WEBVTT 00:00.000 --> 00:03.585 >> Our next section is on protocols and port numbers, 00:03.585 --> 00:05.940 and this is a big portion of the exam. 00:05.940 --> 00:07.620 You've just spent some time going through 00:07.620 --> 00:11.295 the OSI model and the TCP/IP model. 00:11.295 --> 00:14.820 We've talked about the fact that TCP/IP is really 00:14.820 --> 00:16.500 a protocol suite with lots of 00:16.500 --> 00:19.050 different protocols that make up the suite. 00:19.050 --> 00:20.580 Each one of those protocols has 00:20.580 --> 00:22.890 a port number assigned to them. 00:22.890 --> 00:25.410 A port number is a software Identifier slot. 00:25.410 --> 00:27.195 When the traffic gets to your system, 00:27.195 --> 00:29.190 your system knows which application or 00:29.190 --> 00:32.695 service is needed in order to process the traffic. 00:32.695 --> 00:34.520 With your port numbers, 00:34.520 --> 00:36.880 there's an endpoint for communication. 00:36.880 --> 00:38.280 They're not a physical port 00:38.280 --> 00:39.819 >> that you plug something into, 00:39.819 --> 00:43.060 >> but they are conceptual entryway into the system. 00:43.060 --> 00:45.290 When one system is going to connect to 00:45.290 --> 00:47.090 another system via the network, 00:47.090 --> 00:50.010 they have a conceptual port number. 00:50.200 --> 00:52.925 Now, with your port numbers, 00:52.925 --> 00:55.880 there are what are referred to as well-known ports, 00:55.880 --> 00:58.040 which is mostly what we're going to work with. 00:58.040 --> 00:59.750 The idea is that all of 00:59.750 --> 01:00.740 these protocols that we're 01:00.740 --> 01:02.239 >> going to talk about in class, 01:02.239 --> 01:04.250 >> these application layer protocols 01:04.250 --> 01:06.290 and application layer services, 01:06.290 --> 01:07.970 all have ports that are assigned 01:07.970 --> 01:09.710 to them so that, by default, 01:09.710 --> 01:11.615 web traffic is port 80, 01:11.615 --> 01:15.170 DNS traffic is port 53, and so on. 01:15.170 --> 01:17.480 With these well-known port numbers, 01:17.480 --> 01:21.875 you have to remember from 0-1,023 of the port numbers. 01:21.875 --> 01:23.750 I just wanted to see who was listening there. 01:23.750 --> 01:26.930 You don't have to memorize 1,023 port numbers, 01:26.930 --> 01:28.520 but there are about 20 that you 01:28.520 --> 01:30.325 just need to know really well. 01:30.325 --> 01:32.000 There'll be a lot of port questions 01:32.000 --> 01:33.410 on the exam and hopefully, 01:33.410 --> 01:34.700 some of you guys will stick around for 01:34.700 --> 01:36.800 the security ports exam as well. 01:36.800 --> 01:39.050 You have to know your port numbers on that exam too, 01:39.050 --> 01:40.970 so you might as well memorize with a smile 01:40.970 --> 01:43.630 because these will come up multiple times. 01:43.630 --> 01:45.945 For your registered port numbers, 01:45.945 --> 01:47.850 vendors will register a certain sort of 01:47.850 --> 01:51.050 proprietary services or software with IANA, 01:51.050 --> 01:54.335 which is the organization that manages port numbers. 01:54.335 --> 01:56.780 These are the ones that are reserved because 01:56.780 --> 01:58.835 they're used specifically by vendors. 01:58.835 --> 02:00.650 There are dynamic ports from 02:00.650 --> 02:06.260 49,152 all the way up to 65,535. 02:06.260 --> 02:09.065 These are referred to as ephemeral ports. 02:09.065 --> 02:10.925 These are temporary ports that 02:10.925 --> 02:13.070 aren't assigned to anything particular, 02:13.070 --> 02:14.540 but that can be used in order 02:14.540 --> 02:16.475 to indicate some connection. 02:16.475 --> 02:19.830 It's often used as a source port number. 02:20.120 --> 02:23.585 When computer A connects to computer B, 02:23.585 --> 02:25.670 the destination IP address is 02:25.670 --> 02:28.280 going to be computer B's IP address, 02:28.280 --> 02:30.260 and whatever service, for example, 02:30.260 --> 02:32.765 web server computer B port 80. 02:32.765 --> 02:34.910 What's also on the data packet is 02:34.910 --> 02:37.190 the source address and a source port. 02:37.190 --> 02:39.560 A source port is an arbitrary number, 02:39.560 --> 02:42.755 usually over 49,152. 02:42.755 --> 02:44.810 Ultimately, that's a way of 02:44.810 --> 02:48.035 identifying when traffic comes back into the network. 02:48.035 --> 02:51.440 It's often used with network address translation, 02:51.440 --> 02:53.540 so when we talk about ports to memorize, 02:53.540 --> 02:56.000 I want you to focus on the well-known ports. 02:56.000 --> 02:58.715 I'll give you a list of following this section. 02:58.715 --> 03:01.635 For registered ports, know what the range is 03:01.635 --> 03:04.625 and other for the vendors and proprietary things. 03:04.625 --> 03:06.080 For a dynamic ports, 03:06.080 --> 03:08.525 again, we are not worried too much about specifics, 03:08.525 --> 03:09.815 for your own knowledge, 03:09.815 --> 03:13.470 know that source ports are pulled from that range.