Scribd
Upload
268 views2 pages

TCP-IP Cheat Sheet

Uploaded by

two.face.dave.1235
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
268 views2 pages

TCP-IP Cheat Sheet

Uploaded by

two.face.dave.1235
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

UDP Header tcpdump Usage

Bit Number tcpdump [-aenStvx] [-F file]


1111111111222222222233 [-i int] [-r file] [-s snaplen]
01234567890123456789012345678901 [-w file] ['filter_expression']

Source Port Destination Port -e Display data link header.


-F Filter expression in file.
Length Checksum
-i Listen on int interface.

UDP Header Information TCP/IP and tcpdump -n


-r
Don't resolve IP addresses.
Read packets from file.
Common UDP Well-Known Server Ports Version July-2010 -s Get snaplen bytes from each packet.
7 echo 138 netbios-dgm -S Use absolute TCP sequence numbers.

POCKET REFERENCE GUIDE


19 chargen 161 snmp -t Don't print timestamp.
37 time 162 snmp-trap -v Verbose mode.
53 domain 500 isakmp
67 bootps (DHCP) 514 syslog
-w Write packets to file.
68 bootpc (DHCP) 520 rip ISC@sans.org • www.sans.org • http://isc.sans.org -x Display in hex.
-X Display in hex and ASCII.
The SANS Technology Institute (STI)
69 tftp 33434 traceroute
137 netbios-ns

Length
(Number of bytes in entire datagram including header; offers two degree programs: C O U R S E S & G I A C C E R T I F I C AT I O N S
Acronyms
minimum value = 8)
") "VUIFOUJDBUJPO)FBEFS 3'$
Checksum
MS in Information Security Management "31 "EESFTT3FTPMVUJPO1SPUPDPM 3'$
FOR558
(Covers pseudo-header and entire UDP datagram) #(1 #PSEFS(BUFXBZ1SPUPDPM 3'$
and Network Forensics $83 $POHFTUJPO8JOEPX3FEVDFE 3'$
%' %POU'SBHNFOUCJU *1
ARP
MS in Information Security Engineering. MGT512 %)$1 %ZOBNJD)PTU$POGJHVSBUJPO1SPUPDPM 3'$
%/4 %PNBJO/BNF4ZTUFN 3'$
Bit Number SANS Security Leadership Essentials For &$/ &YQMJDJU$POHFTUJPO/PUJGJDBUJPO 3'$
1111111111222222222233 Managers with Knowledge Compression™ &*(31 &YUFOEFE*(31 $JTDP
&41 &ODBQTVMBUJOH4FDVSJUZ1BZMPBE 3'$
01234567890123456789012345678901 If you have a bachelor’s degree and 12 months GSLC '51 'JMF5SBOTGFS1SPUPDPM 3'$
(3& (FOFSJD3PVUJOH&ODBQTVMBUJPO 3'$
Hardware Address Type Protocol Address Type of experience in information security, follow SEC401 )551 )ZQFSUFYU5SBOTGFS1SPUPDPM 3'$
H/w Addr Len Prot. Addr Len Operation
these easy steps to get started: SANS Security Essentials Bootcamp Style *$.1
*(.1
*OUFSOFU$POUSPM.FTTBHF1SPUPDPM 3'$
*OUFSOFU(SPVQ.BOBHFNFOU1SPUPDPM 3'$
Source Hardware Address GSEC *(31 *OUFSJPS(BUFXBZ3PVUJOH1SPUPDPM $JTDP
Source Hardware Addr (cont.) Source Protocol Address • Complete an application – downloadable at *."1 *OUFSOFU.FTTBHF"DDFTT1SPUPDPM 3'$
*1 *OUFSOFU1SPUPDPM 3'$
Source Protocol Addr (cont.) Target Hardware Address www.sans.edu/admissions/procedure.php SEC502 *4",.1 *OUFSOFU4FDVSJUZ"TTPDJBUJPO,FZ.BOBHFNFOU1SPUPDPM
Target Hardware Address (cont.)
Perimeter Protection In-Depth 3'$
• Submit the employer recommendation – form is GCFW -51 -BZFS5VOOFMJOH1SPUPDPM 3'$
Target Protocol Address //51 /FUXPSL/FXT5SBOTGFS1SPUPDPM 3'$
provided 041' 0QFO4IPSUFTU1BUI'JSTU 3'$
ARP Parameters (for Ethernet and IPv4) SEC503 101 1PTU0GGJDF1SPUPDPMW 3'$
Intrusion Detection In-Depth 3'$ 3FRVFTUGPS$PNNFOUT
Hardware Address Type • Have your college send sealed transcripts to STI 3*1 3PVUJOH*OGPSNBUJPO1SPUPDPM 3'$
1 Ethernet GCIA
6 IEEE 802 LAN -%"1 -JHIUXFJHIU%JSFDUPSZ"DDFTT1SPUPDPM 3'$
• Submit an application fee 4,*1 4JNQMF,FZ.BOBHFNFOUGPS*OUFSOFU1SPUPDPMT
Protocol Address Type 4.51 4JNQMF.BJM5SBOTGFS1SPUPDPM 3'$
2048 IPv4 (0x0800) SEC556
4/.1 4JNQMF/FUXPSL.BOBHFNFOU1SPUPDPM 3'$
Hardware Address Length Comprehensive Packet Analysis 44) 4FDVSF4IFMM
6 for Ethernet/IEEE 802 44- 4FDVSF4PDLFUT-BZFS /FUTDBQF
Protocol Address Length SEC560 5$1 5SBOTNJTTJPO$POUSPM1SPUPDPM 3'$
4 for IPv4 Learn more at www.sans.edu 5'51 5SJWJBM'JMF5SBOTGFS1SPUPDPM 3'$
Network Penetration Testing & Ethical Hacking 504 5ZQFPG4FSWJDFGJFME *1
Operation
1 Request
Contact us at GPEN 6%1 6TFS%BUBHSBN1SPUPDPM 3'$
2 Reply info@sans.edu or (720) 941-4932 All RFCs can be found at http://www.rfc-editor.org

