OSI Layer 5 Explained: Mastering Networking

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] so [Music] so [Music] hello and my name is lowell vanderpool and this channel is dedicated to it professionals i.t students and anyone who's interested in technical subjects welcome back to our study of the osi model we are looking at the network stack both theoretically and practically we're looking at layer five the theoretical concepts of layer five are tough some very very bright people write the rfcs that write these protocols and they're not easy to expose or to see how they work or their activity it took a lot of work to find some tools that would allow us to look at them and see how how they work you're going to be surprised you'll you're going to recognize a lot of them you just didn't plug them in at layer 5. and don't get discouraged because you struggle understanding certain theoretical concepts and the network stack is one of those the people that write these protocols who who are the people responsible for developing this kind of software are super bright people some of the brightest people on the planet if you are struggling with understanding don't give up just like this pup when he was small and trying to catch frisbees he probably didn't get him very often but over time and persevering and working at it he catches those frisbees quite often and don't think you're going to take that frisbee from him we're looking at two conceptual models the osi reference model here on your left and the tcp internet model on your right when we talk about developers that are developing software protocols or the ietf the internet engineering task force as they create rfcs they are all looking at the internet model and they take layer five six and seven and they put it in one block called the application layer why even mess with osi without a doubt even though all of our developing and rfcs are built on the internet model there's just nothing like the osi helping us get a clear perspective sometimes helping us to understand something that's difficult and allowing comparisons between what is in reality and looking at the osi model and the fact that everybody still uses the osi model as we explore the layer five the session layer and we can see in this osi model here it's called the inter-host communication that's its function and we'll see why that's a pretty good definition but look over in the data unit notice that it is dealing with application data streaming down from an application and i'll get into that in just a minute at the transport layer we see we have segments at the network layer we have packets at the layer 2 we have frames and the physical layer bits but i want you to pay attention that application presentation and session layer we're dealing with application data coming down into the network stack let's take for example i've got corel aftershock running on my pc it's a desktop application and it likes to talk to corel's server farm way over here and i don't know exactly where it is but it's on the internet and it's probably got a load balancer and then a server farm behind it now corel aftershock sends hooks and information down the stack and basically gets to the session layer and says look here's the web address for aftershocks i mean corel's server farm and session layer hands that off to the transport layer and says look find out where this is on the internet and this is a chunk of data that i need you to send to that server so that i can connect this application on my pc to a server based application on the server farm the transport layer network layer data link layer all do their job get a dns work with dns get an ip address and begin to send that request for a session between this application and this application to get that started once enough information goes back and forth these two agree on a session this application says yes we've got a session and this server-based application says yes we're connected now depending on the protocol that this application was written for it could be using a number of different protocols at the session layer it could be using rpc to communicate and talk to this server-based application it could use wensoc it could use h.3.3 so there's a number of protocols available depending on the programmer who wrote the client server application how he used uses session but they're always going to be the same this is going to be responsible for connecting this application through the session layer to this application now it's also going to do things like make sure that there's a recovery point so if something nasty so if i have something really go bad with my central florida internet exchange data center or tampa let's say spectrum sends me to tampa to their internet exchange and i get a switch that is overloaded or i've get a router that starts dumping my data between after shock and the server farm the session will attempt to leverage a recovery point so that even if we've lost some data at say an exchange point we can somehow recover and continue on with a session another important feature of the session layer is once we've got this connection and these are talking and data is moving flowing appropriately when i decide to close out my application on my pc there has to be a way of gracefully shutting down this session and so that is what those protocols at layer 5 are going to do they're going to create the session they're going to manage the session they're going to have recovery points to the session and they're going to gracefully close the session now before you get too excited about the recovery that i talked about remember when i have an application streaming data down the session layer and the transport if we're using tcp all have built-in mechanisms to try to fix missing pieces or out of out of order pieces and so there's a lot of recovery components in these layers but they're never designed for catastrophic so if i've got a stream of bits coming down and it hits the central florida internet exchange and in there is a switch that's just absolutely slammed and it starts dumping about a second of my data out out into the bit bucket that is probably about 300 packets and there's no way for this transport layer even if i'm using tcp and this session layer and this session layer to try to recover and that's where you get applications that lock up you you're running skype