Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,150 --> 00:00:00,690 All right. 2 00:00:00,690 --> 00:00:07,980 So now we're moving into layer four which is the transport layer of the OS side model and we're going 3 00:00:07,980 --> 00:00:12,160 to talk about what is TGP and what is UDP. 4 00:00:12,180 --> 00:00:22,030 So what type that in here DCP vs. UDP so DCP is what is known as the Transmission Control Protocol. 5 00:00:22,260 --> 00:00:26,700 And you could think of that as a connection oriented protocol. 6 00:00:26,700 --> 00:00:30,670 And we also have UDP which is the user data Graham protocol. 7 00:00:30,840 --> 00:00:34,590 And this is a connection less protocol. 8 00:00:34,590 --> 00:00:40,700 So when we have these two protocols one is best suited when it comes to high reliability. 9 00:00:40,770 --> 00:00:43,500 That's TCB DCP is connection oriented. 10 00:00:43,500 --> 00:00:49,320 We want to make a connection win high reliability so you can get something like a Web site which is 11 00:00:49,360 --> 00:00:56,980 HDP or HDP s or you can think of something like SS age or f T.P. the file transfer protocol. 12 00:00:57,090 --> 00:01:03,990 Those all utilize TTP when you think about UDP you might think about something like a streaming service 13 00:01:04,020 --> 00:01:09,230 that's connection lists or DNS connections or voice over IP is connection lists. 14 00:01:09,420 --> 00:01:15,810 And when this comes into the importance of scanning scanning is super important we're going to be scanning 15 00:01:15,810 --> 00:01:19,600 both DCP and UDP as a penetration tester. 16 00:01:19,650 --> 00:01:23,070 And don't worry about scanning right now when we get into the scanning section that will make a lot 17 00:01:23,070 --> 00:01:24,300 more sense. 18 00:01:24,720 --> 00:01:28,610 But we need to know what DCP and TPR and define them broadly. 19 00:01:28,620 --> 00:01:35,700 So the most commonly commonly used protocol that you're going to be scanning is going to be C P. 20 00:01:35,700 --> 00:01:39,120 Now TTP works on what is called a three way handshake. 21 00:01:39,120 --> 00:01:42,980 Now if we look at the three way handshake it's going to look something like this. 22 00:01:43,020 --> 00:01:50,440 We're going to first send out a sin packet and then we're going to receive back a sin ACH packet. 23 00:01:50,610 --> 00:01:52,910 And finally we're going to send an act packet. 24 00:01:52,920 --> 00:01:54,240 Now how does this work. 25 00:01:54,270 --> 00:01:56,680 Now you could think of this as an interaction. 26 00:01:56,790 --> 00:02:01,680 So let's say you have a friend or a neighbor and you go to your neighbor and you say hello. 27 00:02:01,680 --> 00:02:03,000 That's a sin. 28 00:02:03,000 --> 00:02:08,070 Now sin act is going to be the response it's going to say hey sin I acknowledge you that's your neighbor 29 00:02:08,070 --> 00:02:09,570 waving hello back. 30 00:02:09,660 --> 00:02:14,370 And then you know you are good to go start a conversation so that's the acknowledgment. 31 00:02:14,370 --> 00:02:21,660 Now when we think about this in terms of ports now port is a item that could be open on a machine. 32 00:02:21,660 --> 00:02:24,140 It's a way to communicate with certain protocols. 33 00:02:24,240 --> 00:02:31,600 For example if you think about HDP that's over port 80 if you think about HP s that's over port for 34 00:02:31,610 --> 00:02:37,020 4 3 there's a lot of different protocols and there are sixty five thousand plus ports that can utilize 35 00:02:37,020 --> 00:02:38,130 these protocols. 36 00:02:38,130 --> 00:02:42,330 So everything related here is has to do with these ports. 