TCP IP Fundamentals Introduction

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello there my name is michael j shannon and i want to welcome you to the tcpip fundamentals live lessons video series from pearson first off let me tell you about myself just a little bit i have over 25 years of it and information systems security experience and i've worked as an employee a contractor and a consultant for companies like mci platinum technologies fujitsu ibm state farm mine sharp skill soft and of course pearson this is a very exciting and special course in several ways first it'll help you understand exactly what's happening under the hood when you use that corporate pc or laptop or that mobile device or even your web enabled alarm or hvac system to access the internet more specifically the global world wide web second this course has a great first step in the process for entry-level i t certifications like comptia network plus a plus the cisco ccna maybe juniper palo alto networks even cloud services like google cloud platform and amazon web services and last but not least once you complete this course you'll be better empowered to decide if you want to pursue or transition into a career in information technology i'm very excited to get started on this journey but first let's see what we're going to cover in the first module welcome to module 1 tcpip overview and history we're going to look at networking fundamentals right off the bat then we'll dig into the osi reference model from the organization iso and then we'll finish up in the third lesson looking at the tcpip protocol suite and architecture welcome to lesson one networking fundamentals in this lesson we'll first get a little bit of history then we'll introduce network types and attributes we'll review network performance concepts we'll examine networking standards and organizations and then we'll wrap up understanding applied binary and hexadecimal mathematics well this first lesson's called a little bite of history you know b-y-t-e get it bite but i will tell you this we're not going to spend a lot of time in this particular course looking backwards okay we're not going to look at a lot of legacy technology we're not going to look at things that are outdated or obsolete it's all about really tcpip now and in the future however i do want to kind of pay homage to some of the people that are responsible for giving us what we have today on the internet and the world wide web we need to kind of you know do a tip of the hat to them before we do that though let's just make sure we understand what we're talking about here we're talking about packet switching technology and the packet switching technology is represented by what we call protocol sweets now i'm a big fan of music and i'm a big fan of sweets and they've been around a long time vivaldi did sweets gershwin did sweets we see him in classical music and jazz music we also see sweets and classic rock remember band on the run by paul mccartney and wings or bohemian rhapsody by queen those were sweets they were songs that have various layers three or four layers and then there was transitions from one layer into the other and that's very similar to what we're looking at here with the tcpip protocol suite and the associated reference models tcp ip which is transmission control protocol slash internet protocol finds its origins in the arpanet reference model and we'll kind of look at that arpanet history as we look at some of the people that were involved in the early days of the internet or what we know to be the internet the architecture evolved from studies and methods for connecting multiple packet-switched networks it does kind of go back to the military-industrial complex uh the department of defense and really trying to put together a network that could survive in case there was some catastrophic event right so let me just talk about protocols for a second as we look at this air bill from fedex what we're talking about is we're talking about taking data and we place it into an envelope so imagine you've got a fedex envelope and inside of that envelope is you know four or five pages of data right so you put that data in the envelope and what you're gonna attach to the outside is basically metadata metadata is is basically if you look at the greek word it's data that goes alongside with data it's data that is about data so if you look at this you can see obviously on this air bill we have you know dates we have who's it from who's the sender who's the receiver and that's the type of information we would need for example if we were sending something over the internet over on the right hand side those little check boxes and those we could call flags okay or those could be various attributes or variables we have the same thing with the protocol headers that we use we have certain standard information that we have to fill in right you know where is it from where is it going to and then some other variables that are little things we check off in a protocol header often it's basically just flipping a zero to a one okay or turning it on with a binary one and so this type of information is placed on the fedex envelope and then sent out right now some of the protocols they'll have a header but they'll also have a trailer and we'll look at that as well which is something that goes on the back end right and that happens to our frames and we'll see that more often but this is a great way to kind of understand protocols okay it's certain information about data that we need to transport or send that over a network or over inter networks right well let's look at some of the pioneers of packet switching the first guy we're going to talk about is named leonard kleinrock and he was an american computer scientist he was a professor at ucla and actually ucla was one of those first participants in the original kind of arpanet project it was really a few universities ucla was one of them the u.s air force established a wide area network uh in the sage radar defense system so that it could survive a nuclear attack and that's if you look back kind of to the beginning of tcpip that was one of the main reasons to have a network where we could kind of switch packets as necessary if one of the nodes uh was detrimentally you know catastrophically brought down by some type of attack kleinrock conducted early research in cueing theory and he published a book in the related field of digital message switching now that was message switching but not using packets okay we're we're doing packet switching here but he was still early on in the process in 1961 of sending messages digitally or sending zeros and ones over a network another person paul baran is considered one of the two original inventors of packet switching braun developed a concept of distributed adaptive message block switching to present a fault fault-tolerant efficient routing method and those words there fault-tolerant okay able to survive a failure and efficient routing of the packets uh is at the core of what we're dealing with here in this course he was part of a research program at the rand corporation it was funded by the u.s department of defense so we have klein rock we have buran we also have donald davis donald davis was a welsh computer scientist who was employed at the uk national physical laboratory or the uk npl in 1965 he developed the concept of packet switching his work was independent from buran in the u.s who had a similar idea in the early 1960s and this kind of concept of people working on something kind of at the same time yet not really knowing the other person's work is not that uh not that unusual especially when we get into things like cryptography there were people that were working on some of these things at the same time and not really knowing that others were you know doing the same type of thing we have louis busan who invented the datagram and designed an early packet communication network called cyclades so we've got the us we have a guy from the uk and we got a french individual louis pouzon his work influenced robert kahn and a guy named vinton cerf who actually vindin surf has just come into the news lately this is october of 2018 when i'm doing this training and there was just a story that came out from vent and surf and we'll talk about him in a second and there were other people that developed the tcp protocols that are used in the internet here's the guy i was talking about vince surf often referred to as the father of the internet okay he began his work at the usdod on the darpa project and he served from 2000 to 2007 as the chairman of the board for icann and we'll talk about icann a little bit later on in an upcoming lesson when we look at some of the different organizations that we're dealing with he also served as the founding president of the internet society from 1992 to 1995 and then he went on to work with google who you might have heard of okay now lately he's working on a project called interrupt i-n-r-u-p-t which is pretty cool he has the goal of kind of decentralizing the web and really trying to kind of reverse the control that some of these big companies like google and facebook and amazon actually have on the internet now so he's trying to kind of decentralize the world wide web and he's working closely with a lot of people to make that happen so it's almost an alternative world wide web that he's working on that's going to be more open source and more decentralized and kind of taking it out of the hands of just a few big companies which is really kind of cool because that's actually the philosophy that was early on in the world wide web it wasn't until probably within the last 10 years that the control of the internet started to consolidate and he now heads this group this organization called interrupt i-n-r-u-p-t now what's at the heart and we're going to look at this a little bit later of this tcpip protocol suite are things called request for comments these are published documents they go through different phases and this is actually rfc 871 and by the way i'm going to mention a lot of rfcs in this training you should probably write them down you should document them if you're going to be taking this information that i'm giving you and going forward to be an i.t professional or a network technician or get into security or communications or anything you're going to build on this knowledge and extend your career maybe you're a high school student maybe you're a college student maybe you're somebody that's my age that's changing careers well you want to make sure that you kind of start to build this library of knowledge and the rfc is kind of where it begins and this is 871 a perspective on the arpanet reference model and this is really the document that is the fundamental document for much of the things we're going to look at in this particular series let's look at the timeline real quick of tcpip specifically what we call version 4 or ipv4 which is what most of us are used to using when we use our browsers the early internet and tcpip were developed together as part of the us darpa arpanet project in 1973 there was a complete inner working system for the arpanet it officially began then in december of 1974 we had an rfc number 675 for the early tcp in march of 1977 we had tcp version 2. and by the way back then in 73 and 74 there was only one core protocol it was called the transmission control program tcp and then it was revised in rfc 675 in december of 74. after march of 1977 we had a guy named john pastel i'll show him in a second too in 1978 through 1980 we had tcpip version 3. and then in the early 80s a bunch of machines mostly unix machines and networks started using tcpip version 4 on the arpanet and that's of course when i started to get on the internet with my first computer here's john postell was late in the sense that he recently passed away but he was great he was called the god of the internet and he published critical comments in 77 warning that the early tcp was trying to do too much and was actually violating the core principle of layering so tcp they took his advice and tcp or the transmission control program soon became tcpip the transmission control protocol slash internet protocol and that's where we are today okay the first thing we're going to look at in network types and attributes is the concept of circuit switching versus packet switching now really in tcp it's all about packet switching but let's kind of get this circuit switching thing out of the way traditionally network types have been categorized based on the path taken between the participants so with circuit switching a circuit or a full path is first determined and set up before the data is transmitted between two devices so let's say for example we have host a and we have host b a full path would be set up or a circuit between both devices before we start sending and receiving data okay now this is actually a better method for dedicated communications like a phone call you know when you use your landline or even when you do cell phone as they pass through cell towers the circuit is is set up first now in a packet switching topology there is no fixed pre-established path between the communicating devices okay so the data gets broken down into discrete packets first so that's where our packets come in right are discrete packets and then what we're going to do is we could theoretically take different paths based on congestion okay based on an outage and if we remember back to the beginning of why tcpip was created in the original arpanet it was to have a packet switching network that said you know what if some catastrophic event happens you know like somebody you know some enemy fires off a nuke you know you know and this goes up in smoke and this is no longer available well then we can switch our paths maybe originally we were going this way right to get to our destination but something happens here and we can immediately switch from this site down to this site and change the path okay so it's kind of like the letter you send to the postal service or maybe considering you know let's say you're driving in a large metropolitan area like houston or chicago and you're going to determine your route in real time based on maybe some app on your iphone that's showing you hey we've got traffic congestion in this location or we're doing road repairs in this location so you can decide to take this different boulevard or take this different pathway to get to that ultimate destination so that's a fundamental difference between circuit switching and packet switching and that's what we're talking about in this course packet switching next let's talk about message transmission methods and there's really four types and this should be self-explanatory the first one but let's say we have client a and then they're going through some type of intermediate device maybe a router okay going to three different servers we have server one server two and server three this is a client server kind of a relationship here the first type is unicast so unicast is basically sending information to one recipient okay kind of a point-to-point a unicast transmission so the datagram is going from client a to server three that is unicast traffic another type of traffic is broadcast traffic and that would be saying that client a is going to broadcast their frames or their packets or their datagrams to all the participants okay so that would be broadcasting to all servers s1 s2 and s3 that's a broadcast the third type is multicast and a multicast would be saying okay we want to send traffic not just to one node and not to all the nodes but to a group so let's say server 2 and server 3 they join a multicast group and so we would send that to let's say their multicast group at something like 2 two four dot something an iep address that's a multicast type address so that's what multicast is the fourth kind is any cast and any cast is only available in ipv6 anycast basically says send the datagram to the nearest node so if you look at a wide variety of factors and you determine that server one is the nearest server or router then any cast would send the packet to that server now one other thing about ipv6 ipv6 does not do broadcast okay what it does is it gives you the same concept of broadcast by using multicast groups so it will broadcast to a group and that is how it accomplishes its broadcasting so ipv6 only does anycast not ipv4 and ipv6 does not do broadcast only ipv4 okay finally i want to define some other communication and network terms starting with these three terms up here there's three kind of main categories of communication the first one is simplex simplest communication is kind of like if i grabbed a bullhorn and went outside and started you know yelling at everybody or a public address system okay kind of one-way communication that's simplex communication half duplex communication is two-way communication but only one party can communicate at a time uh when you were a kid maybe maybe you got uh for your birthday some walkie-talkies okay a walkie-talkie is half duplex okay you say hey pete can you hear me over and then pete gets his wacky talking he talks back to me let me go back and forth okay uh citizens banned radio is kind of like that only one person can talk at a time but it is two-way communication we call that half duplex and some networks still kind of operate in a half-duplex way so for example we'll talk about wireless networks they still operate half duplex a ethernet hub technically operates in a half duplex fashion full duplex or just duplex is two-way communication where both parties are talking at the same time so if pete and i are on our cell phones and we're talking to each other that's full duplex communication okay we can talk we could both be talking at the same time and it's that happens a lot but it's two-way communication so that's one way to differentiate some communication types we also can talk about types of nets okay and internet or internets are networks of networks okay so you have different networks which are basically administrative domains or their own autonomous systems and when you connect these together okay these networks that's what we call an inter-network and basically the internet is the largest of the inter-networks that we deal with out there but there's all kinds of internets that companies have organizations have that the military has that are outside of the quote internet capital i we also have intranets okay so these are networks within a network so if you think about at your company you may have your internal web servers your internal hr department and their servers that's what we call an intranet because they're networks within networks extranet is a special type of network where you connect your network to some large vendor or some strategic partner or some large customer so it's a it's an extra net that goes beyond the internet or your internet that's kind of a special use network okay that you can set up you could also say you know this is a research firm a company and i have a connection to a research hospital or a certain university or maybe with a military contract part of that as an extranet so that's another kind of differentiation another way to look at networks are these terms right here so if we start with the kind of the smallest network that's a personal area network so i could do that using bluetooth okay that's a really short distance so i could use infrared to my pc or bluetooth some short range communication that's a personal area network then the most common really is the local area network that's what you have you know within your home all of your devices behind your router that you have that your provider gave you this is what companies have you know everybody in the call center are all of the different endpoints on a certain floor that's a local area network and this is typically separated by routers or multi-layer switches if you go from an ethernet which is 802.182.3 to a wireless network then that's a wireless lan so it's a local area network but you're using the rf band the spectrum as opposed to something like ethernet a can is a campus area network so if you go up to let's say oregon and you go to hewlett packard they have a huge campus and it's a contained large network that would be a campus area network okay a man is a metropolitan area network and this is often kind of a fiber type network that's for a municipality or local government or the police department and the first responders maybe the city government or maybe even it could be a county seat that's what we call a metropolitan area network and then finally we have the wide area network and that could be some organization like in arizona and phoenix maybe you've got a motorola for example or one of those big companies and they have several they have a headquarters okay but they have several branch offices and several sites that are geographically dispersed either across metropolitan phoenix or maybe across multiple states we refer to that as a wide area network so these are some terms that are important that you know moving forward in your tcpip adventure in this lesson we're going to talk about performance metrics and it's important to understand the different terms used to provide performance of a network now to be honest with you this is actually was a bigger deal kind of back in the day when i first started getting into using the internet the world wide web we were using dial-up modems and memory was really expensive and we didn't have you know big pipes that went to our service provider today you know you can use your cable company or you can use your phone company and you you're getting such high speeds that it may not be that big of an issue however if you're going to you know launch from here into an iq it career then you really should understand some of these what we call metrics or indicators so performance has several aspects we want to classify that here kind of early on in our knowledge the way data is sent is often more important than the actual raw speed capability so for example i might have much faster speeds with my wired network than i do with my wireless network so the way the data is sent it could be asynchronous in the sense that you get really fast downloads but you get really slow uploads so this there's these different factors that tie in here you want to be aware of now i titled this slide speed is the new black because as far as networks go speed is cool but speed is a generic term that often relates to the nominal or the rated speed of the network infrastructure so a lot of local area networks where we call fast ethernet or 100 megabits per second or maybe one gigabit networks okay that's the rated speed but that doesn't mean that's what we're getting okay we're probably getting something less than that fast ethernet which is very common it has a rated speed of megabits per second or 100 million bits per second that's what we're talking about here by the way folks that's what's moving either across those wires that ethernet cable or moving across that fiber cable or moving across the airwaves if you're using an rf or using wireless it's all zeros and ones and so this is the theoretical throughput of the network infrastructure but again like i said that doesn't mean that you're actually getting that throughput here's an example of running something called a speed test and you can do this on your own computer at home uh you might want to do it for example this is me doing a speed test on a workstation at my home office that's using the wired ethernet so i've got a ethernet cable coming from my pc going to my router as you can see here i'm getting really fast download speeds okay almost 800 megabits per second and my upload speed is almost 50 megabits per second and this is what we call asynchronous okay in other words i have a different upload than a different download and this is very common by the way if you want to get higher speeds of upload for example you know maybe you have to upload big files like i do to my company or my contractor well then i need those big upload speeds i might have to pay extra for that right and then here's an example of my same network but now i'm using my my laptop and i'm using my wireless connection well notice on my laptop using wireless i'm getting eight megabits per second upload and about 17 megabits per second download that's not nearly as good as my wired network and so that's why i was mentioning earlier it depends upon kind of the the network type that you're using as to the speeds you're getting or bandwidth now that term bandwidth is also used to determine radio frequency bandwidth for wireless technologies like this one this particular laptop is using a technology known as ieee 802.11n which offers up to 432 megabits per second i'm not getting anywhere near that but this is a wireless computer let's talk about the term latency latency is a term used to designate any type of delay that occurs in the data communication over a network network connections in where there's small delays are often called low latency networks so example if you use amazon web services or you use google cloud platform or ibm cloud or something you use some cloud provider those are low latency networks okay there's going to be very few delays on those networks because they just simply have a very well protected and very beefy infrastructure network connections that suffer from long delays are called high latency networks and that's indicative of some type of bottleneck in the network communication it could be you know part of the network is under an attack maybe somebody inside the company has launched a denial of service attack maybe there's some misconfiguration maybe it's just time to replace one of those devices or upgrade the software here are some other common causes of latency it might be problems with the transmission medium with a wireless network if you make some change let's say you move all the furniture around or you put in a wall or you just you know re reorganize everything that's going to affect your wireless network right you might have configuration errors on the switches that your workstations connect to or the routers that those switches connect to it may be you've introduced some new encryption and that's going to cause overhead that's going to cause some delay maybe you've got some anti-virus programs running that can slow traffic down okay the time to propagate because your network just wasn't designed very well okay so you need to redesign your network whether it's wired or wireless there may be some storage delays okay in these storage systems that you use for your data or the database services the delay may be there that's where your latency is maybe it's just a malfunction of the software or the hardware or like i said it could be a certain type of attack okay in this demonstration we're going to begin our journey through building a portfolio of important websites and organizations and standards that can help you to pursue your deeper knowledge of tcpip and the internet we're going to start with the ietf which is the internet engineering task force so if you go up to www.ietf.org and i highly recommend that in your favorite browser you create a folder and you add all of these different websites that i'm going to take you through in this demonstration starting with ietf.org the first thing you're going to see here on the on the main website is how to read an rfc a request for comment and by the way this tells you that this is how many of the protocols are specified or designated on the internet and there's different you know layers of rfcs for example later on we'll look at the eigrp protocol from cisco which has an rfc but it's not a fully published standard and if you notice down here there's some helpful tips from an rfc author on how to read these and by the way this is an excellent exercise in learning more about these different protocols and services because they're almost all backed up by one or more rfcs now to find out more about the ietf for example its mission and principles and who we are you can click on the about link and it tells you that it's a large open international community of network designers operators vendors and researchers that are concerned with the evolution of the internet architecture and keeping the smooth operation of the internet okay and you can see that it's done in working groups they also have mailing lists and they also have three meetings annually and this is the group responsible for those requests for comments and other internet standards if we click on that link it'll take you to the rfcs to some of the things that are in progress like the drafts and by the way if you want to kind of learn about what's coming in the future what's coming down the pipe well go to the drafts because that'll you'll see a lot of really cool stuff a lot of really cool technology about what's coming on the internet in the future let me take a moment to show you probably one of the most famous requests for comments that's out there and we'll be looking at this later on in this training but it's rfc 1918 and we actually refer to certain ip addresses as rfc 1918 addresses and this is the address allocation for private internet so let me give you an example let's say you're at home and you went out and you bought some wireless router or some wireless access point maybe your service provider your cable provider or your dsl provider gave you one or you go out and you buy a linksys wireless router or netgear or something like that okay well that particular device it's gonna allocate to all of the host or all of the things that you use in your home like your workstation your pc your laptop and it could be things that are on a wire with a cable a wired ethernet going to this device or it could be wireless it could be your gaming system it could be your smart tv your ipad your phone you get the idea but that particular device is going to allocate to your wired and wireless home devices and ip address and it's going to be allocated from this private internet so basically the devices in your home behind that router are using a private type of address ipv4 that is not routable or legal on the internet so trust some translation has to be done on that particular device to translate to an ip address that's public on the internet and routable and legal and it's one that your service provider your broadband provider your cable company your dsl company your satellite provider whoever they're going to give you an ip address that's valid on the internet or they may actually do some translation on your behalf at their site the bottom line is you can see this rfc is going to kind of give us the different blocks of what are called iana reserved ip addresses okay and you can see that they're right here we're going to talk about these later on in this course but i just wanted to see you know kind of the structure of these requests for comments you can see that they come in different formats they go through different versions okay so you know before 1918 there was two other versions that have been made obsolete okay 1597 and 1627 right and so this is an example of an rfc now it tells us that the ietf working groups are grouped up into areas and they have several other members okay so here's one you want to know about first the i e s g so the iesg is responsible for technical management of the ietf activities and the process of generating internet standards so they administer this process according to their rules that have been ratified by the internet society that's another group okay the isog that you want to be aware of and it tells you that it administers the process according to the rules and procedures ratified by the internet society so here's the official site of the internet society the isoc and you can see up here it's got a link that says the internet okay and by the way if you want to get deeper and go well beyond what i tell you about the history of the internet and you know who makes the internet work for example this is a great site to come to okay you know the our internet ecosystem which is an interesting set of information and by the way they say you can download over here a particular document and we'll take a look at that and you can see you know who's involved with policy who's involved with the oversight who's involved with the implementation so we've talked about the ietf there's also a group called the iab if you go down here you can find out more about the iab the internet architecture board let me make this a little bit bigger for you so we've already looked at the ietf we've also got the iab which is chartered as a committee of the ietf and it's an advisory body of the isoc we were talking about the internet society what is it responsible for architectural oversight of the ietf activities the internet standards process oversight and any appeals and it also appoints the rfc editor it's also responsible for managing the ietf protocol parameter registries okay what else well there's the rirs and these are the regional internet registries and these oversee the allocation and registration of the internet number resources and things like addressing okay and that's also where i can comes in i can as a non-for-profit benefit corporation coordinating the system of unique names and numbers to keep the internet secure stable interoperable the icann community encompasses domain name registries and registrars isps including cloud service providers intellectual property advocates commercial and business interests as well as non-commercial and non-profit interests okay we also have the iana which is the internet assigned numbers authority responsible for the global coordination of dns root internet protocol addressing ipv4 and ipv6 that we'll learn about and other internet protocol resources and you can see here's a link to all these organizations and you need to go ahead and add these including the number resource organization that coordinating body for the five regional internet registries rirs so you want to add these the iab.org all to your folder and then use that as kind of an ongoing way to learn more about the internet and keep up with the internet okay so this particular diagram here which we see at the internet society the isoc talks about who's responsible for the policy aspects okay uh protocols numbers and names who does the oversight the iab the nro the icann and who's responsible for implementation which is pretty much the iana okay so this is a great resource and these are organizations you need to know about now there's a couple of more that we want to talk about we're going to take a look at the w3c which is the world wide web consortium we're also going to look at ansi ansi and then the third one is iso but i'm going to save the international organization of standardization or iso with its osi for a dedicated demonstration in the next lesson so let's go take a look at the world wide web consortium here with the world wide web consortium which is an international community that develops open standards to ensure the long-term growth of the web now remember that the world wide web is really only part of the internet okay so specifically when we hear the world wide web we want to think about that part of the internet that uses protocols like the hypertext markup language and protocols like http because there are other protocols and services and applications that can run on the global internet that are not necessarily the world wide web okay and that'll become clearer as we go through this training but notice that over here on the left hand side they're going to show you how the web integrates with different industries like automotive publishing web payments telecommunications the web of things okay so there's the iot maybe you've heard of that the internet of things there's also the web of things so the web of things is a smaller subset of the iot internet things because the internet things may not use the same protocols and services that the world wide web uses okay and you can of course click on this and find out more about the w3c their mission some facts and other information so that's an organization you want to add that to your knowledge base as well the final one i want to look at in this demonstration is ansi which is the american national standards institute so as you can see this one is more focused on you know america north america specifically but also it's it's integration and cooperation with other organizations and other entities like the eu for example but if you go and you take a look at the frequently asked questions you can get an overview of ansi and you should okay what is it well it's a coordinator of the u.s private sector it's a voluntary standardization system it's been around for more than 90 years okay what do they do they voluntarily work on consensus for standards systems a neutral forum for developing policies and standards kind of serving as a watchdog for the development of standards and conformity to assessment programs and processes that sounds you know kind of general but you can get much more deeper into ansi for example how do they interact with you know consumers and other organizations and you can also click on about ansi and find out their mission you can see they've been around for a long time since 1918 and they're a 501c3 not-for-profit organization and you can see that they've got several other websites here and other affiliations that they're with some of the affiliations you might also want to check into okay i didn't add these to my list but there's obviously we mentioned we're going to look at the iso the international organization for standardization in an upcoming lesson and demonstration there's also the international electrotechnical commission the iec we also have the international accreditation forum the iaf and then others okay because they are also members of other international organizations across the globe i hope you enjoyed this first demonstration where we went in and looked at different types of standards and organizations ietf isoc iesg the iab the w3c iana and ansi and again we left out the iso and by the way what's interesting is notice that this is the international organization for standardization but it's called iso why is that well technically this is a french organization so if you were to look at the french title of this organization it actually is iso so that's why the acronym iso doesn't match the actual name of the organization because this is the english rendering of the french official name of the organization okay so just in case you were noticing that off the bat and we'll look at the iso specifically their osi model in greater detail in upcoming lessons all right okay in this video we're going to look at some math and maybe you might have heard hey there's no math in this well that's not true okay there's going to be some math but let me just say this one thing you're going to see is just some basic kinds of math that we need for networking if you already understand like binary and hexadecimal numbers you could actually skip this video also one thing you're not going to see is my big head in this training lesson because i want you to focus on what's on the slides for this particular lesson so let's start out with base 10 okay base 10 is actually one of the most common types of math systems it's used in most modern civilizations it was one of the most common use in ancient civilizations and really if you think about it because we have 10 fingers it kind of makes sense that we're going to base this on tens okay it's also called the decimal system because a digits value and a number is determined by where it lies in relation to the decimal point okay now in a base 10 system there are 10 possible numbers 0 through 9 and they're true values based on their position in the system so this is obviously something that we're all very familiar with okay if you go all the way over here to the right hand side notice that we have in this little table to the far right hand side we have the ones column and then we have the tens column and then we have the hundreds column and you can see that you know the the ones goes from 10 because it's 10 times that and then hundreds is 10 times 10 thousands is 10 times 100 and so on so it's based on tens right so we have the number 457 because we have the number seven in the ones slot we have the number five in the 10 slot that's 50 and we have the number four in the hundreds slot that's 457 something you're very familiar with well that was easy but what about binary math well binary is extremely important to computers because at their very base nature computers work as binary operations zeros and ones so think of a zero and one as a zero is off one is on or zero is no one is yes so these kind of binary decisions are very powerful for computers so in the base 10 system you know we were based on tens but in the base two system we've only got two possible numbers zero and one so if we look now we have these columns and we can see the first column here is the the one column which can only be zero or one and then as we move up we're kind of taking that number and we're doubling it okay we have the two column we have the four column we have the eight column 16 32 and so on okay all the way up to the 512 columns you can see how we're doubling the value of the column as we move so what we're doing here is notice and what we have here on the far left is the 512 column which is 2 to the ninth power okay and we have turned off that bit so we're not going to even use the number 512 but if we move over to the next column the 256 column or two to the 8th power we're turning that one on so we've got 256. we'll go to the next column the 128 column which is 2 to the seventh power we're turning that one on and we're going to turn on the 64 column as well or two to the sixth power turning off the 32 bit turning off the 16 bit we're going to turn on the 8 bit turn off the 4 bit turn off the 2 bit and turn on the 1 bit so if we add up all the bits that are turned on 256 plus 128 plus 64 plus 8 plus 1 we get 457 okay now what if we went to the 2 column and we turned on that bit well we'd have 459 wouldn't we because we're adding 2 to that let's say we didn't turn that one on we went to the 4 column and we turned on that bit or 2 to the second power well that would turn on the four bit so now we would have a number of 461 wouldn't we so this binary math is very important now computers work with binary numbers but often what we do is we convert the binary numbers back into decimal numbers because that's what we understand better so later on when we look at an ip address we're actually looking at some binary numbers or what are called octets group of eights that are converted into decimals so that we can better understand those right so that's binary math and here's some examples okay so you can see let's go to the second one if i have a binary of one zero one well i'm turning on the one bit i'm turning off the two bit but i'm turning on the four bit so that gives me five doesn't it let's go down here to the one that's twelve if i turn on the eight bit one turn on the four bit one and then leave the two in one bit zero well that's going to give me 8 plus 4 is 12. so here's ways that we represent these in binary now the good news is remember i'm all about modern tcpip and moving forward you know back in the old days we would do this by hand but there is absolutely no reason today you should be doing this by hand we've got plenty of calculators and we'll be talking about subnet calculators later on so unless you're taking some exam and they force you to do this you know by memory then you may need to come up with some techniques for for taking you know an exam and answering a couple of questions but there's plenty of training there's plenty of live lessons that can help you do that we're not going to focus on that in this course we just want to understand the underlying math behind this so here you can see in a calculator for example i say i'm going to type in 819 so this is the scientific calculator and i've got decimal chosen right so i put in 819 and then i go over to my calculator and i convert that and put in the binary and so we can see there's the binary representation one thing you'll notice if the last bit is turned on if it's a one it's going to be an odd number right because it's adding one to everything so if the last bit's turned on it's gonna be an odd number right so you know this is something that we're gonna use very often a scientific calculator or a subnet calculator okay so what does this mean to a computer this decimal in binary well the computer interprets combinations of binary numbers ultimately as instructions or words okay they're groups of binary numbers for example each lowercase and uppercase letter in the alphabet is actually assigned a different binary code and then each of those is assigned a decimal representation we call that ascii ascii and when i get to my whiteboard presentation i'll talk more about that okay so for example if you had ascii code you know 97 okay well that would be the lower case a okay so these uh these zeros and ones to the computer eventually get translated to something much more meaningful now here's hexadecimal math hexadecimal is what we call base 16 math so it's based on 16s right so you have values of 0 through f so you have you know the first 10 decimals of the base 10 but then we have to add six more don't we so we use the letter a b c d e and f and that's hexadecimal now where does hexadecimal math matter to us going forward it really matters in two places one on the network interface in your computer or your laptop or on a access switch at your company or even in your mobile device the network interface actually is identified using a hexadecimal identifier okay so that's one place we call it a mac address that's one place where hex is important the other places it's important is in the newer version of internet protocol now i mentioned already ipv4 well in the newer version ipv6 that's such a huge address okay it's a 128-bit address that we we represent that as a hexadecimal number so these are important because there's a couple of places where we use hex identifiers okay so just realize that there's 16 possibilities zero up through the letter f okay and so here's the values of each of these for example the you know the number 10 in decimal is expressed as the letter a in hexadecimal so here's an example right in the first column okay we have what we call 16 to the zero power so in this first column the values are going to be anywhere between 0 and f so if we have the number 7 7 times 16 to the 0 power gives us 7 right now i mentioned earlier if it were 10 then it would be the letter a right but here the number 7 looks the same because when you go up to this little table here notice that 7 in decimal is also still 7 in hexadecimal and that's true all the way from 0 to 9 but after that it starts to change notice in the second column this is 16 to the first power so these are going to be combinations of 16 okay so 15 times 16 to the first power in other words 15 times 16 is 240 okay when we get to the third column which is 16 to the second power these values are all combinations of 16 times 16 okay so if i have the number two in that column it's basically 2 times 16 to the second power okay which by the way is 512. in the fourth column i've got the value a and this is 16 to the third power so everything in this column is going to be a multiple of 16 times 16 times 16 right 16 to the third power and this is no different by the way than decimal or binary you know we have these values in the first second third and fourth column is whatever the base is if it's base 10 it's 10 to the 0 10 to the 1 10 to the 2 10 to the 3 if it's binary right it's 1 to the 0 or 2 to the 0 2 to the 1 2 to the 2 2 to the 3 same thing but this is base 16. so if we have the letter a we know that a has a value of 10 doesn't it so 10 times 16 to the third power is 40 690. so 40 690 plus 512 plus 240 plus 7 gives us 41719 so a2f7 equals 41 41719 one of the advantages of hexadecimal math and it's why we use it to identify a address on a network interface card and why we use it in ipv6 is it's a more efficient way to express really large decimal numbers and really large binary numbers okay so it comes in really handy okay hexadecimal math and of course notice that if i go to my calculator and i set it on decimal and i type in 41719 and then i go over to the left hand side and i click in the hex radio button it converts it to for me and there it is a2 f7 okay so understanding decimal math understanding binary math and understanding hexadecimal math is important as you move forward in your tcpip and your networking career but remember let's do let's be smart and let's go ahead and use tools like calculators and subnet calculators don't get hung up on having to do this in your head or write this out on paper okay all right in lesson two we explore the iso osi reference model we'll introduce the international organization for standardization we'll explore general concepts of the osi model and then we'll examine the seven layers of the osi model okay i'm going to start out this lesson with a demonstration and we're going to look at the iso the international organization for standardization which is extremely important and as you pursue your information technology future as you work with the internet and internet protocols and possibly get into things like you know risk management and security and all these great things governance compliance you'll need to be interacting with the iso the iso so let's let's go to all about iso okay and take a look here and we're going to find out it's an independent non-governmental international organization with a membership of 162 national standards bodies now i mentioned earlier that it's actually if you look up here in the url okay it's actually organization international de standardization okay so it's really in french and you can see that their headquarters is in geneva switzerland so it does tell us however you know what our standards okay international standards make things work and you can see they give us an example here of an iso standard 13216 for car seats for babies okay so it obviously goes beyond just the internet right they've got standards for pretty much every industry from technology to food safety to agriculture to health care so they're a huge and very important organization okay and if you go to standards you can see there's many many standards that they deal with okay they develop and they publish international standards now one thing they don't do is actually certify you they don't provide accreditation so for your company let's say you're trying to adhere to some iso standard for example i think on the main page they mentioned their top three uh the most common and you can see here's the iso iec 27001 information security management that's a huge very important standard so as a security practitioner myself who has a wide array of certifications like comptia security plus and cissp and cisco ccna security and others a lot of those certifications you have to learn about these iso iec 27001 security management standards so you know that's a biggie that they deal with and we'll just take a look at that one while we're here okay keeping your information assets secure okay providing isms a systematic approach okay using information security management systems to basically protect people processes i.t systems and applying risk management processes and it tells us it's a family of you know several standards there's more than a dozen standards in the 27 000 family from the iso organization now one of the main reasons we're looking right now at the iso organization is because iso many years ago decades ago came up with their osi model okay and so we're going to be looking in this particular lesson at the osi model from iso and how that osi model can be used for a wide variety of purposes and it can be very helpful in allowing us to kind of deconstruct and to understand in a modular fashion the different applications and services and protocols that work on the internet using tcpip so i wanted to make sure we started out this lesson talking about this organization and then if you'll go up here and spend some time on your own and going through here you'll start to develop a foundation for this and you can even go here and look at the history and as we go through we take a look at the osi model and the actually the tcp ip model which is a derivative of that seven layer model so we're going to be looking at a seven layer osi model and a four layer tcpip model in the upcoming lessons all right the iso osi model is an important tool for explaining how networks function and for guiding software and hardware development that supports the internet now even though we rarely perform programming or development strictly using this seven layer model these days we still do refer to devices protocols and services as things like layer two layer 3 layer 4 upper layer layer 5 through 7 and and so on so obviously the term layers is key here and these are at the center of the model as each layer is responsible for certain tasks so a developer like susan could basically focus on layer 3 the network layer while only needing to interface with the layer above that in her development and the layer below that in her development now some folks may just focus on the lower level functions okay physical data network and transport layers one through four while others may focus on the upper layer functions layer 5 through 7 session presentation application and for decades this was the most common and popular demarcation point okay the lower was kind of the hardware and the device drivers where the upper was the software and applications and services today however if you're working with something like google cloud platform as a cloud provider or amazon web services all you really have to be concerned with is pretty much layer three through seven okay they'll completely handle layer one physical and layer two data link in their infrastructure as a matter of fact if you're paying them google or amazon web services for some managed service they may even take care of everything from layer one all the way up to something like layer six okay so we call that software as a service so if you're using workday and i'm i'm here in a san francisco which is the headquarters of a salesforce biggest building downtown or maybe using google drive or dropbox well then they'll take care of everything from layer one through layer six now when we talk about different types of technology for example we talk about an access switch which is the thing that all of your devices connect to or maybe your wireless access point okay that would be a layer 2 device we call it a layer 2 device a layer 2 switch a router or a multi-layer switch is typically a layer three device okay and it can even be a multi-layer switch an mls and a multi-layer switch is going to operate at layers two three and four we often talk about providing security maybe we have a next generation firewall and we say we're gonna provide layer five through seven inspection or content security well that's what we call the layer 5 7 firewall because it provides security at the session presentation application layer and we often use that term for what we call deep packet inspection so even though we don't strictly program or develop to the osi model these layers are still very important in your networking and i.t career going forward and so you might want to memorize these if you're going to get any type of certification you'll have to memorize these eventually so there's mnemonics out there so you could say you know all well there's we can start at the bottom or we can start at the top whatever is easier for you to met to do one through seven but you could say all people seem to need data processing that's a very common one okay so whatever mnemonic you you can go do search the web and they have mnemonics for the osi model to help you memorize that uh you should memorize it from layer one physical all the way up to layer 7 application let's continue and look at those lower layers which you want to be well aware of in tcpip because basically that's where tcpip do all their work another term to be aware of is what's called the pdu the protocol data unit each of these layers has their own protocol data unit and these are the messages for communicating information between the different layers between the different protocols and remember each one of these layers is especially responsible and is especially well equipped to interface with the layer above it and below it so let's say that you're sending an email message and that email message is the is using the smtp protocol so it's coming down from the upper layer the application layer down and it finally gets to layer 4 the transport layer at the transport layer it's going to use most likely connection oriented tcp or connection less udp well this is an email message so it's going to use tcp so the upper layer data which we know is an email message i'll just put a little email in there that is our upper layer data so it comes down to layer 4 and then layer 4 is going to put a header and that header is just basically metadata that tcp uses to do all the things that tcp has to do and we'll of course talk about all of that so this pdu at layer four is called a segment okay now this segment of layer four then gets sent down to layer three and this segment becomes the upper layer data that layer 3 is working with well layer 3 and most often we're using the ip protocol is going to take the layer 4 header and then put its own header in front of that a layer three header okay and that's the internet protocol ip metadata so for example what would be in there well the source ip address and the destination ip address that would be in there very important information that pdu which is referred to as a datagram or a packet gets then passed down to layer two now at layer four most often it's tcp or udp at on the internet at layer 3 it's internet protocol ip layer 2 that can be a whole bunch of data link protocols there's a bunch of them but let's say we're going to use the most common that we're familiar with and that's ethernet what you're using in your home okay so all of this information this datagram comes down and that it becomes basically the upper layer data it's the it's the original email message plus the layer 4 header plus the layer 3 header this information is going to be encapsulated it's going to be framed and that's why we call it a frame because there's going to be something on the back okay and there'll be something on the front okay so this frames the entire data grammar packet so we have a a footer a layer two footer and the footer usually has like a checksum in it so if this frame gets corrupted on the wire or in the wireless it can just tell it to resend it okay so as it checks them in there and then we have the layer two header which for most of us is the ethernet header and as we'll learn this has stuff in there like the source and destination mac address or the address of the network interface card or the network interface well that frame then goes down to layer one the physical layer which by the way could be you know a lot of different things okay it could be sent across some fiber connection and this is where all this information then gets changed and encoded into zeros and ones because that's where so down here our protocol data unit or pdu is actually binary okay zeros and ones sent across the wire or sent across the wireless rf using some type of physical medium okay let's look at the seven layers of the iso osi model and we're gonna start at the top with the application layer so layer seven is application layer six is presentation layer five is the session layer layer four is the transport layer layer three is the network or it's also called the inter network layer and then layer two is the link or the data link layer and then down here at layer one we have the physical layer now let's go ahead and then kind of describe what these are layer seven is application and that is to accomplish a networked user task now remember these are applications that are internet enabled or web enabled so if you're running let's say your microsoft operating system and you're running let's say word pad that's not a layer 7 application okay has to be web enabled or internet enabled layer 6 is the presentation and that is expressing and translating data formats okay you also might see some encryption and decryption happen there but that's where we kind of you know take stuff and put it into ascii format or unicode format layer 5 is the session layer and this accommodates multiple session connections something else that also operates at layer 5 is the security protocol https or ssl tls here's layer 4 that's the transport layer which connects multiple programs on the same system so if you're running several web browsers going to several websites that's the transport layer tcp and udp network layer 3 that facilitates multi-hop communications across potentially different link networks so this is going forwarding datagrams across routers that's layer two the link layer or the data link layer communication across a single link including media access control so that's where that mac address resides up here we have that ip address down here we have the mac address and then the physical layer which is layer one specifies connectors data rates and encoding bits so turning zeros into ones here's an example of our layers again and i'm going to give you some mnemonics here in a second that's going to help you memorize these layers from top down and from the bottom up but let's kind of look at some of the common protocols that operate here so at layer 7 things like http like your web browser file transfer protocol smtp for email dns for name resolution and telnet for terminal emulation presentation layer this would be ascii also graphics files like png video files like mpeg and avi and i have a little history in the music business and so we would use midi to interface with different systems so midi works at layer 6. layer 5 is the session layer as i mentioned ssl tls operates there sql okay structured query language for your database microsoft's rpc remote procedure calls and certain file systems like nfs down here at layer 4 the transport layer tcp and udp are the most common but novells spx from days gone by operated there and apple talk also technically operates at layer four kind of a layer four layer three protocol here's layer three the network or internetwork layer ip novells ipx the icmp protocol icmp version 4 and version 6. arp operates here if you're in ipv4 and of course our layer 3 devices routers multi-layer switches load balancers ips prevention ips sensors anything that's going to forward datagrams through the device here's layer 2 the link or data link bridges operate there switches operate there protocols like slip and ppp and we'll be talking a lot about ppp in this course that's also where ethernet is happening okay which is very common for us our wireless 802.11 maybe g 11n that also operates senate layer two and then of course at layer one the physical layer binary transmission encoding bit rates and voltages so like a positive voltage would represent a one okay a one bit a negative voltage would represent a zero bit okay so that's one way we get those zeros and ones across the wire well how do we remember some of these things it's always good to have some mnemonics so here's a couple that might help you if we're going to go from the top down okay starting with application and then presentation you could do this one all people seem to need data processing that's a very common one to help remember you remember this all proper suitors tell no devious phrases that's one you might want to look into now we go from the bottom up okay starting at the physical then the data link and then the network we could do please do not throw sausage pizza away i know that peter and i would hate to see that happen please do not tell secret passwords anytime that's one you might want to use or this one physical data networks transport session presentation applications okay so some mnemonics to help you remember the osi seven layer model from the top down and the bottom up welcome to lesson three tcpip protocol suite and architecture we're going to get familiar with the network interface layer then we'll look at the internet layer and then we'll look at the transport layer and we'll finish up looking at the application layer of the tcp model let's go ahead and compare some reference models here okay i want to compare the osi model to the tcpip model the osi model if we you know notice that it we've got our number of layers here layer one two three four five six seven you can see here's our seven osi layers notice that tcpip really only has four layers this hardware down here or the physical it's not part of the tcpip model now this four layer tcpip model and this is arguable but it was actually developed before the osi model and it's actually more indicative of what our modern networks use and it was inspired by that original arpanet that that department of defense project also referred to as arm arm and this model actually gained popularity with the emergence and the dominance of the microsoft operating system now as i mentioned this this model doesn't officially deal down with the hardware okay also notice that we've got this network interface or layer 2 that's that's similar to the link layer okay or the data link layer of osi also notice that up here at the application layer the application layer of tcpip encompasses layer 5 6 and 7 of the osi so there's no official presentation layer or session layer and actually most modern programs and apps typically perform the functions of layer 5 through 7 and even sometimes the functions of the transport layer okay and we'll actually see this later on sometimes if you're using let's say some fully managed service from a cloud provider like amazon web services or google cloud platform that'll actually they'll do everything all the way down pretty much to you know the link or from the physical up to the network or the link so lots of different variations out there of how this is is used but you know in this lesson i wanted to first show you the differences between the seven layer osi model and how it maps to this more modern tcpip model although we're still going to use both of these now i want to really talk about the main aspects of this network interface layer okay so in the osi model it's called the network or the internet layer or the inner network layer in the tcp model it's called the internet or the internetwork layer and so i want to focus on that here in this lesson so let's look at the network interface or the link layer which is the equivalent of the osi link layer with the goal of sending and receiving ip datagrams or packets on behalf of the layer above it the network or the internetwork layer it's also referred to as the network access layer and this is where the tcpip upper layer protocols and services are going to actually interface with the local network so often when we think about the network or the link layer on an operating system it's made up of what we call device drivers or code so a lot of us will never really actually probably install a device driver but you might let's say you get your own pc your own personal computer and you open it up and you put in another extra network interface card in that pc on the motherboard there'll be some slots in there and you shove that card in there and it's got a little ethernet or maybe even it's a wireless kind of card either way when you put that into your computer you'll have to install most often some device drivers or some something you download from the vendor or the manufacturer now the operating system may actually have its own native device drivers because of plug-and-play like in a microsoft system it might recognize that card and go oh i know what that is uh i'm a microsoft operating system and i have a relationship with that vendor okay that hewlett packard card and so i've got an adapter i've got some software code i can use or you could go ahead and use something from that vendor and often it's better to go ahead and use the vendor's device driver or program that goes along with that card because it'll be updated and it'll actually have additional functionality so that's where the term device drivers come from it's really just a program a software program now this link layer or the network interface layer is arguably considered part of the stack architecture even though strictly there are no core tcpip services that run here okay so to be honest the tcpip services technically are running at the layer three the network or the internet layer and then above that okay but the interface of the link layer does a whole lot of stuff on behalf of that network layer and above and again that's where those device drivers and other programs come in now on some networks there's no tcp protocols or services running at this layer and i mentioned this earlier if you're using amazon web services or google cloud platform this layer is actually kind of unnecessary for you to be concerned with because they're virtual machines that they use like vmware or zen that those virtual machines and virtual appliances that they use they're taking care of all this stuff at the link layer you really only need to worry about this most likely on your own home computer if you're going to be adding or upgrading or updating some network interface on one of your own systems or if you get a job in the future at a company where you have to go and and deal with the the laptops and the pcs that are being installed or deployed in some local area network at a computer at an enterprise also tcpip over ethernet or oe is going to also handle their own layer 1 and layer 2 functionality tcpip supports many different link layer or network interface services including ethernet lans they can support metropolitan area networks like fiti fddi they can support underlying technologies like docsis which is what you would use if you were using your cable provider and dsl they can also support wireless voice networks like voice over ip wireless lans cellular and satellite so all of the different technologies that will operate at the layer 2 or the link layer tcpip can run on top of all these different types of layer 2 and layer 1 medium and they also use a wide variety of encapsulation techniques and when i say encapsulation i mean we're not just going to put a protocol header on stuff like we do with the ip layer remember early on i showed you that fedex package and we had that fedex air bill okay that's the header but with layer two or link layer protocols and services we have a header and a trailer and so we call that encapsulation right we have metadata on the front and metadata on the back they also support different message transportation or message transmission units different networks allow for different default sizes of packets and frames okay so one network might support a larger type of frame than another network okay well the good news is we can accommodate that at layer 2 and different ways that we frame or encapsulate that data that we get from the upper layers layer 3 through 7. okay let's get familiar or more familiar with the osi layer three we call it the the network layer or the internet layer and remember that this is layer three and it interfaces above it with layer 4 the transport layer which we have tcp and udp primarily and of course layer 3 is going to function down here at the with the network interface or the data link layer which is layer 2. and so there's a couple of protocols right off the bat that kind of reside kind of in between layer three and layer two and that's arp address resolution protocol and reverse arp which we don't really use much anymore but our protocol we use and we use arp with tcpip or ipv4 okay only so here's our kind of internet protocols that we have it at layer three so we have ip version four okay remember there is no version five we went right to version six which solved a bunch of problems for example giving us a much larger address space 128 bit addresses as opposed to 32-bit addresses some other things that function here with ip is ip network address translation so sometimes inside of our company we're using what's called an rfc 1918 private address and we have to translate that at our edge device or edge router we call the customer premises equipment we have to translate that into a publicly globally routable ip address so i p network address translation functions here also security ipsec ip security functions here okay and we also have a relatively new but mobile ip which is going to help us with our mobile devices as they roam around and still use internet protocol so that's what's kind of going on here with ipv4 and version 6. then we have some ipsupport protocols we have icmp version 4 and we have icmp version 6. and these have notification messages they have error messages and they're kind of going to help us with some diagnostics on behalf of ip we also have what's called neighbor discovery and neighbor discovery is basically used with i cmp version 6 or ip version 6 and this neighbor discovery or these icmp v6 discovery protocols actually take the place of address resolution protocol which is only used in ipv4 arp is no longer used in ic or im ip version 6. instead we rely upon icmp version 6 to take care of that functionality and then we have this category of ip routing protocols okay so we have routed protocols protocols that can be routed and really ip is uh the main routed protocol but we had others in the past in the past let me put a little line here we had protocols uh like apple talk was a routed protocol okay uh we you had a protocol called ipxspx which was also a routed protocol we also have a protocol that's still used called isis or isis so there are other routed protocols but we're talking about tcpip here so all we really care about is the internet protocol routed protocol now there are routine protocols and these are the ones that forward those ip datagrams or ip packets from one device to another in the packet switched network topology uh historically some older ones were rip routing information protocol rip version one and rip version two and you still you still see rip version two used primarily in small networks or microsoft networks okay there's also the hello protocol which is used between layer 3 devices like routers we have eigrp which was there was a proprietary cisco protocol called igrp and they enhanced it and came up with eigrp and it actually has now it was proprietary but they've also written some requests for commons some rfcs so it's actually a published standard okay eigrp another very popular protocol is the open shortest path first protocol or ospf and then on the internet the points of presence the service providers the cloud service providers most of those internet providers are going to use the border gateway protocol as their routing protocol and realize that these routing protocols they all have a version for ipv4 and then they also have a next generation version okay for ipv6 so all of these i listed here have a next generation version and some of them were totally rewritten okay and and completely redone to support ipv6 so there's kind of our layer 3 internet protocol support protocols and routing forwarding services in a nutshell okay in this lesson we're going to look at the transport layer but i first want to compare the seven layer osi model to the four layer tcpip model and actually this model is more indicative of what we use nowadays microsoft really popularized this four layer model so with the four layer model you have an application layer which basically encompasses layer 7 layer 6 and layer 5 of the osi model so the application layer the presentation layer and the session layer are all kind of enveloped into this application layer so that's our top layer then we have the transport and that's the same thing as the osi model so we have the transport it's often also referred to as the host to host layer because you're using your port numbers to identify those hosts and those sockets the applications they're using so we have layer four is transport layer three in the tcp model is called the internet or the internetwork layer and then layer two and one are combined and technically speaking in the tcpip model we don't really have we don't include the hardware okay so the lowest layer of the four layer tcpip model is this what we call the network interface or the link okay so let's talk more about this transport layer as we realize that it's the same it's layer four either in the osi model or the four layer tcpip model so the transport or host host layer allows end-to-end communications logically over networks or internetworks it creates a logical connections or ports that are made between the hosts either in a reliable connection-oriented manner with tcp or an unreliable connectionless manner with udp tcpip identifies the source and destination process or service transmission control protocol tcp will ensure the reliable and flow controlled delivery of data typically using ip and of course this happens at layer 4. if you use the user datagram protocol udp this is a more efficient streamlined version of tcp that actually sends data between hosts without that reliability flow management that we use in tcp we often use udp for like streaming audio streaming video conferencing things like that the tcpip transport layer includes specific functionality of the osi session layer 5 as well okay i'm here on my pc which is actually an hp pc and you can see that if i go to the properties here and go to properties you can see that it's not a real new operating system it's actually windows 7 and professional with service pack one okay so it is a 64-bit operating system but it's not a super new operating system so this is representative of a lot of the things you'll see you know pretty much across the globe windows 7 still very popular as an operating system but my main goal in this demonstration as we kind of observe the application layer the thing i want to really get across to you is that the application layer of the osi model or the tcpip model is not necessarily applications okay let me give you an example on my windows operating system here's an application called paint and here's an old picture of me from the 90s when i was in my rock band and you can see that paint is an application it's a program that runs on my operating system however this program does not use tcp it doesn't connect to the internet it doesn't use the world wide web it has no capability within this application to actually connect to my network interface card and send frames and packets out onto the internet now here's the same thing with something like calculator it's a program it's an application it runs on my operating system but it like paint or word pad is not a layer 7 application okay and by the way really we're going to be using this calculator it's a very excellent one to use you know use the programmer calculator and add the unit conversion because as an i.t professional you may need to come in here and say okay i've got decimal 10 what is that in hexadecimal oh it's a okay what is hexadecimal a or decimal 10 in binary 1 0 1 0 excellent so we can use this calculator to help us for example when it comes to looking at hexadecimal and binary and decimal we can also use this to say you know i want to convert from feet let's say 100 feet to meters so 100 feet is 30 meters that also comes in handy with networking for example if you're running cable in an environment or if you're setting up a wireless network and you want to know how far away your endpoints are from your wireless access point or the antenna and so you may need to convert from feet to meters and so on so the point is this is a very valuable application it's a valuable program but it's not part of the tcpip or the osi application layer because it doesn't use the internet it's not connected to the internet now some applications for example i'm recording this here's you can see me recording in camtasia this is actually a program or an application that runs on my system however when i bring up camtasia for the first time it does ask me if i want to check for updates okay so we have programs like that that run primarily locally on our operating system but they do have a program or code or an application within the application that can connect to the internet and say let me get some updates let me get some upgrades let me download some things like that so some applications that seem to be local can also be connected to the internet so for example when i run a program like malwarebytes okay well this is a program that obviously is going to look for things on my system it's going to scan for malware and exploits and ransomware on my system but it does connect to the internet it uses application layer 7 specifically the http protocol to go up and connect to a server and bring down updates so it says my updates are current or other code that malwarebytes needs to run so that's a very common application layer program but remember the program is using the application layer service http so for example i like to use as my search engine duckduckgo which is actually a very secure search engine and i prefer it over some of the big ones that are out there okay but this is actually a program that uses the application layer 7 of the osi model because it uses http here's another program okay this is mozilla thunderbird so this is a program that is actually using several protocols of the osi or tcpip model specifically when it goes to send email it's using the smtp protocol which we'll talk about later the simple message transport protocol when i pull down email messages from my mailbox i'm using the post office protocol version 3 or pop3 and i can use unsecure or secure versions of those so this is an email client it uses several protocols at the application layer of the osi model or the tcpip model here's another program that uses several services or protocols of the tcpip application layer so for example this is filezilla now the first thing that happens when i open up filezilla is it wants to go check for updates so to check for updates or install the newest version i'm going to be using the http or the secure https protocol which will use ssl tls secure sockets layering or transport layer security okay so those are also upper layer protocols that can be used by internet applications but also this is a program that uses the file transfer protocol ftp so notice that when i opened up the site manager in filezilla i can use the ftp file transfer protocol which is an application layer protocol okay layer 7 of the osi model or layer 4 of the tcpip model we can even choose the type of encryption behavior right or we can use sftp which is the secure shell file transfer protocol and in this training you're going to learn about different ports and the combination of ports and ip addresses which are called sockets and so if we're using ftp we're going to use port 20 for data and port 21 for the actual connectivity and exchanging commands and if we use sftp the secure shell ftp we're going to be using port 22 okay so as you can see i want to make sure that you intend the difference between running applications on your operating system but then running applications and programs that use the application layer of the osi or tcpip model excellent module two is entitled lower layer core protocols and services in this module we'll look at point-to-point protocol ppp as well as eap extensible authentication protocol then we'll look at tcpip address resolution protocols like arp reverse arp and gratuitous arp this is lesson four point-to-point protocol ppp we're gonna ponder the purpose of point-to-point protocol then we'll examine the core protocols of ppp we'll introduce feature protocols and the very important extensible authentication protocol eap we'll explore the ppp frame formats and then i'll finish up demonstrating the behavior of point-to-point protocol and eap okay in this lesson we're going to ponder the purpose of point-to-point protocol how's that for a lot of p's okay but before we look at ppp or the point-to-point protocol let's look at the ancestor of this protocol which was called slip serial line internet protocol now i don't like to do too much with obsolete protocols but i want to talk about this because for me uh this is where i began okay this slip by the way was first designed to offer layer two connectivity for tcpip over a physical link where there was no layer 2 technology and my first internet account it was called a slip account and i had you know a really old pc and it was running a really early version of microsoft and i had a slip account with my service provider and i had to install this software program and i had a modem you know remember those things i had one of those right those dial up modems 56 kilobits per second or kilobytes but you know not very fast and as a matter of fact my service provider this is true i wanted to go actually visit my service provider so i called them and asked them where they were located i wanted to come by and ask them some questions well lo and behold my service provider was actually this guy who had this out of his house he had dug up his front yard and a t and t had put in what was called a t1 line so they ran this cable and they buried it in his front yard and he had his business in the garage so when i went to when i went to visit him he brought me like through you know the the side door into the garage and he had all these racks of modems it was super loud all these modems you had like i don't know 50 or 60 modems in there and uh that was my service provider and you know i would use my slip account my slip protocol to connect to one of those modems that he had up on the shelf to get access through at t to the internet so that was my first foray into using the internet even before the world wide web really started to happen and so slip really filled the gap between the physical layer and the ip iplayer three okay and it provided basic framing and it was the predecessor of the ppp protocol that we're going to look at here in this lesson the point-to-point protocol is really the biggie okay it's the ubiquitous protocol that there's all different types of versions and all different types of extensions and variants of this protocol used all over the world and so this was what we had before we started using ppp and i actually remember transitioning from a slip account to a ppp account while i had that service provider the guy working out of his garage now what's interesting is slip was defined in an rfc and this just goes to show you that some things can actually be defined or they can there can be information about the protocol but it can never get to the point of where it's actually becomes a standard so just because something has an rfc a request for comment and a number doesn't mean it kind of gets to the full-blown standardized publication right slip never got there let's talk about some weaknesses of slip because this will tell us why we had to have point-to-point protocol or ppp slip was simple but it had limitations it only supported a certain size of a maximum transmission unit and 1006 bytes is not very big so that wasn't very efficient it had no error correction it had no error detection there were no extra control messages it was really basic it didn't have any header metadata so you couldn't define information about the data that was being carried from the layer 3 the ip layer it couldn't learn other ip addresses you couldn't compress and that was a problem with slip because it didn't support compression uh back in the day when you had those 56k modems that wasn't very fast and so we would use techniques to compress the data so we could actually you know send a picture or an animated gif where we could download that animated gif eventually and have it show up in our browser and there was no security there was no way to authenticate the links okay and there was no way to encrypt the data so slip had a lot of weaknesses which led to why they had to develop the point-to-point protocol ppp which by the way we still use ppp and its variants all over the world today this is one of the most important protocols that you're going to learn about in this tcp series the irony is it's actually not a tcp protocol it really kind of functions at layer 2 or the link layer of the tcp model there's several rfcs that define point-to-point protocol it's a popular technique for carrying ip packets or datagrams over what we call serial line connections now when you hear the phrase serial line what a serial line means is that it sends all the information in a string or a series of zeros and ones okay and certain things uh like serial connections still send things in a series of zeros and ones right still used by an a service provider that offers dsl for example over your phone line the links of ppp are established using a protocol known as link control protocol lcp very important and we'll learn more about lcp as we proceed through these lessons and also with ppp is a family of network control protocols and it's a family because it has to support different layer three protocols okay there's other protocols out there at layer three besides internet protocol okay historically there's been protocols known as ipx spx apple talk had its own protocol called apple talk or apple so ppp needed to be able to support those different types of networked protocols or what we would call routed protocols so this family of ncps establishes network layer links after the link control protocol lcp has established a basic connection okay and so that's fundamental to how ppp works and obviously we're going to learn way more about that as we move forward okay in this lesson we're going to examine the point-to-point protocol ppp core protocols but before i put that elaborate diagram up here i just want to show you simply where ppp resides in the osi model so we have osi layer 1 which is the physical layer and then we have of course osi layer 2 which is the data link layer so between layer 1 and layer 2 this is where our network interface resides and this is you know that ethernet port that's on your laptop for example or that the ethernet ports on a layer two switch okay the network interface network interface card that's on the system board or the motherboard that's the network interface and it functions basically at both layer two and layer one because ultimately that network interface and the device drivers or the driver program that is associated with it eventually has to convert those frames into zeros and ones either to send you know a stream of them in a serial fashion or a wide band of zeros and ones over a wireless rf okay so that's the network interface here's where point-to-point protocol comes in technically it's at layer two and as we're gonna find out ppp is at data link layer 2 but it's kind of got a halfway point so there's an upper layer of ppp we'll talk about there's a lower layer of ppp that we'll talk about obviously the upper layer of ppp is going to be an expert at talking to the layer 3 of the osi model and the lower layer of ppp is going to be better and excellent at talking to layer one or the physical link which can be a serial connection it could be ethernet it could be isdn it could be fiber there's all different types of physical links that we're dealing with so that's kind of where ppp resides in the osi model let's take a look now at kind of the ppp suite and all the different core protocols and kind of where they sit uh within the infrastructure of layer 1 and layer 2. well in the previous diagram i kind of showed you how ppp which is at the data link layer or layer 2 has an upper layer protocol and a lower layer protocol the upper layer technically is ncp or network control protocol that's the one that specializes in communicating with layer 3 of the osi model then the lower protocol which is the one that specializes in communicating with layer two is technically lcp link control protocol which of course you can see is going to communicate with this layer two framing right so we have ncp and then lcp that's kind of the the basic uh basics of the ppp protocol but we have other core protocols within that so for example if you're gonna do compression and i'm going to break these down for you a little bit later in greater detail but if you're going to compress because it's a slow link maybe you're in a certain country or a certain area that's using a 56k modem or maybe isdn you may have to compress it with the ccp protocol if you're going to combine a couple of modems together or combine a couple of icnd channels then that's going to give you what's called multi-link and if you're going to do multi-link and you're going to combine channels or combine modems you're going to use protocols like bcp to control the bandwidth you're also going to use bap and bacp okay if you're going to use any type of encryption between those two points in the point-to-point protocol connection then you have the option to use a kind of older ecp which is an encryption protocol technically we don't use that anymore but we can still use this for both sides to determine hey am i going to use some type of security if they are then we're most likely going to use an authentication protocol the original one was called pap okay which we don't really use much anymore even though we could still use it we could still use pap along with extensible authentication protocol but pap chap which is a challenge handshake protocol and then more likely than not nowadays we're using the eap extensible authentication protocol which has over 40 different variants out there so it's very very flexible there's a similar functionality in ppp like we have in ip at layer 3. remember ip at layer 3 has the icmp version 4 and icmp version 6 protocols we have something similar in the point-to-point protocol and that's link quality management okay and then to report that information basically all the information aggregated together link quality reporting so these are all core protocols of the ppp suite i want to use this diagram to help explain some of the ppp behavior here and realize that we over here we have our client our ppp client which we also call the initiator and over here is our ppp server which we'll call the responder so this could be you know your workstation at home and then or your small business and going through a modem and this is the service provider okay the responder and notice up here we have ip datagrams being sent but realize that point-to-point protocol is basically protocol agnostic so it can transport pretty much any layer 3 protocol and through the through the years down to the decades there's been other layer three protocols besides internet protocol and i've mentioned those so ppp could really send any of those not just ip but you know that's what we're talking about here so we are doing ip so next we have the network control protocol and so this is going to be logically communicating ncp between the initiator the responder so this is going to be stuff like you know the server is going to assign you know the ip address okay and it uses an ncp protocol called ipcp to do that so it doesn't use dhcp necessarily it could but it can also use ipcp to give out an ip address it could also say hey here's the location of your dns servers okay that would be good information to know okay so that exchange happens is it comes from the responder next we might want to authenticate the user okay so we can say let's do some basic authentication let's you know let's use pap or let's get a little bit more advanced and use that handshake protocol but if you really want to get happening we can use extensible authentication protocol which could use things like x509v3 certificates okay it could use other mechanisms to get more advanced authentication so that's what happens there after that and by the way the server is going to say hey who are you and the client or initiator is going to say hey here's who i am and here's my credentials okay and there can be a wide variety of choices as i mentioned earlier there's over 40 variants of the extensible authentication protocol next we have the lcp okay and this is going to actually that link okay so that's going to establish the layer 2 link and there's also some optional negotiation that goes on here remember earlier i showed you some of those core protocols so some of those optional things can happen here so for example this is a multi-link connection using two or more modems or multiple isdn channels i could you know do some multi-link activities here at the lcp and then of course we get down to you know the layer 2 framing so here's our layer 2 framing and you know we've got a layer 2 you know header and then other information and then a trailer okay and so that's what's going on there there's a wide variety of options that happen down there there's the hdlc serial protocol ethernet which you're familiar with we could also do frame relay which used to be really really popular isdn if you're using fiber optics you could use sonet so that's all going down here and then of course the physical layer is where the encoding mechanisms that are going to transfer the information in the frames okay which has everything above it all the way up to layer seven in that frame and it gets you know converted into zeros and ones and sent across the physical medium so that's point-to-point protocol okay the first feature protocols we're going to look at for ppp is what's called lqm and lqr realize that point-to-point protocol and tcp both have basic methods for detecting errors and finding corruption ppp link quality monitoring lqm lets devices analyze the link quality very quickly link quality reporting or lqr will request that the other device on the link tracks link statistics and reports periodically now realize lqr it actually it actually aggregates or it collects all the statistics for all the higher layer protocols it doesn't separate those so it's really an aggregate of statistics that it reports on a periodic basis so for example one of the things that it can uh report on is the number of frames that are sent and received that's an example it could also say how many octets or bytes or eight bits right how many octets are sent and received in all the frames maybe the number of errors that it detects or the number of discarded frames so those are all those are all really important statistics and ppp can do that and if you imagine you know you've got that workstation connecting to the service provider using a ppp program as you're trying to you know download web pages or go and do other activities on the internet or the world wide web these are very important features and activities so an analogy is like asking a teacher to post a progress a progress report to a web portal or maybe send out an email message for a specific time period like every two weeks or every four or six weeks a progress report we also have the ccp the ppp compression control protocol this provides an optional way to compress data on ppp links to enhance the performance now let me just say this back in the day when we used to dial up modems or we had what we had uh certain connections uh for example through your telephone company that maybe gave you you know 64 bytes or 128 you know those weren't really big bandwidths or pipes so it was really important back then to be able to compress information so we could get more information over those slow connections like i said in in first world countries uh this is not that big of a problem anymore but there's lots of countries out there across the planet that are still have very slow connection to the internet and so this is still something that's viable okay ccp defines the methods for two hosts to negotiate the compression scheme both sides have to support ccp to be able to configure it and have that kind of compression control there are separate algorithms that perform compression and decompression for example there was a protocol called microsoft point-to-point compression that was popular back in the day ppp also has a protocol called ecp which is encryption control protocol typically we're going to use ipsec or ipsecurity or ssl tls for our encryption prior to transmission however ecp is an option it's seldom used but it's a data privacy feature that's still available as part of the ppp protocol family you can use ppp des encryption protocol des or you could use ppp 3des or triple des now triple des is not three times faster than dez what three des means is that we do the des encryption process three times we go through three iterations so that's what three des means not three times stronger but three passes of that particular algorithm these algorithms by the way for ecp are published in their own rfcs there's also multi-link protocol again going back to you know the days of your to get extra bandwidth you might combine modems or you might combine channels with your service provider to get larger bandwidths so a company for example could say you know i want to combine one or two or more modems or i might want to combine one or two or more channels like isdn channels with my service provider to get higher bandwidth okay and that was called multi-link so sometimes we needed to we needed two layer one connections or more between devices so the multi-link protocol mp was optional and it actually inserted another sub layer into ppp and it looked something like this where you would have two physical links and then you would have two ppp layers ppp1 sublayer and sublayer ppp2 and that was handled by the multi protocol or the mp ppp protocol okay more important you know back in the day but against can still be used in certain countries that are still using dial-up modems uh and other types of connectivity remember not all countries have digital fiber running everywhere or have high-speed internet through cable companies or their telephone companies so these protocols are still used in many different parts of the world there was also a couple of protocols called bap and bacp bap was the bandwidth allocation protocol and bacp is the bandwidth allocation control protocol these protocols offer dynamic management of the multi-link protocol functionality and behavior so bacp has a similar role as the link control protocol the ncps the ccp compression and the ecp in other words it has control mechanisms so we think of lcp the ncps ccp for compression ecp for encryption it was all different ways to control the ppp connection well bacp or bandwidth allocation control protocol provided that type of control in a multi-link environment where you had a couple of modems or you had multiple isdn channels bap on the other hand handles the requests between the communication devices now we have extensible authentication protocol the word extensible is a very important word and i want to talk about it for a second we learned about extensibility early on when we were kids okay for example when you got that first set of legos and you realize that i had one lego block and i could take multiple lego blocks and i could connect them together and i could increase the functionality and i could turn those multiple legos into a building or a helicopter or into you know a truck or something so you can add pieces as they became available right is if i got a new set of lego blocks i could extend the functionality when i was a kid i had hot wheels with those little hot wheels cars and you know if my birthday came around or if it was it was the holidays and i wanted a present i wanted more track i wanted more hot wheels track i wanted a way to do a 360 so i could send my hot wheels through the 360 or go around curves i wanted to extend my basic hot wheels that simply just went down a hill and extend that to do loops and turns so extensibility is a very important concept because we have all these frameworks and all these architectures that we use on the internet and in the world wide web and as new technologies come around right new way new apps okay on your phone new programs new applications ways to make things faster for your mobile device the internet of things the iot right as we can take you know our toaster and put it on the internet right or you can take your your pet feeder and you can actually put your pet feeder on the internet so that if you're out of town and you're going to be able to come back you can you know reset the pet feeder that type of extensible capability is extremely important well this concept of being extensible happened pretty early on with the point-to-point protocol with another protocol called eap extensible authentication protocol and we use this all the time okay as a matter of fact there's about 40 different methods to extend the functionality through eap it's very very flexible and we use this on wireless networks and we use it on wired networks one of the main reasons to extend the capability of ppp was to go beyond some of their simple authentication protocols like p-a-p and chap okay those are kind of older not very secure not very flexible ways to authenticate the two points on the connection it's point to point right you have two points well we would use the pap protocol and the chat protocol to authenticate those two points hey are you who you say you are well prove it by giving me a username and a password okay that makes sense well eap extends that functionality and makes it more secure more flexible and also gives us other ways to authenticate those points okay so with eap there'll be an initial what's called eapol negotiation i'm going to show you that here in a second in a diagram and then once you go through that initial process we have a wide variety of choices we can use to how we're ex we're going to extend the authentication of those peers okay we can use a lot of different devices and mechanisms for example we have the eap transport layer security so we can say we're going to use eap with the ssl tls protocol which you use on the internet all the time if you go up to you know your online banking site or you go up to your online broker or you're going to do maybe a gaming site or paypal or whatever you're using ssl tls all the time we might use eapp with one-time passwords that are really strong okay we can use like version 2 on our ip security connection or vpn let's say to our company we can even use some methods that are kind of proprietary like cisco has one called eap fast okay so like i said there's over 40 different variants of eap this is the diagram i was going to talk about so let's say you're going to use extensible authentication protocols in your enterprise okay now this can be in your enterprise and it could be over a wired network or it could be a wireless network so for example let me get my little laser pointer notice this little authenticator here that could be in a wired network a switch okay it was just a rack mounted switch like 24 ports or 48 ports that you're connecting your pc to in your company okay it's going to some wiring closet somewhere or a data center or if it's a wireless network that could be what's called a wireless access point okay this by the way could even be your wireless router in your home you might you could use eap on your home network but what's what happens is if this authenticator is compliant okay this particular laptop or handheld device or pc is called a supplicant and it will eventually it will most likely send an eapol start frame okay either on the wire or wireless to this authenticator okay and it'll send that start frame and say hey you know what i want to start the authentication process now if the authenticator notices that there's something connected to it and it doesn't get an eapol start frame it will go ahead and say after a certain period of time i'm going to request your id it'll say well i haven't heard from you so i'm going to send a request id frame to you so you can send me your credentials and then maybe that one will send a response identity frame so ultimately that goes to the authenticator and then the authenticator connects to some authentication service like the radius service and at that point right there is where those other different types of eaps can kick in and i can add different types of extensible authentication using certificates using ssl tls using something like a protected access credential you could even use something like a biometric or a smart card or something like that okay so eap isn't especially important protocol right now and going forward in the future okay what i want to do here is demonstrate the general frame format of the point-to-point protocol and by looking at this it's going to be a really good indicator of some of the things you can look at in other protocols and ppp being you know ubiquitous all over the world it's a good one to look at this will also come in handy later on when you start using a tool like wireshark to start looking at some of these different protocol datagrams and frames so let's take a look first off here with this flag okay now the ppp flag field designates the start of the ppp frame and it always has a decimal value of 126 or if it was hexadecimal it would be 7e next we have the address frame this is the destination address and remember that this is a direct point-to-point link between two hosts so actually this field is kind of meaningless for all practical purposes so basically all the bits are turned on so we get you know binary of eight ones or 255 which means all stations or a broadcast okay the next field is control and this field is always set to decimal three or as you can see if you have eight binary bits the last two bits are turned on then we have two protocol fields okay and this identifies the protocol using two bytes okay so we have two different fields of eight bits each now for data frames this is typically the network protocol that generated the datagram if it's either the ccp which is compression or ecp which is encryption and that's pretty unlikely in a first world country but this field would specify if the data is being compressed with ccp or encrypted with ecp so if the first protocol field is 0 0 and the second field is 2 1 then the protocol is i p version 4. if the first field which is going to be even is 0 0 and the second one which is going to be odd 5 7 that's going to be ipv6 next we have the information area and let's go ahead and take a look at that a little bit closer the information field is 0 or more bytes of data or control payload if it's a normal ppp data frame for example this would be the network layer datagram okay layer three if it's control frames like we see here then the control information fields will be inserted as shown now as you've learned there's a bunch of ppp control protocols that could be represented here they could be lcps they could be ncps for example the ipcp protocol which is going to assign an ip address it could be ccp for compression ecp to set up encryption it could be authentication with pap or chat and these protocols and associated options are specified in the code type and identifier frames and we'll take a look at an example here in a second but let's go down and finish up with padding padding is basically just additional dummy bytes to get you to the correct size of the ppp frame and then we have an fcs which is a frame check sequence this is a checksum that gives us basic error protection during transmission it's a lot like the fcs that you would find on an ethernet frame and it defaults to 16 bits as seen here but it could also be 32 bits in size and then we have the flag remember the flag at the beginning well here's the flag at the end that designates the end of the ppp frame and it always has a decimal value of 126. so here's an example if our ppp was in the information area using chap okay as a chap challenge and response frame so it's still widely used typically it's the microsoft variant ms chat but if you see here in the code type field you have four options it could be one a challenge the number two would be a response the number three would represent a success and number 4 would represent a failure and then the value is the actual challenge and response text that's used by the chap protocol and then the name finally the name field down there is one or more bytes of text that identifies the device that sent the frame kind of like a response from a radius server for example one last thing realize that the ppp protocol suite is based on the iso or iso high level data link control hdlc protocol so the ppp frame is pretty much the same and remember all messages sent by ppp are either control messages or data messages what i want to demonstrate in this particular lesson is some of the most common usages of the point-to-point protocol and the one we're going to look at here first is called pppoe or ppp over ethernet now using just raw ppp typically you're not going to do that anymore historically you would go and you would download some point-to-point protocol client and install it onto your operating system or you could use some native client that came on the operating system and then you'd be using some modem some dial-up modem or some isdn modem but those are really kind of legacy solutions ppp over ethernet is actually one of the more common usages of this protocol because a lot of people out there go through their phone company to get the internet and the world wide web so if you already have an existing landline in your home through let's say a t which is extremely common and i've done this in the past you can go to a t or whatever your telephone company is and you can use their service for internet now when you're using that what you're most often using is what's called asynchronous dsl or adsl now what does asynchronous mean well if you look over here on the left at this end user with the ppp client software or more specific ppp over e client software which you know could come with microsoft for example asynchronous means that the download speed so if they load up their a browser let's say like mozilla firefox or internet explorer into their pc or their workstation or their laptop downloading is going to be considerably faster than uploading okay so that's why it's a synchronous so it's faster downloads slower uploads and by the way if you were to go through your cable provider you wouldn't be using uh pppoe you'd be using something called docsis d-o-c-s-i-s and it would still most likely be asynchronous in the sense that you would get something like i don't know a gigabyte or you know whatever downloads but you would get much slower uploads okay so that's what asynchronous means so if you look at this diagram here your provider most likely your phone company is going to give you a box a little box and it's a dsl modem and then that dsl modem is going to connect through the phone line to what they call a d slam and you would see a d slam not the box itself but you would see where it's located if you drove around your town you might see little buildings little small buildings that are owned by phone companies like a t and t and that's where these d slams which are just you know a rack mounted box is inside this small little building okay and if if you were to drive around right now most likely you would see these little buildings typically off of a main road or a highway and then those little buildings are connecting what we call in the back end over the at t network which is using a layer two technology a framing technology called atm an atm is a osi layer two technology it's not packet based it uses what's called cells a fixed length cell so it's not a packet switching protocol like we're learning in tcpip it's kind of its own dedicated cell switching network but it eventually gets to your isp your service provider like a t or verizon or whoever okay so that's what's going on with pppoe from a topology standpoint now notice that we're using some layer 3 4 tcpip protocols with the client like you might be using dhcp and we might be using network address translation because remember that pc over there probably has a private ip address like 192.168.0.11 and it has to be translated into something that's routable and acceptable over the global internet and then the pppoe behavior is going to be between your dsl modem or your adsl modem and the service provider and that there's actually several layers of activity going on with that pppoe connection and i'll show you that here in a second and then of course at layer two you know you're connecting to your dsl modem typically using ethernet but it could be a wireless so you could be using 802.11 maybe a dot 11n for example or it could be a wired ethernet which is called 802.3 okay but that being said the ethernet aspect or the dot 11 wireless aspect stops at the modem and from that point at layer two the atm asynchronous transfer mode takes over okay and it connects to what's called a d slam a dsl am inside that little building on the side of the highway okay and then that connects and creates to the cloud of the provider's network which is an atm network and at layer one okay we're most likely using you know ethernet you know 100 base t we call it or one gigabyte ethernet or maybe even 10 gigabyte ethernet or again it could be wireless but then at the dsl modem it's going to be using what's called adsl at layer 1. so that's what's going on from a topology standpoint and by the way this is an extremely popular usage of the point-to-point protocol it's pppoe now we're going to look at this tool at the end of this training in much greater detail but i'm looking at a tool called wireshark and i've actually loaded up into wireshark what's called a pcap file so it's just to capture okay it's actually capturing a communication between if you go back to the diagram this dsl modem and the dslam okay that's owned by some company so what we're seeing here is the communication between really this dsl modem and the dslam and so we've got a capture of this and what we're going to see first if we go to step number one up here and these are numbered as you can see that the pppoe modem is doing a broadcast okay it's actually sending out a frame where it's all f's so if you look down here it's all hexadecimal f's okay and that's what a broadcast is at layer two at the ethernet layer it's using a protocol called pppoe discovery so it's the pppoe discovery protocol kind of like the dhcp protocol that's used and you can see the different offers offer the request and then confirmation and then now we go up to the what's called the ppp lcp layer so you can see if we look at the kind of stack that we go from the lower layers to the upper layers so we start at ethernet we go to the pppo over e session and that goes up to the point-to-point protocol and then that gives us our ppp link control protocol or the lcp and we can see all the different lcp activities here the configuration request the configuration acknowledgement echo request we've also got some basic authentication with pap or pap the password authentication protocol and we can still use that today but typically once you go through that initial password authentication your provider is going to provide extra security or additional authentication of your machine or your user and if we go down here we can see uh here's for example ipcp and here's how that dsl modem is going to get its ip address that's public on the internet okay the dsl modem is going to go ahead and use dhcp and it's going to give you an ip address from that private rfc 1918 address range but the dsl modem on its outside interface here it has to get an ip address that's kind of public out there on the internet that's routable so that's where this ipcp configuration request comes in and you can see this is we've got ipcp and maybe possibly ip version 6 cp because you may be you know using ipv6 and ipv4 and you can see lcp kicks in again with its final activities so we're gonna dig deeper into this wireshark tool but i just wanted to show you kind of uh the power that you have available to you this is a free tool by the way you can download wireshark just go search for it and you can also get a bunch of these pcap files that are just examples or samples of different protocols that we're learning about here you can get a pcap file for the tcp handshake you can get a pcap file for telnet and other protocols as well that are very popular and i recommend that you do that now the other thing i want to mention is that you may be using extensible authentication protocols okay for example most likely in your organization at your business okay you may be using eap extensible ap on your wireless network and it's very very common to add higher level of security so at your company your pc will have what's called a supplicant on it the software and that supplicant allows it to use different variants like eap fast which is a cisco proprietary type that uses pac files or protected access credentials or maybe your workstation at your organization is using what's called eap tls or eap transport layer security that's very popular in an enterprise organization let me show you that i'm in this certificate location on this windows 7 system and let's say this windows 7 system is at a company and they're using more recent and more extensible powerful versions extensions of ppp called extensible authentication protocols and let's say that they're using eap tls in the enterprise if that's the case then you're going to have to put on the system a enterprise certificate root certificate okay so whatever your certificate authority is at your company let's say it's a windows server or it's a linux for example you have to install the certificate on the system now i've got a bunch of other certificates so if i want to go surf the internet okay so all of these certificates are here for me if i want to use my web browser and i want to use transport layer security to go up to all these different various websites okay and so i've got you can see you know things you've heard about on the internet like godaddy okay so i've got godaddy i've got microsoft i've got some of the ones that are really popular like thought and verisign so i can pretty much go pretty much any ssl tls server on the internet okay because i've got all of these root certificates in here however if i'm going to use extensible authentication protocol in my enterprise then somebody some administrator is going to have to go and install a certificate into this area into the enterprise trust okay and so eap tls is one of the best options because it uses these very secure x509 v3 certificates and transport layer security usually 1.1 or 1.2 that you use on the internet with secure servers and there's there's other versions of eap though i mentioned eap fast from cisco which would involve installing that a text file called a pack on your system instead of a certificate but you could also use older protocols microsoft has one called pptp which is point-to-point tunneling protocol another one that's also popular with with microsoft is called peep protected eap and so those are most likely the ones that you're going to use so i just want to kind of show you in this demonstration some of the more modern usages of the extensible and very popular and ubiquitous point-to-point protocol welcome to lesson five which is entitled tcpip address resolution protocols we're going to learn about the need for address resolution then we'll examine the mac address media access control we'll examine the tcpip arp protocol we'll look at reverse arp and then we'll finish up with a demonstration of mac addressing and arp in this lesson we're going to understand the need for address resolution and for different types of translation now address resolution refers to the method of locating an address of a host in a network now the address is resolved using a protocol in which a chunk of information is sent by a client process running on the local host to a server process running on a remote server host now the information received by the server allows the senders to uniquely identify the network system for which the address was required and therefore can provide the needed address so the address resolution procedure is completed when the client receives a response from the server for example the arp server with the with the necessary address information now what i want to talk about real quick is why we use different types of numbers or indicators for different types of systems and for different resolution so i want to talk about why we have kind of stopped using binary which computers use and sometimes even move from decimal to hexadecimal and i want to use this example from the movie the martian maybe you've seen it with matt damon if you haven't it's easy to explain matt damon plays an astronaut named mark watney and they're on mars him and his crew and some storm rolls in and mark watney an antenna blows through the wind it cuts into his suit and he gets left behind so the rest of the crew has to take the ship and blast off and get up there and connect with their other ship that's in orbit around mars so here's mark watney all by himself so what he has to do he has to figure out a way to communicate back with earth so he remembers that there's this pathfinder probe that's several miles away that was sent to mars years before so he gets in his little rover and he rose on out and he digs up this pathfinder probe and then he brings it back to his base and now he can communicate once he gets the antenna going and the batteries going he can he can communicate back with nasa and jpl or the jet propulsion laboratory but here's the problem it has a camera on it so he can he can face the camera at himself but all he can really do is is put up some signs that say yes or no okay in other words his communication that he can do back with nasa is binary okay so for example he can hold up a sign and says something like does the crew know i'm here okay well they can point the camera at the sign that says why and they can say yes or if you ask a question and the answer is no they point the camera at the sign that says no but that's all they can communicate is that binary information and we need to be able to communicate more advanced more complex information than just binary yes no on off left right 0 1 you get the point right so what did mark watney think of came up with a brilliant idea let me show you so the problem was how could mark watney get more complex information sent to him or communicated to him besides just a binary yes or no well he thought of ascii ascii text is a code and so what ascii does is it assigns first off a decimal to all the letters of the alphabet and other control characters well the problem with decimal is that's still a whole heck of a lot of numbers and letters so we realize that there's also hexadecimal identifiers for ascii characters so this way they could transmit information to him and the the bottom line was they had to translate or send information to be able to actually issue commands into the computer to be able to get the computer back up so they could actually communicate you know using a console uh not this method anymore but what they could do is they could simply point the camera and so he would he got uh 16 of these on little signs starting with zero through f right the hexadecimal characters so we had he had a sign for each one of those so when they pointed the camera first at zero and then they pointed the camera at two he knew that zero two 0 2 is the start of text okay so we knew that we're starting the text now then if they pointed to the 4 and then the camera to the 1 4 1 is the letter a right so they could express characters of the alphabet and words and commands for example five a so pointing to five and then pointing to a is a z right and they could say well we could put a space in there two zero that's a space okay so they were able to communicate enough to him so they could take the information and then have some commands to type into the computer now why do i say this okay because we have to find ways to communicate more efficiently this is an example of mark watney coming up with a great solution using the ascii table to allow them to communicate more efficiently but as human beings we don't like binary we don't really like decimal numbers we don't even like hexadecimal so we need to take that information that identifies certain components in the osi stack and translate or convert those into something more user friendly so converting a decimal ipv4 address into some friendly name using the domain name service for example and so this name resolution is a very important function and it builds on these kind of complex systems it's a very important function to help us as human beings be able to identify these types of components on our tcpip systems let's take a look at the mac address and mac stands for media access control this is an ieee 802 48 bit address okay so 48 bits is what makes up this address actually comes from the original xerox ethernet addressing scheme that's right xerox early on actually had their own networking protocol okay it's not just a copier machine and it's represented in hexadecimal and it's most commonly referred to as the eui 48 identifier the reason why that phrase eui 48 is important is because it's going to come back again when we look at the ip version 6 address so ip version 6 actually can use this eui 48 identifier to actually make up its version 6 local address so this will come back to be important to us a mac or media access control address is typically tied to a core connection device in your computer called a network interface card or a nic now for most of us the network interface card is going to be something that's part of the system board or the motherboard or it's part of the laptop okay but we can always if we have the capability we can add those in but also realize that we have these nics on switches so if you have a switch that has 24 ports on it or a big 48 port switch each one of those switch ports is going to have its own mac address assigned to it a network interface card actually converts data into an electrical signal that can be transmitted over the network and by the way it's going to work along with some software known as the device driver every commercially viable nic has a hardware address that's known as a mac now whereas ip addresses are linked with tcpip networking software stacks a mac address is linked to the hardware of logical or physical network adapters manufacturers all place a special number sequence called an organizationally unique identifier or oui that identifies them as the manufacturer the oui is usually at the front of the address so for example consider the mac address 001422012345 well the oui is going to be the first half of that zero zero one four two two now something that's interesting in this mac address is that remember that's a hexadecimal address there are no a a's through f's in there are there i don't see an a b c d e or f and i did this on purpose okay there's no letters in that mac address however that's still a hexadecimal address okay so keep that in mind here's an example of some of the bigger companies that were involved early on but you know you can see dell's oui 0 0 14 22 for example if i go to my windows pc and i issue the command ipconfig and we'll see this in a demonstration by the way so don't worry about it i'll demonstrate this for you but if i do an ipconfig forward slash all what i'm looking at is my wireless adapter and notice that even a wireless adapter has a mac address okay very important you can see this one has a physical address of ac b5 7d and so on and the ac b57d is actually the oui probably going to be qualcomm so down here the ethernet adapter this has a physical address and you can see that's 30 65 ec 6984 af okay so that's the actual network interface card on my laptop my acer laptop so the one above is is the wireless for the wireless adapter on this acer laptop and the one below is the ethernet adapter which is part of this acer laptop now i mentioned that a mac address can be physical or it could be logical so here i'm up at amazon web services and i'm going in and creating on amazon web services a virtual adapter it has a virtual ip address and notice i've got a virtual mac address so this is actually part of the kind of virtual machine the zen xcn virtual machines that are used in amazon web services so there they virtualize everything and so like i said it can either be a physical mac address for an ethernet port or a switch port it could be a mac address for a wireless adapter in a laptop or on a cell phone here it's a logical mac address at a cloud service provider okay let's look at the address resolution protocol or arp arp is a protocol used by the internet protocol but ipv4 only and it maps ipnetwork addresses to the hardware address or the media access control mac address used by the link or the data link protocol arp functions below the network layer as an interface between that layer and the link layer an ethernet network uses two hardware addresses to identify the source and destination of each frame sent on the ethernet a host sends all frames which it generates with its own hardware source link address and then it receives all frames which match the same hardware address in the destination field of let's say for example the ethernet header or one or more pre-selected broadcast or multicast addresses there are four types of messages that can be sent by the arp protocol these are identified by four values in the operation field of the arp message header so these are the arp request the arp reply and rarely but it's still officially part of the protocol the reverse arp request and the reverse arp reply we don't really use reverse arp that much anymore so the two biggies are the arp request and the arp reply to reduce the number of requests a client will typically cache resolved addresses or the mappings of the mac address to the ip address for a short period of time like 5 minutes or 10 minutes or it can be longer the arp cache is a finite size and it can fill up for example if there's a denial of service attack or a flood attack against a switch for example or a workstation or a server so periodically the system will flesh out all of the entries in that arp cache and this deletes unused entries and it frees up space in the cache which is basically in ram memory and it stops the unsuccessful attempts to contact host which are typically not running therefore their mac address doesn't need to be in the cache let's take a look at arp in action and let's say that we're going to be using the icmp ping program okay so here's host a and host a is going to use the ping which is an echo request and it's going to send an echo request to host b and host b's back over here okay both of these of course are running the arp service so host a is going to send this ping to host b at its ip address of b dot b dot b dot b uh by the way it could be 192.168.1.100 how's that well here's the problem host a doesn't have a ip to mac address mapping for that ip address so the icmp packet is going to be stored in memory it's going to be queued okay it's going to be waiting there lined up until the hardware address has resolved and that's where step 3 comes in arp the arp protocol the arp service will request the destination hardware mac address of host b host b of course is going to send an arp service reply back to host a and then it can do its echo request and now host b can respond with an icmp echo reply now this is kind of a common scenario but let me tell you what's actually more common let's say that host a here is coming on to the network for the very first time okay maybe it's a brand new system or you're bringing in a laptop to some organization most likely this host is going to get its configuration information using the dhcp protocol okay the dynamic host configuration protocol so dhcp is going to eventually give host a a bunch of options okay these options might be this is your default gateway okay this is the ip address of the router to get out of your network okay well let's say that's exactly one of the settings or one of the options that dhcp gives it if this host wants to send a let's maybe do a tcpip three-way handshake with some web server out on the internet it has to know how to get to the default gateway okay well it has the ip address of the default gateway or its router okay dhcp told it that maybe it said it's 192.168.1.1 well it has the ip address but it doesn't have the mac address of the default gateway okay so what is host a going to do host a is going to use the arp protocol it's going to send an arp request to that router or that default gateway and say hey i know your ip address 192 168 1.1 but i don't know your mac address so send me back that mac address and it will and it'll be stored in host b or host a that is it'll be stored in its mac or it's arp cache for a certain period of time okay so a couple of examples of arp in action in this lesson we're going to look at two arp protocols or two arp variants first we're going to look at reverse arp which actually isn't used that much it's kind of obsolete however reverse arp leads us to gratuitous arp or garp which we still do use today so let's talk about reverse arp first realize that arp and reverse arp are entirely different operations okay the address resolution protocol arp assumes that every host knows the mapping between its own hardware address its own mac address and its protocol address or addresses remember you can have more than one ip address associated with a single mac address information collected about other hosts is then stored in a small cache known as the arp cache which is in your ram memory of your system all the hosts are equal in status as there's no distinction between an arp client and an arp server reverse arp or rarp if you can say that on the other hand also called inverse arp needs one or more server hosts to actually keep a database of mappings from hardware addresses to protocol addresses and then it can respond to requests from clients arp or reverse arp is now an obsolete networking protocol and it's actually there's other protocols that can perform these kinds of duties for us now so we don't really use reverse arp anymore gratuitous arp however which kind of comes from reverse arp we still do this now gratuitous means that an arp request or reply that's not typically needed according to the arb specification is used but it can be used in some other situations so it's not always used garp isn't always used but in some scenarios we can still use garp a garp means that both a gratuitous arp request or a gratuitous arp reply are used and the reason why i say not all systems use it is sometimes on the switch that your device connects to they won't allow a gratuitous arp on your port so some switches and firewalls actually will block this kind of behavior but let's find out what it is a gratuitous arp request is an arp request packet where the source and destination ip address are both set to the ip address of the machine issuing the packet and it uses a destination mac address that is a broadcast so a broadcast mac address is fff fff well it's you can see it's six sets of ff right that's a broadcast just like an ip broadcast is all the bits turned on so it's 255.255.255.255. an ip broadcast the mac address broadcast is pretty much all fs so a gratuitous arp reply is a reply to which no request has been made so i'm replying without there being a request now if you think about that that could be used in some nefarious activities for example uh as an as an attack okay so if i'm if i'm replying to something that was never requested could i send a bunch of replies as a gratuitous arp to a system as kind of a flood or a