
public IP -> 188.8.131.52
private IP -> 192.168.23.2
IP is in the network layer
Thanks for reading this blog. The blog was meant for beginners friendly.
I hope you enjoyed it:) for more such content please like,share, support my channel.
Ahmet Göker | Exploit researcher | malware Researcher| Cryptanalyst | CTF player | Reverse Engineering
You can follow me on: