Network Protocols – CompTIA Network+ Certification Study Guide

Overview

Network protocols define the rules and standards that enable devices to communicate across networks. This study guide covers the essential protocols tested on the CompTIA Network+ exam, including TCP/IP fundamentals, application layer services, network services, routing protocols, and secure tunneling solutions. Mastery of port numbers, protocol behaviors, and key distinctions between similar protocols is critical for exam success.

---

TCP/IP Fundamentals

Core Transport Protocols

The foundation of modern networking rests on two transport protocols that serve different purposes depending on the application's needs.

TCP (Transmission Control Protocol)

• Connection-oriented – requires a handshake before data transfer

• Provides reliable, ordered delivery with acknowledgments (ACKs)

• Used when data integrity is critical (web browsing, email, file transfer)

• IP Protocol Number: 6

UDP (User Datagram Protocol)

• Connectionless – no handshake, no guaranteed delivery

• Provides faster, best-effort delivery

• Used when speed is prioritized over reliability (VoIP, streaming, DNS queries)

• IP Protocol Number: 17

The TCP Three-Way Handshake

```

Client Server

|--- SYN ------->| Step 1: Client initiates connection

|<-- SYN-ACK ----| Step 2: Server acknowledges and responds

|--- ACK ------->| Step 3: Client confirms – connection established

```

> Key Terms:

> - SYN – Synchronize: initiates a connection

> - SYN-ACK – Synchronize-Acknowledge: server confirms receipt

> - ACK – Acknowledge: client confirms the connection is open

ICMP and Diagnostic Protocols

ICMP (Internet Control Message Protocol) is used for network diagnostics and error reporting, not data transfer.

| ICMP Function | Type | Description |

|---|---|---|

| Echo Request | Type 8 | Sent by `ping` |

| Echo Reply | Type 0 | Response to ping |

| Destination Unreachable | Type 3 | Packet could not be delivered |

| Time Exceeded | Type 11 | TTL expired (used by traceroute) |

Ping: Uses ICMP Echo Request (Type 8) and Echo Reply (Type 0)

Traceroute/Tracert:

• Windows (`tracert`): Uses ICMP Echo Requests

• Linux/macOS (`traceroute`): Uses UDP packets by default

ARP (Address Resolution Protocol)

Purpose: Resolves a known IP address → MAC address on a local network segment

Process:

1. Host broadcasts "Who has IP 192.168.1.1?"

2. The device with that IP replies with its MAC address

3. The MAC address is cached in the ARP table

> Key Terms:

> - ARP Table/Cache – Local storage of IP-to-MAC mappings

> - Gratuitous ARP – Unsolicited ARP announcement (used in failover/attacks)

> - ARP Poisoning – Security attack that corrupts ARP caches

⚠️ Watch Out For

• TCP vs. UDP confusion – Remember: TCP = reliable/ordered, UDP = fast/best-effort

• ICMP has no port numbers – It operates at Layer 3, not Layer 4

• tracert (Windows) ≠ traceroute (Linux) – They use different protocols; this is a common exam trick

• ARP operates at Layer 2 – It resolves MAC addresses, not IP addresses

• Ping success doesn't guarantee full connectivity – ICMP may be blocked by firewalls even when a service is running

---

Application Layer Protocols

Essential Port Numbers Reference Table

|---|---|---|---|

| FTP (Data) | 20 | TCP | Active mode data transfer |

| FTP (Control) | 21 | TCP | Commands and control |

| SSH / SFTP | 22 | TCP | Encrypted remote access / file transfer |

| Telnet | 23 | TCP | Unencrypted remote access |

| SMTP | 25 | TCP | Sending/relaying email |

| DNS | 53 | UDP/TCP | Name resolution |

| HTTP | 80 | TCP | Web traffic (unencrypted) |

| POP3 | 110 | TCP | Downloading email |

| NTP | 123 | UDP | Time synchronization |

| IMAP | 143 | TCP | Synchronized email access |

| HTTPS | 443 | TCP | Encrypted web traffic (TLS) |

| RDP | 3389 | TCP/UDP | Remote desktop (Windows) |

Web Protocols: HTTP vs. HTTPS

• HTTP – TCP port 80, unencrypted, traffic visible in plaintext

• HTTPS – TCP port 443, encrypted with TLS (Transport Layer Security)

- The "S" = Secure

- Uses digital certificates to authenticate servers

File Transfer Protocols

FTP (File Transfer Protocol)

• Control: TCP port 21 | Data (active): TCP port 20

• Active Mode: Server initiates data connection back to client (problematic with firewalls)

• Passive Mode: Client initiates both connections to server (firewall-friendly)

SFTP (SSH File Transfer Protocol)

• Runs entirely over SSH on TCP port 22

• Not a variant of FTP – completely different protocol

• Provides full encryption of data and credentials

TFTP (Trivial File Transfer Protocol)

• UDP port 69

• No authentication, no directory listing, no encryption

• Use cases: booting diskless workstations, uploading firmware, network device configs

Remote Access Protocols

|---|---|---|---|

| SSH | TCP 22 | ✅ Full encryption | Secure CLI remote access |

> SSH vs. Telnet: SSH encrypts all traffic including credentials. Telnet sends everything, including passwords, in cleartext.

