Comptia Security+

Security+ Course – 2.1 TCP/IP

2.1.1 TCP/IP (Transmission Control Protocol/Internet Protocol)

TCP/IP is a suite of communication protocols used to interconnect network devices on the internet.

Internet Protocol

  • Routes information across networks
  • Provides an addressing scheme
  • Delivers packets from source to destination
  • Servers as a network layer protocol


These are transport layer protocols.

TCP is responsible for the majority of internet traffic

  • it is a connection oriented protocol
  • guarantees delivery through acknowledgement
  • It is widely used for critical applications

TCP Handshake
This is also known as a “3 way handshake”.

The following explanation is from:

  • A client node sends a SYN data packet over an IP network to a server on the same or an external network. The objective of this packet is to ask/infer if the server is open for new connections.
  • The target server must have open ports that can accept and initiate new connections. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt – the ACK packet or SYN/ACK packet.
  • The client node receives the SYN/ACK from the server and responds with an ACK packet.

Upon completion of this process, the connection is created and the host and server can communicate.

UDP (User Datagram Protocol)

  • is a lightweight, connection-less protocol
  • doesn’t send acknowledgments or guarantee delivery
  • Is often used for voice and video applications where it doesn’t matter if a few packets get dropped

7 Layers of the OSI Model

The Open Systems Interconnection Model breaks down network communication into seven layers. These layers are useful for identifying network issues. The layers of the OSI Model is covered on the exam.


2.1.2 IP Addresses

IP Addresses uniquely identify systems on a network.


Internet Protocol Version 4 was first deployed in 1983. This uses a 32 bit address space:


  • This replaces IPv4 due to the address exhaustion in IPv4
  • It uses 128 bits for the address space (compared to 32 bit for IPv4)
  • It consists of eight groups of four hexadecimal numbers


2.1.3 Network Ports

An IP address is like an apartment block street number, but the network port is the actual apartment number. The network port guides traffic to correct final destination.

Port Ranges:

  • 0 – 1023 are the well known ports (EG:80 or 443)
  • 1024 – 49,151 are known as registered ports. EG: Microsoft reserved port 1433 for SQL
  • 49152 – 65535 are dynamic ports

Common Port numbers (these get asked on the test):

  • 21 FTP (File Transfer Protocol)
  • 22 SSH (Secure Shell)
  • 3389 RDP
  • 137, 138, 139 NetBios
  • 53 DNS
  • 25 SMTP
  • 110 POP
  • 143 IMAP
  • 80 HTTP
  • 443 HTTPS


2.1.4 ICMP (Internet Control Message Protocol)

This is the housekeeping protocol of the internet.


The ping command is the most basic troubleshooting command. It uses the ICMP protocol. It is used to test the connectivity of a host on an IP network. It is available on virtually all Operating Systems. Ping sends an echo request from the source to the destination, the destination sends back an echo reply. Ping measures the time this round-trip takes.


This identifies the path packets take when travelling between  two systems across a network.It lists the routers it passes through until it reaches its destination.


Leave a Reply

Your email address will not be published. Required fields are marked *