or zoom and the other individual turns in this pixelated mess or if you're running a mobile app the mobile app freezes and can't recover and sometimes you have to reboot the phone the network stack is designed to recover from a segment or a frame loss or small amounts but not from these catastrophic failures my favorite analogy for the session layer the layer 5 is the good old business meeting the one that everyone loves you first have an establishment of the session you have a date and a time that everyone meets you sit down and you orderly exchange data there's conversations that go in and it's it's following the agenda you have rules to follow and then at some point in that business meeting you terminate the business meeting and hopefully you go to lunch so let's look at the technical definition provides services that allow the establishment of a session manage a session terminate a session connection provides orderly data exchange synchronizes the dialogue and releases the connection in an orderly manner an important feature of layer 5 is synchronization my corel after shot application on my desktop is talking to the corel server farm i am depending on those lower level network protocol stacks to take care of getting the data there but layer 5 is synchronizing the data between my corel after shot and my server farm application running on those servers it's very important that we keep that data synchronized and that's a function of layer 5. let's look at these upper layers as they work together so in my skype application you can see i've got my skype i've got skype running on my desktop it's going to send requests down to apis and layer 7 the application layer those it's going to then begin streaming data and onto layer 6 presentation layer which will take the data and convert it to binary it will most likely encrypt it because it's going to send it across the network at layer 5 we're going to establish the session between my skype application on my desktop or laptop and the server farm that is managing all these conversations of everyone else including myself it's going to establish those connections it's going to maintain the session between the server farm and skype application on my desktop and it's going to end the session appropriately when i decide to close out skype or end the conversation let's lift the hood on windows 10 and let's look at where layer 5 is most operating systems including windows put most of layer 5 components and software modules in user mode they're not in kernel mode popular protocols in layer 5 in windows are nets winsocks net bias and rpc remote procedure call there's more but those are very popular let's look at this architectural diagram of windows 10 and we'll get a better understanding of where the session layer is now you can see i've got in my case i've got hyper v hypervisor loaded hyper-v installed i've got my secure my vsm my virtual secure mode i've got my how i've got my hardware drivers and my kernel and everything above that kernel is user mode now all of those small blocks that are green and yellow are services and if we look at our previous diagram all of those session components are typically found in services running in user mode so looking at services here's one service that has got layer 5 in it it's the background intelligence transfer service bits here's a few more we've got rpc remote procedure call which is a very popular layer 5 protocol session layer here's rpc locator here's rpc endpoint mapper we also have this server service which provides smb and we also have the workstation service which provides smb so those are just a few there's many more so when you're asking yourself where in windows do i find layer 5 open up your services let's look at common protocols in layer five the h245 protocol for multimedia isn's the apple talk session protocol net bias smb or server message block remote procedure call protocol rpc our real time transport control protocol short message peer to peer the session control protocol the socks which is used in linux and unix and microsoft ported that into the win32 environment and change the name to windsocks zone information protocol and socket direct protocol let's take a look at the more commonly used layer 5 protocols just a quick refresher again let's take a look at some definitions notice its session layer it's in the software upper layers it's to establish manage terminate sessions it predominantly is apis sockets and wind sockets keep in mind as we think about layer 5 layer five is data so when you look at this chart and we look at session presentation application it's data coming from those user mode applications that's streaming down into those top layer protocols in the network stack some protocols at layer 5 also include authentication such as nfs or smb rpc can also include authentication as you transfer data from a server to a client software package one very popular protocol at layer 5 is called remote procedure call rpc programmers love this because it makes it so much easier for the programmer he can write a series of commands or instructions and he can use the same instructions and commands that he uses locally on the local machine he can use those same functions on a remote host it removes the complexity of the network out of the picture so rbc is a very popular layer 5 protocol win32 and win64 desktop applications that are client server make a heavy use of rpc in the linux unix world nfs heavily leverages rpc so here's a diagram of the windows 10 network architecture that supports two very favorite layer five session layer protocols one is rpc and winsocks if they require authentication they can reach out through services and talk to active directory to make sure that the user has the rights to these network remote hosts grpc is a high performance rpc framework created by google and it runs on top of http 2 a number of languages use rpc such as the linux unix nfs system json rpc soap uses an xml rpc apache thrift protocol leverages rpc and even http back to those theoretical concepts of layer 5 we have dialog control and dialog control allows communication between two processes that communication could be half duplex or full duplex synchronization again is very important at layer five it is part of the checkpoint and recovery system for layer five windsocks is another popular protocol layer five you can see the