denial of service you betcha i certainly could that's why i said some switches and firewalls won't allow this but here's some use cases for garp if you're going to allow it in your network gratuitous arps are useful for detecting ip address conflicts you can use them to update the host other hosts arp cache their kind of their memory tables of the arp mappings you can inform access switches of the mac address of machines on specific ports if the switch allows it it can also be an indicator of bad ethernet cabling or a hardware problem when you see multiple gratuitous arps okay in this demonstration we're going to talk about mac addresses and the arp protocol and let's go ahead and on this machine which we know is windows 7 let's do a command in these you can run cmd.exe and it'll bring up this command console i'm going to run a command called ipconfig that's one word space and then i'm going to do a forward slash all i want to see everything for the tcpip configuration on this system and when i go up here i can see that the host name of course we can see that we've got an ethernet adapter okay so this is a standalone workstation and it's only got one ethernet adapter now these these adapters by the way they have a mac address assigned to them and so you can see that this one has a says the physical address is one c c one d e dash five four dash five eight dash five five now let's just talk about that for a second okay obviously it's a hexadecimal but that's it's much easier to express that it's more user friendly to express it in hexadecimal now here's the interesting thing this particular system that i'm working on it has this ethernet adapter it's actually on the motherboard okay it's actually integrated onto the system board now what if i wanted to add an additional ethernet adapter could i do that sure i could go to the store i could go on ebay i could go to amazon or whatever and buy a card open up my box and i've got several slots in there where i can add additional ethernet adapters and if i did that whatever the vendor is i can tell you that the first half of this mac address is going to represent whatever particular vendor that is now this says the description is broadcom nextstream gigabit ethernet however if i were to go take 1c c1 and de and go do a search and let me let me do that real quick and i did a search just you know on bing and you can see here's one c c e d e and it says this is produced by the hewlett packard company and you know what lo and behold this is an hp machine so this first half represent the actual vendor and by the way if i went and bought one of these from you know bestbuy or amazon.com and i took first half of the hexadecimal address and stuck it in here and searched for it it would tell me that vendor i mean this actually shows me a satellite of hewlett packard located in houston texas on compact center drive it also shows me if i scroll down there are more registered ethernet addresses of this manufacturer so if it's any of these as well it's also going to be hewlett packard and most of the large vendors obviously have a bunch of these and you can see show other mac addresses of this vendor and this is just one website among many now going back here if we look at this the that the second half of this okay which is five four f eight fifty five this is what we call the bia the burned in address so theoretically if you have an organization and you buy a bunch of hp machines or you buy a bunch of network interface cards and you put them in the machines this this second half should be unique okay these are unique identifiers or the burned in address of this network interface card now can i spoof that okay could i actually you know learn this information and represent myself on the network as this burned in address or this entire physical address or mac address which stands for media access control yeah i could i could go get an exploit kit i could get cali linux and i could load it up and run a tool called yersinia y-e-r-s-i-n-i-a urcinia that actually has tools that will allow me to go and spoof or masquerade as this mac address and if somebody gets you know into your physical local area network they can do this kind of thing if they run those tools now something else i can do if i scroll down here and by the way i also see other information as well but if i scroll down here and do an arp command and remember arp is a hybrid layer 3 layer 2 protocol but arp is also a program okay so if i do arp dash a it's going to show me my what's called my arp cache this is a buffer in memory that actually has mappings of ip addresses to physical addresses now i'm not going to see my own systems address here okay because that's going to show up in this ipconfig up here arp is what i collect it's what i gather as i send frames specifically to other switches or other routers or whatever okay so what i can see here is i learned one of these dynamically and this is actually what i would call my upstream gateway or this is the in my case the wireless router that this workstation is connected to so this is the ip address 192.168.0.1 of my what's called a default gateway or my nexthop router it's what i go to to get from this machine out of my home network and out onto the internet and this is the physical address of that particular box 3c 7a 8a okay so i went up back up to the same website and i searched for that and i can see when i put in 3c788a this is actually a device which in my case is a wireless router that came from my provider my cable company which happens to be sudden link here in texas and you can say that this you can see this device is from the eris group in san diego and then of course there's the satellite picture of the eris group which by the way is right next to google san diego wow and you can see here's some other mac addresses of eris which happens to be my router that i use in my home for all of my devices to get out to the internet okay so that's in my arp cache but i also have some other static entries as well for example this broadcast address which is for my local network that's going to be in there and then other special types of addresses as well if i go up and i look at this again i can see that here's that default gateway i'm talking about right 0.1 now this machine the ip address of the network adapter on this hp machine as you come down here happens to be 192.168.0.100 with a slash 24 cider subnet mask or 255-255-2550 0. so the ip address of this machine is 0.100 and of course my default gateway or that eris router is on the same network 192.168.c but dot one and i have other systems that are on this network and they're using other ip addresses but they're all on the 192.168.0.24 network so a couple of protocols and a couple of commands you can use and just some information so you can kind of get an idea of the ip to mac address and arp on your local machine now remember other devices like access switches that you might have at your company are going to have lots of ports on them they're going to have lots of ethernet adapters lots of switch ports they could be 24 they could be 48 let's take a look at that for example so here's a what we would call a layer 2 switch and you can see we issued the command show or sh mac dash address dash table now this is also on a like a cisco switch if you've heard of cisco this is actually also called a cam table because it's called content addressable memory so this information is stored in ram volatile memory on the switch okay now because it says it's dynamic right so if i shut this switch down i'd have to relearn all of these but you can see that all of these different mac addresses have been learned dynamically and they are mapped to fast ethernet interfaces on this switch okay number one number 10 number 16 number 15 and they were learned dynamically so as hosts connect to the switch and send frames to the switch often using the arp protocol they get stored in this mac address table so the next time that the host that connected this switch want to communicate and find that host it's already in the table and the switch can basically bridge this from one port to another very very quickly okay and like i said this could be a 48 port switch and i could have tons of different entries in here now i'm noticing the mac address on this one the first half of this mac address if we notice it and it's a different representation okay so on my windows machine it would have been 0 0 colon 60 colon 2f colon you get the idea notice how this cisco switch represents it differently okay 0060.2fcc.9102 but the first half of this mac address which is the vendor portion is 0 0 6 0 2 f the bia the burned in address which should be unique is cc 9102 if i go back to my website and i put in zero zero colon six zero colon two f the vendor address lo and behold i wasn't lying to you it's a cisco switch and it says cisco systems and by the way cisco has a ton of their own registered ethernet or mac addresses okay and a lot of them begin with zero zero why did they get zero zero well cisco systems was one of the first companies to actually purchase and introduce the access layer switch the layer 2 switch to the public and of course down here you can see a satellite of the cisco systems building right there on guadalupe river trail in san jose california all right module three is all about the internet protocol so first off we'll look at several lessons on ipv4 and then we'll look at several lessons covering ipv6 or ip next generation in lesson six we're going to look exclusively at internet protocol ip version 4. we'll review some ip concepts and versions we'll understand the ipv4 addressing concepts we'll work with classful addressing we'll explore ipsubnetting we'll look at the importance of cider classless inner domain routing we'll examine practical addressing at amazon web services and then we'll finish up examining the characteristics of the ip datagram the internet protocol or ip is the core protocol of the tcpip suite and it's also the key protocol of the network or internetwork layer which would be layer 3. ip's main purpose is to provide internetwork datagram delivery remember the protocol data unit at layer 3 is officially called the datagram or the packet okay at layer 4 we call it the segment at layer 2 we call it the frame but the datagram delivery is basically on behalf of layer 4 protocols like tcp and udp ip often uses layer 3 devices like routers more often but they can also use multi-layer switches and multi-layer switches or switches that operate at layer two layer three and often layer four that's why we call them multi-layer again having to do with the osi model but also other devices like load balancers and firewall appliances as well as even intrusion prevention system sensors all of those devices can forward ip datagrams or packets some of the key characteristics of ip is that it provides universal addressing okay so it defines an addressing mechanism the ipv4 uses a 32-bit address ipv6 uses a 128-bit address ipv represents those 32 bits in decimal numbers ipversion 6 represents those 128 bits in hexadecimal numbers it's also protocol independent so ip works with both ethernet wired ethernet and the 802.11 wireless family it also provides connectionless delivery so for example tcp at layer 4 is a connection oriented protocol that sets up ports or sockets however with ip there is no handshake set up before you transmit to the remote host it's also an unreliable delivery so there's no tracking of the datagrams we rely on other mechanisms to do that for us so some of the main protocol functions is of course providing the ipv4 and ipv6 addressing scheme performing data encapsulation and that is really in the form of the ip header right it provides formatting it provides packaging of the upper layer information from layer 4 through layer 7. it provides fragmentation and fragment reassembly and what does that mean well sometimes when you go from one network to another the maximum transmission unit of one network may be larger than the other network if that's the case if you're going from a network with a larger mtu then you have to fragment or break up those packets or those datagrams into smaller datagrams for the other network so one of the services at layer 3 or ip is to provide for that fragmentation and reassembly on those layer 3 devices it also does routing and internet delivery so we get some help from the icmp protocol we get some control messages we have some query messages we also have dynamic routing protocols like rip ospf and bgp to name a few the main functions of ip were planned and designed well before the protocol suite was defined the original transmission control program was actually divided into transmission control protocol tcp and internet protocol ip and it was because of that man john postel the late john postel is where they actually did that there were three previous versions of the original transmission control program by the way so when they split it up ip was actually called version four so there was never an ip version one two or three interesting now there was an ipv5 but it doesn't really exist anymore it was intentionally skipped basically to avoid confusion version 5 related to an experimental tcpip protocol called the internet stream protocol version 2 which was originally defined in rfc 1190 so basically the protocol never progressed so we just bypassed it and skipped from ipv4 to ipv version 6. ipv6 was intended to replace the widely used ipv4 that's considered the backbone of the modern internet ipv6 is often referred to as the next generation internet because of its expanded capabilities and its growth through recent large-scale deployments ipv6 will be covered in greater detail in a later lesson in this course let's look at ip version 4 addressing concepts when representing host on an intern network it's very important that coordinated non-duplicate addresses are being used every device on the internet will have at least one ip address as a matter of fact when you're using ipv6 the next generation it's very likely that your system or your network interface will have multiple ip version 6 addresses for most end users the addressing is actually shielded or facilitated by the domain naming system so the friendly names or the fully qualified domain name is what you're referencing in practice groups of assigned or allocated ip addresses are given to users and organizations and various service providers like internet service providers isps there's also isp telephony providers like itsps there's cloud service providers like csps maybe like amazon web services they typically provide the addresses and routing services on the internet the most common is the dotted quad or the dotted decimal ipv4 address let's take a look at an example here well first off here's here's an example of a dotted quad representation okay you've got four octets or four groups of eight bits so let's say here's 1.2.3.4 how is that represented in binary well you can see here's our first octet right well the one bit is turned on there okay so all these other bits are turned off the one bit is turned on there's our one over here the two bit is turned on all the other bits are turned off there's our two so one dot two over here we're turning on the one bit and the two bit and that gives us dot three right and then finally back here we're turning off the one bit we're turning off the two bit and we're turning on the four bit and that is our four okay so if we take a look at this other example of 10 10.0.0.255. well let's take a look at that over here we're turning on the 2-bit and we're turning on the 8-bit that gives us 10. no bits are turned on in this octet or this quad so that's zero no bits are turned on there that's zero check this out in the fourth octet all the bits are turned on okay turn on all the bits if you added all these up 128 plus 64 and so on you'll get 255 okay now here's an interesting thing about this particular address let's say that this would be we're going to call it 10.0.0.255 forward slash 24. that's a cider representation what that means is the first 24 bits or the first three octets represent the network now we can also use a subnet mask to say 255.255.255 masks out the first three octets and then the last octet is for the host so notice that if we did that where the first three octets were the network 10.0.0 network this 255 is actually called a directed broadcast that means let's send this ip datagram to every host every single host on the 10.0.0 network okay now that's interesting what's what's more interesting is this kind of directed broadcast on most routers like a juniper router or a cisco router or a 3-com or whatever you're using most routers won't allow that type of address because it's part of an exploit now what it will allow as a broadcast is this bottom one down here okay so all the bits turned on gives us 255.255.255.25 that is an ipv4 broadcast goes everywhere that one is allowed okay and there are lots of examples of when i p applications need to send out a broadcast okay to all of the hosts in a particular broadcast domain or we also call it a vlan a virtual lan so there's some examples of ipv4 addresses ipv4 has a possible 4 billion 294 million 967 296 possible addresses in its space okay most of the space is for unicast addressing i'm sending it to one host with an ip address there are some that are reserved for multicasting and that's to send it to a group of hosts in a particular domain we also have public addresses that are routable out on the internet that are legal and we also have private addresses that you use internally those are defined in rfc number 1918. when originally defined okay early on every address had a network portion and it had a host portion and it was grouped into one of five classes so we had you know class a class b class c and then we had the multi multicast we're in d and then experimental or an e in this lesson i want to talk about the classful addressing that we had historically now the good news is we've kind of moved away from this system but i do want to teach it to you just so you know because it still may come up in some environments now remember that our ip address is 32 bits so it's made up of four groups of eight or four octets so you can see we have the you know the first octet the second third and fourth octet so when they designed this ipv4 addressing scheme remember early on they actually weren't thinking about this being on the internet and the world wide web and you know youtube videos of your cat playing the piano that was not in their mind thought at all this was a network for universities for research for companies and for government organizations they they did not imagine you know the some of the viral videos right so they actually came up with a classful scheme and that classical scheme started to break down as soon as the world wide web and the netscape navigator hit okay but our class a address basically assigned the first octet the first eight bits for the network portion and then the next three octets refer for the host portion okay that was class a class b took the first two octets and said this represents the network and these last 16 those are the hosts so 2 to the 16th power networks 2 to the 16th power host the class c said the first 1 two three octets are for the network and the fourth or for the hosts okay so what did that give us well that said in the first octet the number the decimal number could be either between 0 and 127. in the second octet or the second the class b the first octet would be a number of 128 through 191 so the ones that got class a were some of those early organizations and big companies like i think three uh i think uh 3m the company 3m uh they actually got a class a microsoft came along later they got they got class b's okay class c's are what the average people got so the class c if it started with a 192 through a 223 that was basically a class c network now they stopped at 223 and we know that 2 to the 8th power actually equals 256. so there's something missing between 223 and 256 and that is true there was also a class d and a class e i'm not really going to get into that the class d address which starts at 224. these are very important okay and these are what we call multicast address okay that was the multicast address range and then e was experimental okay but really for the public all i really cared about is that so if you got a class a address you had 128 networks and each network had a possible 16 million 777 thousand 214 hosts per class a network if you got a class b address that gave you up to 16 384 networks and there's a there's a reason why it's not 65 000 don't worry about it but you got 16 000 plus networks and each network can have 65 534 hosts per network if you got class c well there were a bunch there were over 2 million class c networks and each class c network again you only had one octet for the hosts so that one octet two to the eighth power meant you only have 254 hosts now let's talk about the 254 just for a second how come if i have a class c let's say i have a class c of 192.168.1 that's my network okay so that's the first three octets if i have 192 192.168.1 which is class c how can i only have 254 hosts here's why the zero that's the actual network you're on so i can't give that to a host right 255 because remember it's 0 through 255 0 through 255 gives us the 256 right i can't use 255 because that's what we call a directed broadcast so if you send out this in an ip packet it's going to go to every host or every node on the 192.168.1 network so we can't use zero which is the network itself and we can't use 255 that's the broadcast address so all we can use is one through 254. so that's why we only have 254. and by the way that kind of principle it applies regardless but this class c remember in the 90s they already started realizing you know because of the world wide web they started realizing yeesh this is not going to work in the long run and that's why i p version 6 started to came come along and we ran out of the uh of the the class b they started going to these companies like microsoft and saying hey you're not even using anywhere near your class b space can you give them back so they started going to these early companies going hey can you give back some of your class a addresses can you give back some of your class b's and then by the time night 2014 came around they had pretty much used up all of the public usable ipv4 addresses now there is a set of addresses that's part of rfc 1918 and those are the private ip addresses and we still use those okay we use those internally and then we use network address translation to translate to some public address let me show you the private address ranges that are used today early on they decided to reserve some of those addresses from the class a and class b and class c space for private addressing they could be used internally behind a edge or a customer edge router they wouldn't be legal on the internet but you could use them internally you can use them in your local area network or whatever but they would be blocked by a service provider or even your own edge router may block some of these but we still use these today if you're using ipv4 internally and you're using network address translation or port address translation even at your own home uh behind your wireless router or whatever you're most likely using something from this 192.168. so they reserved in rfc 1918 a set of addresses from the class a a set from the class b and is set from the class c so you could use 10.0.0.0 through 10.255 255255. you could use that and that gave you eight subnet bits 24 host bits and the mask was slash eight otherwise known as 255.0.0.0 okay then we had class b and class b and let me just say this a lot of organizations use the tin network that they'll use 10.10 16. it's a very common thing to do b 172.16 through 172.31.25 dot gave them 12 subnet bits or 12 networks and then 20 host bits per network and the mask there is a slash 20 and that's basically a 255 okay so a b and then the class c space this is the one you see a lot on home routers like your netgear or your linksys those kind of routers you buy it online or at best buy or whatever they're going to give you something between 192.6168.0.1 usually.0 or dot one through 192.168 255 255 okay and that is going to be 16 subnet bits 16 host bits and the the mask by default is slash 16 or 255.25 but often with this we'll use a 32-bit we'll use a sorry a 24-bit mask so it'll be zero 255-255-2550 slash 24 is very common and again because of cider which we're going to learn about we don't really worry too much about this whole classful system anymore and we can also use cider representation classless internet domain cider we can use that with any of these private ipv4 addresses inside our home our small business or our enterprise okay in this demonstration we're going to explore ipv4 subnetting at first we'll kind of do it manually and then we'll look at a subnet calculator which is actually the way that you would do it in the real world okay now the early challenge we had involved the inconvenience of needing to allocate a new network number for each new network segment on the internet and this also included creating new networks for a growing organization or in a merger or acquisition the explosion of local area networks in the 1980s exacerbated the problems so a method was needed to locally subdivide networks without affecting the internet core routing tables a technique was needed for modifying the line between the network part of the address which is the first bits the first order bits and the host portion but only for site local purposes by using subnet addressing a company was assigned let's say a class a a class b or class c network number where the remaining host bits can be subdivided into sub-networks for different departments business units organizational units floors of a building or buildings in a campus etc according to their design so let's go ahead and submit a class b address a classic address notice that of the 32 bits and a class b address the first bit is going to be one it's going to be turned on and the second bit is going to be 0. this is always the case in a class b address and so with the first bit turned on in the first octet it means our class b address is always going to begin with 128. so if you have an octet or 8 bits and you turn on the first high order bit and the remaining 7 bits are left at 0 that's going to give you 128. so a way that we would classically submit a class b address is take the first 16 bits which represents the network number notice that it tells us that 14 of the bits are free because as i said the first bit has to be one and the second bit has to be zero so we could say our class b address is 128.16 that's our network then what we could do and what's classically done is to take the next octet or the third eight bits and use those eight bits for our subnet id and then the final eight bits we would reserve for our hosts so for example in this address our network is 128.16 our subnet is dot 1 and its host 15 on the dot one subnet so notice we have our customer edge router and that's our default gateway so we have our host at the bottom on the 128.16.1 network and it's host number 15 and over on the right hand side we have our second sub network which is 128.16.2 and of course we have up to 255 sub networks and that's host 23 on the dot 2 network and then typically what would happen is on the dot 1 network on the left our default gateway would be the first available address in that sub network so our customer edge router or default gateway would have the address on this network of 128.16.1.1 and over there on the other interface for the dot 2 network the default gateway would be 128.16.2.1 now the subnet mask is a bid assignment that's used by hosts and routers to partition the network portion of the address from the host portion of the address it's where the network ends and the host begins and they're the same length as the corresponding address so the subnet mask for the ipv4 address is 32 bits and the subnet mask for the ipv6 address is 128 bits the subnet mask can be assigned manually or more often it's assigned it dynamically as an option in the dhcp protocol header the subnet mask is formatted by starting from the left with some numbers of 1 bits turned on followed by the rest of available bits as zeros today a subnet mask is typically represented as a shorthand prefix length using a forward slash as in cider representation the subnet mask uses the bitwise and operation let's see how the subnet mask works with this address of 128.16.1.15 and the slash 24 is a cited representation that basically says the first three octets represent the network and the last octet represents the host so for this our mask and this is the actual mask of a class c is 255.255.25 which means the first three octets are going to have the bits turned on and the last bits are turned off so when we do the ending process notice that one and one gives us one but in the other combination zero and one or one and zero will give us zero so when we apply the these first eight bits to the first octet we're only going to turn on this bit so that's 128 in the second octet here's our ending process we can see this bit and this bit is one so this is going to be the 16 bit so there's our dot 16. in this third octet we've got all of these turned on and with the anding process this one and this one gives us one and that's the one bit the subnet mask is not masking out any of the final eight bits right so that's going to go ahead and give us these four bits turned on which gives us 15. so that's how the computer knows that this is the 15th host on the 128.16.1 network and of course as we saw earlier that subnet mask still allows us to you know take this third octet and make sub networks out of it here's some subnet mask examples here's a dotted decimal of 255.0.0.0 and that prefix is slash eight and we're masking all these first eight bits here's a very common one down here a mask of 255.255.254.0 gives us a prefix of slash 23 so you can see that the first 16 plus seven the first 23 bits are turned on this is a pretty common mask especially when you're using cider because this slash 23 as we're going to see in a moment actually gives us 510 hosts so for enterprise networks they often use this mask on their internal lan machines now you can download an ip subnet calculator or you can just go to subnet calculator.com which is what i'm going to do and notice i'm going to choose b here i could put in the ip address but what i want to do first whenever you're approaching this you need to determine how many hosts do you want to have per subnet okay like i said with an enterprise 510 around 500 per local area network like for a call center uh would be good if you don't want that many hosts per subnet maybe you only want 254 well of course you can see that our mass is going to be two five five two five five two five five zero 254 per subnet let's say we need less it's a small business we only want 126 okay well that's going to shift it over and we're going to borrow one bit from the fourth octet so the mask is two five five two five five two five five then the first bit of this fourth octet is turned on that gives us 128 so you can see we've got nine subnet bits eight from this third octet and then one bit from the fourth octet so 512 subnetworks 126 per subnet wildcard masks are or an inverse mask these are used by routers to create their access control lists that's kind of beyond the scope of this course so the bottom line is whatever kind of network class you get you want to choose it and then determine how many hosts you want per subnet say i want to do 126. and then it'll tell you what the range is so i can assign dot one through dot 126. this is a great tool to use you can download these you can also do cider representation okay by saying you know how many how many addresses do i want 510 okay and i can put in my ip address 192.168.1.0 and i can see 23 mask bits 512 subnets 510 maximum addresses and it shows you the range okay so these are tools that you're going to use in the real world either go up to this website or you can go and download a subnet calculator in this lesson we're going to talk about classless inter-domain routing cidr and often when we say something has no class it usually is not a compliment but in this case being classless is for sure a very good thing okay in 1994 realized that over half of all of the class b addresses for example the class of addresses that companies like microsoft got from the iana they had been allocated and the number of entries in the global routing table which was basically one for each network was already well beyond 65 000 entries by the mid 90s the 32-bit ip address space was deemed inadequate to meet the future needs of the world wide web and increasing expansion into new territories on the planet as as countries like india and china and as and others started getting on the internet we click we quickly ran out of the ip version 4 address and as a matter of fact i think it was 2014 when we officially ran out of the ip version 4 address in 1992 the ietf road group and road was basically ri for routing and aed for addressing they started tackling problems one and two so remember problem one was that half of the class b addresses were used up and problem two was that the 32-bit ip address was inadequate for the growth of the world wide web so they started working on that way back in 1992 they figured you know they could extrapolate into the future and really once the world wide web became popular remember that's a different service on the internet okay it's just one of the services on the internet but once that started to explode specifically with the netscape navigator browser then they realized they needed some new solutions and eventually ipv6 would solve problem 3 which was that 32-bit address space by expanding it to 128 bits and by the way 2 to the 128th power is a really huge number so we've got plenty of ip addresses with ipv6 with rfc 4632 cider alleviated some of our problems especially with the availability of class b addresses and it uses what's called a cider mask or a cider prefix cider prefixes which are widely used by the way for example if you go and use amazon web services networking services you'll be using cider representation it eliminates the predefined partitioning of the network part of the address and the host part of the address so the number of network bits or n okay it can be arbitrarily placed anywhere in the address without regard to those legacy classes class a b c and then d and e for instance the traditional class c address which looks like 192.168.3.15 we can actually express that now as traditionally 24 right with a subnet mask of 255.255.255.0 that's the traditional class c mask we can use that cider prefix we could do 24 or we could say 192.168. slash 16 or we can even do slash 23. as a matter of fact that subnet mask of slash 23 would be a subnet mask of 255.25 and that's actually a pretty common one to use in a large enterprise because it gives us 254 or i'm sorry it gives us a lot more host 510 possible host assignments and so with a slash 23 cider a a broadcast domain or a network of 510 hosts is really very practical for a large organization the other thing about cider is we can do aggregation so eliminating the legacy classful scheme makes it easier for us to allocate blocks of addresses blocks of contiguous addresses to enterprises it also makes it easier for service providers to give out contiguous blocks to their customers remember the size of the internet routing table began to reduce dramatically once we brought in cider and cider aggregation it also reduced the opportunity for configuration errors and other local area network issues that adversely affected the upstream routers in our topologies here's an example of some of the special use ipv4 addresses represented in cider as opposed to with a subnet mask so here we can see you know private networks so the rfc 1918 private network space of 10.0.0.0 that can be represented with 10 0 zero zero slash eight okay if you have a microsoft machine all right instead of that microsoft machine can no longer get access to its enterprise network or active directory for example it may be given a temporary address from the apipa or a pipa address space it may look like 169.254 dot something slash 16 okay so that's a way to represent with the cider 16 the pipa network we can also see how our rfc 1918 networks represented with our slash 12 and slash 16 p version f ipv4 multicast which used to be class d that's from the 224.0.0.0.4 cited representation one thing about multicast addresses i want to mention to you right off the bat is that a multicast address will never be the source address of a ip datagram or an ip packet as a matter of fact if it were the routers of the internet or your company's edge routers would block those ip packets remember an ip multicast is going to a group of hosts so it's always going to be in the destination field of the ipv4 header okay and then finally we see you know the network broadcast address okay before we head up to amazon web services to start looking at some iap version 4 addressing i want to show you another site that could be very powerful for you going forward this is cisco's uh virtual internet routing lab where you can come in here and build a simple to complex network using the ios router virtual router you've also got some virtual switches and virtual firewalls here including the adaptive security appliance so if you can afford 199 a year and you want to kind of launch your networking career or get deeper into networking and security then i would highly recommend cisco's virtual internet routing lab for 199. that being said i'm up at amazon web services and i'm going to go up here and i'm going to create a vpc now i want to get to the vpc area virtual private cloud and a virtual private cloud is exactly what it says okay it's your own virtual private network and you can create private subnets where everything in there is isolated completely from the internet or you can have a public subnet and then with that public subnet you would attach what's called an elastic ip address and that would be a public address that people could access your public subnet okay so i've i've logged in here to amazon and by the way you can come up here and create your own account you get one year of free tier access and what that means is for example if i go to launch ec2 instances free tier means you've got some of these instances like here's amazon linux ami or ami which is a amazon machine image so you've got some linux red hat these are eligible for the free tier now what that means is as long as you kind of spin these up and keep them private and don't run any other applications on them or don't get into the marketplace because they've got a big marketplace up here you know if you don't get into the marketplace stuff it will be free or it only costs you a little bit a month but when you create an account you're going to have to go and give them a credit card so you have to use a email address that nobody else has used before on amazon web services and then you'll provide some credentials and you'll provide a credit card because they have to have a way to bill you if you do generate any kind of costs up here okay so what i like to do is come up here create your own virtual private cloud your own vpc and then just kind of delete it okay so i'm going to click on this launch vpc it gives you several options but let's look at this vpc with a single public subnet that's probably the best place for you to start okay because it's going to tell you that your instances your linux instances your windows instances are going to run in a private isolated section of the aws cloud but they have direct access to the internet okay so you can actually get an ip address and then you could from your own home computer for example you could use secure shell to connect to that linux instance or you could use the rdp protocol in your windows system to connect to a windows instance okay and then there's some security features you have to set up but by default it'll be kind of an open network now this is what i wanted to point out to you this is what it's going to create okay it's going to create a slash 16 network okay so a slash 16 is a cider representation which means you've got a slash 16 network but you've got a slash 24 sub network so basically you're going to have 255 networks and each sub network will have up to 254 hosts okay you know slash 16 is over 65 000 networks you have a slash 24 subnet so it's going to be you know most likely 192.168.0.0 for your slash 16 and then it'll be dot for the subnet we're going to be dot 1 network dot 2 network 168.3 168.4 and so on each subnetwork has such a 254 hosts in it because obviously the first address is the subnetwork and the final address dot 255 is the broadcast you're creating your own virtual private cloud inside of that you're creating your own public subnet now these instances okay that you spin up they'll be inside your public subnet okay the linux and windows instances you can go to the marketplace and get virtual routers and virtual firewalls and all those cool things but there are other services like the internet of course but there's also services from amazon web services that are what we call kind of managed services like s3 is a storage dynamodb is a type of database service simple notification service simple cubing services so these all run outside of your amazon virtual private cloud and you have various ways to connect your public subnet to those other services that are outside of your vpc but still part of the amazon web services network so here's where we're saying okay here's our ip version 4 cider block so i'm going to go ahead and do my own i'm going to do 192.168.0.0.16 and this is going to tell me i have a total of 65 531 ip addresses now this is not all the ones that are available in a slash 16 but in amazon web services they're going to keep some of these ip addresses for themselves okay so they don't actually give me they don't give me two to the sixteen power minus two addresses they take up they take a couple of them back now notice that i can also have a ipv6 cider block okay if i want to go ahead and do ip version 6 here or i can say hey i want to have amazon web services give me one and of course if i do that i need to change this down here i'll say look i don't want an ipv6 cider block i'm going to name my vpc my first virtual private cloud vpc and then these public subnets ipv4 192.168.0.0.24 and notice here this is slash 24. so normally i would have 2 to the 8th power minus 2 right so the 192.68.0.0 is the network 0.255 is the broadcast so normally i would have 254 addresses available but again amazon web services keeps some of them back and then i can say i want to where do i want to put these okay these availability zones are ways to provide high availability i can say no preference or i can say i'm going to put them in the u.s east here you can have your subnet name and it tells you that you know after you do this you can create more subnets you can create public subnets you can create private subnets and then remember earlier when i showed you that diagram and there were those services that were outside of your virtual private cloud like s3 and db and those kind of cool things the cubing service notification service well you would connect to those by clicking on this and adding an endpoint okay we can also say do we want to enable dns host names and we'll say yes we do and we'll just create the vpc so my vpc has been created successfully and i can now launch instances into the subnets of my vpc and if i go down here and look at your vpcs there's my first vpc okay and you know there's the sider notice by the way the default there's a default vpc i created my own here but when you create your account at amazon.com or amazon web services you get a default vpc and notice that they're going to give you the ipv4 cider of 172.31.0.0.16 okay if i choose my first vbc i can go down here and kind of get a summary of it okay here's my ip version for cider okay here's the cider blocks right and then we can go in now if we want to we have the ability to attach an elastic ip and i'm not going to do that because it's going to cost me money but an elastic ip is when amazon web services gives me a publicly routable ip address and then that publicly readable ip address i can access that from somewhere on the internet or i can access it from some other place okay so that's the elastic ips and so when you come in here you just basically come in and allocate a new address and that's going to cost you money but this is giving you a publicly routable non rfc 1918 address that you can use to expose the instances in your sub network let's take some time now to examine the characteristics of the ip version 4 datagram so what we see is that ipv4 header remember way back when i showed you that fedex uh that fedex sticker that you put on the outside of your fedex envelope okay this is the same type of thing it's that metadata it's that data about data we're going to look first off here let me grab my pointer i want to look at the version field the ihl field all the way down to the identification field so let's focus on those four or five fields and notice they have different lengths okay so service type is eight bits total length is 16 bits identification is 16 bits right well let's kind of talk about those and break them down the version field basically tells us the version of ip being used so you know it's ipv4 the number in that four bit field is going to be four obviously there's a version field and i p version six so it would be six there the next field is ihl internet header length and that designates the length of the ip header in 32-bit words that'll include things like options fields with the which are kind of obsolete but they're still there and sometimes padding that has to be added the next field is the tos or type of service that was designed to carry information to give us what we call quality of service like prioritizing the delivery of the datagram for example we never really use that one today we use something called ds or differentiated services tl is the total length field and that specifies the total length of the ip datagram in bytes notice that the maximum length of the ip datagram is 65 535 bytes although most of those are going to be smaller then we have the identification field which is a 16-bit value that's common to whenever there's fragmentation that goes on fragmentation is not as common as it used