Windows Network - Common Protocols

In a typical Microsoft Windows network environment, you would expect to see a range of protocols that facilitate network communication, resource sharing, authentication, and management. Here are some protocols commonly used in a Windows network:

1. **Server Message Block (SMB)**: SMB is a protocol used for file and printer sharing, as well as accessing shared resources on Windows-based systems. It allows clients to connect to file servers, access shared folders, and perform file operations such as reading, writing, and file locking.

2. **Active Directory (AD)**: Active Directory is a directory service that stores information about network resources and enables centralized management of user accounts, groups, and network resources. It uses the Lightweight Directory Access Protocol (LDAP) for communication.

3. **Domain Name System (DNS)**: DNS is used for name resolution in Windows networks. It translates domain names into IP addresses and vice versa, allowing clients to locate domain controllers, servers, and other network resources.

4. **Dynamic Host Configuration Protocol (DHCP)**: DHCP is commonly used in Windows networks to automatically assign IP addresses, subnet masks, and other network configuration parameters to client devices when they connect to the network.

5. **NetBIOS (Network Basic Input/Output System)**: NetBIOS is an API used by applications for network communication in Windows environments. It allows applications to send and receive data over the network and provides services like name resolution and session management.

6. **Remote Desktop Protocol (RDP)**: RDP enables remote access to Windows-based systems. It allows users to connect to a remote desktop and interact with the desktop environment as if they were sitting in front of the physical machine.

7. **Simple Mail Transfer Protocol (SMTP)**: SMTP is used for sending and receiving email in Windows networks. It facilitates the communication between email clients (such as Microsoft Outlook) and email servers (such as Microsoft Exchange).

8. **Windows Internet Name Service (WINS)**: WINS is a legacy NetBIOS name resolution service used in older Windows networks. It translates NetBIOS names to IP addresses, helping clients locate resources.

9. **Kerberos**: Kerberos is a network authentication protocol used in Windows networks to verify the identities of users and services. It provides secure authentication and supports features like single sign-on.

10. **Remote Procedure Call (RPC)**: RPC is a protocol used for communication between applications and services running on different systems in a Windows network. It allows applications to request services from remote systems and exchange data.

These protocols form the foundation for network communication, authentication, and resource sharing in a Windows network environment. It's important to note that the specific protocols and their usage can vary depending on the version of Windows, network configuration, and services deployed within the network.

================

Here's an elaboration on each protocol mentioned, along with the port numbers commonly associated with them in a Microsoft Windows network:

1. **Server Message Block (SMB)**

   - Description: SMB is a protocol used for file and printer sharing, as well as accessing shared resources on Windows-based systems. It allows clients to connect to file servers, access shared folders, and perform file operations.

   - Port Numbers: 

     - SMB over NetBIOS: Port 139 (TCP/UDP)

     - SMB over IP (direct-hosted SMB): Port 445 (TCP/UDP)

2. **Active Directory (AD)**

   - Description: Active Directory is a directory service that stores information about network resources and enables centralized management of user accounts, groups, and network resources. It provides authentication and authorization services.

   - Port Numbers: 

     - LDAP: Port 389 (TCP/UDP)

     - LDAPS (LDAP over SSL/TLS): Port 636 (TCP)

3. **Domain Name System (DNS)**

   - Description: DNS is used for name resolution in Windows networks. It translates domain names into IP addresses and vice versa, allowing clients to locate domain controllers, servers, and other network resources.

   - Port Numbers: 

     - DNS: Port 53 (TCP/UDP)

4. **Dynamic Host Configuration Protocol (DHCP)**

   - Description: DHCP is commonly used in Windows networks to automatically assign IP addresses, subnet masks, and other network configuration parameters to client devices when they connect to the network.

   - Port Numbers: 

     - DHCP server: Port 67 (UDP)

     - DHCP client: Port 68 (UDP)

5. **NetBIOS (Network Basic Input/Output System)**

   - Description: NetBIOS is an API used by applications for network communication in Windows environments. It allows applications to send and receive data over the network and provides services like name resolution and session management.

