Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,790 --> 00:00:07,510
Okay so I'm gonna open up a web browser from P.S. 1 to the server the service IP address and this is
2
00:00:07,510 --> 00:00:12,790
a linux server is 10 dot 1 dot wondered 100.
3
00:00:13,270 --> 00:00:17,830
I used the command I have config to see the service IP address.
4
00:00:17,830 --> 00:00:23,970
So what I'll do is start capturing traffic between the P.C. and the switch.
5
00:00:24,190 --> 00:00:26,200
Genius 3 makes this very easy.
6
00:00:26,200 --> 00:00:33,370
It allows us to capture traffic directly within the topology rather than having to install a hub or
7
00:00:33,400 --> 00:00:36,610
a wire tap or something to see the traffic.
8
00:00:37,660 --> 00:00:43,630
So I'm gonna capture the traffic between the P.C. and the switch and we'll be able to see exactly what's
9
00:00:43,630 --> 00:00:50,260
going on within this why shock capture so you can see that we've got spanning tree traffic we've got
10
00:00:50,270 --> 00:01:00,100
a job P traffic dynamic trunk protocol traffic already displayed and being captured by a y shock.
11
00:01:00,240 --> 00:01:04,250
What I'm going to do however is falter for HDP.
12
00:01:04,440 --> 00:01:13,650
There's no HDP traffic at the moment but what we'll do is open up a web browser on the P.C. and connect
13
00:01:13,650 --> 00:01:22,870
it to the server so let's use P.S. 1 open up a web browser.
14
00:01:22,960 --> 00:01:24,590
I'm going to browse to
15
00:01:27,260 --> 00:01:34,110
tendered wondered one at 100 which is the server and as you can see they are web pages displayed.
16
00:01:34,220 --> 00:01:42,500
That's nothing fancy it's just a basic Web page hosted on the server but it's enough for us to see what's
17
00:01:42,500 --> 00:01:43,810
going on.
18
00:01:43,970 --> 00:01:52,930
So in why a shock you can see that traffic was sent from a source IP address 10 1 1 1 to a destination
19
00:01:52,960 --> 00:01:55,540
IP address of 10 1 1 100.
20
00:01:55,540 --> 00:01:57,070
This is HDP traffic.
21
00:01:57,070 --> 00:02:00,150
You can see the protocol they is HDP.
22
00:02:00,310 --> 00:02:05,130
You can see the length you can see that it's an HDP get.
23
00:02:05,160 --> 00:02:09,930
In other words the piece he's trying to get a web page from the server.
24
00:02:09,930 --> 00:02:16,290
Now before I go through the wash capture in more detail let's explain some of the basics that you see
25
00:02:16,290 --> 00:02:17,880
in why shock.
26
00:02:17,940 --> 00:02:22,180
The first thing you see is a frame now in networking.
27
00:02:22,180 --> 00:02:25,720
This is known as Layer two of the oversized model.
28
00:02:25,720 --> 00:02:28,510
Information captured here are known as frames.
29
00:02:28,540 --> 00:02:30,780
So this is known as a frame.
30
00:02:30,880 --> 00:02:33,290
We've captured and Ethernet to frame.
31
00:02:33,370 --> 00:02:38,170
In other words we've captured traffic on Ethernet that different types of Ethan at frames.
32
00:02:38,170 --> 00:02:44,870
But Ethan it too is the most common the source MAC address is a VM where host destination MAC addresses
33
00:02:44,890 --> 00:02:45,700
this.
34
00:02:45,790 --> 00:02:50,060
So the source MAC address is the P.C..
35
00:02:50,080 --> 00:02:57,670
This piece is actually running inside a VM where I type IP conflict slash all you'll be able to see
36
00:02:57,820 --> 00:03:09,260
the MAC address of the host 0 0 0 c 29 ending in DC D 7 and hopefully that's what we see over here.
37
00:03:09,290 --> 00:03:13,260
So notice MAC address is DC D7.
38
00:03:13,370 --> 00:03:19,620
So notice this MAC address is the MAC address of the P.C. destination address is this.
39
00:03:19,850 --> 00:03:22,280
That's the MAC address of the server.
40
00:03:22,280 --> 00:03:29,140
Notice the MAC address over here 36 E four five C 40 91 82.
41
00:03:29,140 --> 00:03:30,430
There you go.
42
00:03:30,430 --> 00:03:34,350
That's the IP address of the server MAC address of the server.
43
00:03:34,870 --> 00:03:39,850
Here's the IP address of the P.C. and the MAC address of the P.C..
44
00:03:39,850 --> 00:03:48,130
So in networking we use the term frame to layer two you get different types of frames on Ethernet typically
45
00:03:48,160 --> 00:03:48,960
Ethan at two.
