Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,626 --> 00:00:04,856 >> How Applications Speak - TCP and UDP, Part 2. 2 00:00:04,856 --> 00:00:08,706 We're going to pick up right where we left off in the last nugget, 3 00:00:08,706 --> 00:00:14,286 which is we had just finished talking about TCP and UDP and going through Wireshark 4 00:00:14,286 --> 00:00:17,426 and all its glory showing captures of communication 5 00:00:17,426 --> 00:00:20,186 with these two protocols, which were immensely valuable. 6 00:00:20,586 --> 00:00:25,086 Now I want to get back to some of the core principles, which is the common port numbers 7 00:00:25,226 --> 00:00:30,126 where we left off and then completing the end-to-end communication story. 8 00:00:30,126 --> 00:00:34,696 So, we put all these pieces together and wrap up what I would call the network foundations. 9 00:00:35,156 --> 00:00:40,006 And it's pretty hard for me after that last nugget to kind of jump into the ports 10 00:00:40,006 --> 00:00:43,816 because it just kind of bridges where that last nugget was at. 11 00:00:43,816 --> 00:00:46,396 So, bear with me for a second. 12 00:00:46,396 --> 00:00:50,616 So, remember that we have a computer, alright speaking to a server 13 00:00:50,936 --> 00:00:54,356 that is going to provide some service. 14 00:00:54,356 --> 00:00:59,616 Now this server could be running web serving software. 15 00:00:59,616 --> 00:01:02,226 It could be running email serving software. 16 00:01:02,226 --> 00:01:07,556 It could be running Microsoft Exchange or maybe some kind of Linux based email service. 17 00:01:07,556 --> 00:01:10,946 It could be running an FTP site where it's sharing files. 18 00:01:10,946 --> 00:01:14,196 It could be running all three of them at the same time. 19 00:01:14,516 --> 00:01:17,006 The point of this is when we're using a protocol, 20 00:01:17,006 --> 00:01:22,036 namely these are all TCP based protocols, when we're using a protocol to contact it we need 21 00:01:22,036 --> 00:01:24,226 to specify which service we're looking for. 22 00:01:24,726 --> 00:01:28,946 And behind the scenes are web browsers fill that in for us. 23 00:01:28,946 --> 00:01:33,046 So, when we open a web browser, and actually I've already opened this Wikipedia page 24 00:01:33,046 --> 00:01:33,406 right here. 25 00:01:33,626 --> 00:01:39,566 But when I got to Wikipedia.org it automatically knows I'm going to use port 80. 26 00:01:39,566 --> 00:01:41,736 As a matter of fact I have this thought. 27 00:01:41,736 --> 00:01:44,806 I want to open up the Wireshark capture from the last nugget 28 00:01:44,976 --> 00:01:48,446 and you can see behind the scenes the computer's doing all this. 29 00:01:48,446 --> 00:01:51,066 Okay destination port is port 80 or http. 30 00:01:51,066 --> 00:01:54,086 The source port is 49885. 31 00:01:54,086 --> 00:01:57,896 So, every single time you establish the sessions, so I've got this going we'll say 32 00:01:57,896 --> 00:02:02,606 to the web services, so we'll have TCP port 80, it's always going to come 33 00:02:02,606 --> 00:02:05,246 from some source port that Windows just makes up. 34 00:02:05,406 --> 00:02:07,656 This is the dynamic port number. 35 00:02:08,226 --> 00:02:11,256 So, it's usually going to be in the upper port numbers because all 36 00:02:11,256 --> 00:02:13,706 of the well known ports are here at the bottom. 37 00:02:14,236 --> 00:02:22,186 Now I do know both protocols do have 65,535 ports that are available for use 38 00:02:22,276 --> 00:02:27,626 that are distinct, meaning it's not like you know the TCP ports and UDP ports overlap. 39 00:02:27,866 --> 00:02:31,546 Port 53 on this side is different than port 53 on this side. 40 00:02:31,546 --> 00:02:33,016 They're two different-- of course, 41 00:02:33,186 --> 00:02:36,006 I would choose to circle the one that-- you're like no it's not. 42 00:02:36,006 --> 00:02:38,896 It's DNS. Well one's a DNS server, one's a DNS client used for-- 43 00:02:38,896 --> 00:02:40,766 it's called zone transfers and stuff like that. 44 00:02:40,766 --> 00:02:43,216 But for instance, over here port 80 is not http. 45 00:02:43,216 --> 00:02:47,906 You know it's something else on the UDP side. 46 00:02:47,906 --> 00:02:50,826 So, they are distinct 65,000 ports. 47 00:02:50,896 --> 00:02:56,876 Up to port 1023 is actually considered well known 48 00:02:56,876 --> 00:02:58,956 and that's why I pulled up that Wikipedia page. 49 00:02:59,116 --> 00:03:03,136 I put some common ports here on the screen, but no-- I mean this is just [Sound effects] 50 00:03:03,576 --> 00:03:07,886 and it's like just this giant list of ports. 51 00:03:07,886 --> 00:03:11,016 Like you know you can see right there that it's port 25 that's used for SMTP. 52 00:03:11,016 --> 00:03:12,666 That is an official standard. 53 00:03:12,666 --> 00:03:14,496 Like that is documented. 54 00:03:14,496 --> 00:03:18,506 It's RFC standards based, but you also see you know we've got this winds, 55 00:03:18,506 --> 00:03:20,926 which is a Microsoft service, which is unofficial. 