1 00:00:01,560 --> 00:00:08,030 What comes to the lecture devoted to transport protocols these are protocols operating in the fourth 2 00:00:08,030 --> 00:00:14,530 and the fifth layers of the office I model this module will be devoted to the risks connected to these 3 00:00:14,530 --> 00:00:16,780 protocols and the ways of mitigating them. 4 00:00:22,500 --> 00:00:29,880 The fourth layer or transport layer consists of two protocols widely using computer protocol networks. 5 00:00:29,980 --> 00:00:34,880 These are the TCAP and UDP protocols. 6 00:00:35,030 --> 00:00:41,580 What they're responsible for bi directional communication however they differ in how they work and then 7 00:00:41,580 --> 00:00:45,390 the function that they perform. 8 00:00:45,640 --> 00:00:48,380 Why do we need the transport layer above the network layer. 9 00:00:49,680 --> 00:00:54,390 One host can run more than one program on one network service. 10 00:00:54,400 --> 00:01:04,250 This is usually so frequently used in email client Internet messenger cetera simultaneously all of them 11 00:01:04,250 --> 00:01:10,940 work on the same host all of them will be identified by the same sender IP. 12 00:01:11,060 --> 00:01:14,930 There must be a way then to differentiate the packets. 13 00:01:15,040 --> 00:01:20,810 There must be a way to direct responses to corresponding programs. 14 00:01:20,990 --> 00:01:28,130 Your e-mails shouldn't be received by the web browser and Web sites by the messenger. 15 00:01:28,150 --> 00:01:32,710 This is where the transport layer and the TCAP and UDP protocols come into play. 16 00:01:34,960 --> 00:01:43,110 These protocols allow us to unambiguously identify communication endpoints where sockets individual 17 00:01:43,110 --> 00:01:51,060 sockets consist of an IP address a name of a transfer layer protocol such as TZP or UDP and a port number 18 00:01:53,060 --> 00:01:58,170 one port can only be used by one program at a time. 19 00:01:58,350 --> 00:02:02,470 It's more convenient when a given service is permanently assigned to a given port. 20 00:02:04,580 --> 00:02:11,330 Therefore it's customary that low port numbers lower than 1024 are assigned to specific services. 21 00:02:13,970 --> 00:02:21,420 For example an HDTV server listens on port 80 for TCAP client requests and port four for three is used 22 00:02:21,420 --> 00:02:26,140 by each TTP as protocol. 23 00:02:26,160 --> 00:02:32,920 This is only a convention nothing obliges the packet sender or receiver to use specific ports. 24 00:02:33,920 --> 00:02:39,030 And that's why network firewalls that filter traffic on the basis of port number are easy to get through. 25 00:02:40,710 --> 00:02:44,930 This is also the reason why many network traffic monitoring tools can be deceived. 26 00:02:47,360 --> 00:02:54,380 If port 80 is used for communications with the use of a protocol other than TTP monitoring systems may 27 00:02:54,380 --> 00:03:02,060 not analyze the data and over it such data is either completely ignored or just a couple of the first 28 00:03:02,060 --> 00:03:07,020 characters from the data section get analyzed. 29 00:03:07,070 --> 00:03:12,260 That's why a program called Gnutella which used to be used in peer to peer networks added get to the 30 00:03:12,260 --> 00:03:14,000 beginning of each data packet. 31 00:03:16,120 --> 00:03:23,000 The program just as with many others runs on port 80 having come across such a piece of data. 32 00:03:23,060 --> 00:03:29,830 Many network intrusion detection systems and firewalls didn't analyze the packets further. 33 00:03:29,900 --> 00:03:33,530 Thus we know already what sockets are. 34 00:03:33,550 --> 00:03:35,230 Let's get back to the TCAP 35 00:03:40,700 --> 00:03:45,170 stands for transmission control protocol. 36 00:03:45,240 --> 00:03:51,220 The name means that the task of the protocol is to guarantee data delivery. 37 00:03:51,320 --> 00:03:57,320 If you transfer some data through TZP even if you use an unreliable link and unreliable lower layer 38 00:03:57,320 --> 00:04:01,050 protocols the client will get the data nevertheless. 39 00:04:02,640 --> 00:04:07,810 In order to achieve that the TCAP uses sessions to transfer data. 40 00:04:07,870 --> 00:04:11,770 Therefore you have to establish a session first. 41 00:04:11,800 --> 00:04:18,580 This involves sequence number synchronization thanks to that the receiver will be able to detect that 42 00:04:18,580 --> 00:04:28,450 some packets were lost in such a case the receiver may request a retransmission because TCAP uses sessions 43 00:04:28,450 --> 00:04:29,480 for data transfer. 44 00:04:29,560 --> 00:04:33,270 It can guarantee a successful delivery. 45 00:04:33,290 --> 00:04:39,860 Moreover the protocol guarantees that the data is received in the same sequence it's sent. 46 00:04:39,870 --> 00:04:43,960 This is achieved thanks to the sliding window mechanism. 47 00:04:44,060 --> 00:04:48,910 The mechanism involves data buffer and each packet contains the information about the offset and data 48 00:04:48,910 --> 00:04:54,660 flowed that must be accounted for in the buffer. 49 00:04:54,660 --> 00:05:00,010 There are two terms connected with TCAP. 50 00:05:00,090 --> 00:05:07,310 The most important is establishing or initiating a session is called hand-shaking. 51 00:05:07,450 --> 00:05:10,000 Usually it's implemented as a three way hand-shaking 52 00:05:12,890 --> 00:05:24,590 the next is transmission of packets through a sliding window of flow control. 53 00:05:24,790 --> 00:05:32,170 The second protocol used in the transport layer is called UDP or user datagram protocol. 54 00:05:32,180 --> 00:05:38,580 This is a stateless connection list protocol which means it does not guarantee a successful data delivery. 55 00:05:38,590 --> 00:05:46,520 That's why UDP is used much less frequently than TZP UDP is mostly used in local networks to transfer 56 00:05:46,520 --> 00:05:52,130 small amounts of data which can fit easily into the ethernet frame. 57 00:05:52,130 --> 00:05:58,780 This can include DNS server queries the response is also so concise that it can be contained in one 58 00:05:58,780 --> 00:05:59,590 packet.