46
00:03:48,970 --> 00:03:54,370
But on a when connection or wide area network connection you could be using something like point to
47
00:03:54,370 --> 00:04:03,610
point protocol or PDP or HDFC or in the old days you had encapsulation like frame relay or A.T.M..
48
00:04:03,610 --> 00:04:11,320
In other words the layered to frame changes depending on the physical technology that you're using.
49
00:04:11,350 --> 00:04:17,490
Most common technology today's Ethernet most common Ethan at frame type is Ethernet too.
50
00:04:17,530 --> 00:04:25,090
So this is known as a frame not just to make it more confusing in why a shock they talk about frames
51
00:04:25,180 --> 00:04:30,030
here as well but this is actually just metadata used within why shock.
52
00:04:30,040 --> 00:04:32,100
That tells us about the frame.
53
00:04:32,110 --> 00:04:38,120
So again this is just metadata we don't typically talk about that as a frame in networking.
54
00:04:38,200 --> 00:04:39,700
This is known as a frame.
55
00:04:39,850 --> 00:04:43,300
This is known as layer two in the OSA model.
56
00:04:43,310 --> 00:04:49,220
Now I've included a section following this video that talks about ISI and the ISI model.
57
00:04:49,240 --> 00:04:52,420
So if you're not used to the ISI model or you're not quite sure what it's about.
58
00:04:52,420 --> 00:04:53,590
Have a look at those videos.
59
00:04:53,770 --> 00:04:57,330
If you know about the ISI model then skip those videos.
60
00:04:57,460 --> 00:05:00,740
And again if you want more information have a look at my CCN a course.
61
00:05:00,790 --> 00:05:06,160
So this is a frame at least three we have what's called a packet.
62
00:05:06,220 --> 00:05:12,730
So when we refer to the layers in the OS model we use terms such as frame at least two packets layer
63
00:05:12,730 --> 00:05:20,130
three and segment at the layer for at least three we've captured the IP version 4 addresses.
64
00:05:20,140 --> 00:05:22,630
So this is IP version for information.
65
00:05:22,630 --> 00:05:27,530
The protocol used jet layer 4 is IP version for what we'll do actually.
66
00:05:27,550 --> 00:05:32,850
This point is stop my wife's shock capture so that the capture that I share with you isn't too big.
67
00:05:34,260 --> 00:05:46,830
And I'll save this as basic why a shock capture one notice it's a pickup in G file will pick up next
68
00:05:46,830 --> 00:05:48,880
generation Y shock file.
69
00:05:49,050 --> 00:05:52,980
So that's the file that you'll download and you'll be able to do something similar to what I've done
70
00:05:52,980 --> 00:05:53,220
here.
71
00:05:54,180 --> 00:06:00,930
So again protocol at layer 3 is IP version for source IP addresses this destination ip addresses this
72
00:06:01,530 --> 00:06:07,650
IP version 4 contains a lot of information differentiate services code points or differentiate services
73
00:06:07,650 --> 00:06:15,780
field DCP differentiated services code points is to do with quality of service quality of service or
74
00:06:15,780 --> 00:06:20,900
cause or QS allows us to differentiate some traffic types from others.
75
00:06:21,020 --> 00:06:25,800
So in other words we could say that voice traffic is more important than FCP traffic.
76
00:06:26,400 --> 00:06:32,910
So when you make a voice call it should be proud to arised over file transfer protocol or FCP traffic.
77
00:06:32,940 --> 00:06:37,580
This is a way to indicate to the network how important the traffic is.
78
00:06:37,860 --> 00:06:43,230
A lot of other information is shown in this header including as an example that the protocol used at
79
00:06:43,230 --> 00:06:45,270
Layer 4 is TTP.
80
00:06:45,510 --> 00:06:53,580
So lay off for once again this is layered to frame Layer 3 is packet layer forward segment at Layer
81
00:06:53,580 --> 00:07:01,560
4 in the OSA model we are using TTP here and you can see source and destination port numbers HDP or
82
00:07:01,560 --> 00:07:06,840
Hypertext Transfer Protocol uses the well-known port number of 80.
83
00:07:06,840 --> 00:07:09,700
The server was listening on port 80.
84
00:07:09,700 --> 00:07:18,790
That's why when the client made a connection to the server the web page displayed the client initiated
85
00:07:18,790 --> 00:07:20,290
a session to port 80.
86
00:07:20,320 --> 00:07:23,110
The server was listening on port 80.
87
00:07:23,110 --> 00:07:25,690
It served because it's a server.
88
00:07:25,690 --> 00:07:29,310
It served a web page to the client.
89
00:07:29,980 --> 00:07:35,440
In this case using the protocol HDP so it basically has this page.
