Protocol IDs
If you’re preparing for the Security+ or SSCP exams, you’ll need to know a few of the protocol IDs used by TCP/IP. The protocol ID is a number embedded in the header of the packet to identify the protocol. It is used for many protocols that are not identified with a port number.
I recently wrote a blog titled Ports for Network+, Security+, and SSCP Exams which covered the relevant port numbers for these exams. Both port numbers and protocol IDs are used to identify protocols by devices such as routers and firewalls. However, they are different numbers. For example, Hypertext Transfer Protocol (HTTP) uses port number 80, but it is not accurate to say that it uses protocol ID 80. In fact, there isn’t a protocol ID that identifies HTTP.
Practice Test Question
Test your knowledge of protocol IDs with this question. This is an example that you may see on the SSCP exam.
Q. You want to block DoS attacks using ping at a firewall. What would you do?
A. Block port 1 at the firewall
B. Block protocol ID 1 at the firewall
C. Block port 6 at the firewall
D. Block protocol ID 6 at the firewall
Answer at end of blog
Protocol IDs
The following table identifies some of the commonly used protocol IDs that you may be tested on.
| Protocol | Protocol ID |
|---|---|
| ICMP – Internet Control Message Protocol | 1 |
| IGMP – Internet Group Management Protocol | 2 |
| TCP – Transmission Control Protocol | 6 |
| UDP – User Datagram Protocol | 17 |
| IPsec ESP – Internet Protocol security Encapsulating Security Payload | 50 |
| IPsec AH – Internet Protocol security Authentication Header | 51 |
You are more likely to be tested on the protocol IDs in the SSCP exam. If you do see this content on the Security+ exam, it will probably only focus on IPsec ESP or IPsec AH. If you want to see a full listing of protocol ID numbers, check out this list on Internet Assigned Numbers Authority (IANA).
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Routers and firewalls use access control lists (ACLs) to filter traffic. They can filter traffic based on IP addresses, network IDs, ports, and protocol IDs. The ports are used to filter traffic using well-known ports mapped to specific protocols. For example, you can block or allow outgoing email by closing or opening port 25, the well-known port for Simple Mail Transport Protocol (SMTP). Similarly, you can block ICMP traffic (used by ping) by blocking any traffic using protocol ID 1.
Q. You want to block DoS attacks using ping at a firewall. What would you do?
A. Block port 1 at the firewall
B. Block protocol ID 1 at the firewall
C. Block port 6 at the firewall
D. Block protocol ID 6 at the firewall
Answer: B
Ping uses Internet Control Message Protocol (ICMP) and ICMP is identified with protocol ID 1. Blocking protocol ID 1 blocks all pings including a denial-of-service (DoS) attack using ping.
Ports 1 and 6 are unrelated to ping or ICMP so would not have any effect on blocking pings.
Protocol ID 6 identifies Transmission Control Protocol (TCP) so by blocking protocol ID 6, you would block all TCP traffic.
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Realistic SY0-601 Security+ Practice Test Questions
- Performance-based questions.
- All of the flashcards from the study guide. View them in any Web browser. See demo here
- All of the audio from the study guide.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
| Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
