Lesson 1 Understand Common Ports and Protocols
Exercises
Introduction
Exercise 1 — Verifying Port 80 for HTTP
Exercise 2 — Verifying HTTPS Port 443
Exercise 3 — Verifying Port 139 for NetBIOS
Exercise 4 — Contrast TCP and UDP Protocols
Summary
Introduction
The Understand Common Ports and Protocols module provides you with the instruction and computer hardware to develop your hands on skills in the defined topics. This module includes the following exercises:
- Verifying Port 80 for HTTP
- Verifying Port 443 for HTTPS
- Verify Port 139 for NetBIOS
- Understanding TCP and UDP
Lab time: It will take approximately 1 hour to complete this lab.
Lab Diagram
During your session you will have access to the following lab configuration. Depending on the exercises you may or may not use all of the devices, but they are shown here in the layout to get an overall understanding of the topology of the lab.
Connecting to your lab
In this module you will be working on the following equipment to carry out the steps defined in each exercise.
- PLABDC01 (Windows Server 2008 — R2 Domain Controller)
- PLABGW01 (Windows Server 2008 R2 — Standalone Server)
- PLABWIN701 (Windows 7 Workstation)
To start, simply choose a device and click Power on. In some cases, the devices may power on automatically.
Exercise 1 — Verifying Port 80 for HTTP
HTTP, short for Hypertext Transfer Protocol, enables the users of the World Wide Web to exchange data. HTTP supports a huge variety of data formats — from text to voice to all way through to multi-media. HTTP servers typically listen on TCP port 80 for any session requests from HTTP clients.
To better understand this technology, refer also to your course material or use your preferred search engine to research this topic in detail.
In this exercise you will complete the following tasks:
- Start Packet Capture
- Create HTTP Traffic
- Verify Port 80 for HTTP
Task 1 — Start Packet Capture
This task will provide a more practical experience as there will be many devices communicating across the network.
Alert: To give you a feel for the different versions of Wireshark available, in this module you will be using Wireshark version 1.4.4. In later modules, you will install and use a newer version of Wireshark. The steps carried out in this module can be applied to newer versions of the software, however the look, feel and location of some features may differ.
Step 1
Ensure you have powered on the required devices defined in the introduction and connect to PLABGW01.
Launch Wireshark by clicking the icon on the desktop.
The Wireshark Network Analyzer is displayed.
Step 2
From the Capture pane, select Capture Options.
Step 3
In the Capture section, leave the default settings and click Start.
Step 4
View the initial data packets coming.
Alert: Data packets may not always have viewed on initial capture. The next few steps will allow you to see and access packets.
The capturing window is displayed.
Minimize WireShark.
Task 2 — Create HTTP Traffic
In this task, you will create HTTP traffic by accessing a website using a web browser.
This module will provide a more practical experience as there will be many devices communicating across the network, you will also be using an older version of Wireshark which can be more typical in most professional work environments using legacy software for compatibility purposes.
However, if you prefer you can download and use the most up to date version at the time of writing which is found on the Internet.
To create http traffic, perform these steps:
Step 1
On the PLABGW01 desktop, click Start and select Internet Explorer.
Step 2
Enter the following website into the address bar and click Enter.
www.cisco.comMinimize Internet Explorer.
Task 3 — Verify Port 80 for HTTP
In this task, you will verify that HTTP uses port 80 to setup an HTTP client-server session.
To verify the port for HTTP, perform the following steps:
Step 1
Reopen Wireshark capture window again. While the packet capture is on-going, click in Filter box and type http.
Click Apply.
Step 2
Scroll back and look for an HTTP packet. For example, look for packet that has got information about protocol HTTP and Info GET/HTTP/1.1.
Click the packet then go to middle pane. Expand Transmission Control Protocol and look for Destination port: http (80).
Note: It is important to scroll back and look for an HTTP packet that is carrying text/html information. The packets carrying this less complex form of data use port 80. However, as the website access becomes more detailed, more complex forms of data, such as applications or graphics, are exchanged using HTTP. These later HTTP packets prefer to use port 8080.
Step 3
Click the Stop button to stop the on-going data capture.
Keep Wireshark open.
Leave all devices powered on in their current state and proceed to the next exercise.