90
00:07:35,440 --> 00:07:43,510
This web page hosted on its harddrive and it served that page to the client when the client connected
91
00:07:43,510 --> 00:07:44,760
on port 80.
92
00:07:44,800 --> 00:07:51,610
The client uses this random pulled number or ephemeral port number to use the correct term so it connects
93
00:07:51,610 --> 00:07:58,570
to the server using an ephemeral or random port number going to a well-known port number of 80 and then
94
00:07:58,570 --> 00:08:04,080
you can see here the application used his Hypertext Transfer Protocol.
95
00:08:04,080 --> 00:08:11,430
Now in networking we talk about the OS model but typically it's a hybrid model between the TTP model
96
00:08:11,790 --> 00:08:14,220
and the OS side model.
97
00:08:14,220 --> 00:08:18,690
At the top of the other some model we have application presentation and session.
98
00:08:18,690 --> 00:08:22,860
Those layers are often grouped into a single layer called application.
99
00:08:22,980 --> 00:08:28,170
So notice we have Layer 2 here Layer 1 is the physical medium so that's not shown in the wide shot capture
100
00:08:28,410 --> 00:08:33,180
the physical medium here is Ethan it could be copper or could be fiber.
101
00:08:33,180 --> 00:08:35,270
In our example this is just a virtual network.
102
00:08:35,300 --> 00:08:38,620
But in the real world this would be physical Ethernet.
103
00:08:38,700 --> 00:08:42,750
In this case perhaps copper so the physical media is copper.
104
00:08:42,750 --> 00:08:49,320
So that's the physical connection gets just a virtual logical connection.
105
00:08:49,320 --> 00:08:56,570
So layer one physical layer to data link or in this case it's Ethernet Layer three is network.
106
00:08:56,580 --> 00:09:00,410
In this case we've got IP layer four is transport.
107
00:09:00,420 --> 00:09:06,870
In this case it's TTP and then the top three layers are kind of combining to one layer application layer.
108
00:09:06,870 --> 00:09:09,490
So notice Hypertext Transfer Protocol.
109
00:09:09,600 --> 00:09:13,810
And inside here we can see details such as the client used.
110
00:09:14,010 --> 00:09:26,020
It shows up store as windows in t 10 when 64 bit using a browser Mozilla 5.0 so in this example I'm
111
00:09:26,020 --> 00:09:28,020
actually using Microsoft Edge.
112
00:09:28,030 --> 00:09:32,230
That's the browser used within Windows 10.
113
00:09:32,230 --> 00:09:34,900
So this is a Windows 10 a virtual computer.
114
00:09:34,930 --> 00:09:36,370
In other words it's a virtualize.
115
00:09:36,400 --> 00:09:42,640
I'm actually running on a Mac here recording on a Mac but I'm running VMware which allows me to virtualize
116
00:09:42,910 --> 00:09:46,930
multiple devices within my genius free topology.
117
00:09:46,930 --> 00:09:55,240
So the why shock capture sees the client as a Windows 10 computer which is correct using 64 bit Windows
118
00:09:55,780 --> 00:09:57,220
Mozilla is the browser.
119
00:09:57,220 --> 00:10:02,350
It's actually Microsoft Edge and then the server replies back.
120
00:10:02,350 --> 00:10:07,090
Notice in the server example the MAC addresses all swapped round.
121
00:10:07,090 --> 00:10:13,410
In this example I've got a layer to switch a layer to switch means that it's just simply switching trains.
122
00:10:13,510 --> 00:10:17,190
In other words Layer 2 data from one port to another.
123
00:10:17,260 --> 00:10:20,680
It's not trying to rupture the data from one network to another.
124
00:10:20,680 --> 00:10:24,120
These two hosts are in the same subnet or the same network.
125
00:10:24,310 --> 00:10:28,950
So the switch simply switching the traffic from one port to another.
126
00:10:28,960 --> 00:10:34,420
So in this example the IP addresses are swapped round and so are the MAC addresses going back to the
127
00:10:34,420 --> 00:10:35,640
first example.
128
00:10:35,710 --> 00:10:40,840
Notice source MAC address is this destination MAC addresses this when the server replies.
129
00:10:40,840 --> 00:10:47,680
Those are simply stopped around so the server is replying with its MAC addresses the source destination
130
00:10:47,680 --> 00:10:54,310
MAC address is the Windows computer IP addresses a swapped round and so a port numbers and if we look
131
00:10:54,340 --> 00:11:02,860
at the hypertext protocol notice we can see service says 200 Okay 200 means that the server was able
132
00:11:02,860 --> 00:11:05,270
to provide the data to the client.
133
00:11:05,440 --> 00:11:08,120
We didn't have a 4 0 for each team all error.
134
00:11:08,170 --> 00:11:12,920
As an example some data was provided to the client.