56 00:03:21,066 --> 00:03:26,056 They run it on port 42, but they didn't create some kind of RFC standards 57 00:03:26,056 --> 00:03:28,256 because WINS is Microsoft proprietary. 58 00:03:28,256 --> 00:03:29,686 So, you can down this list. 59 00:03:29,686 --> 00:03:33,306 I mean you find-- I think they even have, let me just do a find Warcraft. 60 00:03:34,146 --> 00:03:36,086 Yea, look at this. 61 00:03:36,086 --> 00:03:41,356 TCP port 3723 used by Diablo Warcraft, StarCraft you know. 62 00:03:41,356 --> 00:03:47,946 I mean this is a cumulative list of well known services that are 63 00:03:47,946 --> 00:03:49,936 out there and you find all kinds of stuff. 64 00:03:49,936 --> 00:03:52,786 Microsoft Ants for crying out loud made the list. 65 00:03:52,786 --> 00:03:57,736 So, you've got all of these different ports that based on-- let's say I'm running Microsoft Ants, 66 00:03:57,736 --> 00:04:02,136 which I'm really curious to see what that is now and I may just pause the video and go do that. 67 00:04:02,136 --> 00:04:07,196 It's going to go into the Microsoft Ants server, whatever that server does 68 00:04:07,196 --> 00:04:11,106 and manage the ants I suppose on port 4001; 69 00:04:11,106 --> 00:04:14,646 that's the well known port for the Microsoft Ants game. 70 00:04:15,756 --> 00:04:17,296 Come on you wanted me to click it right. 71 00:04:17,296 --> 00:04:20,626 A free, free multi-- oh I'm there. 72 00:04:20,906 --> 00:04:25,476 So, we've got these common TCP ports. 73 00:04:25,476 --> 00:04:28,756 Now, the reason I put these in a nice little bubble on the screen is these are ones 74 00:04:28,756 --> 00:04:31,586 that you will want to know, of course, if you're certifying, 75 00:04:31,586 --> 00:04:33,456 but for the real world in a huge way. 76 00:04:33,796 --> 00:04:40,116 The reason knowing these is so valuable is because it allows you to respond to needs 77 00:04:40,116 --> 00:04:43,636 at hand without running to a book or you know trying to remember things. 78 00:04:43,636 --> 00:04:46,746 I mean and trust me, you'll see these so often that you'll-- 79 00:04:46,746 --> 00:04:50,896 I mean you'll get it again and again, but of course, if you're studying for a certification, 80 00:04:50,976 --> 00:04:54,716 well boonk, bounce your head against the screen, memorize those guys. 81 00:04:54,716 --> 00:04:58,356 So, the reason this is good you know it's kind of like okay why is it good to know these? 82 00:04:58,616 --> 00:05:02,636 Well remember, we've got all kinds of routers and these devices in between. 83 00:05:03,176 --> 00:05:06,116 It's very easy to turn a router into a firewall. 84 00:05:06,756 --> 00:05:12,156 Let's say, let's say you know what, I'm like you know what my organization or productivity is low 85 00:05:12,156 --> 00:05:15,606 because I walk around and I see people surfing the web all day long. 86 00:05:15,806 --> 00:05:16,836 I'm done with that. 87 00:05:16,926 --> 00:05:19,116 I'm going to immediately-- and this is all it takes I'm going 88 00:05:19,116 --> 00:05:21,956 to immediately block port 80 and port 443. 89 00:05:21,956 --> 00:05:26,616 Now, just go into this driver and say do not allow anybody except me, of course, 90 00:05:27,116 --> 00:05:31,986 to use port 80 or 443 to communicate on the web and bam. 91 00:05:31,986 --> 00:05:35,296 You just killed all internet access for your organization. 92 00:05:35,436 --> 00:05:38,506 It's all-- I should say all web surfing access. 93 00:05:38,506 --> 00:05:44,086 Internet is a broad term, but you know let's say I don't want emails to go out, 94 00:05:44,086 --> 00:05:47,306 block SMTP, simple mail transfer protocol. 95 00:05:47,306 --> 00:05:51,276 FTP, file transfer protocol, allow the-- you know take the opposite approach. 96 00:05:51,276 --> 00:05:53,726 You know I'm taking the negative side and maybe it's the positive side. 97 00:05:53,726 --> 00:05:57,386 You know what, we're going to be running our own email server inside of our organization. 98 00:05:57,386 --> 00:05:59,676 And the internet is going to start sending us emails. 99 00:05:59,676 --> 00:06:05,306 Well I need to allow .25 inbound to-- do you see the point? 100 00:06:05,306 --> 00:06:09,436 Like knowing these ports is huge, not only for just day to day use, 101 00:06:09,436 --> 00:06:12,926 but if you're a firewall admin that's a big part of what you do. 102 00:06:13,536 --> 00:06:19,826 So, as such, and let me just hit what these are: File transfer protocol, send and receive files, 103 00:06:19,826 --> 00:06:25,736 SSH secure shell; that's essentially secure Tellnet, a way of accessing our Cisco devices 104 00:06:25,736 --> 00:06:29,286 and managing them securely, among many other things you can do with SSH. 105 00:06:29,626 --> 00:06:35,176 We have Tellnet, which is the unsecure way of managing your different devices. 106 00:06:35,536 --> 00:06:39,416 We have SMTP, which is simple mail transfer protocol, email. 107 00:06:39,776 --> 00:06:44,626 DNS server, now on the TCP side this is used when you have to DNS servers and he's 108 00:06:44,626 --> 00:06:47,866 like I know everything about ants.com. 109 00:06:48,216 --> 00:06:52,376 I have all those records and I want to replicate those to you so you know about ants.com as well. 110 00:06:52,616 --> 00:06:54,666 That's the DNS server side, port 53. 111 00:06:55,016 --> 00:06:57,096 You got http, enough said. 112 00:06:57,516 --> 00:06:59,656 POP3 is an email client. 113 00:06:59,696 --> 00:07:07,576 So, if I'm sitting here on this PC I can say I want to go download my email from a POP3 server. 114 00:07:07,956 --> 00:07:11,816 Now I have it in the list because it's- it's common, but it's not as common, 115 00:07:11,816 --> 00:07:17,386 but port 143 is actually IMAP, IMAP4. 116 00:07:17,616 --> 00:07:23,556 Another way of email clients working, POP3 says I'm going to download all of these 117 00:07:23,556 --> 00:07:26,516 onto my computer and most of the time delete them from the server. 118 00:07:26,516 --> 00:07:28,216 So, it's all on my computer. 119 00:07:28,216 --> 00:07:31,546 If you're an Outlook whiz that's where you create your PST files in Outlook. 120 00:07:31,876 --> 00:07:35,716 IMAP4 says I'm going to get my email, but I'm going to leave it on the server. 121 00:07:35,716 --> 00:07:38,766 As a matter of fact, I'm just going to be eyes looking at the server, 122 00:07:38,946 --> 00:07:40,426 just tell me what email is on there. 123 00:07:40,426 --> 00:07:45,796 So, IMAP4 is a little better because you put your faith in the server staying online 124 00:07:45,796 --> 00:07:48,196 and not crashing and not your own PC. 125 00:07:48,196 --> 00:07:51,096 Whereas POP3 if you lose your PC you lose all your email. 126 00:07:51,346 --> 00:07:53,746 So, that's just a bonus side note. 127 00:07:54,076 --> 00:07:58,096 And then we have, of course, 443 HTTPS secure web surfing. 128 00:07:58,336 --> 00:08:00,436 On the UDP side we have a DNS client. 129 00:08:00,436 --> 00:08:05,866 We saw that tons in the last nugget, used for all those DNS lookups and then we have port 69, 130 00:08:05,866 --> 00:08:09,496 which is used for trivial file transfer protocol. 131 00:08:09,496 --> 00:08:13,486 That is used all the time with, I'll say Cisco 132 00:08:13,486 --> 00:08:19,536 but any network equipment vender or IP telephony device. 133 00:08:19,536 --> 00:08:23,926 Essentially the difference between these two, besides the one running on UDP 134 00:08:23,926 --> 00:08:28,746 and one running TCP is this one is secure, secure in the sense 135 00:08:28,746 --> 00:08:30,566 that that there's a username, there's a password. 136 00:08:30,566 --> 00:08:31,456 You have to log in. 137 00:08:31,456 --> 00:08:33,836 A lot of time you can restrict your permissions and all that. 138 00:08:34,116 --> 00:08:36,346 This one, no login required. 139 00:08:36,346 --> 00:08:38,346 You just kind of send and receive files. 140 00:08:38,676 --> 00:08:45,216 That's real easy, so you can-- you know what I'll talk more about TFTP plenty, 141 00:08:45,216 --> 00:08:47,906 because we'll be using it later on in this series. 142 00:08:47,906 --> 00:08:51,636 But like firmware updates for Cisco devices, configure-- 143 00:08:51,736 --> 00:08:55,186 you know saving a configuration file that's all done using TFTP. 144 00:08:55,896 --> 00:09:01,976 The last thing I want to do in this network foundations section is put all 145 00:09:01,976 --> 00:09:03,396 of these pieces together. 146 00:09:03,396 --> 00:09:07,016 I mean the last four nuggets have really been dissecting and looking 147 00:09:07,016 --> 00:09:11,696 at all the different layers of the OSI model and the depth of functionality 148 00:09:11,696 --> 00:09:14,356 that they have, the IP protocol and all of that. 149 00:09:14,356 --> 00:09:19,126 So, I just want to take these puzzle pieces and assemble this landscape with them and say, 150 00:09:19,126 --> 00:09:21,006 okay here's how they all fit together. 151 00:09:21,376 --> 00:09:25,426 So, first off I want to mention that I redrew this network diagram 152 00:09:25,426 --> 00:09:26,936 with a little more real world. 153 00:09:26,936 --> 00:09:29,906 You might recognize this one from one of the previous nuggets, 154 00:09:29,906 --> 00:09:33,046 but previously I had you know IP address, subnet mask, gateway. 155 00:09:33,136 --> 00:09:34,886 IP address, subnet mask, gateway. 156 00:09:34,886 --> 00:09:36,266 It just was really cluttered. 157 00:09:36,266 --> 00:09:39,906 That's actually not normal for a network diagram to do that, although you could. 158 00:09:40,396 --> 00:09:47,366 But what is normal is for people to just say okay, this is the 172.30.100 network, 159 00:09:47,476 --> 00:09:50,166 like up to this first router, because the router ends the network, right. 160 00:09:50,166 --> 00:09:57,336 Is 172.30.100.0/24, now that's classy subnet mask, so this represents the network. 161 00:09:57,336 --> 00:10:01,226 This represents the host and then you can see all of the other ones, 162 00:10:01,226 --> 00:10:03,656 you know what networks these are, every single interface 163 00:10:03,656 --> 00:10:05,496 of the router represents a new network. 164 00:10:05,496 --> 00:10:08,296 And then they'll put the IP addresses on the devices. 165 00:10:08,296 --> 00:10:11,966 They'll say this guy is actually .100. 166 00:10:11,966 --> 00:10:13,556 This guy is .1. 167 00:10:13,556 --> 00:10:16,276 You know he's the default gateway and you know I'll flip colors. 168 00:10:16,276 --> 00:10:18,016 On this network he's maybe .1. 169 00:10:18,016 --> 00:10:24,486 On this network and he's .2 and over on this network we have .1 of 172.30.1 170 00:10:24,486 --> 00:10:30,746 and then this server here is, let's just make him .70 is his IP address. 171 00:10:30,786 --> 00:10:35,766 So, this is our landscape, right. 172 00:10:35,766 --> 00:10:37,416 Now here's the scenario. 173 00:10:38,516 --> 00:10:51,246 This computer opens a web browser and types in http://172.30.50.70, 174 00:10:51,836 --> 00:10:53,206 which is this web server over here. 175 00:10:53,206 --> 00:10:55,536 Now, I'm taking DNS out of the picture. 176 00:10:55,536 --> 00:10:59,696 You know we're typing in the IP address manually instead of typing in www.something 177 00:10:59,836 --> 00:11:01,426 and letting DNS get involved, because they're just-- 178 00:11:01,426 --> 00:11:04,306 there'd be too much to talk about if we did that. 179 00:11:04,306 --> 00:11:09,086 So, we hit the enter key on our keyboard, what happens. 180 00:11:09,086 --> 00:11:14,346 Actually you know what if you are feeling like a stud or studette pause right there, 181 00:11:14,576 --> 00:11:17,226 pull out a piece of paper and write just a list of steps. 182 00:11:17,226 --> 00:11:22,916 Here's exactly what happens Jeremy when that happens and then unpause and come back, okay. 183 00:11:22,916 --> 00:11:25,106 So, if you paused welcome back. 184 00:11:25,106 --> 00:11:27,126 If not, here we go. 185 00:11:27,226 --> 00:11:30,406 So, we've got this, we've got this computer right here going to this web browser. 186 00:11:30,406 --> 00:11:34,746 First thing it does is go wait a sec, that is not on my network. 187 00:11:34,746 --> 00:11:40,356 I'm looking at my network 172.30.100 that is 172.30.50, ehh not me. 188 00:11:40,586 --> 00:11:45,216 So, I know that I can't send an ARP message and just you know talk to that guy via a broadcast. 189 00:11:45,216 --> 00:11:50,166 I have to send an ARP message and it's for my default gateway, this .1. 190 00:11:50,356 --> 00:11:52,786 So, it sends an ARP which is a broadcast message, 191 00:11:54,186 --> 00:11:56,416 goes to everybody that's attached to that switch. 192 00:11:56,656 --> 00:11:59,096 They all ignore it except for the router who says op, 193 00:11:59,096 --> 00:12:02,126 that's me and what you're looking for is my MAC address. 194 00:12:02,126 --> 00:12:07,286 Now let's give these guys some quick MAC address information and let me flip to a red. 195 00:12:07,286 --> 00:12:09,216 So, his MAC address is 1111. 196 00:12:09,566 --> 00:12:12,296 He's 2222, I know, I know. 197 00:12:12,296 --> 00:12:15,626 They're 12 characters but that's a lot of writing. 198 00:12:15,626 --> 00:12:20,696 So, we're just plugging in MAC addresses all the way across the network. 199 00:12:20,696 --> 00:12:25,546 Okay, so this guy comes back and says hey, my MAC address is actually 2222 200 00:12:25,546 --> 00:12:27,406 and that's what you need to assemble your packet. 201 00:12:27,666 --> 00:12:30,646 So, this guy says okay, I'm going to assemble a packet. 202 00:12:31,006 --> 00:12:34,066 Now, here's the trick question, what's he sending? 203 00:12:35,346 --> 00:12:39,396 Well remember, first time he's trying to talk to this guy what's he going to send? 204 00:12:39,396 --> 00:12:42,596 HTTP, it's going to be a TCP based protocol 205 00:12:42,596 --> 00:12:46,396 and before we can do anything we have to shake his hand. 206 00:12:46,686 --> 00:12:48,156 We have to do a three-way handshake. 207 00:12:48,156 --> 00:12:49,246 So, what's in this packet? 208 00:12:49,666 --> 00:12:56,786 SYN, synchronization bit that's going to say here's what sequence number I'm going to start 209 00:12:56,786 --> 00:12:59,236 at and tell the other side I want to start a session with you. 210 00:12:59,486 --> 00:13:01,436 Now, he starts encapsulating that packet. 211 00:13:01,436 --> 00:13:06,456 He says okay transport layer information, this is going to be 2A, 212 00:13:06,456 --> 00:13:12,906 we'll say from a source TCP port of 5511. 213 00:13:13,156 --> 00:13:14,156 Now, where did that come from? 214 00:13:14,156 --> 00:13:18,566 Well, windows makes it up, dynamically generated source port just for the session. 215 00:13:18,886 --> 00:13:21,816 The destination port, however, is well known, 216 00:13:21,816 --> 00:13:25,466 so I'll have destination TCP port of what do you think, 80. 