Here is a query from a current project – enjoy!
- You are examining a packet capture from your local network. What two determinations can you make from this output? (Choose 2)
a. This is a UDP packet
b. This is a TCP packet
c. The target destination is FTP
d. The target destination is HTTP
Correct Answer: b, d
Explanation: Due to its use of reliable transmissions, Transmission Control Protocol (TCP) uses many fields in its packet structure. These include:
- source TCP port number
- destination TCP port number
- sequence number
- acknowledgement number
- TCP data offset
- reserved data
- control flags
- window size
- TCP checksum
- urgent pointer
- TCP optional data
In contrast, the unreliable User Datagram Protocol (UDP) packets feature these simple fields:
- source port number
- destination port number
- length
- checksum
From the destination TCP port number here of 80, you can determine the intended target service is the Hypertext Transfer Protocol (HTTP). Know the following common ports for this exam:
Port Number |
TCP or UDP |
Protocol |
20 |
TCP |
FTP Data |
21 |
TCP |
FTP Control |
22 |
TCP |
SSH |
23 |
TCP |
Telnet |
25 |
TCP |
SMTP |
53 |
UDP |
DNS |
67, 68 |
UDP |
DHCP |
69 |
UDP |
TFTP |
80 |
TCP |
HTTP |
110 |
TCP |
POP3 |
161 |
UDP |
SNMP |
443 |
TCP |
SSL/TLS |
514 |
UDP |
Syslog |
520 |
UDP |
RIP |