135
00:11:12,940 --> 00:11:19,050
Notice you can see here the actual web page that was served to the client so you can see it says network
136
00:11:19,050 --> 00:11:20,270
has toolkit.
137
00:11:20,320 --> 00:11:25,900
You can see the P and G file notice network is toolkit.
138
00:11:25,900 --> 00:11:32,110
And if I look at that web page on the client notice you can see the output here.
139
00:11:32,230 --> 00:11:41,490
It says w w w files located at a var w w w dot HMO and if we look here that's actually what you see.
140
00:11:41,620 --> 00:11:46,600
Files located at var w w w dot HMO.
141
00:11:46,600 --> 00:11:50,740
So if I scroll to the right notice you see the full output.
142
00:11:50,740 --> 00:12:00,220
You get to route after logging in noticed we told you can place files in t t p boot and that's exactly
143
00:12:00,460 --> 00:12:02,890
what you see over here.
144
00:12:02,890 --> 00:12:06,200
So why shock has read the HDP traffic.
145
00:12:06,220 --> 00:12:13,360
Be careful with HDP it's clear text so through why shock you can see exactly what's going on here.
146
00:12:13,360 --> 00:12:20,440
The client is trying to get the G image so it's trying to get the actual P G image and had the server
147
00:12:20,470 --> 00:12:29,470
which is in a boon to server is providing the PMG file so that's the actual file and you can actually
148
00:12:29,470 --> 00:12:35,510
export that and I'd do this again in other videos but let's do it right now.
149
00:12:35,560 --> 00:12:36,860
Genus 3.
150
00:12:36,940 --> 00:12:48,760
Image Some would export that to my desktop and on my desktop I'm going to change that to a PMG file
151
00:12:50,350 --> 00:12:55,390
and then when I open it up notice there's the actual image.
152
00:12:55,390 --> 00:13:00,180
So why shock captured all the data from the server as well as the image.
153
00:13:00,490 --> 00:13:02,950
And that's the image that we have on the server.
154
00:13:02,950 --> 00:13:09,610
So once again to do that click portable network graphics because it's a pinkie file and then go export
155
00:13:09,640 --> 00:13:17,750
packet bytes save it to your hard drive someone to save it once again is genius free image to and then
156
00:13:17,750 --> 00:13:22,500
I'm gonna rename it so it saved it as a burn file.
157
00:13:22,500 --> 00:13:30,800
I'm gonna rename that as P and G because it's a P G file and they want to open it up you can see that
158
00:13:30,800 --> 00:13:34,330
it's say P G file and there's the actual image.
159
00:13:34,550 --> 00:13:43,240
So you can see here it's getting the fave icon and then we're getting something HDP forward for error
160
00:13:43,300 --> 00:13:44,540
something not found.
161
00:13:44,680 --> 00:13:46,630
So something went wrong here.
162
00:13:47,620 --> 00:13:56,620
But the point is is that you can read the actual HDP traffic and remember because of these devices on
163
00:13:56,620 --> 00:14:02,840
the same subnet all that happens is the MAC addresses are swapped around IP addresses or swapped round
164
00:14:03,020 --> 00:14:07,070
port numbers or swapped around during that communication.
165
00:14:07,070 --> 00:14:12,080
So source IP is host yes source IP is the server.
166
00:14:12,080 --> 00:14:17,360
So when the server replies back it's replying back from port 80 to the client.
167
00:14:17,360 --> 00:14:23,240
So that was a very basic example of using Y shock to see what's going on in the network.
168
00:14:23,240 --> 00:14:27,080
Were you able to download the pick up file.
169
00:14:27,080 --> 00:14:31,530
Were you able to open it up in y shock and actually do something similar to what I've done here.
170
00:14:31,550 --> 00:14:38,630
There's no better way to learn than to practically use Y shock capture frames and see for yourself what's
171
00:14:38,630 --> 00:14:39,490
going on.
172
00:14:39,500 --> 00:14:45,100
I've made it a little bit more simple by giving you some pick up files but hopefully they mean something
173
00:14:45,110 --> 00:14:51,380
because she's using the actual files that I'm recording right now rather than just some random file
174
00:14:51,380 --> 00:14:53,100
that you got off the Internet.
175
00:14:53,160 --> 00:14:56,820
Now please note it means a lot to me if you provide feedback on the course.
176
00:14:56,840 --> 00:15:00,710
So if you're enjoying the video then please say so.
177
00:15:00,980 --> 00:15:06,380
If you get prompted to leave a review and you're enjoying the course then please do that because it
178
00:15:06,380 --> 00:15:10,850
helps other students and helps me make the course better let me know how I can improve the course as
179
00:15:10,850 --> 00:15:11,090
well.
19065
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.