217 00:13:25,566 --> 00:13:27,636 He's using HTTP right? 218 00:13:27,836 --> 00:13:33,686 So, now the computer, Windows is ready to receive back on port 55511 219 00:13:33,686 --> 00:13:36,456 and he's sending to a destination port of 80. 220 00:13:36,936 --> 00:13:41,446 So, from there we have the source IP address 221 00:13:41,446 --> 00:13:47,706 where we're coming from, 172.30.50 no wait a second. 222 00:13:47,706 --> 00:13:49,046 No, not .50, 100. 223 00:13:49,046 --> 00:13:54,256 I'm staring at the URL there, .100.100, that's. 224 00:13:54,256 --> 00:13:57,056 So, 100 100, that's-- so our IP address is our source IP. 225 00:13:57,336 --> 00:14:07,346 Then we've got our destination IP of 172.30.50.70, that's where we're going. 226 00:14:07,446 --> 00:14:08,676 So, we're building this packet. 227 00:14:08,676 --> 00:14:09,936 We're encapsulating it. 228 00:14:10,126 --> 00:14:13,286 We've got all the overhead needed to get to the other side of the network. 229 00:14:13,456 --> 00:14:17,566 Two more things that need to be added on there, one is going to be the source MAC, 230 00:14:17,896 --> 00:14:25,506 which in our case is 1111 and then finally the destination MAC, which in our case is 2222. 231 00:14:26,176 --> 00:14:27,896 What it's saying is I'm going to use this route. 232 00:14:27,896 --> 00:14:33,656 I'm going to go to that router in order to reach this destination IP address of 50.70. 233 00:14:33,656 --> 00:14:38,666 Now something I wouldn't expect you to know and I haven't spoken about until now, 234 00:14:38,666 --> 00:14:43,326 but when you get down to this level of the data link you're actually creating something 235 00:14:43,556 --> 00:14:45,506 technically called frame. 236 00:14:45,716 --> 00:14:47,006 We'll talk about that in just a second. 237 00:14:47,256 --> 00:14:51,046 Because the very, very last thing it does before it's going to put this on the wire 238 00:14:51,046 --> 00:14:56,256 and send electric signals is it sticks a piece of information at the end of this packet. 239 00:14:56,256 --> 00:14:58,946 Some people call it the FCS. 240 00:14:59,146 --> 00:15:02,286 Some people call it the CRC; it's the same thing. 241 00:15:02,696 --> 00:15:06,136 It's the frame check sequence or cyclical redundancy check. 242 00:15:06,136 --> 00:15:10,116 Think of it this way, the hardware of the network card, 243 00:15:10,116 --> 00:15:12,166 almost every network card, can do this built in. 244 00:15:12,166 --> 00:15:15,526 They've got chips to do it, but it has like a little hashing blender. 245 00:15:15,526 --> 00:15:19,916 It's a mathematical formula where it takes that whole packet, throws in the blender 246 00:15:19,916 --> 00:15:25,556 and goes [Sound effects] and spits out this little-- it's called a hash. 247 00:15:25,556 --> 00:15:31,486 It's like a you know we'll say a 32 character you know 115AB9C, 248 00:15:31,486 --> 00:15:36,686 this giant hash that's blending all this together in a mathematical formula 249 00:15:36,686 --> 00:15:41,076 that it generates and it takes that hash and puts it right at the end of the packet. 250 00:15:41,396 --> 00:15:47,556 The packet goes all the way to the end of the other side and before the server even processes 251 00:15:47,556 --> 00:15:51,706 and looks at that packet, it takes all this information right here, 252 00:15:51,706 --> 00:15:54,086 throws it in the blender, hits the same puree button. 253 00:15:54,086 --> 00:16:00,036 They've got the same mathematical formula [Sound effects] and spits out this answer right here, 254 00:16:00,286 --> 00:16:04,446 which it then compares to the frame check sequence sitting at the very end. 255 00:16:04,666 --> 00:16:05,926 If they match, he goes great. 256 00:16:05,926 --> 00:16:07,436 This is a good packet. 257 00:16:07,436 --> 00:16:12,356 If they don't match the server immediately drops it 258 00:16:12,556 --> 00:16:15,296 because he says this is, this is not a good packet. 259 00:16:15,296 --> 00:16:19,516 Either there's a malicious person that's gotten in the middle of me and this person 260 00:16:19,516 --> 00:16:23,586 and modified some data inside of there or more likely, there is just some kind 261 00:16:23,586 --> 00:16:26,896 of electromagnetic interference that went by a fluorescent flickering light 262 00:16:26,896 --> 00:16:31,666 and it scrambled the packet or somebody's chair rolled over the cable at just the wrong time, 263 00:16:31,666 --> 00:16:32,896 you know one of those kind of things. 264 00:16:32,896 --> 00:16:34,206 So, it'll discard the packet. 265 00:16:34,206 --> 00:16:37,776 So, this guy will send the message again, that's TCP. 266 00:16:37,776 --> 00:16:40,236 So, that's what the frame check sequence is. 267 00:16:40,236 --> 00:16:44,226 And let me add one more, one more piece of information. 268 00:16:44,586 --> 00:16:49,156 I said you know I've been talking about this like a frame check with sequence, a frame. 