to be but it still may happen next i want to look at these three fields the flags and the fragment and or the fragment offset and the ttl let's go back a couple of slides and show you that again so we're going to look at flags fragment offset and then ttl or time to live the flags are used for fragmentation okay so you can either don't fragment so if it's set to one that says the datagram should not be fragmented in other words you're going between two networks that have the same mtu or maximum transmission unit the mf is more fragments if that's set to zero that means the last fragment in the message okay or it means that it is the last fragment in the message and it's been fragmented if you look at the next field the fragment offset when fragmentation does occur this field is going to designate the offset or the position in the overall message where the data in this fragment resides the next field ttl is very important okay time to live this specifies how long the datagram is allowed to live on the network in terms of hops or the number of routers or basically the number of layer 3 devices that this datagram goes through the ttl field is actually there to prevent loops or these endless loops happening so by decrementing that by one eventually it's going to get all the way down to zero and at that point whatever router decrements from one to zero that's where the datagram or the packet's going to discard okay so that's kind of a loop prevention mechanism next we have the protocol field and basically this says what type of protocol from the upper layer am i carrying okay so for example if the number one is in the protocol field well you're carrying icmp information okay if the number six is in there very common you're carrying tcp information if the number is 11 i'm sorry 17 it's 1 1 in hexadecimal but if it's 17 that's going to be udp so those are the three most common two others that are very important is if the value is 50 that means this is an ipsec datagram and it's being encapsulated using esp if it's 51 it means it's using ipsec authentication header so the protocol field is also very important firewalls for an example can actually filter out and deny traffic based on these protocol numbers next we see some other values some other fields in here for example the header checksum the checksum basically is just a mathematical process to look for corruption okay it's not a complex type of checksum next we have the source address okay so it's 4 bytes or 32 bits and that's the source ip version 4 address then we have next the destination address that's the 4 byte or 32-bit ip address so it's 4 bytes or 4 datagrams then we have options by the way the options were there to kind of add some extra functionality but in today's modern networks typically we don't use the ipv4 options because they represent a way for hackers to actually do exploits on our network so typically those are going to be disallowed and then we also have padding and you know you may have to pad it out to get to multiples of 32 or multiples of 4 bytes add some extra padding in there then of course the data okay that's the data that's going to be transmitted in the datagram either an entire higher layer message or if there's fragmentation it could be just a fragment of the upper layer message welcome to lesson seven ipv6 first off we're going to understand why we needed a new ip version then we'll compare ipv4 to ipv6 we'll examine ipv6 addressing we'll look at ipv6 distinctives and we'll finish up demonstrating ipv6 up at amazon web services in this short lesson we're going to understand why we need a new version of the internet protocol or ip this version ipv6 was originally called ipng or next generation kind of like star trek ng next generation the ipv6 address was designed to solve the problem of global ip address exhaustion so that was really and this was thought up way back in the 90s that's the the main reason for having a new version of ip solving the exhaustion problem going from a 32-bit address to a 128-bit address and so two to the 128th power is a huge number so every device on the planet could have many many many ipv6 addresses it's enough to accommodate for decades and decades to come also it allowed us to replace a lot of these kind of interim solutions or transition solutions that we use like network address translation and port address translation cider representation we can even do away with even using dhcp altogether because we can use auto configuration now there is a dhcp version 6 but it's actually not used all that much so we can get rid of those interim solutions altogether also ipv6 had native support for ip security or ipsec now what that means is for you to have a legitimate ipv6 stack or program on your system it has to support uh specifically what's called authentication header and encapsulating security payload has to support those two protocols of ipsec but it doesn't mean that you have to use it okay it just has to be in the stack and able to be initiated if necessary also the ipv6 metadata okay the ipv6 header was simplified there's fewer fields and all of the fields kind of line up on a 16 byte demarcation so that's much more efficient and much more effective for routers for example so the simplified header was a good thing also they introduced extension headers and that was really a replacement for the ipv4 options which a lot of routers and firewalls won't even allow because that's a that's a security vector or an exploit vulnerability so extension headers added extensibility into ipv6 so if they come up with some new functionality some new method or technique that they want to do on the global internet they can just create an extension header for it okay and so that's a cool feature it allowed us to use ipv6 to kind of repair some of the complex hierarchical addressing that we had to use in ipv4 networks okay so it really simplified that ipv6 has support and enhanced support for mobile ip and that's very important because of all the different mobile devices and handheld devices and personal devices that are out there it enhances auto configuration and i mentioned that that's one of the things that we can use instead of using dhcp version 6. we just basically take that mac address of that particular device and add some information to it and that's our auto-configured address and this really comes in handy with the internet of things or you might hear it referred to as wot the web of things okay everything is going to be having its own ipv6 address so it makes this kind of plug and play auto configuration of these devices as they connect to the internet to the cloud so they could rapidly get their ipv6 address and it basically makes it easier for us in organizations to make changes to our ip addressing scheme or to have to renumber in the past if you had a very mature elaborate ipv4 complex hierarchical addressing for your large enterprise or your large organization if you had to modify that or make a change to it it really caused a lot of headaches okay so for example if i had a company over here company a and we're using ip version four and we go and we buy this company right or we merge we buy company b what if we're both using ipv4 10.10.0.0 as our internal addressing structure okay they're both using 10.10 well in the meantime in a short interim period we can use what's called bi-directional network address translation to translate between these two networks right so in other words we could say this company is going to translate to you know this to 10.11 and they'll translate to 10.12 and we'll let a router translate between them well eventually this company over here that we bought or remerged they're going to change their ip addressing and that can be a huge headache remember ip addresses can be stored in registry files on a windows computer they can be in configuration files they can be applic they can be stored in applications up at the higher layers the osi model to so if you change your ip addressing scheme right it could cause it could take a lot of time and cause a lot of problems for end users and productivity applications so by using ipv6 we can really simplify and take away all of those challenges when we have changes in any renumbering scheme so ipv6 that's the future and the more you can do on your own to learn about ipv6 the better off you're going to be moving forward in this lesson we're going to break down and compare ipv4 to ipv version 6. and we're going to start with ipv4 okay ipv4 has a 32-bit address space so 2 to the 32-bit power so over 4 billion okay it's in dotted decimal format like 192.168. it uses primarily dhcp for its dynamic addressing the ipv4 header has 20 bytes it's a 20 byte header and has 13 fields it also has a variable header length it does have the options field but the header options are obsolete we don't really use them anymore because they're a security vulnerability they're an exploit vector and there's also a header checksum just kind of as a quality control mechanism version 4 of the packet size is 576 bytes required okay now it can be larger if it is fragmentation is optional so that means if you go from a network with a larger maximum transmission unit to a smaller network it can fragment and break them up and it has a way to keep track of those fragments and so fragmentation is done on both routers and sending hosts remember ipv4 was never designed to be secure so we typically will add ipsecurity to ipv4 okay right there at layer 3 of the of the model so ipsec is optional in ipv4 and it has a non-equal geographical distribution in other words over 50 percent of the allocated ipv4 addresses are in the united states let's go back now and talk about ipv6 which has an address space of 2 to the 128th bit massive okay we're not going to be able to re represent that in a decimal it's just too big so we use hexadecimal also to get our addresses we can do it manually but most often we're going to do an auto configuration called slack okay or sometimes you can actually use dhcp version 6. realize however that slack or auto configuration is the most common way to be assigned a version 6 address especially with the internet of things the iot with all these little devices getting on the internet the header is a 40 byte header and it has fewer fields than ipv4 only has eight fields it's not a variable okay so the basic ipv6 header is fixed in length to increase that functionality we have what are called header extensions so those are extensions that go beyond the fixed length ipv6 header so that's much more efficient much more effective on internet routers and there is no header checksum at all to look for some kind of errors okay also the packet size you have to have at least 1280 bytes required for ipv6 without fragmentation uh as far as fragmentation goes it only happens on the sending hosts okay so this won't happen on ipv6 routers okay or servers it does have native encryption optic authentication built in so ipsec is mandatory right now that doesn't mean that your ipv6 implementation is going to use ipsec by default but it has to be part of the stack okay to be legal and it is available and by the way with version 6 there are no geographic limitations so this is much better for the global allocation of addresses country to country all across the planet so there you go comparing ipv4 to ipv version 6. okay in the previous lesson we compared ipv4 to ipv6 and we established the fact that the ipv6 address was 128 bits okay well the format of this 128 bit address is actually going to be eight of these x's or eight segments so each x is a 16-bit hexadecimal field the leading zeros in each field are actually optional so let's say this final field here x let's say the value is hexadecimal 0 1 0 f if that's the case you can leave off the 0 and it would just be colon 1 0 f we can do that also if a field contains all zeros so let's say this field right here the second to last segment is zero zero zero zero well that can be written as just simply one zero okay so as you can see we've got some techniques here to make this address more compact okay and easier for humans to deal with successive fields of zeros if that happens and let's say that all three of these fields z ares are four zeros four zeros and four zeros if you have successive fields of zeros those can be represented by a double colon okay now you can do that only one time okay and that makes sense okay the ipv6 stack knows that there's eight segments and so if you put a double colon in there right it can just say all right i understand that this is going to be all zeroes but if you had two of those it would have no way of really understanding that address so we can only do that once per ipv6 address for successive zeros remember the use of the double colon can actually make your ipv6 address very small here's an example if i've got ff02 and then a long string of zeros and then notice that the last one here that's actually zero zero zero two but we know we can leave the zeros out right and so if we do that that can be expressed as ff02 double colon two okay so it makes it much more user friendly for us humans the unspecified address and there is an ipv6 unspecified address in other words i don't know that's written as a double colon okay so it's basically all zeros right so if there's if there's uh eight segments of hexadecimal then it's just basically going to be double colon okay that means all zeros unspecified we have different types of messaging with ipv6 we can do unicast and this is the most common okay unicast address are used in a one-to-one scenario okay host to host we also have multicast addresses and this identifies a group of interfaces so traffic is sent to multiple destinations at the same time a multicast group so for example dynamic routing protocols like the next generation of rip and the next generation of eigrp the next generation of ospf they use multicast addresses to send updates or hello packets or advertisements to groups of other routers in their domain okay so an interface can belong to more than one multicast group we also have anycast and this is unique to ipv6 the indiecast address we don't use these early on we didn't use these very often but we do use these in some things for example like a group encrypted transport vpn okay you can look that up get vpn but an ipv6 anycast address is assigned to an interface on more than one node and it's routed to the nearest interface that has that address so anycast means send this to the nearest router or the nearest server there is no broadcast support so with ipv6 uses multicasting to do to get the broadcast functionality okay we have scopes and prefixes in ipv6 the ipv6 address scope designates the region of the network in which the address is valid so for instance the loopback address which basically means my address of my host has a scope called link local and that means it should only be used on a directly attached network link only okay or directly attached broadcast domain and there's three different scopes or regions that we're concerned with okay there's the link scope okay which is basically my vlan if you want to think of it that way there's a site network scope which is typically organization by organization business by business okay and then there's the global network scope and that's you know to send unicast messages for example globally to host on the internet so to look at this way we you know drill down here's our link local unicast address and then we have the site which is a unique local unique address and by the way this is one that would be assigned by an organization to your company your business and then we have the global unicast address so an ipv6 unicast address normally uses 64 bits for the network id remember it's 128 bits expressed in hex so normally the first 64 bits is the network id and then the last 64 bits is the host id typically okay the network id this first 16 bits or i'm sorry this first 64 bits is administratively assigned and the host id then can be assigned manually or it could be auto configured with that aforementioned slack auto configuration or you could use dhcp version 6. the global unicast address is the one that's routable and reachable across the internet so as those iot or those web of things those wot devices out there those mobile devices all with their ipv6 addresses they can communicate with each other across the global internet and these are designed for pervasive generic usage okay that's the official phrase of ipv6 a global unicast address is structured hierarchically to allow for address or address aggregation so one of the advantages of ipv6 is it makes complex aggregation or combination of network prefixes much easier for the internet for organization so this is an improvement over ipv4 and that global unicast address is going to be identified by the fact that the three high level bits are set to 0 0 1. so the way that would look would be two zero zero zero okay so two zero zero zero double colon forward slash three says this is a global unicast address so here's an example of just kind of the formatting of it right so if we take a look at this this right here kind of is the demarcation point for the host okay that's 64 bits or four of those segments right four hexadecimal decimal segments so it's half of the address of 128 bits and then we also can take these 16 bits that little section right there and that can be our subnet identifier so an organization who's assigned this information right from some a signing organization out there they get to sign this your company let's say trainology.com a domain that i own let's say trainology is assigned this well we can take these 16 bits here and we can create our own structure of sub networks okay on the department by department basis or floor by floor or building by building okay that's where that subnet id can come in and that's kind of the structure of the global unicast address so that hosts can find each other at different companies and so here's an example of a unique local unicast address and again still got the the 64 bits and by the way when you use auto configuration or slack sla ac this auto configuration this 64 bits is actually built from the mac address it's the 48-bit mac address on that system or that network interface and then it combines a few more bits to that to make it 64 bits and again here's our subnet because the subnet is also locally significant as well so the local unicast address is a isp independent globally unique prefix it has a well-known prefix to allow for easy filtering at site boundaries or your business your organization and it allows combining or privately interconnecting sites without creating any address conflicts and again this is a huge advantage over ipv4 in this lesson let's look at some distinctives of ipv6 starting with the way that ipv6 allocates its addresses and there's really three main ways you can do this manually so for example if you continue on in your path of it or networking or whatever you decide to do this may be your responsibility and you could manually assign an address to a host like a workstation or even let's say a router or some type of device like that you can also use what's called stateful auto configuration if you're going to use that option you're going to use the next generation of dynamic host configuration protocol or dhcp version 6. the most common method however is stateless auto configuration or slack okay let's talk about slack slack uses what's called neighbor discovery and by the way it's going to use icmp version 6 for its neighbor discovery and it does this to find routers and then to dynamically create ipv6 addresses now you have to connect the host to a network that actually uses at least one ipv6 capable router let's say like a cisco router or a juniper router for example and it'll send advertisement messages to the link the connected ipv6 host or node can then self-configure with an ipv6 address as well as routing parameters without needing any further human intervention and this is a huge advantage to ipv6 this is covered by the way in rfc 2462. the node can automatically configure its global ipv6 address by appending its interface identifier okay 64 bits to the prefix which is also 64 bits so if you take the prefix of 64 and then it's interface identifier of 64 that gives us 128 bits right and that's included in the router advertisement message this is an important feature for allowing the rollout of new devices on the internet or with the iot internet of things and you can also roll out these addresses for mobile phones for different wireless devices for different home appliances for those iot devices and networks and more in this particular diagram i just want to compare the ipv4 header to the ip version 6 header as you look at this and let me get my handy laser here notice that in the legend the things that are in yellow are field names that were kept from ip version 4 to ipv version 6. so for example in ipv6 we still have a version field it just so happens that in ipv6 it's the number six right and we both we both have a source address and a destination address okay it just so happens that the source address and ipv4 is 32 bits in ipv6 it's 128 bits we can also see in red fields that were not kept in ipv6 and notice how many things we got rid of in ipv6 no more ihl field no more identification no more flags no more fragment offset because you know what there's no more fragmentation in ipv6 we got rid of the header checksum and we got rid of those options the options we got rid of and when we'll replace that with this next header so ipv6 has what are called extension headers and you can add these extension headers for a wide variety of functionality and that ultimate packet can be as large as it needs to be as long as the routers can handle that large packet let's talk about ipv6 extension headers which is a very important feature in ipv6 remember this really replaces and extends the functionality of the options field in ipv4 ipv6 uses two distinct types of headers regular headers and extension headers now we saw the regular headers in the previous diagram the extension headers if there are any are going to follow the original eight fields okay so for example going back it's going to follow these eight fields right 1 2 3 4 5 6 7 8 fields the number of extension headers is not fixed so the length of the extension header chain is variable all that really matters is do the ipv6 routers allow a large datagram or a large packet of that size so here and if we go back and we take a look at the ipv6 header there's a next header field and basically they just tell you where the next header is and you can see you can ex you can stack these next headers on top of each other theoretically infinitely but there's not going to be infinite headers we have a finite number of extension headers but they are intrinsic to the protocol and they add a lot of support for extra functionality here's some common use cases of the extension header and ipv6 the hop by hop eh and by the way eh is just short for extension header so i'm just going to use that the hop by hop eh is used to support those big packets those big jumbo datagrams we call them jumbograms okay so we need to need that to help us with those big old packets or datagrams we also have a destination eh that's used to support ipv6 mobility features to help us with those handheld devices and mobile devices one other major advantage of ipv6 is it's a lot better for mobile devices and handheld devices the routing eh is used in ipv6 mobility and in source routing however the routing eh that header has been deprecated in other words it's been removed because of security vulnerabilities we also have a fragmentation eh and a mobility eh which is critical of course in mobility services the authentication eh and the encapsulating security payload eh basically tell us that you know what ipsec is now native to ipv6 so in other words for your ipv6 protocol stack on your system to be legitimate to be legal it has to support ipsec that wasn't the case with ipv4 okay that was it was optional it's not optional in ipv6 now it doesn't mean it has to be turned on and used but it has to be part of the ipv6 protocol program on that system and authentication eh and esp eh are both very common extension headers ipv6 also has a feature known as neighbor discovery i mentioned that earlier the icmp version 6 protocol provides the same diagnostic services as icmp version 4. in other words it has error messages it has informational messages it extends the functionality for some of the specific ipv6 functions that don't exist in ipv4 so for example icmp version 6 gives us router solicitation and advertisement so for example icmp version 6 gives us router solicitation and router advertisement it gives us neighbor solicitation and neighbor advertisement and it can give us redirection of nodes to the best gateway or the best router welcome to module 4 ipsupport protocols in lesson 8 we're going to look at ip support and management protocols then in lesson 9 we'll look at tcpip routing protocols like rip version 2 eigrp ospf and bgp border gateway protocol lesson 8 is titled ipsupport and management protocols first we'll get familiar with icmp version 4 then we'll look at icmp version 6. after that we'll look at ipsecurity or ipsec and then we'll finish up demonstrating icmp let's get familiar with icmp internet control message protocol remember ip internet protocol is unreliable it doesn't guarantee delivery so icmp is the feedback mechanism that offers feedback about network problems and network issues iep also doesn't offer a direct method for collecting diagnostic information icmp actually resides somewhere between the transport layer layer 4 of the osi model and the network layer 3. icmp provides error messages and informational messages icmp directly affects network operations in both a positive way and a negative way most border routers and firewalls may block most if not all icmp messages because they can actually be used in a wide variety of different attacks however if blocked diagnostic tools like ping and trace route won't work there are a number of icmp types and icmp codes but only a few of them are commonly used especially in iep version 4. let's talk about ping which is actually an icmp echo request an icmp echo reply the basic purpose of peeing is to verify several metrics or indicators for example the reachability of an ip host or the rtt the round trip time of a packet or is there any packet loss the ping program uses the icmp echo request type 8 and the icmp echo reply type 0. we'll actually look at ping in a demonstration in this lesson here's some common icmp version 4 messages echo reply is basically type 0 and this is a ping reply that returns data and by the way the e and the i e stands for error i stands for informational one that's also very common is destination unreachable which is type 3 which means i can't reach the host i can't reach the protocol sometimes this is the only icmp packet or message that will allow on an external or edge router or firewall we've also got redirect which says use a different gateway we've got time exceeded type 11 which is an error type that says you know what the ttl has been decremented or parameter problem type 12 which is a malformed packet or header here's an example of a ping i'm on a cisco switch and i'm going to issue the command ping 10.10.1 and notice that it's going to send five echo requests and five echo replies notice here that the first one the first echo request and reply there's just a dot there you know why because probably this switch had to use the arp protocol to do an address resolution between the ip address and the mac address first that's why the first one timed out but then the next four those went through as i said i'll demonstrate ping coming up in a demonstration this is a tool called trace route which actually uses the echo request echo reply and this is basically to trace the route of hops across a network to the destination here you can see we went across three hops to get to w3.pok.ibm.com route can allow us to find areas of the network where there's congestion it can also find out where the actual packet is being dropped here's an unsuccessful trace route we're actually trying to get to testcase.boulder.ibm.com up here and you can see that eventually after it went past this hop and it got to 222 and so on it actually timed out we weren't able to get to our destination so trace route gives us congestion information in the terms of milliseconds but it can also show us where a packet is being timed out or dropped let's dive into kind of the behavior of icmp version 6. now what we have here this is our original ipv6 header okay or the basic ipv6 header now we do have a field right here this is the let's put it in here and an h here this is the next header field so this says if you have an extension header that comes up after the basic header this identifies what is in that extension header so it says well the next header is number 58. well number 58 actually says this extension header is icmp version 6. that's what the number 58 denotes so we take this and expand it out okay so what we have is the icmp version 6 type field and then a code field and for each different type of message there's a bunch of different variables so each message type has a bunch of different codes okay and that really kind of governs the granular behavior then we have a checksum to look for errors and then down here is our actual icmp version 6 data now let me kind of clear that out so we know that in the type field we can have different values there well if we have a value of one okay now we know that ultimately these are just zeros and ones right but we have a value of one in there that means this is an icmp version six destination unreachable that's very important okay if that is not a one but it's a 128 128 says that's an echo request okay an ipv6 echo request if it's 129 that's an ipv6 echo reply okay if it is 133 that is an icmp version 6 router solicitation so basically this could be a host that's looking for a router to be assigned my ipv6 address okay so 133 is a router solicitation 134 would be a router advertisement so this would be sent from an ipv6 router saying hey here's your here's part of your ipv6 address for auto configuration or 135 is a neighbor solicitation trying to contact an ipv6 neighbor remember a lot of this icmpv6 behavior that we have is replacing the arp protocol that we had in ipv4 there's no more arp in ipv6 and really all of it's done with icmp version 6. so there we go there's the icmp version 6 extension header number 58. next i want to diagram out here some of this neighbor discovery which we know arp used to do in ipv version 4 but now we're going to use ip version 6 and its neighbor discovery process so notice we have here's host a and down here is host b so what host a is going to do it's going to send out a neighbor solicitation that's one of those icmp message types okay that we talked about earlier so it says hey what is the address and we're looking for the v6 address what is the v6 address of host b right and then the neighbor can answer back and say hey you know what here's my link address which we know is in hexadecimal it's an ipv6 address so this neighbor discovery process we're determining the data link ipv6 address of neighbors we can also use this to find neighbor routers like here's router a and router b now remember that the router has to be configured to support ipv6 and so usually what these routers or these multi-layer switches do is they're what we call dual stack okay they're supporting ipv4 and iop version 6 simultaneously just in case you have hosts or nodes in your network that are still using ipv4 right so we can find neighbor routers we can keep track of neighbors remember how i talked about ipv6 as really a great protocol for ip mobility okay well i'm drawing a picture of a static workstation here but what if this device that's running v6 is a cell phone or an iphone or a pad in a hospital maybe a specialized panasonic pad okay what if it's some other handheld device what if it's some other type of internet of things component with an ipv6 address well this also is going to help us with that discovery and keeping track of those ipv6 neighbors as they move around in this mobility solution we can also use this to query in case we find a duplicate address now duplicate addresses in an ipv6 network are much more rare than an ipv4 network but it could still happen if we see duplicate addresses on a network in ipv6 it's often because someone's on our on our network running some type of malware exploit kit they're spoofing some address so on an ipv6 network a duplicate address is usually something that's a sign of a security vulnerability or a security exploit and then finally this neighbor discovery and icmp version 6 can come in handy because we can also leverage p version 6 multicast addresses remember multicasting in ipv6 takes the responsibility of broadcasting okay we don't have broadcast anymore in version 6. we use multicast functionality so just a quick example of how icmp version 6 neighbor discovery can help provide a lot of the tasks and a lot of the components that we saw in ipv4 specifically with the address resolution protocol in this lesson we're going to get familiar with ipsec or ip security realize by the way that you can learn way more about this for example in my sscp live lesson that would be a great one to go to dig much deeper into security i'm just going to brush the surface here first we'll look at the different services that ip security provides or ipsec it provides confidentiality in other words it's going to scramble up the clear text into ciphertext using things like aes for example it provides data integrity making sure that the information the datagrams weren't messed with in transit typically we're going to use what's called a sha-2 hmac for that then we'll have origin authentication we can authenticate the origin of the packet by using a pre-shared key we can also use x509v3 digital certificates like you use up on the internet when you go and you use ssl tls in your web browser we also get protection against anti-replay attacks and we can do key management with diffie-hellman protocols or elliptic curve diffie-hellman protocols i want to recommend to you by the way here to look at some of these different types of security protocols that you go up on the internet maybe to youtube and look up brit crews b-r-i-t cruise c-r-u-i-s-e or you can go to khan academy he has some great videos to help you learn about encryption and decryption when you set up an ipsec between two endpoints let's say two routers on the internet you have to haggle over some details of the agreement so you need to choose what data integrity mechanism you're going to use you'll have to decide upon what origin authentication you want to use the key management system and the confidentiality mechanism and then the lifetime can be either in seconds or it can be how much data is transmitted so the lifetime of this first part of ipsec that can be optional basically the shortest lifetime is going to be used but these other things there has to be a match on both sides so if two routers are going to do ipsec between them let's say they both have to use sha2 for data integrity elliptic curve dsa for origin authentication they have to use ike version 2 for key management and aes for confidentiality all four of those things have to match if they're going to have a profile that's being used between them there's the main mode of what we call ike or ipsec phase one and there's a first exchange where there's peer negotiation and agreement so before they can go any further those two routers are going to make sure that everything's done in a secure channel so the first thing they do is they set up the secure channel for subsequent communication so that the subsequent or ongoing communications are done over a secure channel then they'll possibly do some key agreement they have to generate some secret keys that they can use later on and then the third exchange is building what's called a security association so in this first phase they're going to set this up and they're going to have a two-way security association between the two routers we'll say here you can see an example of configuring this isocamp protocol or ike phase one on a cisco router don't worry about these details but just notice by the way that you know the haggle stuff is all being configured here right here's the hash here's the authentication here's the group here's the lifetime here's the encryptions that's the haggle so both sides have to have a match not the policy number but the values and so you can see these two policies match all the way across notice the lifetime though this router has a lifetime of 85 400 which is one day that's in seconds the other one has a lifetime in 12 hours okay or half a day 43 200 seconds those values don't have to match but the shorter lifetime is going to be used if you're setting this up between two routers the first thing you're going to do is you're going to ping the other router with the icmp echo request echo reply then once you find a matching configuration on both sides one router has policy 100 that matches policy 10 once you have a match then you'll have what's called this isocamp peering or a security association two ways between both routers it's here idle waiting to go into the next mode and it's active so that's a good sign once you have that set up we can go to phase 2 which is basically negotiating the security parameters that we're going to use to actually protect that clear text information and so these ipsec parameters are also referred to as transform sets because often we're actually transforming clear text data into what's called ciphertext okay or we're scrambling it up for confidentiality and this establishes two security associations okay two one way or two unilateral security associations for example between those two routers or it could be between your amazon web services service and your edge router or firewall at your company and also in phase two there'll be periodic renegotiation of this security associations to just to make sure we have a secure environment and here you can see is an ipsec configuration or the second half don't worry about the details here but just realize that these are the kind of things you can configure on a juniper router or a cisco router and you can do it in the command line interface like this or you can do this with a graphical interface and by the way as you proceed forward in your knowledge in information technology or networking it's quite likely that eventually whatever path you take let's say palo alto networking or juniper networking or cisco networking you'll have to learn how to do this on those devices and of course you'll have to learn how to verify your activities as well so here's just an example of some show commands that we can do on a cisco router or some debug commands and debug is going to give us a whole string of commands on what's happening in real time on that router or that firewall so just a quick little overview of the ip security which by the way you can use an ipv4 or ipv6 okay in this demonstration we're going to look at the icmp protocol and remember that icmp has two different categories of messages one is the error reporting type messages and the others are query messages now we're going to be focusing on a couple of different query messages here ping the ping tool and the trace route tool but there are five types major types of error reporting messages in ipv4 that you might want to familiarize yourself with and that is destination unreachable which is probably the most common and sometimes the firewall or the router at the edge of a branch office that's often the only icmp message it will allow back in because that's actually a good one to to find out if a destination is unreachable a couple of others are time exceeded source quench parameter problem and redirection now like i said the one that we'll we would commonly use in the real world of those error messages is the destination of reachable but i'm working now in my windows environment and i ran the command.exe so you can do that just go down and go to your start menu if you're down there or you can run a similar tool on your linux machine but the first thing we're going to look at is ping and if i just put a ping in here and on this operating system forward slash question mark is going to give me a set of different options okay and these are flags you can call them flags or parameters that we can use different options to modify the way ping works okay so a couple of things here ping dash a will actually resolve the address to the host name that's interesting count ping dash n is going to modify the number of echo requests that you send by default on the microsoft system it's going to send four icmp echo requests other platforms like let's say if you're on a cisco router by default that's going to send five of those and i'll demonstrate that here in a second some of these others we don't really use and actually some of these others are actually kind of part of a possible attack so most if not all devices are going to block certain types of pings let me show you how we would troubleshoot with this ping tool which really what it is it's a primary it's a troubleshooting tool so the first thing i want to ping is if let's say i'm having problems you know i just can't get to anything right i open up my browser and it can't find anything i try to get my email i'm not getting an email one of the first things you're going to do is you're going to ping the loopback address and that's going to basically test your tcpip stack so if there's something wrong with your tcpip stack or program on your operating system when you do ping to the loopback address 127.0.0.1 it's going to send four pings to the loopback address locally what we call this kind of the local link it's going to send 32 bytes of data four times and you can see that it took less than one millisecond which is you know the way it should be but i got four icmp echo replies okay and then you get kind of some basic statistics and so what you're looking at for example if you use ping and the time the round trip time in milliseconds is you know kind of high you know 40 50 70 milliseconds that means you've got some kind of congestion you've got some kind of issue that's slowing down this traffic okay and one of the things i want to mention about ping is if you're setting up a vpn between your company and a branch office both of you are going to have a vpn going where you can protect all your traffic make sure you ping each other first to test the network connectivity so for example i know that my tcpip stack is doing good so let me scroll this down a little bit the next thing i want to ping i might want to try to ping another host on my network let's let's do that even that's even closer so you we ping ourselves then we ping another host on our network to see maybe maybe something's wrong with our switch okay so this is a laptop it's on the same network destination host unreachable now i know why that is okay i'm using a wired connection on this workstation and i'm trying to ping a wireless device on my same network and my router will not let that go through okay so this could be a problem on your network okay and notice that finally it just timed out okay so this could be a problem on your network and if this was was a normal corporate network that could be a problem it could also be the way that the network's configured from a security standpoint but i doubt it okay but i know on my network because of the way my router works between the wired hosts and the wireless host i know this is normal behavior but that would be the second thing you do somebody else on your own network on this side of a router i'm going to try some of these other options let's let's do let's do the ping with a bigger count let's say we're going to do eight of them this time so it'd be dash n followed by eight and then we'll do the loopback 127.0.0.1 and so this time we're going to do eight echo requests let's ping maybe suddenlink which is my provider okay so i'm gonna do 173.212 that's my service provider real fast you can see some different times though the second one took 30 milliseconds but that's still super fast so that's my service providers basically edge and we can also remember we can do a ping question mark again and we could do dash a which would resolve the address to host names let's do that one again then so let's do ping dash a and then we'll do sudden link again and it tells you right there suddenlink.net okay so it basically resolved it to you know 173.219.226.169.suddenlink.net that's what i was looking for okay and i could even uh go all the way up to pearson but i'm going to wait on that okay i'm going to wait on pearson i think you've got an idea how ping works and echo request echo reply let's clear this out and let's use another tool called trace route okay trace route now it may be on some systems that may be trace route on the microsoft system it's trace rt okay and there aren't a whole lot of other options here but you could say what are the maximum number of hops i want to search for both ping by the way and trace route allow you to choose a different source address so you might want to do a different source address also loose source routing is probably going to be blocked because that's actually part of certain kinds of attacks as a matter of fact when i showed you earlier ping dash in that count if you were to try to ping a host on the internet with a really large count it's gonna block it because that's what we call a ping of death that's actually an old type of attack that was used the ping of death with a super high count that doesn't work anymore because if not my local router my sudden link router or gateway would block that let's do a trace rt and i'm going to go ahead and put in a dns name okay now i know the ip address of this host at pearson but i'm going to go ahead and put in www.pearson.com because i can also take advantage of dns resolution which is what's going to happen too so now i'm tracing this route and it actually resolves to e290.x.akamyedge.net and you can see the ip address is 23.67.158.74 now i could actually have you know put in that ip address akamai edge by the way this is what we call content delivery networking so akamai amazon web services google cloud other cloud service providers offer these edge locations so amazon web services has like five edge locations in dallas akamai has edge locations and that's a way for them to get their content closer to end