1
00:00:01,200 --> 00:00:08,130
Hi, everyone, in this lecture, we are going to talk about DCPI and IP, so to become a proficient

2
00:00:08,130 --> 00:00:15,480
hacker forensic investigator or simply be a good network engineer, you should understand the structure

3
00:00:15,480 --> 00:00:17,550
and anatomy of these protocols.

4
00:00:18,620 --> 00:00:26,300
From my experience, many professionals in these fields do not understand the basics of PXP IP, which

5
00:00:26,300 --> 00:00:32,830
means that you will definitely have an advantage over them if you do understand TCP IP.

6
00:00:33,620 --> 00:00:37,910
So to create a new hacking to or investigate a network attack.

7
00:00:38,210 --> 00:00:42,460
Understanding these protocols and their fields is very essential.

8
00:00:42,830 --> 00:00:45,690
Otherwise you will be simply wasting your time.

9
00:00:46,310 --> 00:00:49,000
So guys, let's see what is a protocol.

10
00:00:49,490 --> 00:00:54,730
So protocol simply defines our way of communication with all its rules.

11
00:00:55,160 --> 00:00:58,660
So these rules are usually defined as a request for comments.

12
00:00:59,930 --> 00:01:03,730
So there are many, many protocols in use on the Internet.

13
00:01:04,130 --> 00:01:10,460
So these include DCP, IP, UDP, FPP, S2P, SMP and many more.

14
00:01:11,030 --> 00:01:18,250
So each has its own set of rules that must be combined with in order to communicate effectively.

15
00:01:19,190 --> 00:01:25,760
So probably the two most important protocols for use over the Internet are IP and PXP.

16
00:01:26,300 --> 00:01:29,130
So now let's take a look at each one of these.

17
00:01:29,660 --> 00:01:32,980
So first of all, we are going to talk about Internet protocol.

18
00:01:32,990 --> 00:01:35,930
So before doing it, let me select this.

19
00:01:35,930 --> 00:01:40,490
OK, so Internet or IP standard protocol and IP.

20
00:01:41,030 --> 00:01:48,830
So IP is the protocol that is used to define the source and destination IP address of a packet as it

21
00:01:48,830 --> 00:01:50,150
traverses the Internet.

22
00:01:50,690 --> 00:01:58,280
So it is often used in conjunction with other protocols such as PXP, hence the often used conjunction

23
00:01:58,280 --> 00:01:59,270
TCP IP.

24
00:01:59,360 --> 00:02:07,610
So now let's take a look at an IP packet header and see what information it contains that can be useful

25
00:02:07,610 --> 00:02:10,520
to aspiring hacker or forensic investigators.

26
00:02:10,610 --> 00:02:13,690
As you can see that this is the data packet.

27
00:02:14,630 --> 00:02:16,520
So guys, if you talk about the raw one.

28
00:02:18,890 --> 00:02:25,550
If you talk about this, it contains was so wasn't the defines the version of i.p either it will be

29
00:02:26,060 --> 00:02:31,070
full of Visigoth then we are having a Etchells, which is Healthland.

30
00:02:31,070 --> 00:02:37,220
So Dissembler defines the Hadland, then we are having type of service, which is called B OS.

31
00:02:37,700 --> 00:02:41,020
So this defines the type of service of this packet.

32
00:02:41,780 --> 00:02:50,120
So this includes minimum, minimize delay, minimize throughput, minimize the reliability and minimize.

33
00:02:50,630 --> 00:02:52,400
We can see more cost.

34
00:02:53,330 --> 00:02:56,090
OK, so then we're having total lenth.

35
00:02:56,720 --> 00:03:04,370
So what it is so totally simply defines the total length of IP data gumps, including the data or the.

36
00:03:05,030 --> 00:03:11,380
OK, so it's maximum value is like three six five fifty five.

37
00:03:11,510 --> 00:03:17,450
OK then let's talk about rule number two which we have here.

38
00:03:18,260 --> 00:03:20,690
So first thing that we have is ID.

39
00:03:21,410 --> 00:03:24,800
So this feel uniquely identifies each packet.

40
00:03:25,010 --> 00:03:28,880
It can be critical in resembling fragmented packets.

41
00:03:29,330 --> 00:03:31,070
Then we are having IP flagged.

42
00:03:31,460 --> 00:03:40,160
So this field defines whether a packet is fragmented or not, which is called B, OK, so the manipulation

43
00:03:40,160 --> 00:03:44,360
of the field can be used to invade ideas and firebase.

44
00:03:45,420 --> 00:03:46,110
So, guys.

45
00:03:47,330 --> 00:03:49,850
Next, we are having a fragment opposite.

46
00:03:50,420 --> 00:03:57,080
So this field is used when packets are fragmented and defines where the packets should be reassembled

47
00:03:57,080 --> 00:03:59,420
from the beginning of the IP header.

48
00:03:59,930 --> 00:04:01,340
OK, is this clear?

49
00:04:01,370 --> 00:04:04,400
Now, let's talk about rule number third.

50
00:04:06,310 --> 00:04:10,370
So here we are having TPL, which is called As Time to Live.

51
00:04:10,900 --> 00:04:16,540
So this defines how many homes across the Internet before the packet expires.

52
00:04:17,460 --> 00:04:24,960
So it varies by operating system, making it useful to identify the voice of the sender, then we are

53
00:04:24,960 --> 00:04:25,780
having protocol.

54
00:04:27,150 --> 00:04:31,910
So this will defines what protocol is being used with IP.

55
00:04:32,370 --> 00:04:39,810
So most often it will be six or PXP or one or ICMP 17 for UDP, among others.

