WEBVTT

00:04.099 --> 00:08.250
>> As we continue our journey
up the OSI reference model,

00:08.250 --> 00:10.905
we're up to Layer 3,
the network layer.

00:10.905 --> 00:13.530
At this layer we
have IP addressing.

00:13.530 --> 00:16.890
IP addressing is a huge
part of networking.

00:16.890 --> 00:19.820
As a matter of fact, in
our entire next chapter,

00:19.820 --> 00:21.890
Chapter 2, is going to cover

00:21.890 --> 00:25.085
IP addressing and all
the little ins and outs.

00:25.085 --> 00:26.810
For now, we're going to think of

00:26.810 --> 00:29.555
IP addresses like
a mailing address.

00:29.555 --> 00:32.675
If I want to locate you
from anywhere in the world,

00:32.675 --> 00:34.790
then I can use your
mailing address.

00:34.790 --> 00:37.360
It's very similar
with IP addressing.

00:37.360 --> 00:41.120
IP addresses are at
Layer 3 routers that use

00:41.120 --> 00:42.830
IP addresses to determine where

00:42.830 --> 00:46.115
traffic goes are layer
3 devices as well.

00:46.115 --> 00:48.380
I don't want to
give you a spoiler

00:48.380 --> 00:49.790
from a later discussion,

00:49.790 --> 00:52.730
but Layer 3 switches
are also Layer 3.

00:52.730 --> 00:57.505
So IP routers and Layer 3
switches make up layer 3.

00:57.505 --> 00:59.180
I also want to add that any

00:59.180 --> 01:01.025
protocols beginning
with the letter I,

01:01.025 --> 01:04.490
except IMAP, mail
protocol are layer 3.

01:04.490 --> 01:07.685
IP, ICMP, IGRP,

01:07.685 --> 01:12.325
IGMP, IPSec, and on
and on are Layer 3.

01:12.325 --> 01:15.080
This is not a personal
challenge for someone to go out

01:15.080 --> 01:18.080
and find the I protocol
that operates at Layer 5.

01:18.080 --> 01:19.490
Just for our purposes,

01:19.490 --> 01:20.795
the protocols that start with

01:20.795 --> 01:23.710
I are here at the network layer.

01:23.710 --> 01:28.110
Now again, with IP, there's
logical addressing.

01:28.110 --> 01:31.100
We talked about MAC addressing
and how it is physical,

01:31.100 --> 01:32.975
its burned to the network card,

01:32.975 --> 01:34.370
and because of the
fact that it's

01:34.370 --> 01:35.885
bound to the network card,

01:35.885 --> 01:37.505
if you take your laptop home,

01:37.505 --> 01:39.520
your MAC address won't change.

01:39.520 --> 01:42.050
But the logical address
is going to reference

01:42.050 --> 01:44.675
your system based on wherever
you are in the planet,

01:44.675 --> 01:46.760
because it's a full
and complete address

01:46.760 --> 01:49.780
that changes based
on your location.

01:49.780 --> 01:53.705
Logical addressing is going
to be really important.

01:53.705 --> 01:55.445
That's what IP does.

01:55.445 --> 01:58.940
We've got IP version 4, IPv4,

01:58.940 --> 02:01.235
which is what most of
us are currently on,

02:01.235 --> 02:04.555
and IPV6, which is coming soon.

02:04.555 --> 02:08.000
Granted, we've hertz coming
soon for the last 15 years,

02:08.000 --> 02:10.835
but I'm sure that eventually
it's coming soon.

02:10.835 --> 02:13.100
Some tools that
we use to examine

02:13.100 --> 02:17.675
our IP configurations are
ipconfig and ifconfig,

02:17.675 --> 02:19.715
which stands for
interface config

02:19.715 --> 02:22.435
in Unix and Linux environment.

02:22.435 --> 02:24.700
There are some other
tools we can use,

02:24.700 --> 02:27.400
but those are the
big ones right now.

02:27.400 --> 02:30.130
Ping, ICMP,

02:30.130 --> 02:32.620
Internet Control
Message Protocol is

02:32.620 --> 02:35.795
the protocol behind ping
and echoing utilities.

02:35.795 --> 02:38.425
The way these echoing
utilities work

02:38.425 --> 02:41.395
is a message is sent out
and there's a reply back.

02:41.395 --> 02:43.270
It's like when you
throw a rock at

02:43.270 --> 02:45.505
a wall because
there's a wall there,

02:45.505 --> 02:47.155
the rock bounces back.