269 00:16:49,476 --> 00:16:56,566 There is actually technical language that people use for data at the bottom four layers. 270 00:16:56,566 --> 00:16:58,646 You know up here is those top application layers, 271 00:16:58,646 --> 00:17:00,746 you know session, presentation application. 272 00:17:00,926 --> 00:17:03,256 Those-- that all happens in the computer. 273 00:17:03,256 --> 00:17:03,906 We don't care about that. 274 00:17:03,906 --> 00:17:07,726 But down here we have physical data link, network and transport, 275 00:17:08,406 --> 00:17:11,826 technically speaking you're supposed 276 00:17:11,826 --> 00:17:15,226 to call data different things as it passes through each layer. 277 00:17:15,586 --> 00:17:18,146 At the transport layer you call it a segment. 278 00:17:19,976 --> 00:17:23,076 Like if you're talking about data being encapsulated, you say oh yea, 279 00:17:23,076 --> 00:17:26,836 we have some segments being created or down here at the network layer, 280 00:17:26,836 --> 00:17:28,176 that's where you call it a packet. 281 00:17:30,136 --> 00:17:37,336 At the data link layer, you call it thinking it, but saying data link, a frame. 282 00:17:37,836 --> 00:17:43,036 And the reason-- and I mean you look at it and you go oh, I can see the reason it got 283 00:17:43,036 --> 00:17:45,156 that name, because I stick information on the front 284 00:17:45,156 --> 00:17:48,076 and end of the packet, thus the name frame, ah. 285 00:17:48,666 --> 00:17:51,326 And then down here at the very bottom we have the physical layer, 286 00:17:51,326 --> 00:17:53,296 where we have BITS getting involved. 287 00:17:53,546 --> 00:17:57,036 So, that's where we're saying I'm sending BITS on the wire. 288 00:17:57,036 --> 00:18:02,956 So, technically if you're a purest and I haven't met many, you would say okay well, 289 00:18:02,956 --> 00:18:06,066 we've got frames going around the network or you know if we're talking 290 00:18:06,066 --> 00:18:09,756 about physical infrastructure, well okay, well the BITS are being corrupted by you know, 291 00:18:09,756 --> 00:18:11,406 well that's how you're supposed to refer to things. 292 00:18:11,636 --> 00:18:15,206 However, everybody nowadays calls everything a packet, 293 00:18:15,326 --> 00:18:18,186 just because it's really easy and you don't have to think. 294 00:18:18,186 --> 00:18:19,816 So, I do the same thing. 295 00:18:19,926 --> 00:18:23,806 So, everything going across the network is a packet, but technically you're supposed to say 296 00:18:24,076 --> 00:18:26,646 as the switch receives the frame. 297 00:18:27,596 --> 00:18:28,736 Did I say it was sent? 298 00:18:28,736 --> 00:18:30,436 Okay, the device sends it right. 299 00:18:30,486 --> 00:18:34,706 So, as the switch receives the frame, because it's a layer two device, 300 00:18:34,706 --> 00:18:39,726 it looks at the source MAC address and I'll say here's a bonus piece 301 00:18:39,726 --> 00:18:40,666 that we'll talk about later. 302 00:18:40,876 --> 00:18:45,586 If it has never heard of the source MAC address 1111 before, it learns out and that how it-- 303 00:18:45,586 --> 00:18:49,686 it goes oh, I didn't know that, 1111 is actually on port 5, great. 304 00:18:49,686 --> 00:18:50,526 I'm now a little smarter. 305 00:18:50,776 --> 00:18:54,516 And then it goes okay destination MAC address, 2222, it goes oh, well I learned about that. 306 00:18:54,516 --> 00:18:59,976 That's on port 9 over here, so I'm just going to switch that right over to this router at 307 00:18:59,976 --> 00:19:03,026 and I'll say almost all switches nowadays are wire speed. 308 00:19:03,026 --> 00:19:06,646 So, there's no, no delay at all coming into that switch. 309 00:19:07,056 --> 00:19:08,686 So, the router receives it. 310 00:19:09,196 --> 00:19:11,616 The router looks at it and goes oh great, I've got mail. 311 00:19:11,616 --> 00:19:12,316 You've got mail. 312 00:19:12,316 --> 00:19:14,316 He looks at it and he goes that's my MAC address. 313 00:19:14,466 --> 00:19:19,286 So he looks a little further and he goes oh, it's not going to me it's going through me. 314 00:19:19,286 --> 00:19:25,906 It's going to 172.30.50.70, which is not me so I am going to look at my routing table. 315 00:19:26,046 --> 00:19:34,286 And in the routing table he's looking for a route to 172.30.50, not 70 at 0/24. 316 00:19:35,036 --> 00:19:37,886 Because routers don't really know abut hosts. 317 00:19:37,886 --> 00:19:40,096 I mean they can, but you don't want them to. 318 00:19:40,366 --> 00:19:45,386 They know how to reach networks, so in its routing table he's going to say oh, I remember, 319 00:19:45,386 --> 00:19:54,216 to get to the 172.30.50 network, that's this guy over here, I need to go to where, 10.5.1.2. 320 00:19:54,626 --> 00:19:57,326 That's this guy, now wait a sec, wait. 321 00:19:57,326 --> 00:19:59,046 Whoa, how did he know that. 322 00:19:59,396 --> 00:20:04,586 Well, because somebody had previously taken this series and had configured him to know that. 323 00:20:04,676 --> 00:20:08,346 They put him in the static router or something and configure that device to know, 324 00:20:08,346 --> 00:20:09,916 because it won't know it by default. 325 00:20:09,916 --> 00:20:13,516 You have to, that's your job as a Cisco person is to configure it. 326 00:20:13,516 --> 00:20:18,136 So, it's going to go okay, well to get to that IP address, which is him, 327 00:20:18,276 --> 00:20:25,126 to get to that IP address I'm going to tear off [Sound effects] the old source 328 00:20:25,126 --> 00:20:27,416 and destination MAC address and replace it. 329 00:20:27,416 --> 00:20:31,386 Now the new source is going to be 3333. 330 00:20:31,636 --> 00:20:35,376 The new destination is going to be 4444, right. 331 00:20:35,906 --> 00:20:40,246 But if it had to send an ARP message to figure out who that is 332 00:20:40,246 --> 00:20:42,216 because he just knows the IP address, he would do that. 333 00:20:42,536 --> 00:20:45,556 However, most routers will have all that information cached. 334 00:20:45,556 --> 00:20:47,836 It'll have done it before at some point. 335 00:20:47,836 --> 00:20:54,756 So, it then puts that packet, it puts the frame into BITS on the wire and then sends it 336 00:20:54,756 --> 00:20:58,816 over here to the router who receives it, has the same immediate reaction, oh great, 337 00:20:58,816 --> 00:21:01,156 I've got mail because this is my MAC address. 338 00:21:01,156 --> 00:21:03,106 And he looks an he goes, oh that's not me. 339 00:21:03,436 --> 00:21:05,686 That's actually something connected to my land. 340 00:21:05,686 --> 00:21:06,546 That's fantastic. 341 00:21:06,546 --> 00:21:10,046 So he's going to send an ARP message if he doesn't know already to try 342 00:21:10,046 --> 00:21:11,526 and find the MAC address for this guy. 343 00:21:12,446 --> 00:21:15,616 This guy responds back and says I'm 6666. 344 00:21:15,616 --> 00:21:18,976 He then fills in the new, again crosses out the old, strips it off 345 00:21:18,976 --> 00:21:21,136 and puts the new information on there. 346 00:21:21,136 --> 00:21:27,396 It's coming from 5555, going to 6666 and he just received a SYN. 347 00:21:28,726 --> 00:21:32,826 Again, and I know we've done similar diagrams with less pieces 348 00:21:32,826 --> 00:21:35,716 like this before, but I have to say it again. 349 00:21:35,716 --> 00:21:40,106 We were doing Wireshark captures of this and seeing this all happen in what, 350 00:21:40,106 --> 00:21:44,866 like end-to-end it would get there and back and .1, .2 second time frames. 351 00:21:44,866 --> 00:21:48,856 I mean it's just crazy how fast all of this happens in between. 352 00:21:49,256 --> 00:21:53,316 So, this guy realizes, oh you want to talk to me. 353 00:21:53,516 --> 00:21:56,166 This is the first message of a three-way handshake. 354 00:21:56,166 --> 00:22:00,116 I see that your sequence number is going to begin at, it does-- 355 00:22:00,116 --> 00:22:03,856 I know in the last nugget it was 0, we saw that in Wireshark, but it's not always that way. 356 00:22:04,106 --> 00:22:08,256 Let's say in the SYN message he said my starting sequence number is going to be 1000. 357 00:22:08,676 --> 00:22:12,126 I'll start sending from byte or number 1000. 358 00:22:12,126 --> 00:22:18,206 So this guy comes back and he'll generate, you want to remember a SYNACK. 359 00:22:19,136 --> 00:22:22,376 He's going to generate a SYNAC and it'll say, 360 00:22:22,376 --> 00:22:24,436 okay well I'm going to start sending data to you. 361 00:22:24,656 --> 00:22:28,746 I'll start from the number 500 and its internal Windows figures all that out 362 00:22:29,006 --> 00:22:31,496 of whatever sequence number he'll start from. 363 00:22:31,666 --> 00:22:36,356 And I'm going to send an acknowledgement that I received your starting point of 1000, 364 00:22:36,356 --> 00:22:40,776 so what's the acknowledgement going to be, 1001. 365 00:22:41,046 --> 00:22:43,476 It's always one more than the SYN. 366 00:22:43,766 --> 00:22:47,526 Oh heavens, if I were to break it down every single time, 367 00:22:47,526 --> 00:22:50,256 same process right all the way back through. 368 00:22:50,566 --> 00:22:53,866 This guy says okay, I've got the SYNACK, he does it one more time. 369 00:22:53,866 --> 00:23:02,736 He sends an ACK back Jack, with the ACK number being 501, like I've received your SYN at 500. 370 00:23:02,736 --> 00:23:04,306 I know where you're going to start sending from. 371 00:23:04,726 --> 00:23:10,226 Now, let's start sending now after all of this I've filled a screen full of information. 372 00:23:10,476 --> 00:23:15,616 Now, he sends a request, the data instead of a SYN. 373 00:23:15,616 --> 00:23:21,226 It would now actually be an HTTP most likely, would be a GET message for HTTP 374 00:23:21,226 --> 00:23:24,156 like give me your webpage, whatever default webpage 375 00:23:24,156 --> 00:23:26,256 that you're looking for unless you specified. 