users so pearson uses akamai to get their content on their web servers as close to their users as possible and by the way you can see that my trace is complete and it has traced it all the way to the content servers at akamai technologies okay so that's who pearson uses so i'm not actually going directly to a router or a gateway at pearson in california i'm going to one of their edge servers okay what's cool about trace route is that it actually uses ping so it creates a udp packet from my source to that destination first off with the time to live and you can you know we had ttl in the ping let me just do that again show you ttl time to live okay and you can adjust that you can say i only want to do one hop or two hops or three hops so trace route creates that udp packet from my system with a ttl of one and so you know it did that first and so it it basically does one it goes to the first hop and then it times out and then it goes to the next top with a ttl of two and then a ttl of three and and so it just keeps going with it all the way up to 30. so it would go you know if it was 30 routers away it would go you know up to 30 routers away and you can see by the way that it's giving me round trip times in here some of these time out but it keeps trying at one point you know i had 145 milliseconds at this quest.net you can see i'm going to you know dallas one level three level three is actually one of those companies that works with companies like sudden link to help get them their content quicker okay so for example if i wanted to i could i could bypass the internet altogether and use the company level three to actually use an amazon web services direct connect solution and they would actually i would connect to level three i would bypass the internet and use a direct connect link directly to amazon web services and bypass the internet and you can see so there's several companies involved here request.net and then akamai technology so these are good tools you know inside your network you could you know do a trace route if you had a large enterprise to find out where your problems are to find out where your congestion is to find out where certain packets are being dropped it's a tool that can be used inside your network and outside your network one thing i want to mention as we as we finish up here about a firewall is that a firewall unlike a router does not decrement this time to live field so one thing a router does or the hop every time it receives a packet it's gonna decrement this ttl value by one and then pass it on to the next router or the next hop so there may be firewalls or firewall appliances that are in the path i'm not seeing them because the the firewall doesn't decrement the ttl it just passes it through so i'm i'm doing a trace from my system up to akamai but there may be firewalls in the middle they're just simply passing this trace route or these pings through their device and i'm not going to see them all right welcome to lesson nine tcpip routing protocols first we'll understand the difference between static routing and dynamic routing then we'll examine rip routing information protocol rip version 2 and rip next generation for ipv6 we'll look at open shortest path first ospf we'll look at eigrp cisco's enhanced interior gateway routing protocol then we'll examine border gateway protocol bgp and we'll finish up demonstrating bgp and amazon web services okay in this demonstration we're going to look at static routing and dynamic routing and let's remind ourselves that routing of packets or datagrams is a layer 3 process okay if it's the osi layer seven it's layer three but it's also technically the third layer of the tcp model the networking or internet layer so as these hosts over here on the right hand side are going up and hitting web servers on the internet those packets have to be routed across layer 3 devices now layer 3 devices can be multi-layer switches as we see here a switch that operates at layer 2 3 and 4 of the osi model it could be a router it could be a firewall that does ip forwarding there's other devices as well that might be involved so for example on the internet servers the web servers they may be using load balancers they may be using other devices that also do ip forwarding but the bottom line is in a small organization we can just use what's called static routing so let's look at two different scenarios let's say in the first scenario this switch is a multi-layer switch or a switch that also can perform routing either it has a routing processor that you've added to it or it's built into the switch and so that multi-layer switch is going to be the default gateway that these hosts over here on the right-hand side are using to get out of this local area network if that's the case then that multi-layer switch or router is going to have to forward ip datagrams or packets up to the next hop which is our edge firewall which is a firewall that we either have at our organization a device at the edge of our organization like an adaptive security appliance from cisco or it could be a device at our service provider our internet service provider or our cloud service provider but either way we have to route packets so we have to create static routes on this multi-layer switch or routers that points to the next hop and then of course on this firewall we need to set up static routes that point to the internet and then a static route that also points back to this multi-layer switch or the router so for example let's say we're going to do that on the firewall it's a cisco router firewall and so we do the out the ip route command and the next thing we're going to say is what is our destination what is our destination ip prefix which would be a cited representation let's say 67.77.32.11 slash 32 or 24 or 23 whatever and that then that pipe symbol there says or we could actually say what is the destination ip address and ipmask to our destination okay so after the ip route we want to put in what is our ultimate destination and then we're going to say what is the next hop in this static routing configuration to that next router or firewall and so we could say we're going to send it out this particular interface so the interface command says okay if it's destined for that ip prefix or that ip address and mask send it out this interface fast00 gigabit 0 1 whatever or we could say send it to this prefix send it to this ipv4 slash something prefix and that works really well for a small to medium size business to configure on your routers your multi-layer switches and your firewalls so static routing is excellent for a small to medium-sized organization where you want to have total control over the configuration of the ip forwarding or routing of all your layer 3 devices so that's the advantage the disadvantage is it's not automatic it's not automated it's not scalable to a lot of routers or a lot of layer 3 devices also it's it's more subject to human error because we are relying upon humans to do the right configuration so here's an example of how you would do it on a cisco router with ipv4 you'd say here's the ip route to this prefix 192.0.2.0.24 and then the next hop is on our ethernet port that has this ip address assigned to it and by the way the actual syntax that we're using isn't important for you okay because it can be different on all different types of devices just realize the basics are i'm creating a static ip route to a particular network or a prefix and then the next hop is either an interface or it could be an actual ip address next hop and down here we can see we can do the same thing with an ipv6 command to send a route to this network at 2001 0db with a 48-bit mask you can even do this on a linux machine or a windows machine so for example on a microsoft machine we're using the route add command we're going to say we're going to add a route to network 192.168.35.0 with a mask of 255.255.255.0 or slash24 and to get there we're going to go to 192.168 that ip address and you can see we're adding the command down here in the middle and then here's the entry in the routing table okay so the path to this network 35.0 24 is basically to the next top 192.168.0.2 and that's really what static routing is all about if you're doing this in a virtual environment like on amazon web services if i've got a couple of subnets down here notice that i've got one subnet which is the 10.0.04 network and over here is the 10.0.1.0 24 network what i would do is i would have a route table so it's pretty much static routing at amazon web services and what would i put in this route table well if this instance let's say it's a linux or a windows instance that i spun up if this wants to get out to the internet it's going to go through this internet gateway okay if it wants to go to let's say some branch office or some other vpn connection it'll be routed through this virtual private gateway so when this route table you would just simply say if this instance wants to send traffic out to the internet i'll put an entry in there that points to this internet gateway which could be an ip address or it could be some type of identifier some unique identifier and we could say if i want to send traffic from this instance over this virtual private gateway let's say over a vpn to another branch office or to my headquarters well then i'm going to route the traffic in the route table over to this virtual private gateway which could be an ip address or it could be some unique identifier notice that we have a route table for each one of these sub networks they could be the same entries or they could be different entries on a subnet by subnet basis now static routing has advantages and i mentioned those you know they we have total administrative control over our ip forwarding it's also going to be something we do manually so we have responsibility for it it's a good solution for small to medium-sized businesses and even in some virtualized environments it's the best solution but dynamic routing allows us to take advantage of automated dispensing of the routing table information and other algorithms across multiple neighbors or peer routers and so if it's a distance vector dynamic routing protocol the distance from you know one router to another router is going to be based on hops okay hops and other information like the distance between the hops with their bandwidth or the amount of delay so the vector is basically based on hop count or other metrics that determine what is the best hop a link state protocol actually builds what's called the link state database so all of the routers in the link state domain are going to propagate their information and they'll all have an identical database a link state database and identical routing table so if it's distance vector each router is responsible for sending updates of the routing table to its next neighbor or its next peer router that's the way distance vector works but with link state you're building a database that all of the routers in your administrative domain are going to share a common distance vector protocol would be rip version 2 and we'll talk about that cisco has an enhanced version called eigrp that you might use in a cisco environment and the most common link state protocol is ospf open shortest path first and so the advantages here are we get this automated scalable propagation of our routing information and this is excellent from medium sized to large organizations because a lot of this is automated for us we can also use authentication mechanisms and cryptographic hashes to make sure that all of the information sent between the routers it has integrity it has origin authentication making sure it came from the correct peer because it has the right key or password and integrity mechanisms to make sure the hello packet or the update or the advertisement wasn't modified by some man-in-the-middle attack so dynamic writing protocols do have lots of advantages but some organizations just do static and some organizations are going to use dynamic on the internet we'll use a combination of both some companies will just use a static route to their service provider even if it's amazon web services i can use a static route but more often than not on the internet we're going to use a protocol which is a path vector protocol called bgp border gateway protocol and we'll talk about that coming up later on in this set of lessons in this lesson we're going to look at the dynamic routing protocol known as rip or routing information protocol and by the way this was actually one of the early dynamic routing protocols and it was very popular especially in microsoft environments and in microsoft we used rip version 2 and rip version 2 is a standardized routing protocol that works in a mixed vendor routing environment as i said rip is one of the easiest routing protocols to use and it's really good for small to medium sized networks rip version 2 is limited by a route metric based on the hop count so it's the number of routers that these advertisements go through and it's limited to 15 hops but realize it's actually pretty rare for an enterprise to be to have a a width of 15 hops nowadays rip is a distance vector protocol so the vector basically tells us that we're using distance or the number of hops away so the hop count metric actually chooses the path rip also allows you to load balance so if you have a router configured for rip you could load balance across up to four equal cost paths by default rip does not account for things like bandwidth and other metrics that are used by let's say the ospf protocol when making a decision so it is a more simpler protocol and as i mentioned rip was quite popular on microsoft networks especially with their servers that could actually perform as routers here we see a basic rip configuration on a cisco router notice that we basically get into a configuration mode and issue the command router rip and that basically turns on the rip functionality remember a router by the way can run multiple dynamic routing protocols a router could also sit between two different domains that run different routing protocols and they could advertise that information into the other domain into each other and so we're just saying we're going to run rip make sure it's version two and then we just issue the command network 10.0.0.0 and what that means is any interface on this router that has an ip address assigned to it in this 10.0.0.08 network any interface that has an ip address in that network is going to participate in sending and receiving rip information here we're looking at the routing table on a cisco router notice we have various codes up here and we have a code a code of r specifically for rip and you can see right there is our rip protocol and of course we have codes for other popular dynamic writing protocols as well like b for bgp d for eigrp you might be saying why do we have d for eigrp well because eigrp uses what's called the dual algorithm so d stands for dual there's also o for ospf here we can also see further down in the routing table we have entries and we have the code r so we can see that this particular router learned these entries from the rip protocol so for example it says to get to network 192.168.1.0 24 i have to go through an interface ethernet 0 with the ip address 10.1.1.1 to get to that network now rip was also modified for ipv6 so we have what's called ipv6 rip next generation so rip ng or rip next generation is defined in rfc 2080 and it's an extension of the rip that supports ipv6 the main differences between rip version 2 and rip next generation are obviously rip ng supports ipv6 networking rip ng does support rip version 1 updates and authentication so it is backward compatible rip ng requires specific encoding of the next hop for a set of route entries and finally rip ng sends updates on udp port 521 using a multicast group in this lesson we're going to look at the open shortest path first protocol or dynamic routing protocol ospf but before we do that i want to talk about a concept known as administrative distance and this is used by vendors routers to determine what is the more trustworthy routing protocol so let's look at this from a cisco standpoint because cisco is the most common network routing device in the world so let's look at this aed value in a corporate lan it's not uncommon to see multiple dynamic routing protocols and static routes configured on routers and multi-layer switches the aed or initiative distance is a way to rate the trustworthiness of the source of routing information in order to choose the best path some vendors like cisco use the ad to rank the reliability of a routing protocol so in other words if there are multiple entries in the routing table it's going to choose if it has the option the routing protocol entry with the best ad now when we say best ad we actually mean the lowest number okay so notice that uh the connected interface has an a d of zero well that means it's the most trustworthy okay nothing nothing gets lower than zero it's like a golf score okay if it's directly connected that's some pretty reliable information if you as a network administrator have configured a static route that says hey here's the prefix to get to that particular network that's going to have a value of one well that's pretty trustworthy as well okay directly connected trustworthy static route trustworthy then we start looking at these dynamic writing protocols external bgp is used out on the internet with your service providers and your it service providers and your cloud service providers so cisco says if it's an external bgp route that's pretty trustworthy okay notice that if we go to the top the least trustworthy is something that's unreachable okay that's the highest value possible 255. also older protocols like or internal bgp which isn't used very often so the higher the number the least trustworthy notice however these two right here if it's a cisco router and it has a entry for a path to a network or a prefix it's going to have a value of 90. if it also has an entry for ospf okay to the same network the cisco router will choose the eigrp route over ospf part of the reason is eigrp started out as a proprietary cisco protocol so a cisco router is going to prefer eig eigrp pretty much over ospf or isis or rip if it has the opportunity okay because obviously it's proprietary so this is a table that's used especially by cisco routers when there's multiple entries in a routing table to the same location but given to it or provided by different or more than one routing protocol now let's talk about open shortest path first now this particular protocol by the way is based on what's called the dijkstra algorithm and dykstra is d-i-j-s-t-r-a okay dijkstra there may be a k in there actually d-i-j-k it's uh the gentleman's name okay the one who created this particular method for finding the shortest path okay it's one of the most commonly used internal gateway protocols in iep networking now routing protocols must detect failures as soon as possible and then quickly determine another path across the network remember this is a packet switching technology so we have multiple paths and we're going to try we're going to use the shortest path first but if one of those nodes goes down we want to be able to quickly determine another path through the network packet switching not circuit switching packet switching ospf is a link state so it knows it has a database kind of topology of the states of all the links of all the routers in its domain and it offers fast convergence and scalability for multi-vendor environments so ospf bottom line is way better than rip or rip version 2. an ospf router achieves neighbor adjacency or it establishes a establishes a peering okay or a neighborship by exchanging hello packets okay and a hello packet is one of those protocols at the layer 3 the network or internetwork layer okay and it exchanges hello packets with other routers now once a router does this with hello packets the neighbor is put into the neighbor database after a neighbor relationship is established all of the routers in the ospf area or domain will synchronize their topology okay so that's the link state database by reliably exchanging what are called advertisements so the first thing is the hello hey can you be my neighbor okay like uh mr mr rogers neighborhood won't you be my neighbor okay we're gonna be neighbors we have an adjacency now let's start synchronizing our databases and exchanging advertisements so that all of the routers in the ospf domain have the same exact topology database so here you can see the core functions of ospf they use the hello protocol to discover neighbors then they go through a multi-phase process to form adjacencies or neighborships with their peer routers then they'll use those advertisements to flood the link state database on all of the ospf routers once that's accomplished then they will compute the shortest path okay and that's where that dijkstra algorithm comes in that dijkstra invented okay and by the way that algorithm that shortest path it's actually used for lots of other things besides routing in a network okay a shortest path or a dijkstra algorithm can be used in lots of disciplines besides networking okay once we compute the shortest path then we install these ospf routes into the database okay or into the routing table on the router and it doesn't change okay then we go through this process again to modify with advertisements we modify the link state database we do a recomputation of the shortest path and then we change the routes in the routing table accordingly here's an example of the ospf design i don't want you to get too hung up on this if you're going to go and you're going to you know delve farther into your i.t career or networking you'll learn about how routers do this type of thing but there's one thing about ospf we need to understand is that every ospf network has what's called a backbone okay we all need to have a backbone but ospf has what's called area zero and this is the backbone and if we think about area 0 as our backbone this would be let's say our our main core routers in our enterprise the ones that are moving those packets and forwarding them very very quickly then you're going to connect these other routers to that area these are called area border routers so think of these as like the first floor of your building and then the second floor of your building or the third floor of your building or this could be the the accounting department this could go to the call center this could go to the r d department or if it's a campus network okay a can a campus area network this could be building one building two building three okay what about a wide area network okay well area area zero is the headquarters okay and this is branch office one branch office two branch office three see so this is a great protocol that actually can be used in a wide variety of different types of networks local area networks metropolitan area networks for example if it's a metropolitan this may be area 0 or the backbone and this could be j-1 could be the police department this could be the fire department this could be city government okay so this ospf can work in in a local area network a wide area network a campus area network a metropolitan area network it's a very powerful and flexible dynamic routing protocol let's talk about the eigrp routing protocol which is an enhanced version of cisco's original interior gateway routing protocol so not used out on the internet but used inside organizations inside an autonomous system and so this is actually has an rfc so it's not totally proprietary anymore eigrp has an informational rfc number 7868 so it's not totally open source an open protocol but it's kind of somewhere in between right and so it's defined in 7868 we call eigrp a hybrid routing protocol okay a hybrid because it uses different aspects of different routing protocols it is an advanced distance vector protocol so it basically uses advanced mechanisms to figure out the distance between hops okay and i'll talk about that here in a second but the algorithm that it uses is called the dual algorithm what that stands for doesn't matter but when you look at eigrp in a routing table on a router it'll be there'll be a cisco router specifically there'll be a d next to the entry for any eigrp entry or prefix because it d stands for dual okay so there's not e will not be eigrp in the routing table okay that's something else let me do will be dual now the good thing about eigrp is it's very efficient and it converges very quickly it's also classless so you don't have to use class a class b class c so they can support things like cider and something else called virtual length subnet masking that we can use and again these are mechanisms that are ip version 4 mechanisms that with ipv6 we don't have to use these anymore but eigrp doesn't need to use those classes with its ip version 4 addresses also when an eigrp neighbor is sending an update to its neighbor it only sends a partial update it just sends the information that's changed and it's only on an as needed basis other protocols like rip and rip version 2 will send the entire routing table on a regular basis eigrp doesn't work that way it only sends the partial necessary information when it's needed when there's a change to the topology which by the way may not be very often okay it supports multiple protocols so eigrp can support ip which is why we're here it can support uh apple talk it can even support the older ipx spx protocol that was from novell novell networks came up with their own protocol so it's multi-protocol support it can support those things it supports several different kinds of metrics so these numbers here that determine uh what we would call the metric between hops this is a very simplified version by the way uh i'm keeping it simple but the attributes or the metrics that go into determining this number five and this number 10 can be a combination of what we call bandwidth load and reliability usually it's just bandwidth and delay but we can use these to create very complex metrics so this topology for eigrp will support up to 255 hops or 255 neighbor routers which is way more than enough for modern networks and we have a new version of eigrp for ipv6 and that's called eigrp v6 now one thing we see here these routers will determine the metrics between their hops so we can see to get from router a to router z okay we can see that the best hop that has the lowest metric is from here to here to here to here because we have 5 plus 5 plus 5 is 15 if we go that direction if we go down to this router we're going to go 10 to 10 to 5 well that's 25 okay so this is a better path because it has a lower metric okay and so that's the preferred path we call that the successor okay successor in the sense that it's the successful path okay so the successful path of the successor is the one with the better metric okay and the other one if this one goes down remember this is a packet switching network we want to have another path if this one goes down we'll use this path it's a higher metric but this is our feasible successor okay this is the feasible successor eigrp by the way like other routing protocols uses multicast addressing okay it uses multicast addressing to send information from router to router okay rip version two eigrp ospf they all send destination multicast addresses like you know starting with 224 to send to a router or groups of routers in a routing domain or a multicast group and so that's in a nutshell how the enhanced igrp protocol originally from cisco how it works in this lesson we're going to take a very brief look at the border gateway protocol or bgp and the reason why it's going to be a brief look is this is the main protocol that's used by service providers and large enterprises so i don't want to get too ahead of ourselves okay we're still just starting out with this tcpip thing but it's important to know about bgp because it's one of the original foundational protocols of the internet it's complex so it's excellent for the internet and the routers of the internet it's very scalable so it can scale up to many many different points of presence and routers on the internet it's reliable it's secure and it also it's tcp based so there's a tcp handshake that happens between bgp neighbors very important protocol external bgp or ebgp is a part of the border gateway protocol that's used for exchanging routes between the different autonomous systems or ass of the internet an autonomous system is a collection of networks under a single technical administration domain so for example amazon web services has their own as google has their own as or more bgp provides the routing between these autonomous systems by the way you could have your own autonomous system at your own enterprise or your own organization bgp can be internal or it can be external so we could use an internal protocol let's let's say ospf or rip and then we could use bgp as our external protocol so here's an example of where we got these two autonomous systems on the left hand side we have autonomous system 65000 on the right hand side we have autonomous system 65001 between those two asses which again could be two large companies two large corporations or organizations they're going to use the external gateway protocol bgp notice that internally they're using something like ospf or eigrp or they could use rip version 2 if they wanted to but again bgp offers reliable updates using tcp port 179 bgp can be internal in igp or an egp which is much more common customers can exchange the routed information with service providers service providers can trade the routed information with other isps it's highly scalable which means it can be expanded to a lot of routers a lot of autonomous systems you get security through authentication of the peer router and route filtering and it's complex it supports advanced routing policies and route manipulation between the peers okay if you remember in lesson six we came in here and created our own virtual private cloud and in that virtual private cloud we had one public subnet and they tried to give us initially the rfc 1918 10.10 16 network remember but we went ahead and said we're going to go ahead and use 192.168 for our vpc so we had 192.168.0.1.2 and so on as our subnetworks and each one of those sep networks had over 250 possible ip addresses in them well now we're going to mention border gateway protocol and when you use amazon web services to create a virtual private network you only have for your dynamic routing protocol if you use what's called the managed vpn from amazon you only have the ability to use border gateway protocol so let me show you that real quick the first thing you're going to do is go crate under vpn connections down here you want to create your gateways now the virtual private gateway is basically the gateway here at amazon web services that my data center connects to or my headquarters or my branch office or whatever to get that aes 256 ipsec ike version 1 protection so i'll click on virtual private gateway and we'll create one and we're going to name this hq okay and we could use the amazon default asn remember that border gateway protocol uses an autonomous system number right and we can go ahead and use that one or we can say let's use a custom asn and it's going to tell us that you have to use a private asn for this so anything above 64 512 i can use so i'm going to go ahead and just let amazon use their default asn that they use as part of their infrastructure and create the virtual private gateway and so here's the unique identifier which is a unique amazon identifier okay so if i want to let's say for example route traffic out of my public sub network to the vpn gateway i would just route it to this vgw so on and so forth so remember earlier we've created that public subnetwork and if i put a windows instance in there or a linux instance in there and i wanted that particular operating system instance to actually connect over the virtual private gateway and get access to you know my data center or a branch office over that ipsec connection then i would just point in the routing table to this if i'm going there okay well i created that so let's close out of here and now let's create the customer gateway and this is what's going to be the information about my side okay so i'll just say this is my data center and i can do static routing but i'm going to do dynamic this is all about bgp okay they're going to try to give me the bgp autonomous system number of 65 000 and it tells you the border gateway protocol bgp autonomous system number of your customer gateway should be entered here now you can use an existing asn that's assigned to your network and if you don't have one you can use a private asn in this range of 512 to 534 so let's say i don't have one and 65 000 is the default of amazon but i'll say 514. then i'm going to put the ip address of my customer gateway in here which is the router at my headquarters and we'll create customer gateway and then close out of there so now my virtual private gateway created and my customer gateway created using border gateway protocol i can now go and create a vpn connection and i can just say myvpn and then the virtual private gateway i already just created that right so i'll choose the one that i created right there and i can say customer gateway i'll use an existing one which i created which is right there right or i could create a new one and of course the routing options is to use dynamic bgp and those settings are already set in there notice down here that you're going to customize a tunnel inside cider and pre-shared keys for your vpn tunnels so you're going to have two tunnels that's going to be for failover purposes so from the vpn gateway there'll be two different tunnels that are going to your headquarters so i've already provided the public ip address of my router so there'll be two logical tunnels this tells you you can let amazon generate this for you or it tells you it's going to be a slash 30 cider in what's called the 169.254.0.0.16 range which is actually something called a pipa apipa and if you for example run a microsoft environment let's say at your company and your workstation or your laptop wasn't able to get to the dhcp server it would still let you boot up your system but it would give you one of those one six nine two five four addresses so that you could at least get your machine up and running get the tcp stack up and you could you know troubleshoot your workstation your or your laptop so i can let amazon generate all of these and the pre-shared keys or i can come up with my own now i'm not going to create the vpn connection here because it's going to apply charges and i don't really want to do that but you see the steps here and you see how we use dynamic bgp now if for some reason at your headquarters you wanted to use a vpn that was using let's say eigrp for the dynamic writing protocol or open shortest path first and maybe you already have your own kind of multi-point vpn setup and now you just want to include amazon well you have to spin up your own servers and everything in your own vpc in your own public subnets you have to really kind of manage that vpn on your own right you couldn't use this managed solution but let's go back to this area and just remind you that there's several ways with remember that public subnet that you created in the previous lesson there's several ways for your instances that you spin up to communicate outside of that or to get out of that public sub network if you wanted to get out and communicate and just you know go to the internet and go to web servers on the internet or maybe maybe access your own site or branch office in just a public way without a vpn you would just create an internet gateway or use an existing internet gateway and just point to that in the route table and here's where your route tables are so you just simply wherever you want to go to you're just going to point to that object in the route table so if you have an egress only internet gateway this would be for an instance that you spin up in your public subnet that is going to be an ipv6 host so if it's going to be using ipv6 addressing and you want it to use that and you want to go out to the internet you need to use an egress only internet gateway what if you had a private subnet okay not a public one but a private subnet and you had servers in there like web servers or database servers and they needed to go and connect to the internet for let's say windows update services or to download service packs or hot fixes or they need to have updates well then that what you would do is you put a nat gateway in your public subnet and then have those servers in the private subnet point to in their routing table the nat gateway to get out to the internet now nobody outside will be able to access those servers the web servers or whatever sharepoint or database servers but they'll be able to get out through the nat gateway and get access to some service on the internet so they can download their hotfix and then for various connections from your private and public subnets you can use endpoints and endpoint services to bypass the internet and just connect directly to let's say other vpcs that you create or other services within amazon web services and then the last thing is the elastic ip remember that subnet i created right which i did earlier in lesson six i believe that subnet if i want to allow those instances to be accessed by the public on the internet i need to go get an elastic ip and i need to assign that elastic ip to that subnetwork and it'll be some publicly routable ip address that's part of amazon's pool so the instances in the public subnet now they can get out they can communicate with the internet but hosts on the internet cannot communicate to them because remember they're using 192.16 addresses to expose those addresses on those instances in the public subnet i need to go get elastic ips and allocate a new address that's going to cost you money it's going to cost me money but it's going to be a public ipv4 address that hosts on the internet or at my headquarters or anywhere can use now to get to those linux and windows instances in that public subnet that i created earlier in lesson six all right 5 covers two main transport layer protocols first off we'll look at a wide variety of information concerning tcp transmission control protocol then we'll look at the ins and outs of the very popular udp user datagram protocol lesson 10 is titled transmission control protocol tcp we're going to understand ports and sockets we'll look at the tcp behavior attributes and characteristics we'll examine tcp operations and then we'll finish up demonstrating those operations okay let's talk about sockets and sockets not sprockets which is that old saturn live skit this is sockets okay and let's talk about what a socket is let's look at this host up here so i'll come over here we have this i'm going to do a laptop this time okay so we have this laptop that's maybe at some office somewhere and they've got an address of 10.10.10.100 24. now looking at that we know that that's one of those rfc 1918 private addresses right so we're going to have to do some network address translation or port address translation here on this router because this address this ip address will be will be blocked either by something on this router or definitely when it gets to a router at our service provider on the internet but let's talk about what a socket is okay so let's say with this laptop i'm going to go up to amazon web services right and i have uh created up at amazon web services my own kind of virtual private cloud right so i just got a just a basic account and i can get some free stuff and i'm going to create a secure shell server there okay so i'm going to spin up let's say a linux instance and i'm going to turn that little linux server into what we call a bastion host a bastion host or a jump host in other words i want to use this linux server to connect to other servers inside my virtual private cloud so what's going to happen is amazon is going to allow me and allocate me what's called an elastic ip address let's say it's 77.63.2.129 that's a publicly routable valid address out here on the internet okay so i want to connect to this secure shell server with a secure shell client on this laptop right so that i can you know jump in here to these sub networks and i can configure those instances here's the deal when i want to connect to this secure channel server the first thing i'm going to do is i'm going to do a tcp handshake okay a three-way handshake between this host right here and this secure shell server up here the problem is this is a private address okay it's not going to get past that router so this particular host is going to say look i want to go to 77.63.2.129 in the service port that i want to hit is 22. so i'll just put colon 22 because 20 22 is the port that secure shell uses right so that's the socket that this particular host wants to get to so the source ip address is going to be 10.10.10.100 24 and it's going to just choose some random ephemeral port we'll say it chooses 33 33 okay so the source port will just be some random port something above 1024 that's the source socket okay 10.10.10.100 colon 3333 that's the source the destination we've already established that now when this packet goes it'll first go the frame will go through the switch the frame will leave the switch the frame comes to this router or what's called my default gateway okay the way i get out of my local area network when it comes to the router it's going to have to translate this private address to something public okay so let's say on this router i've got some public address of 67.22.10.33 okay and it can be a pool of addresses that this router has or it could even be a wireless access point but let's say it's a router so it could be a pool of addresses like a slash 24 254 addresses or a slash 23 which gives me 510 addresses or i could just have one address on this outside interface that's been assigned from my service provider okay either way if i'm if i have a pool of addresses i'm going to do network address translation if i'm just going to overload a single address we call that port address translation bottom line is this router is going to change the source ip socket from this to 67.22.10.33 colon 3333 and it keeps a table on here so it knows the translation okay it knows that it translated this to this so it keeps up with that okay keeps track of it so this becomes the new source i p address as it goes out to the internet but the destination ip address still stays the same okay and so that's the way that sockets work a socket is a combination of an ipv4 address and then some port okay the client chooses some random source port but the service port it depends on the service okay if it's secure shell it's 22. if i'm going to go hit a web server up here and this is a public address if it's a web server then the the service port or the destination port is going to be port 80. okay if i'm going to use ssl tls and this is a secure web server then it's going to be destination port 443 okay and so as this host gets translated it goes out on the internet now if it goes to a branch office okay i could be doing translation here so notice that this laptop down here this is one of those rfc 19 private addresses right so they'll have to be some translation that's done some network address translation report address translation on that router or it could be a firewall appliance like a cisco 5515x something like that and so remember that the socket is the combination of the address and the port the source port number the client just chooses something above 1024 but the destination port it is usually the standard port okay 80 for http 22 for secure shell and if it's you know if it's email and it's going to an smtp uh out there that has its own port and we'll talk about those those ports in a different lesson okay but i wanted to give you an idea of kind of how these sockets work together either as you translate or you don't translate so for example if i was coming from this elastic ip address through this gateway at amazon web services coming down to this web server here there would be no translation this is a public ip address routable on the internet this is a public address writable on the internet okay so sometimes we do translation sometimes we don't right so there we go sockets let's look at some functionality or characteristics of tcp obviously tcp is involved in addressing and it does that in the form of ports but it also does multiplexing and multiplexing is really a cool feature if you think about it let's say on your workstation or your laptop you decided you were going to bring up oh how about three different browser sessions so you open up chrome and chrome goes to its home page which we'll say is google.com and then you open up maybe let's say a mozilla firefox browser and that goes to let's say the home page of yahoo.com and then you open up an internet explorer browser and maybe that ie browser goes to its home page let's say bing that search engine so you got three browsers opened up they all go to three different home pages and then maybe you decide to open up your corporate outlook on the web email through a tour a tr browser for security and then maybe you have a mozilla thunderbird and you bring that up to go to your email to your pop3 account so you've got like five different applications open that are going to different i p addresses on different ports so it's that multiplexing of all those different applications that are running tcp helps provide that for us it also handles the connection because tcp is is connection oriented later on i'll show you in the wire shark tool actually we'll dig under the hood and look at a tcp three-way handshake and setting it up and going to a web page and and getting some web pages and tearing it down so it handles the connections it will package and manage data and remember tcp puts it into work called segments okay or it provides segmentation it helps transfer data logically between different ports on different systems clients and servers it provides reliability and transmission quality so for example it can ask you to resend a segment if it didn't get there it can reassemble the segments and put them in back in order on the server for example it also provides flow control and congestion avoidance primarily with a tool called windowing so let's imagine that you rented a beach house okay and at this beach house the wind can go between five miles an hour and 25 miles an hour right and you get those cool breezes coming in through