56
00:04:40,720 --> 00:04:47,680
Then we having had a checksum, so what it is, so this is an error checking feel, it calculates the

57
00:04:47,680 --> 00:04:52,270
checksum to determine the integrity of the data in the header.

58
00:04:53,740 --> 00:04:57,190
So now let's talk about rule number four and rule number five.

59
00:04:58,200 --> 00:05:06,420
So here we are having source and destination, so these rules of the Apiata are probably the most important

60
00:05:06,420 --> 00:05:10,680
part of the header as it contains the source and destination IP address.

61
00:05:11,130 --> 00:05:15,150
OK, then we are having rule number six, which is very important.

62
00:05:15,150 --> 00:05:16,100
And the last here.

63
00:05:16,590 --> 00:05:18,390
OK, rule number six.

64
00:05:18,720 --> 00:05:20,240
So it contains options.

65
00:05:20,940 --> 00:05:25,470
So this feels is very balanced and it uses it option.

66
00:05:26,070 --> 00:05:28,240
And then we are having padding also here.

67
00:05:28,740 --> 00:05:35,070
So what bearing is supporting this will is used to fill out, if necessary, the remaining bits and

68
00:05:35,070 --> 00:05:36,430
bytes of the header.

69
00:05:37,050 --> 00:05:39,660
So this is all about Internet protocol.

70
00:05:40,200 --> 00:05:43,610
Now let's talk about transmission control protocol, which is TCP.

71
00:05:44,650 --> 00:05:50,370
So we are having this DCP header scenario to start with the rule number one.

72
00:05:51,120 --> 00:05:52,530
So this is the Rodemeyer one.

73
00:05:53,390 --> 00:05:58,380
OK, OK, so the number one, it is containing source code and destination board.

74
00:05:58,830 --> 00:06:05,220
So probably most importantly, these are the source code and in destination, both these fields, it

75
00:06:05,220 --> 00:06:10,130
determines what board the communication came from and where it is going.

76
00:06:11,190 --> 00:06:12,690
Then we have having rule number.

77
00:06:14,310 --> 00:06:22,050
Second, which is sequence number, so the citizen number is generated by the source, Mrs. BCB stock,

78
00:06:22,050 --> 00:06:29,440
and is used to make certain that packages are arranged in the proper sequence when they arrive.

79
00:06:30,150 --> 00:06:34,290
So it is also important in defeating man in the attack.

80
00:06:35,710 --> 00:06:40,700
Then let's talk about rule number three, which is acknowledgement, no.

81
00:06:41,290 --> 00:06:46,960
So this is an ego of the sequence numbers sent by the receiving system.

82
00:06:47,410 --> 00:06:51,530
It is basically says that I received the package with the sequence.

83
00:06:52,120 --> 00:06:58,330
So in this way, the sender knows that the packet arrived at the sender does not received an acknowledgement?

84
00:06:58,330 --> 00:06:58,870
No.

85
00:06:58,870 --> 00:07:06,640
Back in the fixed amount of time, it will be releasing the packet to make certain receivers get the

86
00:07:06,640 --> 00:07:07,120
packet.

87
00:07:07,690 --> 00:07:10,060
In this way, TCBY is reliable.

88
00:07:11,920 --> 00:07:16,150
Then we are having rule number four, which is containing so many things.

89
00:07:17,160 --> 00:07:19,870
So no food has some critical information.

90
00:07:20,430 --> 00:07:28,200
So now let's give the data opposite and result fields and that takes us to a right near the middle of

91
00:07:28,200 --> 00:07:28,780
the photo.

92
00:07:29,070 --> 00:07:34,100
So these are the infamous flag of the three way handshake and and maybe can also.

93
00:07:34,530 --> 00:07:44,340
So the first debate, which as you can see, a W, R and E, C, E, so Arben are beyond the scope of

94
00:07:44,340 --> 00:07:47,540
this particular lesson because they are too complicated.

95
00:07:48,220 --> 00:07:51,180
The next six bits on you are G.

96
00:07:53,720 --> 00:08:04,760
AC k p s h oreste x, y and and affianced, let's see each of each one of them in my detail.

97
00:08:05,870 --> 00:08:11,080
So what is sinc sync is nothing, but it is the opening of a new connection.

98
00:08:11,990 --> 00:08:13,150
What is sin?

99
00:08:13,910 --> 00:08:15,080
We have talked about this.

100
00:08:15,080 --> 00:08:17,270
Then what is Finn Finn?

101
00:08:17,600 --> 00:08:21,410
It is the normal and soft closing of the connection.

102
00:08:22,130 --> 00:08:23,360
Then we are having X.

103
00:08:25,060 --> 00:08:31,650
So the acknowledgement of a packet of all packets after three Hadzic should have disappeared, said

104
00:08:32,290 --> 00:08:34,540
then we're having Oreste, which is here.

105
00:08:35,490 --> 00:08:42,270
So the hard close, all the connection and usually used to communicate that the packet has arrived at

106
00:08:42,270 --> 00:08:48,020
the wrong port or IP, then we're having a which is you are cheap.

107
00:08:48,510 --> 00:08:52,320
So this flag indicates that the following data is urgent.

108
00:08:52,530 --> 00:08:56,370
Then we are having a down last but not least push, which is BSF.

109
00:08:56,760 --> 00:09:02,520
So push the data, it will push the data past the buffer to the application.

110
00:09:03,640 --> 00:09:05,680
So this is how it all works.

111
00:09:06,010 --> 00:09:13,360
We have talked about some padding options, Origin Point and IP Protocol S..

112
00:09:13,810 --> 00:09:17,460
So guys, this is all about CPPIB, how it works.

113
00:09:17,710 --> 00:09:21,350
What are the protocols and what are the header of these protocols?

114
00:09:21,450 --> 00:09:22,990
So this is all for this lecture.