02:47.155 --> 02:48.725
That's what ping does.

02:48.725 --> 02:52.825
Ping is often used to test
basic physical connectivity.

02:52.825 --> 02:55.540
If I ping you, I don't
have to worry about if

02:55.540 --> 02:58.045
the cable is broken or if
the connectors are bad.

02:58.045 --> 03:00.035
We've got basic connectivity.

03:00.035 --> 03:01.480
Ping is a really,

03:01.480 --> 03:02.980
really useful tool, but it's

03:02.980 --> 03:05.455
also one that is
incredibly exploited.

03:05.455 --> 03:10.370
It's not ping so much as
it is the ICMP protocol.

03:12.680 --> 03:15.980
That's also used
virtual call tracer,

03:15.980 --> 03:17.620
which is within Windows.

03:17.620 --> 03:19.270
Unix has the same tool

03:19.270 --> 03:22.045
traceroute with Linux
and Unix systems.

03:22.045 --> 03:24.010
The job those two tools do

03:24.010 --> 03:26.095
is it chases hops
through routers.

03:26.095 --> 03:27.940
For instance, I'm going to ping

03:27.940 --> 03:30.040
a local computer,
one of my network.

03:30.040 --> 03:31.795
If I can reach it, great.

03:31.795 --> 03:33.985
Then I'm going to ping
a remote computer,

03:33.985 --> 03:36.325
which means one on the
other side of a router.

03:36.325 --> 03:38.395
If I can't reach
that remote host,

03:38.395 --> 03:39.940
I might use traceroute so I

03:39.940 --> 03:41.920
can see the message
leaves for me,

03:41.920 --> 03:44.440
goes to Router 1,
goes to Router 2,

03:44.440 --> 03:45.880
then all of a sudden it doesn't

03:45.880 --> 03:47.755
look like it's going
to pass Router 3.

03:47.755 --> 03:51.050
That gives me an idea that
Router 3 is the problem.

03:51.050 --> 03:52.440
It's good we're making sure

03:52.440 --> 03:53.590
>> that all your pass throughout

03:53.590 --> 03:56.960
>> the routes are up and
working as they should be.

03:57.210 --> 04:00.130
Now, we're going to
come back and talk some

04:00.130 --> 04:02.364
more about other
Layer 3 protocols.

04:02.364 --> 04:05.225
But let's go ahead and move
on to Layer 4 for now.

04:05.225 --> 04:08.695
Layer 4 is like the pony
express of all the layers.

04:08.695 --> 04:10.810
This is all about
end-to-end transport

04:10.810 --> 04:12.605
of data all the way through.

04:12.605 --> 04:14.170
There are two protocols

04:14.170 --> 04:16.585
particularly that work
at Layer 4 for us.

04:16.585 --> 04:19.315
They are TCP and UDP.

04:19.315 --> 04:21.400
It's important to
understand the difference

04:21.400 --> 04:22.360
>> between these two

04:22.360 --> 04:24.769
>> because they're very
different protocols.

04:24.769 --> 04:28.735
>> TCP is connection
oriented, reliable,

04:28.735 --> 04:32.330
but also slow, whereas
UDP is connectionless,

04:32.330 --> 04:35.015
unreliable, but it's fast.

04:35.015 --> 04:38.249
When we talk about
TCP versus UDP,

04:38.249 --> 04:39.995
these are the alternatives.

04:39.995 --> 04:41.820
On the upper layer protocols,

04:41.820 --> 04:44.340
and by that I mean
application layer protocols,

04:44.340 --> 04:45.660
and that the other protocols and

04:45.660 --> 04:47.325
services above that layer,

04:47.325 --> 04:50.760
they will piggy-back
on either TCP or UDP.

04:50.760 --> 04:52.290
To give you an example,

04:52.290 --> 04:54.575
let's say I'm an
administrative assistant

04:54.575 --> 04:56.255
and Bob gets a call.

04:56.255 --> 04:58.730
I pick up the phone
paging and say,

04:58.730 --> 05:00.680
"Bob, you have a
call-on Line 1."

05:00.680 --> 05:03.365
Well, I did my job,
is quick and easy.

05:03.365 --> 05:05.345
I have no idea if
Bob got the message,

05:05.345 --> 05:06.950
but I don't care
because it's lunchtime,

05:06.950 --> 05:09.620
and I've got things
to do. That's UDP.

05:09.620 --> 05:12.160
The message is out there,
I've done my part.

