Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,626 --> 00:00:04,856
>> How Applications Speak - TCP and UDP, Part 2.
2
00:00:04,856 --> 00:00:08,706
We're going to pick up right where
we left off in the last nugget,
3
00:00:08,706 --> 00:00:14,286
which is we had just finished talking about
TCP and UDP and going through Wireshark
4
00:00:14,286 --> 00:00:17,426
and all its glory showing
captures of communication
5
00:00:17,426 --> 00:00:20,186
with these two protocols,
which were immensely valuable.
6
00:00:20,586 --> 00:00:25,086
Now I want to get back to some of the core
principles, which is the common port numbers
7
00:00:25,226 --> 00:00:30,126
where we left off and then completing
the end-to-end communication story.
8
00:00:30,126 --> 00:00:34,696
So, we put all these pieces together and wrap
up what I would call the network foundations.
9
00:00:35,156 --> 00:00:40,006
And it's pretty hard for me after that
last nugget to kind of jump into the ports
10
00:00:40,006 --> 00:00:43,816
because it just kind of bridges
where that last nugget was at.
11
00:00:43,816 --> 00:00:46,396
So, bear with me for a second.
12
00:00:46,396 --> 00:00:50,616
So, remember that we have a
computer, alright speaking to a server
13
00:00:50,936 --> 00:00:54,356
that is going to provide some service.
14
00:00:54,356 --> 00:00:59,616
Now this server could be
running web serving software.
15
00:00:59,616 --> 00:01:02,226
It could be running email serving software.
16
00:01:02,226 --> 00:01:07,556
It could be running Microsoft Exchange or
maybe some kind of Linux based email service.
17
00:01:07,556 --> 00:01:10,946
It could be running an FTP
site where it's sharing files.
18
00:01:10,946 --> 00:01:14,196
It could be running all three
of them at the same time.
19
00:01:14,516 --> 00:01:17,006
The point of this is when
we're using a protocol,
20
00:01:17,006 --> 00:01:22,036
namely these are all TCP based protocols, when
we're using a protocol to contact it we need
21
00:01:22,036 --> 00:01:24,226
to specify which service we're looking for.
22
00:01:24,726 --> 00:01:28,946
And behind the scenes are web
browsers fill that in for us.
23
00:01:28,946 --> 00:01:33,046
So, when we open a web browser, and actually
I've already opened this Wikipedia page
24
00:01:33,046 --> 00:01:33,406
right here.
25
00:01:33,626 --> 00:01:39,566
But when I got to Wikipedia.org it
automatically knows I'm going to use port 80.
26
00:01:39,566 --> 00:01:41,736
As a matter of fact I have this thought.
27
00:01:41,736 --> 00:01:44,806
I want to open up the Wireshark
capture from the last nugget
28
00:01:44,976 --> 00:01:48,446
and you can see behind the scenes
the computer's doing all this.
29
00:01:48,446 --> 00:01:51,066
Okay destination port is port 80 or http.
30
00:01:51,066 --> 00:01:54,086
The source port is 49885.
31
00:01:54,086 --> 00:01:57,896
So, every single time you establish the
sessions, so I've got this going we'll say
32
00:01:57,896 --> 00:02:02,606
to the web services, so we'll have
TCP port 80, it's always going to come
33
00:02:02,606 --> 00:02:05,246
from some source port that
Windows just makes up.
34
00:02:05,406 --> 00:02:07,656
This is the dynamic port number.
35
00:02:08,226 --> 00:02:11,256
So, it's usually going to be in
the upper port numbers because all
36
00:02:11,256 --> 00:02:13,706
of the well known ports are here at the bottom.
37
00:02:14,236 --> 00:02:22,186
Now I do know both protocols do have
65,535 ports that are available for use
38
00:02:22,276 --> 00:02:27,626
that are distinct, meaning it's not like you
know the TCP ports and UDP ports overlap.
39
00:02:27,866 --> 00:02:31,546
Port 53 on this side is different
than port 53 on this side.
40
00:02:31,546 --> 00:02:33,016
They're two different-- of course,
41
00:02:33,186 --> 00:02:36,006
I would choose to circle the one
that-- you're like no it's not.
42
00:02:36,006 --> 00:02:38,896
It's DNS. Well one's a DNS server,
one's a DNS client used for--
43
00:02:38,896 --> 00:02:40,766
it's called zone transfers and stuff like that.
44
00:02:40,766 --> 00:02:43,216
But for instance, over here port 80 is not http.
45
00:02:43,216 --> 00:02:47,906
You know it's something else on the UDP side.
46
00:02:47,906 --> 00:02:50,826
So, they are distinct 65,000 ports.
47
00:02:50,896 --> 00:02:56,876
Up to port 1023 is actually
considered well known
48
00:02:56,876 --> 00:02:58,956
and that's why I pulled up that Wikipedia page.
49
00:02:59,116 --> 00:03:03,136
I put some common ports here on the screen,
but no-- I mean this is just [Sound effects]
50
00:03:03,576 --> 00:03:07,886
and it's like just this giant list of ports.
51
00:03:07,886 --> 00:03:11,016
Like you know you can see right there
that it's port 25 that's used for SMTP.
52
00:03:11,016 --> 00:03:12,666
That is an official standard.
53
00:03:12,666 --> 00:03:14,496
Like that is documented.
54
00:03:14,496 --> 00:03:18,506
It's RFC standards based, but you also
see you know we've got this winds,
55
00:03:18,506 --> 00:03:20,926
which is a Microsoft service,
which is unofficial.