37 00:02:42,330 --> 00:02:47,220 Now let's say that you want to connect to port for four for three on a Web site you're going to send 38 00:02:47,220 --> 00:02:52,320 out a send packet to that Web site you're going to say hey I want to connect to you on port four for 39 00:02:52,360 --> 00:02:58,620 three and if for four or three is open and available for connection they're going to say hey you can 40 00:02:58,620 --> 00:02:59,910 go ahead and connect to me. 41 00:03:00,120 --> 00:03:04,620 And when you want to actually establish that connection you're going to send that acknowledgement packet 42 00:03:04,620 --> 00:03:05,720 back. 43 00:03:05,760 --> 00:03:08,150 Now let's make more sense of this. 44 00:03:08,160 --> 00:03:12,280 Let's go ahead and open up a tool called wire charger. 45 00:03:12,480 --> 00:03:14,530 So this is built into Cally Linux. 46 00:03:14,550 --> 00:03:19,800 I'm just going to type in wires shark and provide an ampersand here just so I have Shell access if I 47 00:03:19,800 --> 00:03:24,990 need it in the background and all I'm going to do is capture packet data. 48 00:03:25,020 --> 00:03:30,020 So this is going to be listening in on my neck and it's going to say Hey what's he doing. 49 00:03:30,020 --> 00:03:31,590 Let's capture all that data. 50 00:03:31,590 --> 00:03:32,760 So we're going to capture that. 51 00:03:32,760 --> 00:03:34,750 I'm going to start a capture here. 52 00:03:34,890 --> 00:03:36,720 You're gonna start to see a bunch of traffic coming through. 53 00:03:36,720 --> 00:03:38,640 You can see the different protocols here. 54 00:03:38,640 --> 00:03:40,940 You could see UDP is coming through right now. 55 00:03:41,220 --> 00:03:43,820 But we're gonna go establish a connection. 56 00:03:43,830 --> 00:03:46,320 So let's go out to the World Wide Web. 57 00:03:46,830 --> 00:03:49,520 And I've got Google up I'm just going to refresh Google. 58 00:03:49,530 --> 00:03:51,750 You can see a lot of traffic start coming through. 59 00:03:51,840 --> 00:03:55,680 So I'm going to go ahead just stop this right here. 60 00:03:55,780 --> 00:03:59,080 Look at all the data packets that get sent when you're using your computer. 61 00:03:59,080 --> 00:04:00,940 This is what's going on in the background. 62 00:04:00,970 --> 00:04:01,810 You don't even think about it. 63 00:04:02,350 --> 00:04:05,660 So we could see some sense and acts there those are in the gray. 64 00:04:05,680 --> 00:04:07,560 Let's see if we can find a good one. 65 00:04:07,570 --> 00:04:11,670 OK so here is one right here. 66 00:04:11,740 --> 00:04:13,900 So what we're gonna do actually let's find a better one. 67 00:04:14,080 --> 00:04:23,150 So we're going to come down to here and we're going to say OK so here we are we're our source IP is 68 00:04:23,230 --> 00:04:25,650 1 9 2 1 6 8 4 7 3 9. 69 00:04:25,720 --> 00:04:29,700 We're going out to destination is seventy four one twenty five twenty one one fifty five. 70 00:04:29,700 --> 00:04:34,460 We're saying hey I've got this port here I want to connect to your port so important for 4. 71 00:04:34,470 --> 00:04:35,790 This is a web page. 72 00:04:35,950 --> 00:04:42,430 We're sending a send packet if that port is open and available for connection and communication what's 73 00:04:42,420 --> 00:04:47,380 going to happen back is that IP address is going to say hey here I am. 74 00:04:47,380 --> 00:04:49,790 All of you to connect on this port. 75 00:04:49,960 --> 00:04:55,270 And if we make that final connection we're gonna go ahead and send the Act packet back which is right 76 00:04:55,270 --> 00:04:55,750 here. 77 00:04:55,750 --> 00:05:01,540 It's going to say Ach so that is the three way handshake please do you remember this is going to come 78 00:05:01,540 --> 00:05:05,880 back into play when we get into scanning and we'll talk about stealth scanning and how we modify the 79 00:05:05,890 --> 00:05:08,990 three way handshake to actually do some scanning. 80 00:05:09,010 --> 00:05:10,360 So that is it for this lesson. 81 00:05:10,540 --> 00:05:12,220 I will catch you over in the next one. 8135