05:12.160 --> 05:14.250
Whereas with TCP,

05:14.250 --> 05:17.594
>> TCP uses a process
called handshaking.

05:17.594 --> 05:19.384
>> The first step
of the handshake

05:19.384 --> 05:21.665
is a send packet
for synchronize.

05:21.665 --> 05:24.640
Basically says that I'm
going to send you something.

05:24.640 --> 05:26.435
SYN-ACK says, okay,

05:26.435 --> 05:29.240
I got what you sent and
then ACK, we're good.

05:29.240 --> 05:30.620
So it's that back,

05:30.620 --> 05:32.575
forth, SYN-ACK, ACK.

05:32.575 --> 05:34.580
Now that is obviously going to

05:34.580 --> 05:36.635
take more time to
have that handshake.

05:36.635 --> 05:38.690
But we get reliable
delivery that is

05:38.690 --> 05:41.170
referred to as a
three-way handshake.

05:41.170 --> 05:43.745
This isn't something that
you and I would use.

05:43.745 --> 05:45.950
This would be something
that a software developer

05:45.950 --> 05:48.020
would build into an application.

05:48.020 --> 05:50.660
If they're building a
network application,

05:50.660 --> 05:54.610
they can choose to use
either TCP or UDP.

05:54.610 --> 05:57.350
UDP is going to give them speed.

05:57.350 --> 05:59.750
But the stuff that
UDP doesn't do would

05:59.750 --> 06:00.800
then have to be built into

06:00.800 --> 06:02.710
the program through other ways.

06:02.710 --> 06:06.065
What that means is if I
choose the speed of UDP,

06:06.065 --> 06:09.140
I'm going to have to do
more coding as a developer.

06:09.140 --> 06:10.910
Whereas if instead I take

06:10.910 --> 06:12.980
advantage of what's
there with TCP,

06:12.980 --> 06:15.205
that saves me some work.

06:15.205 --> 06:17.300
It really depends
on whether it's

06:17.300 --> 06:19.700
speed or reliability
that I want.

06:19.700 --> 06:23.315
UDP is used for things like
media streaming, VoIP,

06:23.315 --> 06:25.085
Internet relay, chat,

06:25.085 --> 06:29.725
things that have to be in
near real time. That's UDP.

06:29.725 --> 06:32.000
I will also mention ports.

06:32.000 --> 06:33.540
When we talk about port numbers,

06:33.540 --> 06:34.730
we're referring to numbers

06:34.730 --> 06:37.310
associated with the
upper layer protocols.

06:37.310 --> 06:40.100
For instance, we'll talk
about how IP traffic

06:40.100 --> 06:43.250
or IP addressing helps
find your systems network,

06:43.250 --> 06:45.020
and then once we're
on your network,

06:45.020 --> 06:48.505
we use ARP to find your MAC
address, and that's great.

06:48.505 --> 06:51.305
But once the data gets to
your system in your computer,

06:51.305 --> 06:53.780
how does your system know
what to do with that data?

06:53.780 --> 06:55.730
How does your system say, "oh,

06:55.730 --> 06:57.530
this is traffic
from my web server.

06:57.530 --> 07:00.160
This is mail or is this
that or the other?"

07:00.160 --> 07:02.210
The answer to that
is in the header of

07:02.210 --> 07:04.840
a data segment is a
little numeric stamp.

07:04.840 --> 07:06.815
Certain numbers are relegated

07:06.815 --> 07:08.570
to certain types of software.

07:08.570 --> 07:10.760
For instance,
there's traffic with

07:10.760 --> 07:12.890
the destination port at port 80.

07:12.890 --> 07:15.610
Your system knows that
that's web traffic.

07:15.610 --> 07:18.050
We'll talk a lot more
about ports in just a bit,

07:18.050 --> 07:21.250
but again, this is just
to give you an idea.

07:21.250 --> 07:23.805
So there's your handshake.

07:23.805 --> 07:26.210
The UDP, there's no handshake.

07:26.210 --> 07:27.980
Again, TCP has

07:27.980 --> 07:30.800
the three-way handshake
that's very important.

07:30.800 --> 07:33.880
That's the SYN, SYN-ACK, ACK.

07:33.880 --> 07:36.780
Though it's slower, it
guarantees delivery.

07:36.780 --> 07:38.810
Then of course, handshakes

07:38.810 --> 07:41.150
having been so important
at one point in time,

07:41.150 --> 07:43.250
2020 has killed a
need for that now.

07:43.250 --> 07:46.410
So TCP may be out of business.