1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewalls, ports and packets info

Discussion in 'Network+' started by greenbrucelee, Jul 6, 2010.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I know you can use wireshark and various commands to see incoming and outgoing packets and the ports the are using to block ports that are unused etc but I was wondering is there an app that will tell you if a game or application needs to use specific ports?

    i.e something that will say splinter cell conviction uses port 80 etc instead having to run wireshark and see whats going on.
     
    Last edited: Jul 6, 2010
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Netstat and TCPView ? This has long been part of the N+ objectives :blink

    Not as good as Wireshark but MS also have NetworkMonitor.

    Doesn't it also cover ping, tracert, pathping, ipconfig, route, arp, etc.

    Version I took didn't go into any real detail on anything making it rather expensive and pointless exam IMHO.
     
    Last edited: Jul 6, 2010
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    yep they are. I was meaning something a bit more simple such as it just saying this app uses this port kind of thing.

    See we have a schoolkid at out place doing work experience and I have been trying to teach him what he info from netstat, nslookup and wireshark all mean but he is not getting it. I have also shown him the prof messer videos but that doesn't seem to stick either so I am wanting something that will say this app uses this port to try and simplify it for him.
     
    Last edited: Jul 6, 2010
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    TCPView is the simple version, netstats not exactly complex either.

    Yeah nslookup also on exam but relates to name servers and DNS, not gonna help explain TCP/IP sockets and ports to a kid.

    Sockets can be opened and closed, so as long as apps don't run at same times, multiple apps could use same port on same socket over time.

    Applications don't have to conform to the 'common well known port numbers' if they don't want to, it just makes peoples lives easier if they do.

    Maybe these might help ?

    http://www.infm.ulst.ac.uk/~kevin/com347/q&a2.htm
    http://wapedia.mobi/en/TCP_and_UDP_port
    http://wapedia.mobi/en/Internet_socket

    Failing that maybe get him to mess with Telnet, FTP, gopher, lynx, wget or other basic comms programs or teach him serial comms first, maybe play with hyperterminal to control a device. You could try sending send printer codes to a printer or controlling an old modem using Hayes AT commands. Otherwise maybe just use a null modem cable to connect two machines. Hell go one better and have him make a serial null modem cable, later you can have him make a crossover cat5 cable. A lot schools also used to let students build robot kits and control them trough the parallel port.

    Pretty sure CCENT courses start with this sort of stuff at most colleges too.
     
    Last edited: Jul 6, 2010
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    have tried going through what all the commands do and what they show, have also gone through what wireshark is showing. Not tried TCPview though so might give the a go at dinner time and see if it makes it any clearer to him.

    BTW I know what netstat etc all do its trying to get this kid to understand it as he doesn't seem to be getting it at all.
     
    Last edited: Jul 6, 2010
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  6. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Its like a radio with channels, the NIC sees prettymuch everything on the wire at the hardware level, like a super radio that could be tuned into all stations at once, the application has to specify which port its interested in on the TCP/IP address associated to the NIC, like chosing a channel to listen too.

    Its this facility that allows you to have hundreds of applications and services multitasking and communicating 'simultaneously'. The port's provide a level of abstraction over the ethernet hardware.

    I thing you could say is its like an extension power strip, the strip is like a (TCP) socket, and the plug holes are like ports.

    Basically you have one physical connection, but you can split it into multiple virtual channels.

    Another thing you could explain with regard to firewalls and ports is port scanning and attack surface and point them to something like ShieldsUp.
     
    Last edited: Jul 6, 2010
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  7. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    That's actually a good way of explaining it, thanks and I'd forgotten about shieldsup.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  8. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    I've always used the Post Office analogy - ever since I saw it used to illustrate the difference between UDP and TCP. Basically, 'regular' mail (i.e. first & second class) is sent out via the Post office. They don't 'guarantee' delivery of it, so mail delivery can't be said to be 'reliable'. That's UDP. 'Registered' mail (i.e. signed for) is sent via the same organisation, but since it's 'guaranteed' it can be said to be reliable That's TCP

    Using the same sort of analogy, a specific port is like a specific person at an address. The TCP/IP stack (sorting office, postman) takes care of delivering the packet (letter) to the correct network (house) address. If there isn't a specific port number (person's name) in the packet (letter), there's no way to know which application (person) to deliver the packet to.
     
    Certifications: A few
    WIP: None - f*** 'em
  9. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Thats a good way of putting too I was trying to think of a way of explaining about connectionless and connected protocols to him.

    cheers for that I'll show him what you said, hopefully it will stick now.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  10. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    thanks for the analogies guys, he got it thanks to what you said... eventually.:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page

Loading...