Email Protocols

SMTP – TCP port 25

• Sends and relays email between mail servers

• Also used by email clients to send outbound mail

POP3 (Post Office Protocol v3) – TCP port 110

• Downloads email to device, typically deletes from server

• Single-device access model

IMAP (Internet Message Access Protocol) – TCP port 143

• Keeps email synchronized on the server

• Supports multi-device access (phone, laptop, tablet all stay in sync)

DNS (Domain Name System)

• UDP port 53 – Standard queries (fast, lightweight)

• TCP port 53 – Used when:

- Response exceeds 512 bytes

- Zone transfers (full DNS database replication between servers)

Management & Infrastructure Protocols

SNMP (Simple Network Management Protocol)

• UDP port 161 – Polling/queries (manager → device)

• UDP port 162 – Traps (unsolicited alerts from device → manager)

• SNMPv3 improvements over v1/v2c:

- Authentication (MD5 or SHA)

- Encryption (DES or AES)

- Message integrity

NTP (Network Time Protocol)

• UDP port 123

• Critical for: digital certificates, Kerberos authentication, log correlation/forensics

• Incorrect time can cause authentication failures and make logs unreliable

LDAP / LDAPS

• LDAP – TCP port 389 (Lightweight Directory Access Protocol)

• LDAPS – TCP port 636 (LDAP over SSL/TLS)

• Used for querying directory services (e.g., Active Directory)

⚠️ Watch Out For

• FTP port 20 vs. 21 – Port 21 = control, Port 20 = active data transfer only

• SFTP is NOT FTP over SSH – It's a completely separate protocol that happens to use the same port

• DNS uses both UDP and TCP port 53 – UDP for queries, TCP for large responses/zone transfers

• SNMP traps (162) vs. queries (161) – Traps are unsolicited, queries are initiated by the manager

• POP3 vs. IMAP – POP3 downloads and deletes; IMAP syncs and retains on server

• SMTP sends email; POP3/IMAP receive it – These serve different directions of email flow

• SNMPv1/v2c have NO encryption – Only SNMPv3 adds security features

---

Network Services Protocols

DHCP (Dynamic Host Configuration Protocol)

#### The DORA Process

```

Client Server

|-- DISCOVER (broadcast) ----->| "I need an IP address!"

|<-- OFFER (unicast/broadcast) | "How about 192.168.1.50?"

|-- REQUEST (broadcast) ------>| "I'll take 192.168.1.50!"

|<-- ACKNOWLEDGE (broadcast) --| "It's yours! Lease = 8 hours"

```

DHCP Ports:

• Client: UDP port 68

• Server: UDP port 67

DHCP Relay Agent:

• Forwards DHCP broadcasts across router boundaries to a remote DHCP server

• Needed because routers do not forward broadcasts by default

• Also called IP Helper (Cisco terminology)

> Key Terms:

> - DHCP Scope – The range of IP addresses available for lease

> - DHCP Reservation – Assigns a specific IP to a device based on MAC address

> - Lease Time – How long a client may use the assigned IP before renewal

DNS Record Types

| Record Type | Function |

|---|---|

| A | Maps hostname → IPv4 address |

| AAAA (Quad-A) | Maps hostname → IPv6 address |

| MX | Identifies mail servers for a domain (with priority) |

| PTR | Reverse lookup – maps IP address → hostname (stored in `in-addr.arpa`) |

| CNAME | Alias – maps one hostname to another hostname |

| NS | Identifies authoritative name servers for a domain |

| TXT | Stores text (used for SPF, DKIM, domain verification) |

MX Records: Include a priority value – lower number = higher priority

PTR Records: Enable reverse DNS lookup; stored in the in-addr.arpa zone

⚠️ Watch Out For

• DORA order matters – Discover → Offer → Request → Acknowledge (not Acknowledge → Request)

• DHCP uses broadcasts – This is why relay agents are needed across subnets

• A vs. AAAA – A = IPv4, AAAA = IPv6 (four times as long = four A's)

• PTR records are for reverse lookups – Not forward resolution

• MX records point to hostnames, not IPs – The hostname then has its own A record

---

Routing Protocols

Routing Protocol Overview

|---|---|---|---|---|

| RIP | Distance-vector | Hop count | 15 | 120 |

Administrative Distance (AD)

Administrative Distance determines which routing source is trusted when multiple protocols advertise the same route. Lower AD = more preferred.

```

Connected: 0 (most trusted)

Static: 1

eBGP: 20

EIGRP: 90

OSPF: 110

RIP: 120