the house but you know as the wind picks up you go and you kind of lower the windows a little bit so you get less of that air let's say the wind goes down to five miles per hour you want to get more wind you open up those windows so tcp clients and servers can also do this when doing so they can say i'll send you know more segments if it's not congested if it if it gets congested i want you to close the window and send me fewer segments so tcp provides that service as well what does tcp not do okay tcp does not determine how applications actually use tcp okay so it's up to the upper layer applications to determine number one if they're going to use tcp at all or number two they're only going to use tcp for certain functions or certain activities okay and that can be the case okay remember dns which is a very popular protocol it can use tcp if it has to set up a connection and transfer the dns database between dns servers but if you're going to do a dns query out on the internet dns is not going to use tcp it's going to use udp for that so tcp doesn't decide how the application actually uses it right it doesn't ensure privacy or authenticity so technically we're going to use either something at layer 5 like ssl tls to do that or we could use ipsec at layer 3 to do that ok tcp sends data as a continuous stream of segments instead of as discrete messages so the application will decide where one message begins and one message ends also tcp doesn't actually guarantee delivery of segments okay it provides reliability by detecting a failed transport of a segment and then re-sending it okay so it's not a not a guaranteed service it's just a reliability service some other characteristics of tcp as we know it's connection oriented so there's a three-way handshake that sets up the connection it's stream oriented so it's a stream of segments it has to be reordered and and reassembled in in the right order when it gets to the server it has bi-directional transport so it's a socket that's set up between two end points it also allows multiple connections going back to my previous example of i've got a bunch of web browsers opened up and a bunch of other applications maybe a telnet session a ftp session tcp can handle all that with its different port numbers and sockets it's reliable and acknowledged it's not guaranteed okay but it's reliable and it's acknowledged it provides unstructured data in the form of segments and it manages the data flow with using sequencing numbers and windowing techniques let's examine tcp operations tcp takes the bytes from upper layers and then sends it on to the network layer protocol ip now since applications are sending data to tcp as a stream of bytes instead of pre-packaged messages each application will typically use its own mechanism its own scheme to decide where one application data element ends and the next element begins once it comes to tcp the bytes are divided into segments and it segments a discrete piece of a stream then the internet protocol places them into datagrams and passes the encapsulated packet to the link layer to be framed with a header and a trailer let's say that our application protocol is going to be http and http is going to send a byte stream down to tcp as we see here realize that tcp is different from other protocols because it doesn't require the applications to send data to it in messages once a tcp connection is set up the application can send tcp a steady stream of bytes without having to conform to any certain structure tcp packages these bytes into segments and they're sized based on a number of different parameters for example tcp uses a sliding window acknowledgment system kind of like if you're on the beach and it's windy outside and you want to open and close your windows accordingly if the winds pick up you can close the windows a little bit if the wind dies down you can open up the windows a little bit so this is done for reliability and data flow control eventually these segments are passed to the iep protocol where they get encapsulated into datagrams so over on the other side the receiving device is going to do this in reverse the segments are removed from the ip datagrams and then the bytes are taken from the segments and passed up to the proper recipient application as a byte stream in this case it's http now something else that's interesting is that since tcp works with individual data bytes instead of discrete messages it has to have some identification method some scheme that works at the byte level in order to do its data transmission and tracking how does it do this it assigns a sequence number to each byte that tcp processes so at the very beginning when that tcp three-way handshake happens the sender or the client will actually have an isn an initial sequence number now here's something that's kind of interesting if you have a firewall in the middle of the client and the server what most firewalls will do is they'll take that initial sequence number and they will run it through some pseudo random generator and then they'll spit out some random number then they'll take the delta or the difference of that initial sequence number and store that difference in ram memory on the firewall or the firewall router and it does that as a security mechanism to prevent people let's say malicious man in the middle attackers from injecting or guessing the sequence number and the guessing the window size and injecting themselves into the process or taking over the connection for example kind of cool as mentioned tcp is reliable so it tracks each byte of data with a sequence number sequence numbers are used to make sure the segmented data can be reassembled and then re-transmitted if necessary to provide reliability and flow control tcp uses an advanced and complex sliding window acknowledgement system this is actually a pretty complicated process so if you want to know more about that i might recommend a book to you called the tcpip guide by charles kozarok each node's tcp stack uses a transmission queue each synth segment is then placed in the queue and a re-transmission timer is started when an ack or acknowledgement is received the data is then removed from the queue if the timer expires then the segment is retransmitted here's our tcp header we can see that we have our source port number and our destination port number so the source port is 2 bytes or 16 bits that's 2 to the 16 power so you've got 65 536 or really 35 ports source ports and destination number the sequence number is pretty big it's four bytes it's as big as an ip address and the acknowledgement number is also 4 bytes or 32 bits the control flags are very important there's nine different bits there and the options are either 0 or 1 and those are going to contribute to what's called the tcp finite state machine in other words knowing the different state of the connection the status of the software on the particular client or server the transition stage the events and actions that take place now there are several bits in those control flags but the ones that we're concerned with are three of them there's a syn bit which is syn if that's turned on it's a synchronized message basically initiating and establishing a connection its function is to synchronize sequence numbers between the client and the server next we have an ack an ack an acknowledgement message this indicates the receipt of a message such as a sin or the third one a fin fin a finish message this is a tcp segment where the fin bit is turned on and it indicates the device wants to terminate the connection there's three other control bits we see here urge or urgent indicates the priority data transfer feature psh push the push feature requests that data be pushed to receiving applications immediately rst or reset this means the sender's encountered a problem and needs to reset the connection and again each control flag subfield is one bit in size here's the process of the tcp handshake we'll see this in wireshark in an upcoming demonstration realize that before you can use tcp to actually send data you have to set up a connection between two devices that want to communicate this is typically called connection establishment but we also call it the three-way handshake we have host a the client on the left and host b the server on the right host a will first send a control segment with the send bit turned on or flipped from zero to one this basically says that this segment's being used to initiate a connection it wants to synchronize and it's also referring to a sequence number for example in this case it's 100. host b receives the syn segment it will acknowledge that by turning on the syn flag and the ack or acknowledgement flag ack indicates that the server sending back this segment is basically conveying an acknowledgement that it received the message host a receives that it establishes the connection notice we have a sequence number an act number and then data can now be sent from the client to the server or vice versa so in a nutshell the client sends a send message the server sends a message that combines an ack for the client's sin and it contains the server's sin or synchronize and the client sends an acknowledgement for the server's sin that's really the three-way handshake in a nutshell okay in this demonstration we're going to get a simple look at the tcp protocol it's operation specifically with an extremely popular application layer 7 protocol that uses tcp and that is http and you can see i've got this http.cap file i downloaded this from the wireshark wiki and i highly recommend that you do this yourself when you get wireshark but i want you to notice at the top here what we're going to see right off the bat is what's called the tcp three-way handshake so our source or our client is at ip address 145. it's an ipv4 address and it wants to go get a web page from a web server at 65.208.228.223. so the first thing it has to do for this connection oriented protocol is to set up a three-way handshake so it's going to choose for its source port some what we call ephemeral port number above 1024 so it's going to choose 3372 as this kind of random source port but the destination port is 80. so what this creates is what we call a socket so the socket from the client's point of view is going to be 145.254.160.237 colon 3372 now let me just mention something if you were doing this yourself let's say from home or a small business and you're behind a router that's using network address translation or port address translation what's going to happen is most likely the source i p address is going to be something from the rfc 1918 private address space so 192.168.0.somethingslash24 if it's a company maybe 10.10.10 or 10.10.10.237 something like that so let's assume for a second that's the case let's say i'm behind a corporate firewall and my source address is a rfc 1918 address so it's 10.10.10.237. okay the socket that's going to be created is i'm going to go ahead and still choose 33.72 but the router or the firewall is going to actually translate that into this public address let's say 145.254 and so on if i'm using port address translation where my firewall or my router is basically overloading that one ip address that's assigned from the service provider so if i did this from my home i know that i've been assigned an address 173.219 so basically i would be creating a socket but the translating router would still use this same source port number 3372 if it's available so it'll do a translation of the private address to the public address but it'll still if it can it'll keep this port number okay so make sure you understand understand that but the destination is port 80 and that's the service port for http so the first thing is what we call a tcp segment with the synchronization bit or flag turned on so it takes that flag in the tcp header and it turns it from a zero to a one in the flag field okay so then the web server which is at 65.208 and so on it's going to obviously send from port 80 it's socket 65 208 228 223 colon 80 back to 3372 and it's going to send a tcp segment and it's going to turn on the syn flag from 0 to 1 and it's gonna turn on the ack flag from zero to one and so that's the synack and by the way this is actually a very common type of attack if someone's trying to attack your router or some other server at your company or whatever what they'll often do is they'll flood that device with a bunch of bogus synack segments or tcp synac that's called a synac attack it's very common most of your modern routers can easily deal with that denial of service attack it uses several different mechanisms cookie to make sure that this is actually legit but then notice that the original client http client is going to go ahead and send an acknowledgement so once the server gets this acknowledgement then the tcp three-way handshake is complete and the session is set up and now the client can get something from the web server so it's using the http get method to attempt to get some content from the web server and if we go down here we might see also that you know this client is trying to go maybe either through that web server or through a link to some other site like you know googlesyndication.com and so there may have to be a dns resolution and so there are a couple of other dns resolutions that take place in here once those resolutions occur now you can see the client is going to a different ip address 216.239.59.99 and it's getting something else okay some advertisement or some click through again another example of using the domain name service to resolve this page add to dot google dot to its ip address so that this client could then go to a different ip address right and so what what we'll see at the bottom here is that eventually this is going to wrap up okay you know it's going to go and hit some websites and grab some content from the web server but eventually there's going to be a tearing down of this tcp connection so when the source client is done it's going to say look i'm going to send you a tcp segment and i'm going to turn on the fin flag from 0 to 1 right and i'm going to acknowledge that with the ack knowledgement flag turned on and then that tcp handshake is torn down and you know it can be torn down uh gracefully like this or it can just be shut down by a timeout on the server side it just stops the connection okay but often we'll see you know a graceful teardown of the connection by this type of activity if i double click on one of these it brings up a window where i can actually dive in deeper okay and see the the internet protocol activity going on here and so you know we can see that as far as ip is concerned in the internet protocol header there is a field called protocol and so you can see that in that field it says then it's going to be the number six which says this is tcp okay so again you can kind of get a little bit deeper into these activities by just clicking on this right and notice this right here where it says two reassembled segments realize on the server side that the server has to reassemble those segments so they're in the proper order so it can actually process whatever the data payload is all right so here's an example of one of the most common if not the most common tcp protocol in the world and that's http and using wireshark to see the three-way handshake to set it up its activities of getting pages from the web server and then gracefully tearing down the tcp connection excellent in lesson 11 we're going to look at user datagram protocol udp first we'll compare udp to tcp we'll understand the different udp ports and explore common udp services and then we'll finish up demonstrating datagram tls or dtls in this lesson we're going to look at some of the things that make udp user datagram protocol different from tcp so for example udp does not ensure data delivery like tcp does remember tcp gives us reliability and acknowledgement if tcp is used the transport layer has those additional responsibilities udp does not provide segmentation services the behavior of udp is basically best effort and connectionless in other words it's kind of like if i want to send my neighbor peter a message and i write it down on a piece of paper and fold it up into a paper airplane and throw it over the back fence that's kind of the way udp works there's no sequencing of segments with udp and it is best for video and voice streaming audio streaming conferencing and then ping pong services like dns queries for example and trivial file transfer protocol tftp remember nowadays udp is used a lot more because some of the connection oriented and reliability is actually built in at the upper layer protocol so they'll build that in in the upper layer protocol and go ahead and use udp in real time applications drop packets can be accepted as long as the overall percentage of drop packets is relatively low so for example if you're watching a streaming video for example if some of those udp packets are dropped your brain will fill in the gaps i think we call it the gestalt effect but if you're watching a video or you're listening to music that's being streamed if a few of those udp packets don't make it you'll fill in the gaps with your with your mind it's a very it's a very cool thing that's why it's commonly used for those types of services even with voice over ip if i'm talking to you with internet voice over ip if a few of those packets are dropped you're still going to get the conversation and you're going to understand what i'm telling you a connectionless protocol is appropriate for programs that need faster communication without necessarily verifying the receipt so again an analogy tcp is kind of like sending certified mail or maybe sending something by fedex or ups where udp is like getting those advertisement flyers in the mail once a month okay we're going to talk about udp ports here specifically and we know that on our systems that the mac address the media access control hexadecimal address of the network interface card is mapped to an ip address we know that the arp protocol helps us make that mapping in version 4 and we know that icmp version 6 helps us make that mapping in ip version 6. but how does the computer how does the system know which service or application it's bound for well that's where our ports come in right now remember in the udp header and the tcp header there's a source port field and a destination port field both of those fields are 16 bit fields right so 2 to the 16th power so what that means is we have 65 536 possibilities so we have over 65 000 possible udp ports and we have over 65 000 possible tcp ports now with udp we actually do use a lot of ports that are kind of way up there in different random ports right but we never use all of these different ports some of these ports are assigned though and so i want to make sure we understand some of the most common assigned udp ports okay one of them probably the most common is the domain name service and so that's going to be port 53 udp now remember some of these protocols and services they can use udp and or tcp so dns uses udp 53 for its queries okay dns queries for its ping-pong services we can call it that okay so donate dns service uses that dhcp dhcp also can use both udp or tcp for its kind of basic discovery process dhcp can use port 67 or port 68 udp if you don't want to use the ftp protocol and all you want to do is just go up to a server and just grab some configuration file often we do this with routers and servers we can use what's called the trivial file transfer protocol tftp that's a much more basic and fundamental doesn't have all the bells and whistles that ftp does if you're going to use trivial ftp that uses udp port 69. some database services will use udp basically to just query or get information like the structured query language sql which is a very popular relational database service sql can use port 118 it might use port 156 so some of these database services will also use udp the network time protocol okay which allows these particular hosts or routers that they're working with to synchronize their time often what they do is they connect to an ntp server up here on the internet and that's connected to an atomic clock right that way they can have their time synchronized down to the milliseconds okay so ntp network time protocol we can use that's on port 123 ep port 123. uh the microsoft world uh microsoft used to have a protocol that was very popular it was called netbios it's still used on even on server 12 2012 and 2016 but it's not it's kind of rare but you know you might still be using microsoft net bios that used a couple of udp ports 137 and 138 uh snmp simple network management protocol okay snmp a very important protocol when it sends its in its traps uh it'll use udp port 161 okay and then finally you might be using internet relay chat irc very popular service that's used with internet chat and that'll use udp port 194. now something else about ports that's very interesting is that most organizations either on this router right here or a separate device will be a firewall okay now the firewall service can run on the router it could be like a little module you attach to the router it could be something the router connects to or it could be a dedicated box that's a firewall right these particular devices and whether it's on behalf of udp or tcp they often have to permit and deny or what we call whitelist certain traffic and so they whitelist that traffic the the classic stateful packet firewall based on the the common service numbers the port numbers that they use so firewalls are also aware of the ports that these different services use so they can open up the firewall they can open up those ports to allow that traffic to come in and go out of the organization udp in this lesson i want to delve deeper into user datagram protocol or udp so first off when do we use udp okay when you need a rapid response from a server okay for example like a dns query or a type of ping pong service that's great for udp it's also preferable when the response comes back in just a single packet that's a good usage of udp connection costs are too high with tcp connection connection-oriented services if that's the case then we'll try to use udp when you can afford to lose some data let's say it's a stock ticker that's kind of streaming stock quotes or weather data weather information or maybe gaming data or audio or video streaming or conferencing you can you know you can lose a few packets there udp works great for those types of services and udp can be multicasted to more than one host so we know that udp does unicast but it can also be part of a multicast for example let's say you have a group of individuals that are getting a web conference okay and they're in a multicast group udp awesome for that we use udp for dns queries it's also used in simple network management protocol to send traps okay on udp port 161 routing information protocol rip rip version 1 and rip version 2 uses udp the dynamic host configuration protocol dhcp can use udp datagram tls where we're using transport layer security where we initially set up a three-way handshake with tcp then datagram dtls takes over i'll actually show you this later on in a demonstration or real-time audio and video streaming protocols love to use udp let's talk about udp light which is out there and commonly used certain programs can still function even when there are partially damaged payloads involved okay if your partially damaged payload is delivered instead of being discarded well these applications can tolerate some payload corruption and they might use what's called the lightweight user datagram protocol or udp light a couple of rfcs for that 3828 and 45.05 i want to check those out it modifies the udp payload length field to basically what's called checksum coverage length that's not that big of a deal for you to remember but it is an important protocol we also have what's called dccp which is part of the udp family this is the datagram congestion control protocol and this offers a more refined and advanced datagram service it's mainly geared towards unicast streaming services on the world wide web this protocol is covered in rfc 4340. let's talk about a very important protocol that uses udp and it's a protocol that we could talk about i guess along with https or ssltls but since it does leverage the udp protocol in such an elegant way i'm going to talk about dtls here dtls provides security for datagram based applications so that's tcpip layer 3 and it prevents eavesdropping tampering or message forgery however beyond that the dtls protocol is based on the stream-oriented transport layer security tls protocol and is intended to offer similar security it preserves the semantics of the underlying transport so that the application doesn't suffer the delays that come with streaming protocols and so you'll probably be using dtls if you work for a company and it has a vpn client running on your laptop or on your workstation or on some mobile device and you'll be using dtls without even really knowing it you think you might be using ssl tls but to help provide better performance for those audio streaming video streaming conferencing programs you're most likely using datagram tls under the hood and since dtls uses udp instead of tcp it avoids the problems that happen when tcp is used to create a vpn tunnel dtls 1.0 is based on tls 1.2 and then dtls 1.2 which notice they skipped a number is based on tls 1.2 so most likely you're using transport layer security 1.2 over tcpip initially and then your system will switch over and use dtls 1.2 there's no dtls 1.1 as that version number was skipped in order to harmonize the version numbers with transport layer security companies like f5 f5 network's edgevpn client uses tls and dtls citrix systems netscaler uses dtls to secure udp web browsers like google chrome opera and firefox support dtls srtp or secure remote transfer protocol for what's called webrtc and the cisco anyconnect vpn client uses tls and dtls as does the open source open connect client as a matter of fact that's what i'm using on my laptop it looks just like this when i connect using my cisco anyconnect secure mobility client to a corporate vpn i'm also using cisco umbrella which means all of my dns queries are going to cisco's secure encrypted dns servers but then when i look at the status of my vpn network i can see the protocol i'm using is not tls but actually datagram tls with a very strong cipher rsa and aes 256 throughout this entire series i've been mentioning several different requests for comments rfcs so here's the one 6437 which is the rfc for datagram transport layer security version 1.2 and this is basically dtls with udp and so i really highly recommend that you go up and get this request for comment or just take a look at it and kind of familiarize yourselves not only with the protocol but also with understanding how these rfcs can be such valuable resources in our final module module 6 we're going to look at various tcpip application layer protocols biggies like dns dhcp smtp and of course http what we use on the world wide web the title of lesson 12 is surveying the application layer protocols and services in this final lesson we'll introduce dns domain name system we'll introduce ftp file transfer protocol we'll look at dhcp dynamic host configuration protocol we'll explore snmp simple network management protocol we'll look at email or electronic mail then we'll introduce hypertext transfer protocol http and the secure version hypertext transfer protocol secure and then we'll finish up this lesson with a demonstration of the wireshark packet sniffer tool well we're going to be looking at application layer services and we're going to probably start out here with what i think is one of the most important services and that's the domain name system and dns is how we refer to it now why is it so important okay well because as human beings we like to use user-friendly names to refer to things okay you know my buddy pete back there who's uh producing this with me you know i could refer to him as his social security number you know i could memorize that or i could he could give me his driver's license id number and i could refer to him as that or maybe his phone number you know hey what's up 512 or whatever his 503 whatever his phone number is but you know we like to use friendly names and so that's what the dns service does for us things that are easy for us to use and easy to recall host names or friendly names are often used to represent clients and server nodes as well as other things okay like even a router for example the conversation process between the nodes or the hosts is called name resolution and there are several types of name resolution that can be used with the internet and with other networks but for us dns is the most common and the most important by far dns is a distributed database and it's used by tcp ip applications to map ip addresses to host names otherwise known as friendly names or you might even hear the term fqdn a fully qualified domain name and it facilitates the routing of email services also world wide web identities web servers for example and much more each site can keep its own database so that internet clients could query them as needed dns is also an application layer protocol and that's similar to other application layer services sometimes the layer 7 service is also a utility or a tool as well as a protocol okay for example we might refer to arp as a protocol or service but arp is also a program that you can run on your workstation or your pc and dns helps us manage and replicate and query that dns distributed database now there's top echelons what we call the namespace of domain name service we have what are called generic top level domains gtlds those are the ones you're most familiar with okay like dot com we also have country code tlds or cctld different countries will have their own country codes you know like uk for example we have internationalized country codes which are idns and then we have special historical infrastructure tlds and those go back to the early days of the arpanet and those are called arpa the generic or the gtlds are further grouped into three categories generic tlds generic restricted and sponsored here are some common gtlds by the way i'm also showing you here the estimated first use so if you go down to the fourth row there's dot-com which was first used in january of 1985 and that's just generic commercial and you might be familiar with edu that's another one from 1985 okay basically united states post-secondary educational institutions there's dot gov also from 85 you'll see there's info which is relatively new 2001 the military has their own dot mil another one that's kind of new is moby for mobile products and services and then of course there's the.net and dot org which i'm sure you're also familiar with to register a tld or a generic tld you go to the icann organization what we're looking at here is some case studies this is one of the pages so let me grab my laser pointer i'm over here and i'm clicking on this case studies and you can see these are some ones that you know in the fall of 2018 these are proposed top-level domains like dot bank one of my favorites i think maybe even pete would like this too dot bar which is you know a home for fun and social engagement so dot bar then some some organizations some companies may even have their own uh tld so there we go let's look at the dns naming structure the names below the top level domains are further grouped into subdomains and this is especially true with the cctlds a fully qualified domain name or fqdn consists of a list of labels separated by periods so here's a domain that i own trainology.com so a fully qualified domain name to publications on my web server at trainology.com would be www.pubs.trainology.com names are case sensitive and each label can be up to 63 characters an entire fqdn is limited to one byte that's a good dns administration individuals entities or organizations should take responsibility for parts of the namespace which means one or more domains like for example trainology.com you should have at least two dns servers or you should be using a service provider that will offer that for you to respond to queries on udp port 53 so that's that ping pong query service that dns uses now the dns servers they're going to store what we call the zone databases you'll have a primary server and a secondary server and obviously you're going to replicate information between those servers now when that happens you're going to use dns tcp 53 so when you transfer that database information we call it a zone transfer let's say from a primary to a secondary so that you have kind of a failover mechanism that's going to be tcp so dns is one of those services one of those protocols that can use udp on port 53 and tcp on port 53 and a zone is a unit of administrative delegation and it's a sub-tree of the dns namespace every domain name like trainology.com resides in some zone now tlds the top-level domains those reside when we call the root zone a dns server can hold information about one more than one zone that's very common for example if you use amazon web services cloud-based route 53 dns server they're going to store information about a lot of zones each zone has a designated responsible entity who has authority to manage the names addresses and subzones and we typically store that in a database record known as the soa the startup authority by the way here's that url to who is at icann and you can use this search feature to go find out information about different domains out there for example when you register your own domain it will store this information and people can do a who is and find out about the person that administers that domain now you can pay extra money and you can hide that information and by the way not a bad idea now one thing dns does very well is it caches information so it's readily available to those end hosts so that they don't have to query all the way up the dns tree to the root servers that information gets as resolutions are done as queries are done it gets cached on lower level dns servers and so your name to address mappings typically come from three sources one it'll come from another dns server that's resolving a query or two it'll be as a result of a zone transfer or three you'll get that most often directly from cached data in a zone database on a dns server most named servers will cache zone transfer data up to a setting known as the ttl or the time to live each dns record has a ttl value that dictates how long it can be cached when responding the server indicates if the data is an authoritative copy or if it's from the nearest cache if cached usually the list of contacted name servers is also included in the dns response here's an example of a udp ipv4 datagram with a dns message again up to 512 bytes and we see this is a udp datagram for dns so what that means is it's most likely a query okay or a response and you can see that we have a udp header right which is eight bytes and then we have the dns fixed header we have a question section we have an answer section or a query and response the authority section which will provide information about who's the authority of that information and then additional information okay so that's not something you have to memorize for the real world but just want to give you an idea this could also be a tcp datagram if this was two servers that were transferring uh zone information for example and like i said this is a distributed database so there's different types of records in that database one of the most common is the a record and rr stands for resource record that's basically the ipv4 address a 32-bit you've also got ns the name server okay that's an important one the authoritative name server for the zone maybe it's amazon web services an alias has a c name or a canonical name sometimes web servers will have an alias or a canonical name that they use for marketing purposes or for business purposes that soa is important because that designates the start of authority for that particular zone information then an mx record is basically the email mail transfer agent that's used by the smtp protocol another one that's important that i'm going to show you here is the quad a or 4as aaa and that's the ip version 6 address record that's defined in rfc 3569 and you can also see other things for zone transfers of the database like an ixfr is an incremental just the changes transferred and axfr is transferring the full database and again as i mentioned you're going to be using tcp 53 for that in this lesson i want to introduce the file transfer protocol or ftp this is actually one of the earliest tcpip applications and early on it was used at a console or a command line uh way before we had the operating systems with the graphical interfaces and all those good things so it's old school ftp uses a client server architecture so we've got ftp client and we've got an ftp server now nowadays the client you could use your console session like you could open up a console session on your linux machine or you could run cmd.exe on your microsoft machine or you could use a graphical tool like i like to use filezilla obviously this is a mozilla product so i like to use the graphical tool filezilla on my on my machines and so what happens with ftp the architecture uses a separate control connection and a separate data connection between the client and the server so historically the client and the server this ftp is a tcp connection oriented protocol so there's going to be a three-way handshake between the client and the server once that three-way handshake is up and the tcp session is is ready to go then we use port 21 for the command and control process and then once we kind of exchange information command and control then we use port 20 to do our sending of data or receiving of data so obviously there's different commands the client could be putting data up on the ftp server right or it could be getting data from the ftp server and that's all figured out uh with the command and control channel now ftp clients can authenticate themselves with a clear text sign-in protocol typically in the form of a username and password but the user of the program can also connect anonymously so we have a thing called anonymous ftp we don't see that as much anymore because it's just a security vulnerability but back in the day there was a lot of anonymous ftp and you could just download those programs now today we often use secure transmissions to protect username and password and we might encrypt the content so we might use ssl tls so that's ftps or ftp secure or you could replace this with secure shell file transfer protocol and that's sftp so just to let you know ftp s which is ssl okay that's going to use port 443 as its data service port if you use secure shell ftp so that's s ftp that's going to be port 22 okay for the service port to send the data on now when you're sending data over the network there's really four kind of data representations that can be used in ftp first we have what's called ascii mode and i mentioned ascii early on in this course when i was talking about remember matt damon in the martian and using ascii to get you know information from nasa so there's ascii mode and that's used for text there's image mode which is commonly called binary mode so the sending machine sends each file byte by byte okay uh there's also let's see e b c d i c mode okay e b c let me e b c d i c mode okay and that's used for plain text between hosts that are using this character set as opposed to the act ascii character set and by the way there's lots of different character sets out there there's unicode there's ascii there's quite a few of them there's a local mode local mode allows two computers that have the same setup to send data in a proprietary format without having to convert it to ascii mode okay so those are four kind of behaviors of ftp now data transfer can be done in any of three different modes there's stream mode okay and that's where data is sent as a continuous stream and that basically relieves ft from doing a lot of processing there's also block mode where ftp server breaks up the data into several blocks then there's a compressed mode and that's used over slow links right like a like a dial-up modem or an isdn link where the data is compressed using a simple algorithm realize that most common web browsers ie mozilla firefox what chrome they can retrieve file that's hosted on ftp servers although they may not support the protocol extensions like ftps that i mentioned okay but a lot of web browsers will be able to grab content off ftp servers as well a full featured ftp client like filezilla however can be run and do everything that ftp can do so i highly recommend getting a standalone separate ftp client as opposed to using the web server as a matter of fact some web servers out there on the internet they won't allow web clients to use ftp to get files okay they can actually control that on the web server so something else i want to leave you with as far as ftp goes is two modes called active and passive mode so let me just write those over here and this is determined on the server side active or passive and it used to be this was a big thing because firewalls used to have issues with this but our new firewalls that are stateful and do packet inspection they can handle either one of these modes but in active mode the client establishes the command channel the command and control channel but the server is responsible for establishing the data channel okay now as i said this historically could be a problem if for example the client machine was behind a firewall and it didn't allow unauthorized session requests from external parties passive mode is where the client establishes both channels okay the command and control channel and the data channel right so we already know it establishes the command channel in active mode and it does the same here however it then requests that the server okay on the command and control channel which here is port 21 it asks the server to go ahead and start listening on a port of the server's discretion so we can just pick some random port like you know 3500 instead of trying to establish a connection back to the client on the standard port okay so those are a couple of things you can find out more about this ftp behavior in rfc 959 okay and so that is kind of our ftp behavior realize that we don't have to use ftp if you just want to grab a configuration file or just some simple grabbing of a file we can use what's called trivial ftp and routers often do this they need to go get a configuration file or some other file they need to load it up into ram memory on the router they'll just use tftp and that uses udp port 69. also i want to leave you with this this ftp sharing of files putting up files and getting files this is not the same thing as what we call peer-to-peer file sharing okay that's a whole different animal uses all different port numbers uh maybe you've heard of things like uh bittorrent okay and things like that right so there's all these peer-to-peer files sharing kazaa there's another one of those there's a bunch of them out there peer-to-peer file sharing is a totally different thing they often use really high up port numbers way up there you know in the tens of thousands and in a p2p environment every participant every node in a peer-to-peer file sharing network is a server so everything's a client and a server so if you put a bunch of files on your system and it's part of a a peer-to-peer network it's serving files people can come grab files off that device and it's a client as well so don't confuse file transfer protocol and its secure variants or trivial ftp with p2p peer-to-peer file sharing in this demonstration we're going to survey the very important dhcp dynamic host configuration protocol every tcp host needs a certain amount of configuration information once it comes onto the network maybe you're installing a new workstation at your business or maybe someone's bringing in their laptop or their mobile device into the enterprise it needs more than simply its ip address and subnet mask for example it might need to know where's the dns server so i can do name resolution or what's the ip address at my default gateway in case i want to get out of this local area network and get out onto the internet or connect to some branch office dhcp is based on an earlier internet bootstrap protocol or boot p from rfc 1542 boot p for all practical purposes is pretty much obsolete now dhcp has two main parts its primary purpose is to manage addresses and masks and it stores those in what's called a scope and then it leases them out to end points the second part is to distribute configuration information like the dns server the default gateway the network time protocol server and other attributes the options field in the dhcp header is an 8-bit field which means there's about 255 options that it can give out to the dhcp client so for example notice we have different codes here and data length the data length portion is in bytes by the way so for example notice that code 1 is the subnet mask and it has a data length of 4. so as you remember the subnet mask is 4 bytes or 32 bits just like the ip address code number 3 says here's your router the layer 3 device that you use to get out of your local area network number 42 is ntp servers that's important to synchronize your time number six is the domain name server dns seven is your log or syslog server that's important for logging and monitoring and reporting code 81 is the fqdn here's your fully qualified domain name you could also use 15 for domain name code 19 says i'm going to enable or disable ipforwarding so the dhcp server could actually tell the dhcp client you're going to be a router code 69 is the smtp server that's important or the post office protocol server pop number 70 number 50 is the requested ip address and number 51 is the ip address lease time and the lease could be a matter of minutes or the lease could be a matter of days the dhcp clients can discover one or more dhcp servers by sending out broadcast messages typically it begins with a zero ipsource address if it's been given the lease in the past it will request the same address however as previously configured so the dhcp client on the right is going to send out a broadcast dhcp discover message the dhcp offer from the server which can come either directly from a server or it can be relayed by a dhcp relay server or a router is going to include the your ip address field as well as other configuration settings as mentioned like the dns server address the