56
00:03:21,066 --> 00:03:26,056
They run it on port 42, but they didn't
create some kind of RFC standards
57
00:03:26,056 --> 00:03:28,256
because WINS is Microsoft proprietary.
58
00:03:28,256 --> 00:03:29,686
So, you can down this list.
59
00:03:29,686 --> 00:03:33,306
I mean you find-- I think they even
have, let me just do a find Warcraft.
60
00:03:34,146 --> 00:03:36,086
Yea, look at this.
61
00:03:36,086 --> 00:03:41,356
TCP port 3723 used by Diablo
Warcraft, StarCraft you know.
62
00:03:41,356 --> 00:03:47,946
I mean this is a cumulative list
of well known services that are
63
00:03:47,946 --> 00:03:49,936
out there and you find all kinds of stuff.
64
00:03:49,936 --> 00:03:52,786
Microsoft Ants for crying
out loud made the list.
65
00:03:52,786 --> 00:03:57,736
So, you've got all of these different ports that
based on-- let's say I'm running Microsoft Ants,
66
00:03:57,736 --> 00:04:02,136
which I'm really curious to see what that is now
and I may just pause the video and go do that.
67
00:04:02,136 --> 00:04:07,196
It's going to go into the Microsoft
Ants server, whatever that server does
68
00:04:07,196 --> 00:04:11,106
and manage the ants I suppose on port 4001;
69
00:04:11,106 --> 00:04:14,646
that's the well known port
for the Microsoft Ants game.
70
00:04:15,756 --> 00:04:17,296
Come on you wanted me to click it right.
71
00:04:17,296 --> 00:04:20,626
A free, free multi-- oh I'm there.
72
00:04:20,906 --> 00:04:25,476
So, we've got these common TCP ports.
73
00:04:25,476 --> 00:04:28,756
Now, the reason I put these in a nice little
bubble on the screen is these are ones
74
00:04:28,756 --> 00:04:31,586
that you will want to know, of
course, if you're certifying,
75
00:04:31,586 --> 00:04:33,456
but for the real world in a huge way.
76
00:04:33,796 --> 00:04:40,116
The reason knowing these is so valuable is
because it allows you to respond to needs
77
00:04:40,116 --> 00:04:43,636
at hand without running to a book or
you know trying to remember things.
78
00:04:43,636 --> 00:04:46,746
I mean and trust me, you'll see
these so often that you'll--
79
00:04:46,746 --> 00:04:50,896
I mean you'll get it again and again, but of
course, if you're studying for a certification,
80
00:04:50,976 --> 00:04:54,716
well boonk, bounce your head against
the screen, memorize those guys.
81
00:04:54,716 --> 00:04:58,356
So, the reason this is good you know it's kind
of like okay why is it good to know these?
82
00:04:58,616 --> 00:05:02,636
Well remember, we've got all kinds of
routers and these devices in between.
83
00:05:03,176 --> 00:05:06,116
It's very easy to turn a router into a firewall.
84
00:05:06,756 --> 00:05:12,156
Let's say, let's say you know what, I'm like you
know what my organization or productivity is low
85
00:05:12,156 --> 00:05:15,606
because I walk around and I see
people surfing the web all day long.
86
00:05:15,806 --> 00:05:16,836
I'm done with that.
87
00:05:16,926 --> 00:05:19,116
I'm going to immediately-- and
this is all it takes I'm going
88
00:05:19,116 --> 00:05:21,956
to immediately block port 80 and port 443.
89
00:05:21,956 --> 00:05:26,616
Now, just go into this driver and say do
not allow anybody except me, of course,
90
00:05:27,116 --> 00:05:31,986
to use port 80 or 443 to
communicate on the web and bam.
91
00:05:31,986 --> 00:05:35,296
You just killed all internet
access for your organization.
92
00:05:35,436 --> 00:05:38,506
It's all-- I should say all web surfing access.
93
00:05:38,506 --> 00:05:44,086
Internet is a broad term, but you know
let's say I don't want emails to go out,
94
00:05:44,086 --> 00:05:47,306
block SMTP, simple mail transfer protocol.
95
00:05:47,306 --> 00:05:51,276
FTP, file transfer protocol, allow the--
you know take the opposite approach.
96
00:05:51,276 --> 00:05:53,726
You know I'm taking the negative side
and maybe it's the positive side.
97
00:05:53,726 --> 00:05:57,386
You know what, we're going to be running our
own email server inside of our organization.
98
00:05:57,386 --> 00:05:59,676
And the internet is going
to start sending us emails.
99
00:05:59,676 --> 00:06:05,306
Well I need to allow .25 inbound
to-- do you see the point?
100
00:06:05,306 --> 00:06:09,436
Like knowing these ports is huge,
not only for just day to day use,
101
00:06:09,436 --> 00:06:12,926
but if you're a firewall admin
that's a big part of what you do.
102
00:06:13,536 --> 00:06:19,826
So, as such, and let me just hit what these are:
File transfer protocol, send and receive files,
103
00:06:19,826 --> 00:06:25,736
SSH secure shell; that's essentially secure
Tellnet, a way of accessing our Cisco devices
104
00:06:25,736 --> 00:06:29,286
and managing them securely, among
many other things you can do with SSH.
105
00:06:29,626 --> 00:06:35,176
We have Tellnet, which is the unsecure
way of managing your different devices.
106
00:06:35,536 --> 00:06:39,416
We have SMTP, which is simple
mail transfer protocol, email.
107
00:06:39,776 --> 00:06:44,626
DNS server, now on the TCP side this is
used when you have to DNS servers and he's
108
00:06:44,626 --> 00:06:47,866
like I know everything about ants.com.
109
00:06:48,216 --> 00:06:52,376
I have all those records and I want to replicate
those to you so you know about ants.com as well.
110
00:06:52,616 --> 00:06:54,666
That's the DNS server side, port 53.
111
00:06:55,016 --> 00:06:57,096
You got http, enough said.
112
00:06:57,516 --> 00:06:59,656
POP3 is an email client.
113
00:06:59,696 --> 00:07:07,576
So, if I'm sitting here on this PC I can say I
want to go download my email from a POP3 server.
114
00:07:07,956 --> 00:07:11,816
Now I have it in the list because it's-
it's common, but it's not as common,
115
00:07:11,816 --> 00:07:17,386
but port 143 is actually IMAP, IMAP4.
116
00:07:17,616 --> 00:07:23,556
Another way of email clients working, POP3
says I'm going to download all of these
117
00:07:23,556 --> 00:07:26,516
onto my computer and most of the
time delete them from the server.
118
00:07:26,516 --> 00:07:28,216
So, it's all on my computer.
119
00:07:28,216 --> 00:07:31,546
If you're an Outlook whiz that's where
you create your PST files in Outlook.
120
00:07:31,876 --> 00:07:35,716
IMAP4 says I'm going to get my email,
but I'm going to leave it on the server.
121
00:07:35,716 --> 00:07:38,766
As a matter of fact, I'm just going
to be eyes looking at the server,
122
00:07:38,946 --> 00:07:40,426
just tell me what email is on there.
123
00:07:40,426 --> 00:07:45,796
So, IMAP4 is a little better because you
put your faith in the server staying online
124
00:07:45,796 --> 00:07:48,196
and not crashing and not your own PC.
125
00:07:48,196 --> 00:07:51,096
Whereas POP3 if you lose your
PC you lose all your email.
126
00:07:51,346 --> 00:07:53,746
So, that's just a bonus side note.
127
00:07:54,076 --> 00:07:58,096
And then we have, of course,
443 HTTPS secure web surfing.
128
00:07:58,336 --> 00:08:00,436
On the UDP side we have a DNS client.
129
00:08:00,436 --> 00:08:05,866
We saw that tons in the last nugget, used for
all those DNS lookups and then we have port 69,
130
00:08:05,866 --> 00:08:09,496
which is used for trivial
file transfer protocol.
131
00:08:09,496 --> 00:08:13,486
That is used all the time with, I'll say Cisco
132
00:08:13,486 --> 00:08:19,536
but any network equipment
vender or IP telephony device.
133
00:08:19,536 --> 00:08:23,926
Essentially the difference between these
two, besides the one running on UDP
134
00:08:23,926 --> 00:08:28,746
and one running TCP is this one
is secure, secure in the sense
135
00:08:28,746 --> 00:08:30,566
that that there's a username,
there's a password.
136
00:08:30,566 --> 00:08:31,456
You have to log in.
137
00:08:31,456 --> 00:08:33,836
A lot of time you can restrict
your permissions and all that.
138
00:08:34,116 --> 00:08:36,346
This one, no login required.
139
00:08:36,346 --> 00:08:38,346
You just kind of send and receive files.
140
00:08:38,676 --> 00:08:45,216
That's real easy, so you can-- you know
what I'll talk more about TFTP plenty,
141
00:08:45,216 --> 00:08:47,906
because we'll be using it
later on in this series.
142
00:08:47,906 --> 00:08:51,636
But like firmware updates for
Cisco devices, configure--
143
00:08:51,736 --> 00:08:55,186
you know saving a configuration
file that's all done using TFTP.
144
00:08:55,896 --> 00:09:01,976
The last thing I want to do in this
network foundations section is put all
145
00:09:01,976 --> 00:09:03,396
of these pieces together.
146
00:09:03,396 --> 00:09:07,016
I mean the last four nuggets have
really been dissecting and looking
147
00:09:07,016 --> 00:09:11,696
at all the different layers of the OSI
model and the depth of functionality
148
00:09:11,696 --> 00:09:14,356
that they have, the IP protocol and all of that.
149
00:09:14,356 --> 00:09:19,126
So, I just want to take these puzzle pieces
and assemble this landscape with them and say,
150
00:09:19,126 --> 00:09:21,006
okay here's how they all fit together.
151
00:09:21,376 --> 00:09:25,426
So, first off I want to mention
that I redrew this network diagram
152
00:09:25,426 --> 00:09:26,936
with a little more real world.
153
00:09:26,936 --> 00:09:29,906
You might recognize this one
from one of the previous nuggets,
154
00:09:29,906 --> 00:09:33,046
but previously I had you know IP
address, subnet mask, gateway.
155
00:09:33,136 --> 00:09:34,886
IP address, subnet mask, gateway.
156
00:09:34,886 --> 00:09:36,266
It just was really cluttered.
157
00:09:36,266 --> 00:09:39,906
That's actually not normal for a network
diagram to do that, although you could.
158
00:09:40,396 --> 00:09:47,366
But what is normal is for people to just
say okay, this is the 172.30.100 network,
159
00:09:47,476 --> 00:09:50,166
like up to this first router, because
the router ends the network, right.
160
00:09:50,166 --> 00:09:57,336
Is 172.30.100.0/24, now that's classy
subnet mask, so this represents the network.
161
00:09:57,336 --> 00:10:01,226
This represents the host and then
you can see all of the other ones,
162
00:10:01,226 --> 00:10:03,656
you know what networks these
are, every single interface
163
00:10:03,656 --> 00:10:05,496
of the router represents a new network.
164
00:10:05,496 --> 00:10:08,296
And then they'll put the IP
addresses on the devices.
165
00:10:08,296 --> 00:10:11,966
They'll say this guy is actually .100.
166
00:10:11,966 --> 00:10:13,556
This guy is .1.
167
00:10:13,556 --> 00:10:16,276
You know he's the default gateway
and you know I'll flip colors.
168
00:10:16,276 --> 00:10:18,016
On this network he's maybe .1.
169
00:10:18,016 --> 00:10:24,486
On this network and he's .2 and over
on this network we have .1 of 172.30.1
170
00:10:24,486 --> 00:10:30,746
and then this server here is, let's
just make him .70 is his IP address.
171
00:10:30,786 --> 00:10:35,766
So, this is our landscape, right.
172
00:10:35,766 --> 00:10:37,416
Now here's the scenario.
173
00:10:38,516 --> 00:10:51,246
This computer opens a web browser
and types in http://172.30.50.70,
174
00:10:51,836 --> 00:10:53,206
which is this web server over here.
175
00:10:53,206 --> 00:10:55,536
Now, I'm taking DNS out of the picture.
176
00:10:55,536 --> 00:10:59,696
You know we're typing in the IP address
manually instead of typing in www.something
177
00:10:59,836 --> 00:11:01,426
and letting DNS get involved,
because they're just--
178
00:11:01,426 --> 00:11:04,306
there'd be too much to talk
about if we did that.
179
00:11:04,306 --> 00:11:09,086
So, we hit the enter key on
our keyboard, what happens.
180
00:11:09,086 --> 00:11:14,346
Actually you know what if you are feeling
like a stud or studette pause right there,
181
00:11:14,576 --> 00:11:17,226
pull out a piece of paper and
write just a list of steps.
182
00:11:17,226 --> 00:11:22,916
Here's exactly what happens Jeremy when that
happens and then unpause and come back, okay.
183
00:11:22,916 --> 00:11:25,106
So, if you paused welcome back.
184
00:11:25,106 --> 00:11:27,126
If not, here we go.
185
00:11:27,226 --> 00:11:30,406
So, we've got this, we've got this computer
right here going to this web browser.
186
00:11:30,406 --> 00:11:34,746
First thing it does is go wait a
sec, that is not on my network.
187
00:11:34,746 --> 00:11:40,356
I'm looking at my network 172.30.100
that is 172.30.50, ehh not me.
188
00:11:40,586 --> 00:11:45,216
So, I know that I can't send an ARP message and
just you know talk to that guy via a broadcast.
189
00:11:45,216 --> 00:11:50,166
I have to send an ARP message and
it's for my default gateway, this .1.
190
00:11:50,356 --> 00:11:52,786
So, it sends an ARP which
is a broadcast message,
191
00:11:54,186 --> 00:11:56,416
goes to everybody that's
attached to that switch.
192
00:11:56,656 --> 00:11:59,096
They all ignore it except
for the router who says op,
193
00:11:59,096 --> 00:12:02,126
that's me and what you're
looking for is my MAC address.
194
00:12:02,126 --> 00:12:07,286
Now let's give these guys some quick MAC
address information and let me flip to a red.
195
00:12:07,286 --> 00:12:09,216
So, his MAC address is 1111.
196
00:12:09,566 --> 00:12:12,296
He's 2222, I know, I know.
197
00:12:12,296 --> 00:12:15,626
They're 12 characters but
that's a lot of writing.
198
00:12:15,626 --> 00:12:20,696
So, we're just plugging in MAC
addresses all the way across the network.
199
00:12:20,696 --> 00:12:25,546
Okay, so this guy comes back and says
hey, my MAC address is actually 2222
200
00:12:25,546 --> 00:12:27,406
and that's what you need
to assemble your packet.
201
00:12:27,666 --> 00:12:30,646
So, this guy says okay, I'm
going to assemble a packet.
202
00:12:31,006 --> 00:12:34,066
Now, here's the trick question,
what's he sending?
203
00:12:35,346 --> 00:12:39,396
Well remember, first time he's trying to
talk to this guy what's he going to send?
204
00:12:39,396 --> 00:12:42,596
HTTP, it's going to be a TCP based protocol
205
00:12:42,596 --> 00:12:46,396
and before we can do anything
we have to shake his hand.
206
00:12:46,686 --> 00:12:48,156
We have to do a three-way handshake.
207
00:12:48,156 --> 00:12:49,246
So, what's in this packet?
208
00:12:49,666 --> 00:12:56,786
SYN, synchronization bit that's going to say
here's what sequence number I'm going to start
209
00:12:56,786 --> 00:12:59,236
at and tell the other side I
want to start a session with you.
210
00:12:59,486 --> 00:13:01,436
Now, he starts encapsulating that packet.
211
00:13:01,436 --> 00:13:06,456
He says okay transport layer
information, this is going to be 2A,
212
00:13:06,456 --> 00:13:12,906
we'll say from a source TCP port of 5511.
213
00:13:13,156 --> 00:13:14,156
Now, where did that come from?
214
00:13:14,156 --> 00:13:18,566
Well, windows makes it up, dynamically
generated source port just for the session.
215
00:13:18,886 --> 00:13:21,816
The destination port, however, is well known,
216
00:13:21,816 --> 00:13:25,466
so I'll have destination TCP
port of what do you think, 80.
217
00:13:25,566 --> 00:13:27,636
He's using HTTP right?
218
00:13:27,836 --> 00:13:33,686
So, now the computer, Windows is
ready to receive back on port 55511
219
00:13:33,686 --> 00:13:36,456
and he's sending to a destination port of 80.
220
00:13:36,936 --> 00:13:41,446
So, from there we have the source IP address
221
00:13:41,446 --> 00:13:47,706
where we're coming from,
172.30.50 no wait a second.
222
00:13:47,706 --> 00:13:49,046
No, not .50, 100.
223
00:13:49,046 --> 00:13:54,256
I'm staring at the URL there, .100.100, that's.
224
00:13:54,256 --> 00:13:57,056
So, 100 100, that's-- so our
IP address is our source IP.
225
00:13:57,336 --> 00:14:07,346
Then we've got our destination IP of
172.30.50.70, that's where we're going.
226
00:14:07,446 --> 00:14:08,676
So, we're building this packet.
227
00:14:08,676 --> 00:14:09,936
We're encapsulating it.
228
00:14:10,126 --> 00:14:13,286
We've got all the overhead needed to
get to the other side of the network.
229
00:14:13,456 --> 00:14:17,566
Two more things that need to be added on
there, one is going to be the source MAC,
230
00:14:17,896 --> 00:14:25,506
which in our case is 1111 and then finally the
destination MAC, which in our case is 2222.
231
00:14:26,176 --> 00:14:27,896
What it's saying is I'm going to use this route.
232
00:14:27,896 --> 00:14:33,656
I'm going to go to that router in order to
reach this destination IP address of 50.70.
233
00:14:33,656 --> 00:14:38,666
Now something I wouldn't expect you to
know and I haven't spoken about until now,
234
00:14:38,666 --> 00:14:43,326
but when you get down to this level of the
data link you're actually creating something
235
00:14:43,556 --> 00:14:45,506
technically called frame.
236
00:14:45,716 --> 00:14:47,006
We'll talk about that in just a second.
237
00:14:47,256 --> 00:14:51,046
Because the very, very last thing it does
before it's going to put this on the wire
238
00:14:51,046 --> 00:14:56,256
and send electric signals is it sticks a piece
of information at the end of this packet.
239
00:14:56,256 --> 00:14:58,946
Some people call it the FCS.
240
00:14:59,146 --> 00:15:02,286
Some people call it the CRC;
it's the same thing.
241
00:15:02,696 --> 00:15:06,136
It's the frame check sequence
or cyclical redundancy check.
242
00:15:06,136 --> 00:15:10,116
Think of it this way, the
hardware of the network card,
243
00:15:10,116 --> 00:15:12,166
almost every network card, can do this built in.
244
00:15:12,166 --> 00:15:15,526
They've got chips to do it, but it
has like a little hashing blender.
245
00:15:15,526 --> 00:15:19,916
It's a mathematical formula where it takes
that whole packet, throws in the blender
246
00:15:19,916 --> 00:15:25,556
and goes [Sound effects] and spits
out this little-- it's called a hash.
247
00:15:25,556 --> 00:15:31,486
It's like a you know we'll say
a 32 character you know 115AB9C,
248
00:15:31,486 --> 00:15:36,686
this giant hash that's blending all
this together in a mathematical formula
249
00:15:36,686 --> 00:15:41,076
that it generates and it takes that hash
and puts it right at the end of the packet.
250
00:15:41,396 --> 00:15:47,556
The packet goes all the way to the end of the
other side and before the server even processes
251
00:15:47,556 --> 00:15:51,706
and looks at that packet, it takes
all this information right here,
252
00:15:51,706 --> 00:15:54,086
throws it in the blender,
hits the same puree button.
253
00:15:54,086 --> 00:16:00,036
They've got the same mathematical formula [Sound
effects] and spits out this answer right here,
254
00:16:00,286 --> 00:16:04,446
which it then compares to the frame
check sequence sitting at the very end.
255
00:16:04,666 --> 00:16:05,926
If they match, he goes great.
256
00:16:05,926 --> 00:16:07,436
This is a good packet.
257
00:16:07,436 --> 00:16:12,356
If they don't match the server
immediately drops it
258
00:16:12,556 --> 00:16:15,296
because he says this is,
this is not a good packet.
259
00:16:15,296 --> 00:16:19,516
Either there's a malicious person that's
gotten in the middle of me and this person
260
00:16:19,516 --> 00:16:23,586
and modified some data inside of there
or more likely, there is just some kind
261
00:16:23,586 --> 00:16:26,896
of electromagnetic interference that
went by a fluorescent flickering light
262
00:16:26,896 --> 00:16:31,666
and it scrambled the packet or somebody's chair
rolled over the cable at just the wrong time,
263
00:16:31,666 --> 00:16:32,896
you know one of those kind of things.
264
00:16:32,896 --> 00:16:34,206
So, it'll discard the packet.
265
00:16:34,206 --> 00:16:37,776
So, this guy will send the
message again, that's TCP.
266
00:16:37,776 --> 00:16:40,236
So, that's what the frame check sequence is.
267
00:16:40,236 --> 00:16:44,226
And let me add one more, one
more piece of information.
268
00:16:44,586 --> 00:16:49,156
I said you know I've been talking about this
like a frame check with sequence, a frame.
269
00:16:49,476 --> 00:16:56,566
There is actually technical language that
people use for data at the bottom four layers.
270
00:16:56,566 --> 00:16:58,646
You know up here is those
top application layers,
271
00:16:58,646 --> 00:17:00,746
you know session, presentation application.
272
00:17:00,926 --> 00:17:03,256
Those-- that all happens in the computer.
273
00:17:03,256 --> 00:17:03,906
We don't care about that.
274
00:17:03,906 --> 00:17:07,726
But down here we have physical
data link, network and transport,
275
00:17:08,406 --> 00:17:11,826
technically speaking you're supposed
276
00:17:11,826 --> 00:17:15,226
to call data different things
as it passes through each layer.
277
00:17:15,586 --> 00:17:18,146
At the transport layer you call it a segment.
278
00:17:19,976 --> 00:17:23,076
Like if you're talking about data
being encapsulated, you say oh yea,
279
00:17:23,076 --> 00:17:26,836
we have some segments being created
or down here at the network layer,
280
00:17:26,836 --> 00:17:28,176
that's where you call it a packet.
281
00:17:30,136 --> 00:17:37,336
At the data link layer, you call it
thinking it, but saying data link, a frame.
282
00:17:37,836 --> 00:17:43,036
And the reason-- and I mean you look at it
and you go oh, I can see the reason it got
283
00:17:43,036 --> 00:17:45,156
that name, because I stick
information on the front
284
00:17:45,156 --> 00:17:48,076
and end of the packet, thus the name frame, ah.
285
00:17:48,666 --> 00:17:51,326
And then down here at the very
bottom we have the physical layer,
286
00:17:51,326 --> 00:17:53,296
where we have BITS getting involved.
287
00:17:53,546 --> 00:17:57,036
So, that's where we're saying
I'm sending BITS on the wire.
288
00:17:57,036 --> 00:18:02,956
So, technically if you're a purest and I
haven't met many, you would say okay well,
289
00:18:02,956 --> 00:18:06,066
we've got frames going around the
network or you know if we're talking
290
00:18:06,066 --> 00:18:09,756
about physical infrastructure, well okay,
well the BITS are being corrupted by you know,
291
00:18:09,756 --> 00:18:11,406
well that's how you're supposed
to refer to things.
292
00:18:11,636 --> 00:18:15,206
However, everybody nowadays
calls everything a packet,
293
00:18:15,326 --> 00:18:18,186
just because it's really easy
and you don't have to think.
294
00:18:18,186 --> 00:18:19,816
So, I do the same thing.
295
00:18:19,926 --> 00:18:23,806
So, everything going across the network is a
packet, but technically you're supposed to say
296
00:18:24,076 --> 00:18:26,646
as the switch receives the frame.
297
00:18:27,596 --> 00:18:28,736
Did I say it was sent?
298
00:18:28,736 --> 00:18:30,436
Okay, the device sends it right.
299
00:18:30,486 --> 00:18:34,706
So, as the switch receives the frame,
because it's a layer two device,
300
00:18:34,706 --> 00:18:39,726
it looks at the source MAC address
and I'll say here's a bonus piece
301
00:18:39,726 --> 00:18:40,666
that we'll talk about later.
302
00:18:40,876 --> 00:18:45,586
If it has never heard of the source MAC address
1111 before, it learns out and that how it--
303
00:18:45,586 --> 00:18:49,686
it goes oh, I didn't know that,
1111 is actually on port 5, great.
304
00:18:49,686 --> 00:18:50,526
I'm now a little smarter.
305
00:18:50,776 --> 00:18:54,516
And then it goes okay destination MAC address,
2222, it goes oh, well I learned about that.
306
00:18:54,516 --> 00:18:59,976
That's on port 9 over here, so I'm just going
to switch that right over to this router at
307
00:18:59,976 --> 00:19:03,026
and I'll say almost all switches
nowadays are wire speed.
308
00:19:03,026 --> 00:19:06,646
So, there's no, no delay at
all coming into that switch.
309
00:19:07,056 --> 00:19:08,686
So, the router receives it.
310
00:19:09,196 --> 00:19:11,616
The router looks at it and
goes oh great, I've got mail.
311
00:19:11,616 --> 00:19:12,316
You've got mail.
312
00:19:12,316 --> 00:19:14,316
He looks at it and he goes
that's my MAC address.
313
00:19:14,466 --> 00:19:19,286
So he looks a little further and he goes oh,
it's not going to me it's going through me.
314
00:19:19,286 --> 00:19:25,906
It's going to 172.30.50.70, which is not me
so I am going to look at my routing table.
315
00:19:26,046 --> 00:19:34,286
And in the routing table he's looking
for a route to 172.30.50, not 70 at 0/24.
316
00:19:35,036 --> 00:19:37,886
Because routers don't really know abut hosts.
317
00:19:37,886 --> 00:19:40,096
I mean they can, but you don't want them to.
318
00:19:40,366 --> 00:19:45,386
They know how to reach networks, so in its
routing table he's going to say oh, I remember,
319
00:19:45,386 --> 00:19:54,216
to get to the 172.30.50 network, that's this
guy over here, I need to go to where, 10.5.1.2.
320
00:19:54,626 --> 00:19:57,326
That's this guy, now wait a sec, wait.
321
00:19:57,326 --> 00:19:59,046
Whoa, how did he know that.
322
00:19:59,396 --> 00:20:04,586
Well, because somebody had previously taken
this series and had configured him to know that.
323
00:20:04,676 --> 00:20:08,346
They put him in the static router or
something and configure that device to know,
324
00:20:08,346 --> 00:20:09,916
because it won't know it by default.
325
00:20:09,916 --> 00:20:13,516
You have to, that's your job as a
Cisco person is to configure it.
326
00:20:13,516 --> 00:20:18,136
So, it's going to go okay, well to
get to that IP address, which is him,
327
00:20:18,276 --> 00:20:25,126
to get to that IP address I'm going to
tear off [Sound effects] the old source
328
00:20:25,126 --> 00:20:27,416
and destination MAC address and replace it.
329
00:20:27,416 --> 00:20:31,386
Now the new source is going to be 3333.
330
00:20:31,636 --> 00:20:35,376
The new destination is going to be 4444, right.
331
00:20:35,906 --> 00:20:40,246
But if it had to send an ARP
message to figure out who that is
332
00:20:40,246 --> 00:20:42,216
because he just knows the IP
address, he would do that.
333
00:20:42,536 --> 00:20:45,556
However, most routers will have
all that information cached.
334
00:20:45,556 --> 00:20:47,836
It'll have done it before at some point.
335
00:20:47,836 --> 00:20:54,756
So, it then puts that packet, it puts the
frame into BITS on the wire and then sends it
336
00:20:54,756 --> 00:20:58,816
over here to the router who receives it,
has the same immediate reaction, oh great,
337
00:20:58,816 --> 00:21:01,156
I've got mail because this is my MAC address.
338
00:21:01,156 --> 00:21:03,106
And he looks an he goes, oh that's not me.
339
00:21:03,436 --> 00:21:05,686
That's actually something connected to my land.
340
00:21:05,686 --> 00:21:06,546
That's fantastic.
341
00:21:06,546 --> 00:21:10,046
So he's going to send an ARP message
if he doesn't know already to try
342
00:21:10,046 --> 00:21:11,526
and find the MAC address for this guy.
343
00:21:12,446 --> 00:21:15,616
This guy responds back and says I'm 6666.
344
00:21:15,616 --> 00:21:18,976
He then fills in the new, again
crosses out the old, strips it off
345
00:21:18,976 --> 00:21:21,136
and puts the new information on there.
346
00:21:21,136 --> 00:21:27,396
It's coming from 5555, going to
6666 and he just received a SYN.
347
00:21:28,726 --> 00:21:32,826
Again, and I know we've done
similar diagrams with less pieces
348
00:21:32,826 --> 00:21:35,716
like this before, but I have to say it again.
349
00:21:35,716 --> 00:21:40,106
We were doing Wireshark captures of
this and seeing this all happen in what,
350
00:21:40,106 --> 00:21:44,866
like end-to-end it would get there and
back and .1, .2 second time frames.
351
00:21:44,866 --> 00:21:48,856
I mean it's just crazy how fast
all of this happens in between.
352
00:21:49,256 --> 00:21:53,316
So, this guy realizes, oh
you want to talk to me.
353
00:21:53,516 --> 00:21:56,166
This is the first message
of a three-way handshake.
354
00:21:56,166 --> 00:22:00,116
I see that your sequence number
is going to begin at, it does--
355
00:22:00,116 --> 00:22:03,856
I know in the last nugget it was 0, we saw that
in Wireshark, but it's not always that way.
356
00:22:04,106 --> 00:22:08,256
Let's say in the SYN message he said my
starting sequence number is going to be 1000.
357
00:22:08,676 --> 00:22:12,126
I'll start sending from byte or number 1000.
358
00:22:12,126 --> 00:22:18,206
So this guy comes back and he'll
generate, you want to remember a SYNACK.
359
00:22:19,136 --> 00:22:22,376
He's going to generate a SYNAC and it'll say,
360
00:22:22,376 --> 00:22:24,436
okay well I'm going to start
sending data to you.
361
00:22:24,656 --> 00:22:28,746
I'll start from the number 500 and its
internal Windows figures all that out
362
00:22:29,006 --> 00:22:31,496
of whatever sequence number he'll start from.
363
00:22:31,666 --> 00:22:36,356
And I'm going to send an acknowledgement
that I received your starting point of 1000,
364
00:22:36,356 --> 00:22:40,776
so what's the acknowledgement going to be, 1001.
365
00:22:41,046 --> 00:22:43,476
It's always one more than the SYN.
366
00:22:43,766 --> 00:22:47,526
Oh heavens, if I were to break
it down every single time,
367
00:22:47,526 --> 00:22:50,256
same process right all the way back through.
368
00:22:50,566 --> 00:22:53,866
This guy says okay, I've got the
SYNACK, he does it one more time.
369
00:22:53,866 --> 00:23:02,736
He sends an ACK back Jack, with the ACK number
being 501, like I've received your SYN at 500.
370
00:23:02,736 --> 00:23:04,306
I know where you're going to start sending from.
371
00:23:04,726 --> 00:23:10,226
Now, let's start sending now after all of
this I've filled a screen full of information.
372
00:23:10,476 --> 00:23:15,616
Now, he sends a request,
the data instead of a SYN.
373
00:23:15,616 --> 00:23:21,226
It would now actually be an HTTP most
likely, would be a GET message for HTTP
374
00:23:21,226 --> 00:23:24,156
like give me your webpage,
whatever default webpage
375
00:23:24,156 --> 00:23:26,256
that you're looking for unless you specified.
376
00:23:26,466 --> 00:23:30,616
I said I want index.htm or something like that.