   - Port Numbers: 

     - NetBIOS Name Service (NBNS): Port 137 (UDP)

     - NetBIOS Datagram Service: Port 138 (UDP)

     - NetBIOS Session Service: Port 139 (TCP)

6. **Remote Desktop Protocol (RDP)**

   - Description: RDP enables remote access to Windows-based systems. It allows users to connect to a remote desktop and interact with the desktop environment as if they were sitting in front of the physical machine.

   - Port Numbers: 

     - RDP: Port 3389 (TCP/UDP)

7. **Simple Mail Transfer Protocol (SMTP)**

   - Description: SMTP is used for sending and receiving email in Windows networks. It facilitates the communication between email clients (such as Microsoft Outlook) and email servers (such as Microsoft Exchange).

   - Port Numbers: 

     - SMTP: Port 25 (TCP)

8. **Windows Internet Name Service (WINS)**

   - Description: WINS is a legacy NetBIOS name resolution service used in older Windows networks. It translates NetBIOS names to IP addresses, helping clients locate resources.

   - Port Numbers: 

     - WINS: Port 137 (TCP/UDP)

9. **Kerberos**

   - Description: Kerberos is a network authentication protocol used in Windows networks to verify the identities of users and services. It provides secure authentication and supports features like single sign-on.

   - Port Numbers: 

     - Kerberos: Port 88 (TCP/UDP)

10. **Remote Procedure Call (RPC)**

    - Description: RPC is a protocol used for communication between applications and services running on different systems in a Windows network. It allows applications to request services from remote systems and exchange data.

   

Here is an expanded list of common protocols in a Windows network environment:

1. **Server Message Block (SMB)**

2. **Active Directory (AD)**

3. **Domain Name System (DNS)**

4. **Dynamic Host Configuration Protocol (DHCP)**

5. **NetBIOS (Network Basic Input/Output System)**

6. **Remote Desktop Protocol (RDP)**

7. **Simple Mail Transfer Protocol (SMTP)**

8. **Windows Internet Name Service (WINS)**

9. **Kerberos**

10. **Remote Procedure Call (RPC)**

11. **Internet Protocol (IP)**

12. **Transmission Control Protocol (TCP)**

13. **User Datagram Protocol (UDP)**

14. **Hypertext Transfer Protocol (HTTP)**

15. **Secure Shell (SSH)**

16. **File Transfer Protocol (FTP)**

17. **Simple Network Management Protocol (SNMP)**

18. **Internet Group Management Protocol (IGMP)**

19. **Border Gateway Protocol (BGP)**

20. **Open Shortest Path First (OSPF)**

21. **Internet Control Message Protocol (ICMP)**

22. **Virtual LAN (VLAN)**

23. **Secure Sockets Layer/Transport Layer Security (SSL/TLS)**

24. **Internet Group Management Protocol (IGMP)**

25. **Network Time Protocol (NTP)**

26. **Simple Network Time Protocol (SNTP)**

27. **Post Office Protocol (POP3)**

28. **Internet Small Computer System Interface (iSCSI)**

29. **Point-to-Point Protocol (PPP)**

30. **Spanning Tree Protocol (STP)**

These protocols cover various aspects of network communication, services, management, and security within a Windows network. Each protocol serves a specific purpose and plays a crucial role in enabling effective network operations.

Certainly! Here's a short description of each protocol from the expanded list:

1. **Server Message Block (SMB)**: File and printer sharing protocol for accessing shared resources on Windows systems.

2. **Active Directory (AD)**: Directory service for storing and managing network resources, user accounts, and groups.

3. **Domain Name System (DNS)**: Resolves domain names to IP addresses and vice versa for network communication.

4. **Dynamic Host Configuration Protocol (DHCP)**: Automates the assignment of IP addresses and network configuration to client devices.

5. **NetBIOS (Network Basic Input/Output System)**: Legacy API for network communication, including name resolution and session management.

6. **Remote Desktop Protocol (RDP)**: Allows remote access to Windows-based systems and interaction with the desktop environment.

7. **Simple Mail Transfer Protocol (SMTP)**: Protocol for sending and receiving email messages between email clients and servers.

8. **Windows Internet Name Service (WINS)**: Legacy name resolution service for NetBIOS names in older Windows networks.

9. **Kerberos**: Network authentication protocol providing secure verification of user and service identities.