Exercise 2 — Verifying HTTPS Port 443
HTTPS, short for Hypertext Transfer Protocol Secure, is essentially HTTP with SSL/TLS added for security. The security feature helps prevent unauthorized access of information available on a network. This is especially relevant to networks accessed over WANs, such as Internet. TCP reserves port #443 for the HTTPS protocol.
To better understand this technology, refer also to your course material or use your preferred search engine to research this topic in detail.
In this exercise you will complete the following tasks:
- Restart Wireshark on PLABGW01
- Capture HTTPS Traffic using Wireshark
- Block-out HTTPS Access
- Verify HTTPs is Blocked
- Remove Firewall Rules Blocking HTTPS
Task 1 — Capture HTTPS Traffic using WireShark
In this task, you will verify that the Windows 7 Professional machine allows access to HTTPS websites.
Step 1
Ensure you are still connected to PLABGW01.
In the Wireshark application, click Capture from the menu bar then click Start.
Step 2
When asked choose Continue without saving.
Step 3
Maximise Internet Explorer, and enter the following into the address bar:
https://www.google.comThe Google website is displayed.
Step 4
Click the padlock icon to view the security information of this website. Close Internet Explorer.
Step 4
Maximise WireShark.
In the Filter, verify that is http in the text box.
Click Apply. Find the packet with Info CONNECT www.google.co.uk:443
Close Wireshark without saving changes then close Internet Explorer.
Task 2 — Block-out HTTPS Access
In this task, you will configure the Windows 7 Professional machine to block-out the HTTPS.
Please note that devices in Practice Labs access the Internet using a proxy server. This proxy server uses port 8080.
To block-out HTTPS on the Windows 7 Professional machine, perform the following steps:
Step 1
On the PLABWIN701 desktop, close Internet Explorer.
Right-click network icon in system tray and choose Open Network and Sharing Center.
Step 2
The Network and Sharing Center is displayed.
Select the Windows Firewall link, located in the bottom left-hand corner of the window.
Step 3
On the Windows Firewall window, select the Advanced settings option from the left-side pane.
Step 4
On the Windows Firewall with Advanced Security window, click Inbound Rules from the left-side pane.
Step 5
List of inbound rules is displayed.
Right-click Inbound Rules and choose New Rule.
Step 6
The New Inbound Rule Wizard is displayed.
On the Rule Type page, select the Port radio button and click Next.
Step 7
On the Protocol and Ports page, select the TCP radio button if not selected already.
Select the Specific local ports radio button and type the following in the text box:
80, 443, 8080Click Next.
Note: Port 8080 is the proxy’s port number that controls Internet access from these lab devices, therefore you have to include it in the list.
Step 8
On the Action page, select Block the connection radio button and click Next.
Step 9
On the Profile page, keep all the default selections and click Next.
Step 10
On the Name page, specify the name of the rule as Block HTTPS 443 and click Finish.
Step 11
On the Windows Firewall with Advanced Security window, notice that Block HTTPS 443 appears as a rule on the Inbound Rules list.
Step 12
Select the Outbound Rules node.
The Outbound Rules list is displayed. Right-click on Outbound Rules and choose New Rule…
Step 13
New Outbound Rule Wizard is displayed.
On the Rule Type page, select the Port radio button and click Next.
Step 14
On the Protocol and Ports page, select the TCP radio button if not selected already.
Select the Specific local ports radio button and type in:
80, 443, 8080Click Next.
Note: Like in the earlier step, you added port 8080 which is proxy server’s port number that controls Internet access to the lab devices.
Step 15
On the Action page, select Block the connection radio button if not selected already.
Click Next.
Step 16
On the Profile page, keep all the default selections and click Next.
Step 17
On the Name page, specify the name of the rule as Block HTTPS 443 and click Finish.
Step 18
On the Windows Firewall with Advanced Security window, notice that Block HTTPS 443 appears as a rule under the Outbound Rules list.
Minimize Windows Firewall with Advanced Security.
Task 3: Verify HTTPS is Blocked
In this task, you will try to access HTTPS websites again on PLABWIN701 after blocking the port 443.