377
00:23:30,616 --> 00:23:33,366
Then it would have httpget index, you know .htm.
378
00:23:33,366 --> 00:23:37,766
So, that would be the actual data, same thing
all the way back here and then sending back
379
00:23:37,766 --> 00:23:42,296
as data begins to transmit Window
sizes for TCP are increasing.
380
00:23:42,876 --> 00:23:43,876
Are you feeling this?
381
00:23:45,316 --> 00:23:49,056
Really, I mean seriously, like I just
reached the end of this and right now,
382
00:23:49,446 --> 00:23:54,046
I know someone out there is like, oh I get it.
383
00:23:54,436 --> 00:23:56,456
That, makes total sense.
384
00:23:56,456 --> 00:24:00,986
Now if it doesn't and you're like
[Sound effects] no worries, it's great.
385
00:24:01,046 --> 00:24:06,326
Rewind, you know but I know just
all those pieces that we've talked
386
00:24:06,326 --> 00:24:09,516
about in the last four nuggets
came together right there.
387
00:24:09,516 --> 00:24:14,566
So, that is the complete end-to-end
story of network communication.
388
00:24:15,096 --> 00:24:19,476
What did we see and what do
I want you to do with it?
389
00:24:19,856 --> 00:24:24,616
Well, we kind of put the lid on network
foundations, seeing the common port numbers
390
00:24:24,616 --> 00:24:29,466
that you want to know and I would definitely
commit those, especially the TCP ones to memory
391
00:24:29,986 --> 00:24:34,366
and then we completed the end-to-end
communication story, putting all layers one
392
00:24:34,366 --> 00:24:36,736
through four together in that big communication.
393
00:24:36,736 --> 00:24:38,466
So, what do I want you to do with it?
394
00:24:38,466 --> 00:24:40,486
Well, number one memorize those port numbers.
395
00:24:40,936 --> 00:24:43,276
You'll need them for the
exam and for the real world.
396
00:24:43,396 --> 00:24:45,916
Second, is use Netstat.
397
00:24:45,916 --> 00:24:48,746
Use that Netstat utility that
I've been showing you a number
398
00:24:48,856 --> 00:24:51,286
of times to find out if you have a virus.
399
00:24:51,696 --> 00:24:53,716
[Laughter] I haven't said that until now.
400
00:24:53,886 --> 00:24:57,646
Like really, go in and close
everything down on your computer
401
00:24:57,876 --> 00:24:59,536
and type in Netstat and press enter.
402
00:24:59,806 --> 00:25:04,496
If you see like 50 or 100
different sessions that are open
403
00:25:04,646 --> 00:25:07,026
on there, that's not good, usually.
404
00:25:07,026 --> 00:25:08,296
That means something that's running
405
00:25:08,296 --> 00:25:10,566
in the background may be
sending spam from your computer.
406
00:25:10,566 --> 00:25:11,826
It's a BOT, you're infected.
407
00:25:11,826 --> 00:25:14,256
It's trying to attack or scan other devices.
408
00:25:14,566 --> 00:25:17,536
Now, I'm not saying that if you see a bunch
of stuff there you're absolutely infected.
409
00:25:17,536 --> 00:25:18,936
I mean people have all kinds of stuff.
410
00:25:18,936 --> 00:25:20,916
I mean you got Dropbox running
in the background.
411
00:25:20,916 --> 00:25:22,726
You got Pandora playing music.
412
00:25:22,726 --> 00:25:27,166
You know all that could be, could be on this
list, but I mean seriously that's a quick way.
413
00:25:27,326 --> 00:25:30,386
That's what I do whenever you know
somebody's like my computer's running slow.
414
00:25:30,386 --> 00:25:33,216
First thing I do is open that [Inaudible]
and see if there's some kind of weird,
415
00:25:33,386 --> 00:25:36,336
weird stuff going on behind the scenes.
416
00:25:36,676 --> 00:25:39,246
Next thing I'd recommend
you do, write it all down.
417
00:25:39,426 --> 00:25:43,666
If you haven't been taking notes,
rewind back to that end-to-end story
418
00:25:43,946 --> 00:25:48,446
and create your own little network diagram
or even better yet envision it yourself.
419
00:25:48,446 --> 00:25:51,576
You know go to a website on the internet,
stare at it for a minute and then say,
420
00:25:51,836 --> 00:25:54,856
okay I'm going to draw up on
paper how the communication
421
00:25:54,856 --> 00:25:57,156
for my house, I mean use your IP address.
422
00:25:57,156 --> 00:25:58,776
Use your ISP.
423
00:25:58,776 --> 00:26:03,446
You know fill in all the gaps of your own
picture of how you communicated that website.
424
00:26:03,736 --> 00:26:05,396
Then explain it all to a friend.
425
00:26:05,586 --> 00:26:09,606
That's absolutely the best way to learn
something if you can get somebody to sit down.
426
00:26:09,606 --> 00:26:12,326
Usually a spouse works well or a pet.
427
00:26:12,326 --> 00:26:16,926
Then Wireshark, if you didn't do that in the
last nugget go to the last page of the internet.
428
00:26:16,926 --> 00:26:17,966
Remember I showed that to you?
429
00:26:17,966 --> 00:26:21,036
Go to the last page of the internet,
real simple webpage and just capture
430
00:26:21,036 --> 00:26:22,906
that Wireshark data and analyze it.
431
00:26:23,116 --> 00:26:26,186
I hope this has been informative for you
and I'd like to thank you for viewing.
42406
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.