```

> OSPF (AD 110) is preferred over RIP (AD 120)

Individual Protocol Details

RIP (Routing Information Protocol)

• Distance-vector protocol

• Metric: hop count (each router = 1 hop)

• Maximum hops: 15 (16 = unreachable)

• Updates sent every 30 seconds

• Suited for small, simple networks only

OSPF (Open Shortest Path First)

• Link-state protocol

• Metric: cost (inversely proportional to bandwidth)

• Uses Dijkstra's Shortest Path First algorithm

• Builds a complete map of the network topology

• Organizes networks into areas (Area 0 = backbone)

• No hop count limit

EIGRP (Enhanced Interior Gateway Routing Protocol)

• Cisco proprietary hybrid protocol

• Combines distance-vector and link-state features

• Default metric: bandwidth + delay (composite metric)

• Uses DUAL (Diffusing Update Algorithm) for fast convergence

• Maintains backup routes (Feasible Successor)

BGP (Border Gateway Protocol)

• Path-vector protocol

• The routing protocol of the internet

• Exchanges routing between Autonomous Systems (AS)

• eBGP = between different AS | iBGP = within same AS

• Policy-based routing decisions

⚠️ Watch Out For

• RIP's 15-hop limit is a hard ceiling – This makes it unsuitable for large networks

• Lower administrative distance = more preferred – This is counterintuitive for some

• OSPF uses cost, not hops – Higher bandwidth = lower cost = preferred path

• EIGRP is Cisco proprietary – Cannot interoperate natively with non-Cisco equipment

• BGP is NOT used inside a company network – It's for internet-scale routing between organizations

---

Secure & Tunneling Protocols

IPSec (Internet Protocol Security)

IPSec secures IP communications through two core protocols:

| Protocol | Provides | Encryption |

|---|---|---|

| AH (Authentication Header) | Integrity + Authentication | ❌ No |

| ESP (Encapsulating Security Payload) | Encryption + Integrity + Authentication | ✅ Yes |

> ESP is almost always preferred because it provides both encryption AND authentication.

IPSec Modes:

| Mode | Use Case | What's Protected |

|---|---|---|

| Tunnel Mode | VPN between networks (site-to-site) | Entire original packet (new IP header added) |

| Transport Mode | End-to-end host communication | Payload only (original IP header preserved) |

RADIUS (Authentication Protocol)

RADIUS (Remote Authentication Dial-In User Service)

• UDP port 1812 – Authentication

• UDP port 1813 – Accounting

• Legacy ports: 1645 (auth) / 1646 (accounting)

• Centralizes AAA: Authentication, Authorization, Accounting

• Common in Wi-Fi (802.1X) and VPN authentication

SNMPv3 Security

While covered in Application Layer, SNMPv3 deserves emphasis here:

• Uses same ports: UDP 161/162

• Adds authentication (MD5/SHA), encryption (DES/AES), and message integrity

• SNMPv1/v2c = community strings only (no real security)

Protocol Security Comparison

| Insecure Protocol | Secure Replacement | Port Change |

|---|---|---|

| Telnet (23) | SSH (22) | Different port |

| FTP (20/21) | SFTP (22) or FTPS | Different port |

| HTTP (80) | HTTPS (443) | Different port |

| LDAP (389) | LDAPS (636) | Different port |

| SNMPv1/v2 | SNMPv3 | Same ports (161/162) |

⚠️ Watch Out For

• AH does NOT encrypt – It only authenticates; use ESP for encryption

• Tunnel mode wraps the entire packet – Adds a new IP header; used for VPNs

• SFTP ≠ FTPS – SFTP runs

CompTIA Network+ Certification Study Guide

Network Protocols – CompTIA Network+ Certification Study Guide

Overview

TCP/IP Fundamentals

Core Transport Protocols

The TCP Three-Way Handshake

ICMP and Diagnostic Protocols

ARP (Address Resolution Protocol)

⚠️ Watch Out For

Application Layer Protocols

Essential Port Numbers Reference Table

Web Protocols: HTTP vs. HTTPS

File Transfer Protocols

Remote Access Protocols

Email Protocols

DNS (Domain Name System)

Management & Infrastructure Protocols

⚠️ Watch Out For

Network Services Protocols

DHCP (Dynamic Host Configuration Protocol)

DNS Record Types

⚠️ Watch Out For

Routing Protocols

Routing Protocol Overview

Administrative Distance (AD)

Individual Protocol Details

⚠️ Watch Out For

Secure & Tunneling Protocols

IPSec (Internet Protocol Security)

RADIUS (Authentication Protocol)

SNMPv3 Security

Protocol Security Comparison

⚠️ Watch Out For

Take a Practice Test

Study with Flashcards

Want more study tools?