To verify that HTTPS is blocked, perform the following steps:
Step 1
On the PLABWIN701 desktop, click Start > All Programs and click Internet Explorer.
Step 2
Access the following website:
https://www.google.comNote: Since access to Internet in this lab is controlled by proxy server, the firewall effectively blocked access to the outside world.
Task 4 — Remove Firewall Rules Blocking HTTPS Access
In this task, you will unblock the port 443 and access HTTPS websites again.
To verify that HTTPS protocol uses port 443, perform the following steps:
Step 1
From PLABWIN701, restore Windows Firewall with Advanced Security.
Click on Inbound Rules then right-click on Block HTTPS 443 choose Delete.
Step 2
Click Yes to delete the rule.
Step 3
Click Outbound Rules and then right-click on Block HTTPS 443 choose Delete.
Step 4
Click Yes to delete the rule.
Close Windows Firewall with Advanced Settings.
Step 6
From Internet Explorer navigate back to:
https://www.google.comClose Internet Explorer.
Leave all devices powered on in their current state and proceed to the next exercise.
Exercise 3 — Verifying Port 139 for NetBIOS
NetBIOS, short for Network Basic Input/Output System, is a communication protocol that supports communication among computers connected on LAN. NetBIOS does not support communication on WANs. Therefore, NetBIOS normally rides on TCP/IP when implemented on applications/computers connected to a WAN. Port #139 is reserved for NetBIOS protocol.
To better understand this technology, refer also to your course material or use your preferred search engine to research this topic in detail.
In this exercise you will complete the following tasks:
- Verify NetBIOS is Running
- Block NetBIOS
- Verify NetBIOS is Disabled
- Enable NetBIOS
- Verify Port 139 is Reopened
Task 1 — Verify NetBIOS is Running
In this task, you will verify that NetBIOS is running on the Windows 7 Professional machine.
To verify that NetBIOS is running, perform the following steps:
Step 1
From PLABWIN701 device, click Start and enter cmd in the Search programs and files text box.
Step 2
On the command prompt, enter the command:
netstat -anPress Enter.
Step 3
The details of various active ports on the system are listed.
Notice the entry — 192.168.0.2:139 — LISTENING. This confirms that port 139 is enabled on your machine.
Close the command prompt window.
Task 2 — Block NetBIOS
In this task, you will block NetBIOS running on the Windows 7 Professional machine.
To block NetBIOS, perform the following steps:
Step 1
On the PLABWIN701 desktop, click Start and select Control Panel.
Step 2
On the Control Panel window, select Network and Internet.
Step 3
On the Network and Internet window, select Network and Sharing Center.
Step 4
On the Network and Sharing Center window, select Local Area Connection.
Step 5
On the Local Area Connection Status dialog box, click Properties.
Step 6
The Local Area Connection Properties dialog box is displayed.
On the Networking tab, select Internet Protocol Version 4(TCP/IPv4) and click Properties.
Step 7
The Internet Protocol Version 4(TCP/IPv4) Properties dialog box is displayed.
On the General tab, keep all the default selections and values and click Advanced.
Step 8
On the Advanced TCP/IP Settings dialog box, select the WINS tab.
Select the Disable NetBIOS over TCP/IP radio button.
Click OK twice.
Step 9
Click Close twice to exit other dialogue boxes.
Since there is a secondary network interface on PLABWIN701, repeat the same steps from 4 to 9 to disable NetBIOS on the other Local Area Connection link (Note: The name of the connection may vary in number.).
Task 3 — Verify NetBIOS is disabled
In this task, you will verify that NetBIOS is disabled on the Windows 7 Professional machine.
To verify that NetBIOS is blocked, perform the following steps:
Step 1
On the PLABWIN701 desktop, click Start and access command prompt.
Step 2
On the command prompt, again enter the command:
netstat -anPress Enter.
From the port details displayed, notice that the entry for port 139 supported by TCP/IP — 192.168.0.2:139 — is missing.
Therefore, disabling NetBIOS disables port 139, which is the default port for the protocol.
Close Command prompt.
Task 4 — Enable NetBIOS
In this task, you will enable the NetBIOS protocol on TCP on the Windows 7 Professional machine.
To verify that NetBIOS is enabled, perform the following steps:
Step 1
As with the previous steps, on the PLABWIN701 desktop, click Start and select Control Panel.