subnet mask the smtp server etc it'll get this information from the lease scope on the server along with the lease time t a renewal time t1 and the rebinding time t2 be careful other servers even rogue dhcp servers can offer this as well and this could be in a wired network or a wireless network the client on the right-hand side will collect the replies in a broadcast to all the offering servers but only the selected server identified in the dhcp request will commit to the ip address binding the others are going to clear out that state information from their memory cache now if the server can't allocate the binding to the client it may send a dhcp knack in other words it's a negative or it's not going to acknowledge it and sometimes extra verification can be added for example microsoft active directory can make sure that the client and the server are both authorized members of a domain a switch could also use a feature called dhcp snooping which builds a binding table in the switch memory to make sure that there's no rogue devices or that an attack is not occurring the address of the dns server or option number six is a very important interaction between dhcp and dns remember without dns the system will be pretty much useless for finding hosts on the internet beyond its local area network a lot of organizations actually combine their dns and dhcp servers for example this is a linux package known as dns masq or they could use a feature called dynamic dns microsoft uses this where we'll automatically update the dns database on a server based on information in the dhcp request packet here we see an ipconfig forward slash all and we can see that dhcp is enabled it was given an ipv4 address of 192.168.0.114 with a 24-bit mask you can see when the lease was obtained and when the lease expires you also see that it was given some options such as the ip address of its default gateway and the ip address of the dhcp server shows up here as well snmp stands for simple network management protocol this is a very important protocol that's used almost exclusively in tcpip networks snmp offers a means to monitor and control network devices and to manage configurations collect statistics manage performance and to some degree security as well snmp operates with udp on port 161 and it's an application layer protocol that facilitates the exchange of management information between network devices snmp enables network administrators to manage network performance to find and solve network problems and plan for network growth as well as remotely configured devices like routers and switches here's an example of the components of snmp operations over here on the left hand side we have the manager and this is basically going to be some type of command line tool that you run on your linux machine or your windows machine it could be a graphical user interface management tool as well and this snmp manager basically is going to exchange different messages with different devices now if a device is a managed device and it could be a server it could be a router it could be a switch it could be a load balancer it could be a firewall all different types of network devices if it's an snmp managed device it'll be running an agent on there which is really just a software package that's installed and that agent has included in it what's called the mib which is a management information base or a database that's set up in a tree structure so in other words if that's managed devices let's say a cisco router the mib is going to pretty much have all of the configuration information about that particular platform of router and remember there's lots of different uh brands of routers there's lots of different versions and platforms within each vendor whether it's juniper or whether it's cisco or 3com or whoever and so that management information base has a tree structure of all the configurable elements we call them configuration items on that router and what's important is that information can be retrieved you can pull information from that agent on that device or you could actually you could make changes and the way that we do this historically is using kind of a password called a community string and the community string can be a read write type of string or a password and if it is this manager can make changes if it's a read write string they can make changes on that managed device if it's just a read-only string all they can do is pull information okay and we we call that pulling of information or sending of information from the managed device to the manager we call that a trap okay an snmp trap there are several versions when i first got into networking way back way back okay my first job with a telecommunications company which is now defunct they're no longer in business but i was a network technician and i transitioned from a studio engineer and it was a pretty smooth transition working in a studio dealing with boards and plugging in to patch panels for compressors and all different types of effects units that concept of networking was a really you know a smooth transition for me but when i went to work at my first job we didn't even have switches okay we had bridges that would bridge between like an ethernet network and a token ring network and we had hubs and we had they were called intelligent hubs and they were intelligent hubs because they ran snnp version one on them and so snmp version one used plain text community strings okay so in other words they there was no encryption there if you wanted to have security you had to have some other layer of security working with that for example maybe ipsec you had read only you had read write and we used traps back then then we had snmp version 2 and then they upgraded that to 2c which became the most well-known and most popular version of snmp and probably still at this point in time it's the most widely deployed version out there it included a bunch of improvements to the protocol it still uses community strings but it's the most common version snmp version 2c a few years ago snmp was upgraded to version 3 and what they did was they enhanced the security with strong encryption and authentication and we're going to talk more about that in a couple of lessons i'm going to be looking at https okay which is ssl tls and i'm going to give you a quick little tutorial on cryptography okay so that's coming up later on in this lesson and snmp version 3 also supported users in groups policies and views and it provided security mechanisms for confidentiality integrity of that information being sent from the manager to the to the managed device but also it provided origin authentication so you could make sure that that trap was coming from the device it was supposed to come to or the managed device really was qualified to manage that particular device here's an example of the snmp mib tree so this information is obviously represented as a tree but it's stored in kind of a database in the mib on all of the managed devices right so if your switch or your router or your firewall supports snmp well it's going to have this tree structure on it and notice as you kind of move down to let's say the cisco device underneath cisco it's got its own cis or configuration items so if i wanted to go into the tree to configure something on a cisco router i would basically tell in that particular information i send to the managed device i would say hey let's go up to root.1.3.6.1.4.1 dot whatever okay so that's how you follow that tree down i send that information over to the managed device and let's say there's a bunch of information under cisco or juniper or microsoft or maybe it's a server operating system and of course below that i'll just follow that tree down and either read that information and get it or if i'm doing a read write i can change that information that's why snmp is so powerful but it's also a dangerous protocol because with the capability of changing the configuration on pretty much any device from pretty much any vendor somebody who can compromise your snmp 2c environment can do a lot of damage to your infrastructure in this lesson we're getting an introduction to electronic mail systems or email now trust me i could do an entire live lesson series on email and there's there's live lesson series out there on microsoft exchange and if you want to know more about a great email system probably considered one of the best ever developed that would be microsoft exchange what we're looking at first here though is sending email so let's say here i am you know here's michael and i am the smtp sender of an email the recipient of my email is down here and that's my buddy peter okay so i'm going to send an email to peter now i'm using some type of smtp user agent nowadays that smtp user agent is typically some type of graphical user interface right back in the day didn't have to be it could be done you know in a command line in a console in the early days of the internet but nowadays we're using some like microsoft outlook okay for example and so i have my user agent then i have the emails that i'm sending email or emails i'm sending to peter and those are going to go to what's called a local mta which is a message transfer agent one of the most popular mtas on the planet microsoft exchange okay now the local mta could then go to a relay mta now the relay mta could be on my site it could be let's say in a dmz zone at my company my enterprise it could be up on at the service provider i could be sending it to it could be a cloud provider but the bottom line is smtp is tcp oriented so remember a three-way handshake is going to happen before me and peter the recipient specifically the three-way handshake will happen with the mtas but we're using tcp port 25 okay that's what simple message transfer protocol uses and then of course over the internet i may go through one or more multiple relays or relay mtas okay now uh once i get to my destination it's going to go eventually to that local mta and at peter's he may have you know several levels of message transfer agents it gets sent to peter's user mailbox okay now here's the deal once that email message gets to peter's mailbox he's not going to use smtp to go get the messages out of the user mailbox okay remember smtp is only used to send messages now if he's going to respond to me if he's going to reply to my email then of course he'll use smtp in the reverse direction but we're going to talk about four main types of client or email clients that peter could use to go as his agent to go retrieve those messages out of his mailbox okay now smtp was the original protocol a few years back they extended the functionality of smtp so nowadays most likely than not what you're actually using is called e-s-m-t-p or extended okay so it added some extra commands to smtp to just provide functionality also realize and by the way it still uses port 25. also realize that with smtp you could also use along with the extended commands you may also get security of your email and one way to do that is with a service called s mime okay s mime is a way to secure your mail okay and you might want to check that out it's kind of beyond the scope of this tcp course but we can use that or if we wanted to we could have that smtp information wrapped up inside of an ipsec vpn okay at layer 3 or we could use and this is very common we could send the email and have it be over tls or transport layer security 1.1 or 1.2 also remember and it's in the dns lesson we talked about but there's a record so we can use dns along with our smtp there's a record in there called an mx record and the mx record of dns actually it stands for mail exchanger and so whatever user friendly name we give that mx record that is going to be the friendly name of our mta either our local mta or a relay mta so that mx record mail exchanger points to this particular that's it's such an important marriage between dns and email and smtp so that's the sending of email from me the client down here to peter the recipient let's look next at our four main or three main protocols that we're going to use from the client side to retrieve or get our email from our mailbox okay here's our four main protocols we've already talked about smtp and we know that we're actually using esmtp and this is used by the message transfer agents okay and the relays to send email on the internet okay it's only used to send email not retrieve the email from the mailbox esmtp is often very tightly controlled by your perimeter routers and firewalls okay so it's one of those things that's typically very well protected with firewall policies with inspectors and something we call dlp okay data loss prevention this is very important nowadays in enterprises because they don't want you to send email out of your company that has let's say credit card numbers in it or personal health information or maybe you know corporate uh keywords intellectual properties so these often will work in concert with some type of email security appliance or data loss prevention system to make sure that you're only sending stuff out of your company that that's legal and that should be sent out according to your aup your acceptable use policy okay now the other protocols these are client-side protocols and these are the ones that you know peter is going to use to go retrieve his email one of the most popular and probably one of the original ones was post office protocol and you can see it's already been a couple of versions pop one pop two and pop three we typ we typically use post office protocol version three now and this actually allows you to kind of access that mailbox and then download messages right and you can say i want to download all the messages from my mailbox or i just want to download a few of them and leave the rest of them up on the pop server so you basically you connect to the pop3 server you download and then you disconnect okay and by the way you can use security along with pop3 as well in your enterprise at your company and your business most likely what you're using is imap okay and i think imap4 is the most common version out there imap4 internet message access protocol this is a client server protocol that allows you to access messages in the mailbox from your local mta imap has a lot of features so we call it feature rich okay it's very flexible it's used for example by microsoft outlook and lots of corporate solutions and it works very well with like your anti-virus and anti-spam solutions as well another cool thing about imap is that you can just go view the headers okay the email header information in your client and you can pick and choose from the headers what you want to download with pop3 you connect you download all your messages and that's why with pop3 it's more common that you get lots of spam and you may even get a lot of stuff you don't want with imap though it's much more of a secure feature rich solution and you can just simply look at the headers and go i don't want that i don't want that i want that i do want that so it's much more flexible very popular corporate solution what's becoming i think even more popular now is using http for email we call that webmail right so this is using you know port 80 for http or if you're going to do it securely ssl tls443 and that's using you know something like gmail from google or yahoo mail or hotmail from microsoft there's yandex which is very popular also there's outlook mail on the web i use one called zoho okay zoho and so obviously this is going to use http right to go up and retrieve the email from the mailbox and http to place email and send email over the world wide web so there you go there's our email main protocols like i said if you want to dig deeper into email electronic mail and all the different security aspects of that check out a live lessons on microsoft exchange in this lesson we're going to be looking at http the hypertext transfer protocol and this is one of those protocols that if you're going to continue along in your i.t career or your technology career or getting into the internet of things or the web of things or maybe become a programmer whatever you're going to do involving information technology this is one of those protocols you want to run with you want to get deeper into not only http but the secure version https that uses transport layer security or tls well that being said http is defined as an application level service it's used for distributed collaborative and hyper media information systems and hypermedia really is the hypertext when you see those hyperlinks on web pages and you click on those hyperlinks and those take you to other pages that's what we're talking about here it's the foundation protocol for data communication for the world wide web since around 1990 and it's defined in rfc 2616. http is a generic and stateless protocol it actually has to use tcp and it can be used for other purposes as well using extensions of its request methods error codes and headers now this tutorial is based on the 2616 specification it's referred to as http 1.1 which is a revision of the original http 1.0 there are newer versions of http out there like i said you're going to want to explore those as you go farther with your information technology hypertext transfer protocol is a tcpip-based communication protocol used to deliver data such as html files hypertext markup language image files the results of queries and more on the www world wide web the default port of http is tcp port 80 but other ports can be used as well as long as the client and the server agree the http specification designates how client request data will be constructed and then sent to the server and how servers respond to these requests there are three basic features that make http a simple but powerful protocol http is connectionless the client for example the web browser initiates an http request and after the request is made the client disconnects from the server and then waits for a response the server processes the request then re-establishes the connection with the client to send back that response it's also media independent that means pretty much any type of data can be sent by http as long as both the client and the server agree and know how to handle that data content so for example both of them using the appropriate mime mime type http is stateless as mentioned it's connectionless and it's a direct result the server and the client are aware of each other only during a current request afterwards both of them pretty much forget each other and due to this nature of the protocol either the client nor the browser will really retain information between different requests across web pages other mechanisms are used for that for example cookies in a nutshell the hdb protocol is a request response protocol based on the client server-based architecture where things like web browsers robots search engines and other web enabled applications perform like http clients and the web server acts as the server notice in the left hand side we have http clients the most popular is the web browser like mozilla firefox internet explorer safari google chrome and others but it can also be other web enabled applications notice that the client on the left sends a request to the server this will be in the form of a request method a uri a uniform resource indicator a protocol version followed by a mime like message that contains request modifiers client information and possible body content over tcp connections the server responds with a status line including the message protocol's version and a success or error code followed by a mime like message containing server information entity meta information and possible entity body content so for example on the left hand side the user issues a url from a browser let's say http colon forward slash forward slash www.trainology.com forward slash path forward slash file in step 2 the browser sends a request message notice it's using the get method and it's using http 1.1 it also has the host ip address and the host port in step 3 the server maps the uniform resource locator url www.trainology.com forward slash path forward slash file or program under the document directory in step 4 the server returns a response message in this example it's http over tcpip version 1.1 using code number 200 and then finally the browser formats the response and displays it to the client or the end user notice in the middle where we have the browser request and the server response there's going to be header fields used here and they provide necessary information about the request or the response or about the object being sent in the message body and there's basically four types of http message headers there's a general header and these fields have general applicability for both the request and the response message there's a request header where basically the fields are applicable only for request messages there's a response header which has fields for response messages and then there's the entity header and these fields define what we call meta information or metadata about the entity body or if there's nothing in the body it'll be about the resource identified by the request for example the path and the file http also uses several popular parameters so for example the version which is typically going to be 1.1 there's also uris uniform resource identifiers this is basically simple formatted case insensitive string information that contains the name and the location to identify a resource for example http colon forward slash forward slash www.trainology.com forward slash path forward slash file the path could be let's say m shannon the file could be home dot html you also have date and time formats and all of those date and time stamps must be represented in greenwich mean time or gmt without exception we have character sets like ascii or iso 8859-1 or iso 8859-7 we have content encodings for example we're going to compress it it'll be with gzip compression basically indicating that an encoding algorithm has been used to encode the content before it gets sent over the internet and then different media types http uses internet media types in the content type and accept header fields to provide open and extensible data typing and type negotiation it can be different types of media like a gif file or a jpeg it could be different languages used for example the http message has a message header then a blank line that separates the header from the body and then an optional message body and remember the message body is optional over on the right hand side we see a basic simple example of content in a message body with the html tag followed by the body tag and then the header one tag which just simply says hello world so if you went to this website and saw this web page all you would see was the text hello comma world exclamation point on the website http uses different request methods the two most popular are the get method and the head method sometimes these are the only ones that are allowed by firewalls or other content security applications get is used to retrieve data from the server using a given uri as mentioned earlier head is the same as get but it just transfers the status line and the header section only post is used to send data to the server like customer information or something that you fill out in an html form put replaces all the current representations of the target resource with the uploaded content delete removes all the current representations of the target resource given by a uri this one's often blocked connect establishes a tunnel to the server identified by a given uri options will describe the communication options for the target resource and trace performs a message loopback test along with the path to the target resource here we see an example http request we're using the get method notice the request line there's the uri and the http version we can also see request headers like accept accept language accept encoding user agent and content length then there's a blank line that separates the header and the body which is optional a response has a status line followed by response headers that's the response message header then a blank line and then the optional response message body here's an example http response before we dive into https or http secure i want to give you a quick little tutorial on cryptography now realize that encryption is just one of the things that cryptography does and encryption actually hides the original data or the message content by scrambling that clear text into what seems to be a random string of characters and we call that ciphertext now let me just say this real quick if you decide that you want to go beyond this tcp training and get into security let me recommend to you one of my live lessons and it's a live lessons for the systems security certified practitioner sscp which is part of the isc squared family i highly recommend that live lessons for you as an introduction and to kind of get you up to the medium level of security you can also go to khan academy khan and you can also get some training up there as well but i do want to recommend my live lessons from pearson sscp so go check it out now decryption is the reversal of that process where you basically take the cipher text and you use some key or some string of alphanumeric characters and you decrypt that information to get to the clear text examples of applications that need cryptography because they send traffic in the clear would be things like telnet which is a terminal emulation management protocol ftp is clear text trivial ftp which uses udp as clear text email using pop or smtp and the biggie http by default is the clear text protocol and that's why we're here talking about https many applications store and send information in clear text and there's two ways to get encryption you could do it at the link level okay so at layer two you could encrypt the frames that's one way to do it or you could actually encrypt the packet payload and that's where things like ssl tls and ipsec come in or https a symmetric key crypto system is where you use the same key to encrypt and decrypt it's also called secret key or private key encryption the sender and the receiver have to share the same secret key before they can have a secure communication so protecting the key in a symmetric key crypto system is tantamount we often use symmetric key to protect data and storage also bulk messages and we also use it with information sent over virtual private networks key management with symmetric keys can be a challenge and by the way the real weakness in most crypto systems is not what we call the cryptographic primitive or even the algorithm or the protocols that's being used it's actually key management it's protecting the keys and the keying material symmetric key crypto systems are fast and they work well for bulk encryption when you need data privacy and their key sizes are between 40 and 256 bits okay so let's say 256 is basically two to the 256 power which is a pretty huge number some common algorithms uh des which we don't really use anymore but triple des ede that's still trustworthy rc4 is a symmetric cryptosystem which we can't really use that anymore on the world wide web aes is pretty much the us government standard that we should use aes 128 and aes 256 for example if you use amazon web services and you encrypt data up there or google they're going to use aes 256 and there's others seal idea uh blowfish two fish sounds like a dr seuss book i know but and then there's serpent the next category is asymmetric key crypto systems and these are primarily the ones that http secure or https uses and these are going to generate a mathematically related pair of keys or a key pair think of them as fraternal twins okay so they've got a public key and a private key data encrypted with the private key needs the public key to decrypt and vice versa asymmetric encryption is also known as public key encryption or you'll hear it referred to as pki public key infrastructure rsa which is very common on the internet when you use https there's also dsa elgamal there's diffie-hellman there's elliptic curve diffie-hellman and elliptic curve dsa these are all asymmetric key cryptosystems here's an example of getting confidentiality with an asymmetric key crypto system let's say alice wants to send something and she wants to keep it confidential okay and she's going to send this to bob right which what she's going to do is she's going to go get bob's public key and so early on in the tcp exchange bob will give that public key to alice she'll take bob's public key she will encrypt that information with bob's public key send it over the network and then bob will decrypt it with his private key and on the internet one of the most common methods we use is the rsa crypto system to do that another one that's gaining popularity especially with mobile devices is what's called elliptic curve dsa okay elliptic curve dsa so you might be seeing that used more often as well now what if alice wants to send bob's information and she wants bob to have a high degree of confidence that she's the one that sent it so she wants to use asymmetric key cryptosystems to authenticate the origin okay well what she's going to do is she's going to use her private key her rsa private key she will encrypt it bob will have obtained her public key before this started or maybe he already has it from a previous communication and so she sends the information over to bob it's encrypted with her private key and he can use alice's public key to decrypt it okay and so here's how we use these public and private keys for a couple of different services another cryptographic mechanism that's actually not encryption and decryption is hashing and hashing is used for data integrity and basically it's kind of like a checksum but on steroids okay so a hashing is a one-way mathematical function that's nearly impossible to reverse so think about a big jar of marbles that you drop on the floor and think about how difficult it would be to get those marbles back into the jar in their original form or think about some coffee beans that you send through a grinder okay to get some coffee that's a one-way function so to get integrity we take data of an arbitrary link let's say an email message and we send it through this one way hash function and what the result is is called a fingerprint or a hash and it's going to be fixed length so it's going to be the same length every time regardless of how big or long the original data is then we take that fingerprint and we attach it or append it to the message and that's how we get data integrity now you might hear the term hmac okay because we use hmax for a lot of security services all in hmac is is this to get better integrity okay we take the data and then we interleave a shared secret key one that both parties have so that secret key gets interleaved with the data it goes through the hash function and then we take the fixed length hash and we attach it or append it to the message so we're not going in and we're not taking this data and encrypting it we could with something else but this is just an integrity mechanism that's used in a lot of security services now let's talk about https or ssl tls which by the way can use all three of those mechanisms i mentioned it can use symmetric keys for its session keys it can use asymmetric crypto systems for its you know its integrity and its confidentiality and other mechanisms and it can also use hashes as well now ssl was created by netscape way back in the 80s to add security to one of the first popular browsers the netscape navigator and with https otherwise known as ssl tls a cryptographic key exchange happens when you first connect to a website then all the subsequent activities are encrypted although anyone could see that you've visited a website they can't see the web pages or read any of the data that's transferred to or from that website at least theoretically if you see a padlock on your browser then you know the website is secure if you see a green padlock then that means that particular domain let's say www.pearson.com if you go up and let's say you purchase something uh then that means they've got an extended validation certificate so they've jumped through extra hoops they've gone through extra steps to get their domain name validated now these are intended to verify that the ssl certificate presented is correct for the actual domain name because the entity has gone through additional verification processes here's an example of going up to pearson's inform id or inform it and here's my aws cloud security live lessons if you're interested in security in the cloud i highly recommend it but notice that this up here is just using www there's no padlock at all but if you were to go and click on this little button and say hey i want to add this to my cart you would go to another page and that of course is going to be using ssl tls and specifically to be honest with you it's using tls transport layer security which is the new version 1.1 or 1.2 now notice that you have a padlock up there up there and not just any padlock but a green padlock which means that this particular informit.com they went through extra security for extended validation to make sure that you can feel confident that you're actually at informit.com's https website so https web pages are secured typically on the internet with especially with the commercial sites like amazon and paypal and all the biggies they're using transport layer security 1.1 or 1.2 encryption and they're using really strong cipher algorithms so if you notice back here down below you have a message and it says this connection is encrypted and it's using tls which is transport layer security that's good it's using e-c-d-h-e elliptic curve diffie-hellman ephemeral which means the session keys ephemeral means the session keys aren't stored anywhere okay they're just ephemeral and they vaporize as soon as this session's over they're using rsa they're using for their symmetric crypto system to to create uh data keys session keys they're using aes 128 gcm gcm stands for galwa counter mode which is extremely strong using galwa fields and then you've got sha-256 that's the hmac i talked about where you have the hash plus the secret key okay so the secret key is created using aes 128 gcm and that secret key is combined with the sha 256 algorithm to create the the cryptographic hash and notice that we've got tls 1.2 so that's an extremely strong security suite and it's one that you probably want to use if you ever have an option up on the internet when you use https so https uses certificates they use x509 version 3 pki certificates you have a bunch of these loaded into your web browser okay or your operating system with a bunch of different uh certificate authorities like uh godaddy and verisign and intrust and thought and microsoft and many others and this is an asymmetric crypto system where a web server presents a public key which is then decrypted using the browser's private key and an hdps certificate is issued by a recognized security or certificate authority a ca which again godaddy interest verisign thought t-h-a-w-t-e which certifies the ownership of a public key by the named subject in the ssl tls certificate okay in this final lesson i want to get you started with the wireshark tool which is an invaluable tool a packet sniffer that you can use to evaluate and analyze a whole lot of different types of traffic and it's really a great next step for you as you complete this tcp ip series to kind of get your fingers a little bit dirty with the stuff that's happening under the hood so you can see obviously they have a thing called shark fest okay we're going to go up here to wireshark.org and click on this download now it depends upon what system you have i have a 64-bit system and i'm going to go ahead and get the installer for windows but obviously you've got other versions and older releases you can use but i'm going to go ahead and get the newest 64-bit version and i'm going to download this it's going to go to my downloads okay so if i look up here in the upper right hand corner i can see the status of that download now i'm going to go to that folder the downloads folder on this system and i'm going to double click on that executable okay i've got the welcome to wireshark 2.6.4 64-bit setup you can also see in the background i've downloaded a couple of files a dhcp.pcapp file and a dns.cap file these are capture files and i got these from the wiki the wireshark wiki i'm going to show you that here in just a moment but i went ahead and downloaded these and click on next and it tells you basically you've got a three-part thing to this license agreement i'm going to go ahead and agree and i'm going to download wireshark which is the main protocol analyzer t-shark is a text-based network protocol analyzer there's plugins and extensions and a user's guide and so i'm going to go ahead and download all that you can obviously obviously expand this out and see you know some of the plugins and extensions we're getting and some of the extra tools that we're getting okay edit cap merge cap raw shark other things that are there and if i want to get secure shell dump or udp dump or android dump i can also check those off and get those as well i'm going to click on next i don't want a quick launch icon okay i've got enough of those going on but i do want to have a wireshark start menu item for sure and you can see the associated file extensions that come along with with wireshark you can see here's the cap file so that's going to be good there's also a pcapp pkt okay and others this is where i want to install it program files forward slash wireshark it's also going to ask me if i don't have win pcap to go ahead and install that so i don't have a currently installed n p cap or win p cap so we'll go ahead and install this extra program here as well you really have to have that now i could also do usb cap if i want to use stuff that's on the usb to capture traffic for my universal serial bus it's experimental it's also kind of cool if you're you know a amateur hacker or whatever but i'm going to go ahead since it's experimental i'm not going to install that this will take a while so i'll catch you up on the back side okay so i'm running the wireshark network analyzer and notice at the bottom where it says learn you want to go ahead and start digging into the user's guide there's also some quick questions and answers i'm going to go take a look at the wiki here in a second that's a wealth of information but notice that right now i'm actually using my local area connection so this is the local area connection on my workstation i'm using connecting to my broadband router to my service provider and they use ipv6 so if you are using the local area connection on your laptop and you're let's say in your office or you've installed wireshark to the system at work be careful okay i don't want to recommend that you run this at work okay it could get you in trouble it'll look like probably some type of reconnaissance attack is going on you're probably going to get an email or a phone call from somebody in the security area so let's don't do that if you do it at home like if i were to do this right now uh choose this connection and click on start capturing packets i would immediately start capturing packets i might want to open up a browser or maybe an ftp client i might want to go and do a telnet session or maybe use putty something like that to do a secure shell session i could see a bunch of stuff and by the way i would see probably at least a dozen different protocols and services on my network some ip version 4 a lot of ip version 6 okay icmp v6 ipv6 i would see tls version 1.2 and 1.3 okay and again a lot of http activity now i'm not going to do that i don't want to expose my local area network information out to the public so if you don't mind let's go take a look at the wiki so i'll click on that and so here is the front page of the wireshark wiki and it gives some general information how to you know prepare wireshark to you know start installing it and building it i'm kind of showing you that right now how to successfully capture on the ethernet how to capture on a wireless lan so this is a great tool for both however i want to show you some sample captures and i actually have it opened here on the side let me go ahead and close that click on sample captures sample captures for your edification and if you'll notice they've got some sample captures that are just kind of randomly thrown in here but notice we've got some for that show different viruses and worms okay from a security standpoint you can see some traces that were done of some cracks that were done of cryptographic algorithms and protocols we also can see specific families like you can find you can look at arp and reverse our peer you can start learning about the way layer two switches prevent loops by start learning about spanning tree protocol you can look at bluetooth i mentioned udp light to you earlier on so you could take a look at that for you people that are working on a microsoft environment you might want to learn about smb and the common internet file system cifs tcp just a bunch of tcp obviously that'd be a good place to look there's http telnet trivial ftp which is a more streamed down version you can also look at some routing protocols that we learned about bgp eigrp ospf and rip version one so we also learned about the simple network management protocol snmp talked about network time protocol so you get the idea this is really a good place to come to you can also see some peer-to-peer protocols that you might want to learn about you know a bittorrent for example and the list goes on and on here's ppp our good friend we learned about that quite a bit here's ppp over ethernet talked about that as well so you can build on a lot of the information you learned in this series by using this tool and looking at sample captures so a really great utility resource for learning and building on your tcpip knowledge now if i close this up one thing i can do is i can go and open up one of those cap files or pcap files right so let me go ahead and open up this dhcp and i can see here a simple you know dora process okay here's the d o r a the dhcp discover offer request and acknowledgement something that everybody should know about and if we notice that the source the host that's looking for a dhcp server will often use the any or the all zeroes as the source because they may not know their ip address right so they're going to and probably they don't often with dhcp if they already have gotten a lease before from dhcp they'll often try to use that same ip address that they got in the previous lease okay that's one of the ways the dhcp works but this is like a brand new device on a network so it's sending out a broadcast to discover a dhcp server and when you select one of these lines up here i've got four numbered lines you'll then start to see kind of the tcp stack here that's going on and you see the raw information down below but notice that you know we've got a bootstrap protocol and that's what this is the old boot p protocol okay but we still see it referred to as the bootstrap protocol because that's what that's what's happening the system is you know picking itself up by its own bootstraps and getting some information right so we can see that we're looking for other information here here's some of those options that we mentioned okay here's option 53 option 61 option 50 requested ip address so if it this is what i said earlier if it had already gotten a previous ip address and the lease it would probably have that ip address in here notice that we can go down the you know into the stack here see the udp notice that you know dhcp uses udp port 67 and udp port 68 okay and that's pretty standard obviously this is going to be using the ip protocol protocol udp is number 17. even can get down into the frame obviously the destination is a broadcast mac address uh and the source is the mac address of this host this client ultimately there'll be an acknowledgement and if we click on this line number four we start to see now we know the source and destination mac address okay we can also see uh protocol information ipv4 that's coming in and we can see some other information coming down into the options field so notice that when we finally do get the dhcp acknowledgement from the server i mentioned these values t is the ip address lease time right and we can see that it's one hour that's a pretty short lease but you can see a short lease in certain situations so there's t1 t2 i mentioned that to you the rebinding time so we can also see here's the subnet mask option one and i mentioned that to you as well now this is not a very robust dhcp server if it were in an enterprise environment with a microsoft dhcp server that also is a dns server you would most likely see the dns server in here you would most likely see the default gateway the router ntp servers and a bunch of other information as well okay this is just a pretty simple door-to-process discover offer request and acknowledgement so one thing you're going to want to do is obviously you can scan your own home network if you want to do that or you can obviously go and download a bunch of those different capture files and pcap files from the wiki and really start taking the information that you've learned in this live lessons and really start running with it and building on this foundational knowledge to really see the different kinds of behaviors of all these different protocols and services all right well congratulations on completing the tcpip fundamentals live lessons video course from pearson in this course you gained a ton of knowledge about foundational concepts and core services of the tcpip protocol suite this should start you on your path to further your information technology career if this is your first time through the course i really want to recommend that you go through it again at least the areas that you feel are not your strengths from an experience standpoint or maybe some of those areas that weren't clear that you want to reinforce now this should also serve as a great reference tool going forward as you pursue other it technologies hopefully you enjoyed watching this training as much as i enjoyed producing it so on behalf of the entire pearson live lessons team i want to wish you success with your technology journey your i.t career and life in general take care
Info
Channel: TechLab Tuts
Views: 1,687
Rating: undefined out of 5
Keywords:
Id: o0TANn6Kzek
Channel Id: undefined
Length: 497min 15sec (29835 seconds)
Published: Sun Dec 27 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.