10. **Remote Procedure Call (RPC)**: Facilitates communication between applications and services running on different systems.

11. **Internet Protocol (IP)**: Protocol for logical addressing and routing of data packets across network devices.

12. **Transmission Control Protocol (TCP)**: Reliable, connection-oriented protocol ensuring error checking and sequencing of data transmission.

13. **User Datagram Protocol (UDP)**: Connectionless protocol for sending datagrams without error checking and sequencing.

14. **Hypertext Transfer Protocol (HTTP)**: Protocol for transferring data between web clients and servers, enabling web browsing.

15. **Secure Shell (SSH)**: Cryptographic network protocol for secure remote access and administration of network devices.

16. **File Transfer Protocol (FTP)**: Protocol for transferring files between a client and a server over a network.

17. **Simple Network Management Protocol (SNMP)**: Protocol for managing and monitoring network devices.

18. **Internet Group Management Protocol (IGMP)**: Used for managing multicast group memberships in IP networks.

19. **Border Gateway Protocol (BGP)**: Routing protocol used for exchanging routing information between different autonomous systems on the internet.

20. **Open Shortest Path First (OSPF)**: Interior gateway routing protocol for efficient exchange of routing information within an autonomous system.

21. **Internet Control Message Protocol (ICMP)**: Used for diagnostic and error reporting purposes in IP networks, including ping requests and responses.

22. **Virtual LAN (VLAN)**: Network virtualization technique for logically separating network devices into separate broadcast domains.

23. **Secure Sockets Layer/Transport Layer Security (SSL/TLS)**: Protocols for securing communication channels over the internet, commonly used for secure web browsing (HTTPS).

24. **Internet Group Management Protocol (IGMP)**: Used for managing multicast group memberships in IP networks.

25. **Network Time Protocol (NTP)**: Synchronizes the time of network devices in a distributed system.

26. **Simple Network Time Protocol (SNTP)**: Lightweight version of NTP used for time synchronization in network devices.

27. **Post Office Protocol (POP3)**: Protocol for retrieving email from a mail server to a client device.

28. **Internet Small Computer System Interface (iSCSI)**: Protocol for accessing remote block-level storage over IP networks.

29. **Point-to-Point Protocol (PPP)**: Data link layer protocol for establishing a direct connection between two network nodes.

30. **Spanning Tree Protocol (STP)**: Protocol for maintaining a loop-free logical topology in Ethernet networks.

These protocols cover a wide range of network functions, including communication

Wireshark 101

NOTE: This article is from another excellent resource called How-To Geek. Visit them at http://www.howtogeek.com/ and learn other cool geeky stuff.

How to Use Wireshark to Capture, Filter and Inspect Packets

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.
This tutorial will get you up to speed with the basics of capturing packets, filtering them, and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network, or troubleshoot network problems.

Getting Wireshark

You can download Wireshark for Windows or Mac OS X from its official website. If you’re using Linux or another UNIX-like system, you’ll probably find Wireshark in its package repositories. For example, if you’re using Ubuntu, you’ll find Wireshark in the Ubuntu Software Center.
Just a quick warning: Many organizations don’t allow Wireshark and similar tools on their networks. Don’t use this tool at work unless you have permission.

Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.

As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.

Click the stop capture button near the top left corner of the window when you want to stop capturing traffic.

Color Coding

You’ll probably see packets highlighted in green, blue, and black. Wireshark uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example, they could have been delivered out-of-order.

Sample Captures

If there’s nothing interesting on your own network to inspect, Wireshark’s wiki has you covered. The wiki contains a page of sample capture files that you can load and inspect.
Opening a capture file is easy; just click Open on the main screen and browse for a file. You can also save your own captures in Wireshark and open them later.

Filtering Packets

If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in.
The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “dns” and you’ll see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter.

You can also click the Analyze menu and select Display Filters to create a new filter.

Another interesting thing you can do is right-click a packet and select Follow TCP Stream.

You’ll see the full conversation between the client and the server.

Close the window and you’ll find a filter has been applied automatically — Wireshark is showing you the packets that make up the conversation.

Inspecting Packets

Click a packet to select it and you can dig down to view its details.

You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it.

---

Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals.