1
00:00:00,990 --> 00:00:02,130
Instructor: Welcome back.

2
00:00:02,130 --> 00:00:04,590
Before we proceed with scanning,

3
00:00:04,590 --> 00:00:09,180
I just want to give a basic overview of TCP and UDP protocol

4
00:00:09,180 --> 00:00:12,960
for anyone that is encountering it for the first time.

5
00:00:12,960 --> 00:00:16,470
We already mentioned what TCP and UDP are.

6
00:00:16,470 --> 00:00:18,646
They are two different protocols used

7
00:00:18,646 --> 00:00:20,730
for sending bits of data

8
00:00:20,730 --> 00:00:22,953
or also known as packets.

9
00:00:22,953 --> 00:00:27,570
TCP and UDP are not the only protocols that are out there.

10
00:00:27,570 --> 00:00:30,810
However, they're the most widely used ones.

11
00:00:30,810 --> 00:00:33,120
Let's talk about TCP first.

12
00:00:33,120 --> 00:00:37,440
So, TCP stands for Transmission Control Protocol

13
00:00:37,440 --> 00:00:41,010
and it is the most commonly used protocol on the internet.

14
00:00:41,010 --> 00:00:42,330
When you load the webpage,

15
00:00:42,330 --> 00:00:44,820
your computer is sending TCP packets

16
00:00:44,820 --> 00:00:47,070
to the web server address asking it,

17
00:00:47,070 --> 00:00:48,990
to send the webpage to you.

18
00:00:48,990 --> 00:00:50,730
Then the web server responds

19
00:00:50,730 --> 00:00:52,940
by sending a stream of TCP packets,

20
00:00:52,940 --> 00:00:55,560
which your web browser stitches together

21
00:00:55,560 --> 00:00:57,772
to form the webpage that you see.

22
00:00:57,772 --> 00:01:00,899
The same happens once you, for example,

23
00:01:00,899 --> 00:01:03,480
click on a link or sign in or post a comment.

24
00:01:03,480 --> 00:01:06,372
Your web browser sends TCP packets

25
00:01:06,372 --> 00:01:09,180
to the web server and the server sends TCP packets back.

26
00:01:09,180 --> 00:01:13,380
However, PCP is not a one way communication.

27
00:01:13,380 --> 00:01:16,410
The remote system sends packets back to acknowledge

28
00:01:16,410 --> 00:01:18,510
that it received your packets.

29
00:01:18,510 --> 00:01:22,950
So, TCP is based on three way handshake.

30
00:01:22,950 --> 00:01:24,540
And as the name says,

31
00:01:24,540 --> 00:01:29,040
three-way handshake is consisted out of three steps.

32
00:01:29,040 --> 00:01:31,710
First one is SYN.

33
00:01:31,710 --> 00:01:32,543
In this step,

34
00:01:32,543 --> 00:01:34,710
the client wants to establish a connection

35
00:01:34,710 --> 00:01:35,771
with the server,

36
00:01:35,771 --> 00:01:38,320
so it sends a segment with SYN

37
00:01:38,320 --> 00:01:43,320
and what SYN stands for is Synchronized Sequence Number,

38
00:01:43,470 --> 00:01:44,970
which informs server

39
00:01:44,970 --> 00:01:47,640
that client wants to start communication,

40
00:01:47,640 --> 00:01:49,620
and with what sequence number

41
00:01:49,620 --> 00:01:51,333
it starts the segments with.

42
00:01:52,590 --> 00:01:53,760
After the SYN step,

43
00:01:53,760 --> 00:01:55,350
comes the SYN/ACK,

44
00:01:55,350 --> 00:01:56,880
which is the second step,

45
00:01:56,880 --> 00:01:58,200
and in this step,

46
00:01:58,200 --> 00:02:00,210
the server responds to the client's request

47
00:02:00,210 --> 00:02:03,180
with SYN/ACK signal bit set.

48
00:02:03,180 --> 00:02:06,330
ACK signifies the response of segment it received

49
00:02:06,330 --> 00:02:09,180
and SYN is the same from the first step.