On the Control Panel window, select Network and Internet.
Step 2
On the Network and Sharing Center window, select Local Area Connection then click Properties.
Step 3
The Local Area Connection Properties dialog box is displayed.
On the Networking tab, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Step 4
The Internet Protocol Version 4(TCP/IPv4) Properties dialog box is displayed.
On the General tab, keep all the default selections and values and click Advanced.
Step 5
On the Advanced TCP/IP Settings dialog box, select the WINS tab.
Select the Default radio button. Keep the other selections and click OK.
Close various dialog boxes and windows to reach the desktop.
Repeat steps 1 to 5 on the other Local Area Connection link (Note: The name of the connection may vary in number.)
Task 5 — Verify Port 139 is Reopened
In this task, you will verify that NetBIOS port is unblocked on the Windows 7 Professional machine.
To verify that NetBIOS port has been reopened, perform the following steps:
Step 1
On the PLABWIN701 desktop, click Start and enter cmd in the Search programs and files text box.
Step 2
On the command prompt, enter the command:
netstat -anStep 3
Notice the re-appearance of the entry — 192.168.0.2:139 — LISTENING. This confirms that port 139 is now re-opened. Therefore, enabling NetBIOS on TCP has opened port #139, which is the default NetBIOS port.
Close the command prompt window.
Leave all devices powered on in their current state and proceed to the next exercise.
Exercise 4 — Contrast TCP and UDP Protocols
Both TCP (transmission control protocol) and UDP (user datagram protocol) are a part of the IP (Internet protocol) suite of protocols. Both these protocols convert data into packets to enable exchange across networked computers. However, the two are very dissimilar in their details of operation; and hence have very different application.
To better understand this technology, refer also to your course material or use your preferred search engine to research this topic in detail.
In this exercise you will complete the following tasks:
- Capture Packets
- Identify TCP Packets
- Identify UDP Packets
Task 1 — Capture Packets
In this task, you will capture packets to identify the protocol being implemented.
To capture packets, perform the following steps:
Step 1
Connect to PLABGW01 device, from the desktop, launch Wireshark.
Step 2
The Wireshark Network Analyzer is displayed.
Click Capture Options in the Capture pane.
Step 3
In WireShark Capture options, choose the option in the Interface List with an IP address of 192.168.0.3.
Note: The name may differ in your lab, but the IP address will not.
Click Start.
Step 4
Wireshark window displays the details of data packets being exchanged among the device.
Notice the multi-colour coding of the packets. Each colour represents the protocol that the data packet implements.
Task 2 — Identify TCP Packets
In this task, you will identify packets implementing TCP protocol and the ports used.
To identify TCP packets and the ports used, perform the following steps:
Step 1
From Wireshark window, enter tcp in the Filter drop-down text box and click Apply.
Notice the change in the color-coding of the data packets. Only the data packets implementing tcp protocol are now being displayed.
Minimize Wireshark.
Step 2
Click Start and select Internet Explorer.
Step 3
The Practice Labs Intranet page will appear.
Minimize Internet Explorer.
Step 4
Maximize Wireshark.
Select a tcp packet from the list displayed.
Step 3
Window specifying the details of packet appears. Expand the link Transmission Control Protocol.
Notice that the Source port is and the Destination port.
Close the window.
Task 3 — Identify UDP Packets
In this task, you will identify packets implementing UDP protocol and the ports used.
To identify UDP packets and the ports used, perform the following steps:
Step 1
On the Wireshark capture window, change the entry to udp in the Filter drop-down text box and click Apply.
Again, notice the change in the color-coding of the data packets. Only the data packets implementing UDP protocol are now being displayed.
Step 2
Select a UDP packet from the list displayed. For example, select a DHCP packet.
Step 3
Window specifying the details of DHCP packet appears. Expand the link User Datagram Protocol.
Notice that the Source port is bootpc (68) and the Destination port is bootps (67).
Close the window.
Summary
In this module, you learned to compare and contrast the following ports and their relevant services:
Comparing following networking ports
- Port 80 for HTTP
- Port 443 for HTTPS
- Port 139 for NetBIOS
- TCP and UDP