376 00:23:26,466 --> 00:23:30,616 I said I want index.htm or something like that. 377 00:23:30,616 --> 00:23:33,366 Then it would have httpget index, you know .htm. 378 00:23:33,366 --> 00:23:37,766 So, that would be the actual data, same thing all the way back here and then sending back 379 00:23:37,766 --> 00:23:42,296 as data begins to transmit Window sizes for TCP are increasing. 380 00:23:42,876 --> 00:23:43,876 Are you feeling this? 381 00:23:45,316 --> 00:23:49,056 Really, I mean seriously, like I just reached the end of this and right now, 382 00:23:49,446 --> 00:23:54,046 I know someone out there is like, oh I get it. 383 00:23:54,436 --> 00:23:56,456 That, makes total sense. 384 00:23:56,456 --> 00:24:00,986 Now if it doesn't and you're like [Sound effects] no worries, it's great. 385 00:24:01,046 --> 00:24:06,326 Rewind, you know but I know just all those pieces that we've talked 386 00:24:06,326 --> 00:24:09,516 about in the last four nuggets came together right there. 387 00:24:09,516 --> 00:24:14,566 So, that is the complete end-to-end story of network communication. 388 00:24:15,096 --> 00:24:19,476 What did we see and what do I want you to do with it? 389 00:24:19,856 --> 00:24:24,616 Well, we kind of put the lid on network foundations, seeing the common port numbers 390 00:24:24,616 --> 00:24:29,466 that you want to know and I would definitely commit those, especially the TCP ones to memory 391 00:24:29,986 --> 00:24:34,366 and then we completed the end-to-end communication story, putting all layers one 392 00:24:34,366 --> 00:24:36,736 through four together in that big communication. 393 00:24:36,736 --> 00:24:38,466 So, what do I want you to do with it? 394 00:24:38,466 --> 00:24:40,486 Well, number one memorize those port numbers. 395 00:24:40,936 --> 00:24:43,276 You'll need them for the exam and for the real world. 396 00:24:43,396 --> 00:24:45,916 Second, is use Netstat. 397 00:24:45,916 --> 00:24:48,746 Use that Netstat utility that I've been showing you a number 398 00:24:48,856 --> 00:24:51,286 of times to find out if you have a virus. 399 00:24:51,696 --> 00:24:53,716 [Laughter] I haven't said that until now. 400 00:24:53,886 --> 00:24:57,646 Like really, go in and close everything down on your computer 401 00:24:57,876 --> 00:24:59,536 and type in Netstat and press enter. 402 00:24:59,806 --> 00:25:04,496 If you see like 50 or 100 different sessions that are open 403 00:25:04,646 --> 00:25:07,026 on there, that's not good, usually. 404 00:25:07,026 --> 00:25:08,296 That means something that's running 405 00:25:08,296 --> 00:25:10,566 in the background may be sending spam from your computer. 406 00:25:10,566 --> 00:25:11,826 It's a BOT, you're infected. 407 00:25:11,826 --> 00:25:14,256 It's trying to attack or scan other devices. 408 00:25:14,566 --> 00:25:17,536 Now, I'm not saying that if you see a bunch of stuff there you're absolutely infected. 409 00:25:17,536 --> 00:25:18,936 I mean people have all kinds of stuff. 410 00:25:18,936 --> 00:25:20,916 I mean you got Dropbox running in the background. 411 00:25:20,916 --> 00:25:22,726 You got Pandora playing music. 412 00:25:22,726 --> 00:25:27,166 You know all that could be, could be on this list, but I mean seriously that's a quick way. 413 00:25:27,326 --> 00:25:30,386 That's what I do whenever you know somebody's like my computer's running slow. 414 00:25:30,386 --> 00:25:33,216 First thing I do is open that [Inaudible] and see if there's some kind of weird, 415 00:25:33,386 --> 00:25:36,336 weird stuff going on behind the scenes. 416 00:25:36,676 --> 00:25:39,246 Next thing I'd recommend you do, write it all down. 417 00:25:39,426 --> 00:25:43,666 If you haven't been taking notes, rewind back to that end-to-end story 418 00:25:43,946 --> 00:25:48,446 and create your own little network diagram or even better yet envision it yourself. 419 00:25:48,446 --> 00:25:51,576 You know go to a website on the internet, stare at it for a minute and then say, 420 00:25:51,836 --> 00:25:54,856 okay I'm going to draw up on paper how the communication 421 00:25:54,856 --> 00:25:57,156 for my house, I mean use your IP address. 422 00:25:57,156 --> 00:25:58,776 Use your ISP. 423 00:25:58,776 --> 00:26:03,446 You know fill in all the gaps of your own picture of how you communicated that website. 424 00:26:03,736 --> 00:26:05,396 Then explain it all to a friend. 425 00:26:05,586 --> 00:26:09,606 That's absolutely the best way to learn something if you can get somebody to sit down. 426 00:26:09,606 --> 00:26:12,326 Usually a spouse works well or a pet. 427 00:26:12,326 --> 00:26:16,926 Then Wireshark, if you didn't do that in the last nugget go to the last page of the internet. 428 00:26:16,926 --> 00:26:17,966 Remember I showed that to you? 429 00:26:17,966 --> 00:26:21,036 Go to the last page of the internet, real simple webpage and just capture 430 00:26:21,036 --> 00:26:22,906 that Wireshark data and analyze it. 431 00:26:23,116 --> 00:26:26,186 I hope this has been informative for you and I'd like to thank you for viewing. 42406