50
00:02:09,180 --> 00:02:11,222
It signifies with what sequence number

51
00:02:11,222 --> 00:02:14,610
it is going to start this segment with.

52
00:02:14,610 --> 00:02:16,590
In the third and final step,

53
00:02:16,590 --> 00:02:18,162
which is just ACK.

54
00:02:18,162 --> 00:02:21,870
In this step, the client acknowledges the response of server

55
00:02:21,870 --> 00:02:24,660
and they both establish a reliable connection

56
00:02:24,660 --> 00:02:27,840
with which they will start the actual data transfer.

57
00:02:27,840 --> 00:02:30,690
This is just an example of TCP communication

58
00:02:30,690 --> 00:02:34,290
establishing between a client and a server.

59
00:02:34,290 --> 00:02:37,452
Once the data transfer starts, TCP guarantees

60
00:02:37,452 --> 00:02:40,110
the receiver will get the packets

61
00:02:40,110 --> 00:02:42,360
in order by numbering them.

62
00:02:42,360 --> 00:02:44,640
Then, the server sends messages back

63
00:02:44,640 --> 00:02:49,110
to the sender saying it received the messages or packets.

64
00:02:49,110 --> 00:02:51,510
If the sender does not get the correct response

65
00:02:51,510 --> 00:02:54,450
it will resend the packets to ensure the server

66
00:02:54,450 --> 00:02:55,980
got the packets.

67
00:02:55,980 --> 00:02:58,710
All of those packets are also checked for errors.

68
00:02:58,710 --> 00:03:01,620
So, TCP is all about reliability.

69
00:03:01,620 --> 00:03:04,020
Packets sent with TCP are tracked

70
00:03:04,020 --> 00:03:07,440
so no data is lost or corrupted in transit.

71
00:03:07,440 --> 00:03:09,540
That's why once you download the file,

72
00:03:09,540 --> 00:03:11,232
for example over the internet,

73
00:03:11,232 --> 00:03:14,760
your file is working once you run it in your machine

74
00:03:14,760 --> 00:03:17,370
because it is being transferred with TCP.

75
00:03:17,370 --> 00:03:20,040
So, all of the packets will reach their destination

76
00:03:20,040 --> 00:03:21,960
without any errors.

77
00:03:21,960 --> 00:03:26,340
UDP, on the other hand, stands for User Datagram Protocol.

78
00:03:26,340 --> 00:03:30,660
A Datagram is the same thing as a packet of information

79
00:03:30,660 --> 00:03:34,410
and UDP protocol works similarly to TCP

80
00:03:34,410 --> 00:03:37,530
but it throws all the error checking stuff out.

81
00:03:37,530 --> 00:03:40,170
That's why UDP is much faster.

82
00:03:40,170 --> 00:03:42,390
It is used when speed is desirable

83
00:03:42,390 --> 00:03:45,060
and error correction is not necessary.

84
00:03:45,060 --> 00:03:47,430
For example, UDP is frequently used

85
00:03:47,430 --> 00:03:49,852
for live broadcasts and online games.

86
00:03:49,852 --> 00:03:52,201
That's why UDP doesn't really care

87
00:03:52,201 --> 00:03:54,889
whether packets received its destination

88
00:03:54,889 --> 00:03:57,087
and it'll not resend a packet

89
00:03:57,087 --> 00:03:59,498
if it didn't reach the other part.

90
00:03:59,498 --> 00:04:02,670
It will just continue sending other packets.

91
00:04:02,670 --> 00:04:06,019
You cannot ask for those missing packets again with UDP.

92
00:04:06,019 --> 00:04:07,586
And these are just the basics

93
00:04:07,586 --> 00:04:11,017
behind two most known protocols for communication.

94
00:04:11,017 --> 00:04:13,800
Even though many of you probably knew this already

95
00:04:13,800 --> 00:04:15,390
it is good to have a refresher,

96
00:04:15,390 --> 00:04:17,430
since we're going to need this knowledge

97
00:04:17,430 --> 00:04:19,140
once performing scanning.

98
00:04:19,140 --> 00:04:20,440
See you in the next video.