architectural block diagram for windows 10 when when socks runs over ipv6 ip4 it also works over infrared data association or irda it is also supported by bluetooth windows uses the term windsock linux and unix use the term sockets both are very similar microsoft has modified the winsock protocol to give extra functionality you can look at your applications that use windsock by doing the netish windsock show catalog there's over 146 windsock functions available to the programmer let's take a look at my windows 10 box i've got my powershell console up and i've typed in netish winsock show catalog i'm gonna go ahead and enter and you can see a lot of things came up so we have like ntds popped up tcp so these are all have some kind of hook into windsock network location awareness legacy namespace here's bluetooth here's prpnrp namespace provider so you can see there's a lot of stuff in here here's some email naming shim provider so there's a lot of components that leverage winsock and you can just scroll through your catalog and you can see them netbias is a very popular layer 5 protocol it was built around legacy applications and computer naming and workgroup naming systems it was developed by ibm and microsoft for dos running on networks yes long long time ago but due to thousands of critical government hospital business applications written in the late 1900s early 2000s if we tried to remove net bias naming it would break these applications so your computer name in many cases especially computers not on domains they're all limited to the net bias naming system if you're on active directory you have a fully qualified domain name let's say like wvwp-10.techsavvyproductions.com that's a fully qualified domain name but your computer name vwp-10 is limited to 15 characters because net bias required a 15 character computer name have you ever tried to give your computer name a name longer than 15 characters well you can't because of net bias here i'm in the system applet i'm in system properties and i'm trying to change my computer name and if you'll notice in the computer name dialog box i put a long computer name it doesn't like it because net bias rules in windows 10. due to that backward compatibility that microsoft must maintain for these older applications net your computer name must meet the net bias standard which is 15 characters so even though i want to name my computer with a longer computer name no go 15 characters because of those applications i just talked about many organizations large organizations government organizations who are running these legacy applications have to enable net bias running on their pcs if you look at this dialog box i go to network connections ethernet properties ipv4 and then i go into advanced on my ipv4 properties i go into the wins tab and down below i can enable net bias over tcp now you don't normally need to do that at home but some organizations have to have this feature in order for their legacy applications to function so can we see this activity at layer 5 so let's take a look at some cool tools that lift the hood and let us see layer 5. wireshark is a great tool to look at layer 5. so if you go to wireshark.org you can download this tool if you're not familiar with it you probably don't want to use it until you've had a chance to learn it but it's a wonderful tool to view and troubleshoot network traffic so here i have my windows 10 box and i've downloaded and installed wireshark and i've went ahead and ran a capture so i've already collected some network traffic in wireshark i'm going to come up to statistics and go to protocol hierarchy and give it a chance to pull up all that information let's just go down to tcp because we know that's layer four and everything from that point on is going to be layer five so we see net bias session service we see smb we see our pc we see server service remember that service i showed you earlier in the lecture and we see malformed packet and at this point we see hyper hypertext protocol we know that that's probably layer seven but everything between sandwiched between tcp and hypertext is layer five now let's scroll down to udp here at udp we see this is layer four so we see simple service discovery protocol session transversal utilities for nat we set network time protocol net bias there it is that's netbias name service netbias datagram service smb mail slots and microsoft windows browser protocol and then we get into multicast but all of those are layer five and you can see there's traffic they're they're running they're working that's layer five another delightful surprise was my favorite suite of tools system internals i ran auto runs and lo and behold i found some really jewels so normally autoruns is a tool that i use to remove malware but i noticed in the tabs that marco cenovich designed in auto runs they have a tab called winsock providers once the scanning finishes you do have to make some modifications under options you have to unhide windows entries but when you do you go back to the windsock providers and there is a beautiful list of applications that leverage wind socks these by the way are the same ones you saw in the windsock catalog here i'm actually using another assist internal suite tools called tcp view when you launch it you can scroll up here to some of the system processes that are actually leveraging udp and tcp and you can see they are part of the net bias naming netbias datagram and netbias services here again we are exposing some of the net bias components in windows 10. now when we're talking about voice over ip video conferencing internet telephony and layer 5 one of the important protocols is h.323 has a suite of tools to help create sessions control connect up circuits tear down circuits and manage circuits so layer 5 is all about creating maintaining and ending sessions between endpoint applications a hearty thank you for all the resources made available to people like myself so that i can do what i am doing on youtube check out our channel and thanks for watching [Music] [Music] you
Info
Channel: TechsavvyProductions
Views: 2,089
Rating: undefined out of 5
Keywords: OSI Layer 5, RPC, Winsock, Windows 10, networking, SMPP, SCP, ZIP, H.245, service data unit
Id: mo74L_qAVEY
Channel Id: undefined
Length: 22min 16sec (1336 seconds)
Published: Thu Sep 17 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.