ICS410HANDOUT_TCPIP_TCP.pdf
DNS ICMP IP Header TCP Header
Bit Number Bit Number Bit Number
Bit Number
1 1 1 1 1 1 1111111111222222222233 1111111111222222222233 1111111111222222222233
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 01234567890123456789012345678901 01234567890123456789012345678901 01234567890123456789012345678901
LENGTH (TCP ONLY) Type Code Checksum Version IHL Type of Service Total Length Source Port Destination Port
ID. Other message-specific information... Identification Flags Fragment Offset Sequence Number

QR Opcode AA TC RD RA Z RCODE Time to Live Protocol Header Checksum Acknowledgment Number


Type Name/Codes (Code=0 unless otherwise specified)
Offset Reserved Flags Window
QDCOUNT 0 Echo Reply Source Address (Header Length)
3 Destination Unreachable Checksum Urgent Pointer
ANCOUNT Destination Address
0 Net Unreachable
NSCOUNT 1 Host Unreachable Options (optional) Options (optional)
2 Protocol Unreachable
ARCOUNT 3 Port Unreachable TCP Header Contents
4 Fragmentation Needed & DF Set
IP Header Contents
Question Section 5 Source Route Failed Version Common TCP Well-Known Server Ports
6 Destination Network Unknown 4 IP version 4 7 echo 110 pop3
Answer Section 19 chargen 111 sunrpc
7 Destination Host Unknown Internet Header Length 20 ftp-data 119 nntp
Authority Section 8 Source Host Isolated Number of 32-bit words in IP header; minimum 21 ftp-control 139 netbios-ssn
9 Network Administratively Prohibited value = 5 (20 bytes) & maximum value = 15 (60 bytes)
Additional Information Section 22 ssh 143 imap
10 Host Administratively Prohibited
Type of Service (PreDTRCx) --> Differentiated Services 23 telnet 179 bgp
11 Network Unreachable for TOS
Precedence (000-111) 000 25 smtp 389 ldap
DNS Parameters 12 Host Unreachable for TOS
53 domain 443 https (ssl)
13 Communication Administratively Prohibited D (1 = minimize delay) 0
T (1 = maximize throughout) 0 79 finger 445 microsoft-ds
Query/Response 4 Source Quench
R (1 = maximize reliability) 0 80 http 1080 socks
0 Query 5 Redirect
1 Response 0 Redirect Datagram for the Network C (1 = minimize cost) 1 = ECN capable
x (reserved and set to 0) 1 = congestion experienced Offset
Opcode 1 Redirect Datagram for the Host Number of 32-bit words in TCP header; minimum value = 5
0 Standard query (QUERY) 2 Redirect Datagram for the TOS & Network Total Length
1 Inverse query (IQUERY) 3 Redirect Datagram for the TOS & Host Number of bytes in packet; maximum length = 65,535 Reserved
2 Server status request (STATUS) 8 Echo 4 bits; set to 0
Flags (xDM)
9 Router Advertisement
AA x (reserved and set to 0) Flags (CEUAPRSF)
10 Router Selection
(1 = Authoritative Answer) D (1 = Don't Fragment)
11 Time Exceeded M (1 = More Fragments) ECN bits (used when ECN employed; else 00)
TC 0 Time to Live exceeded in Transit CWR (1 = sender has cut congestion window in half)
(1 = TrunCation) 1 Fragment Reassembly Time Exceeded Fragment Offset ECN-Echo (1 = receiver cuts congestion window in half)
12 Parameter Problem Position of this fragment in the original datagram,
RD in units of 8 bytes U (1 = Consult urgent pointer, notify server application
0 Pointer indicates the error
(1 = Recursion Desired) of urgent data)
1 Missing a Required Option Protocol A (1 = Consult acknowledgement field)
RA 2 Bad Length 1 ICMP 17 UDP 57 SKIP P (1 = Push data)
(1 = Recursion Available) 13 Timestamp 2 IGMP 47 GRE 88 EIGRP R (1 = Reset connection)
Z 14 Timestamp Reply 6 TCP 50 ESP 89 OSPF S (1 = Synchronize sequence numbers)
(Reserved; set to 0) 15 Information Request 9 IGRP 51 AH 115 L2TP F (1 = no more data; Finish connection)
16 Information Reply
Response code Header Checksum
17 Address Mask Request Checksum
0 No error Covers IP header only
18 Address Mask Reply Covers pseudoheader and entire TCP segment
1 Format error 30 Traceroute Addressing
2 Server failure NET_ID RFC 1918 PRIVATE ADDRESSES Urgent Pointer
3 Non-existant domain (NXDOMAIN) 0-127 Class A 10.0.0.0-10.255.255.255 Offset pointer to urgent data
4 Query type not implemented 128-191 Class B 172.16.0.0-172.31.255.255
5 Query refused PING (Echo/Echo Reply) 192-223 Class C 192.168.0.0-192.168.255.255 Options
Bit Number 224-239 Class D (multicast) 0 End of Options list 3 Window scale
QDCOUNT
240-255 Class E (experimental) 1 No operation (pad) 4 Selective ACK ok
(No. of entries in Question section) 1111111111222222222233 HOST_ID 2 Maximum segment size 8 Timestamp
ANCOUNT
(No. of resource records in Answer section) 01234567890123456789012345678901 0 Network value; broadcast (old)
255 Broadcast
NSCOUNT Type (8 or 0) Code (0) Checksum
(No. of name server resource records in Authority section) Options (0-40 bytes; padded to 4-byte boundary)
Identifier Sequence Number 0 End of Options list 68 Timestamp
ARCOUNT 1 No operation (pad) 131 Loose source route
(No. of resource records in Additional Information section. Data... 7 Record route 137 Strict source route

ICS410HANDOUT_TCPIP_TCP.pdf

You might also like