1
00:00:10,190 --> 00:00:19,430
Actually, we got a competition earlier, and now I would like to get into the transport network transport.

2
00:00:22,870 --> 00:00:25,510
So this is really, really important.

3
00:00:29,750 --> 00:00:35,080
So the transport layers, we are talking about segments

4
00:00:37,640 --> 00:00:48,080
and the segment can either be reliable or unreliable if it's reliable, that means to them that it has

5
00:00:48,080 --> 00:00:51,470
a connection oriented relationship with the device at the.

6
00:00:52,370 --> 00:00:52,650
Right.

7
00:00:52,690 --> 00:00:54,740
You've got a server, got a computer.

8
00:00:55,520 --> 00:00:56,270
It's reliable.

9
00:00:56,900 --> 00:01:00,650
Then the connection that's established is reliable.

10
00:01:01,040 --> 00:01:04,220
What that means is that the far end is getting acknowledgments for all the segments.

11
00:01:04,850 --> 00:01:10,550
In other words, this client will send a segment and then the far end will reply with an acknowledgement

12
00:01:10,760 --> 00:01:18,200
segment sent, acknowledgement sent, and if no acknowledgement sent you, you know, the client is

13
00:01:18,200 --> 00:01:22,220
waiting for acknowledgement from the server, then the client because of TCP, IP and its connection

14
00:01:22,220 --> 00:01:30,530
oriented nature, it can just resend the segment to, you know, to make sure that the remote end actually

15
00:01:30,530 --> 00:01:33,110
receives what the client wanted to receive.

16
00:01:33,710 --> 00:01:34,060
Right.

17
00:01:34,400 --> 00:01:39,140
Of course, the disadvantage here is that each of these segments are fat, right?

18
00:01:39,380 --> 00:01:40,790
They are bloated.

19
00:01:41,090 --> 00:01:42,110
I think about a really big.

20
00:01:43,660 --> 00:01:48,220
PXP, second being said, the reason they're fat and bloated is because there's a lot of overhead in

21
00:01:48,220 --> 00:01:51,490
order to make sure that those connections are, you know, connection oriented.

22
00:01:51,680 --> 00:01:57,910
Now, conversely, UDP is not like that UDD connection was and this is by design.

23
00:01:57,910 --> 00:02:00,640
It means that it doesn't verify state doesn't expect any acknowledgement.

24
00:02:00,640 --> 00:02:02,170
There's little to no overhead.

25
00:02:02,800 --> 00:02:05,710
And the advantage here is that this is really good for streaming.

26
00:02:05,710 --> 00:02:11,710
So if you got Microsoft teams meeting or a Zoome meeting or you're playing some video games online or

27
00:02:11,710 --> 00:02:18,730
something like that, UDP would be the ideal protocol to carry those data segments.

28
00:02:19,570 --> 00:02:27,340
OK, let's put reliable here to be viable UDP unreliable.

29
00:02:29,310 --> 00:02:36,220
The way you can remember that is this you write you for UDP is you for unreliable, right?

30
00:02:36,610 --> 00:02:41,740
Because the way I remember it, at least so now you might wonder, well, how do we know if it's reliable

31
00:02:41,740 --> 00:02:42,310
or unreliable?

32
00:02:42,310 --> 00:02:44,140
How do we know if it's using TDP or Euterpe?

33
00:02:44,500 --> 00:02:46,140
Well, the application developer does that right.

34
00:02:46,160 --> 00:02:50,830
So when they're developing the applications, they determine whether or not the application will use

35
00:02:50,830 --> 00:02:52,610
a reliable or unreliable protocol.

36
00:02:53,200 --> 00:02:59,230
Now, as one of the things we need to talk about when it comes to TCP, and that is the three way handshake,

37
00:02:59,660 --> 00:03:00,670
we get rid of all this.

38
00:03:02,460 --> 00:03:05,430
Right, because, you know, when you meet somebody for the first time, you don't just launch into

39
00:03:05,430 --> 00:03:08,010
a conversation, it's always like a Hey, my name is Bonnie.

40
00:03:08,220 --> 00:03:08,730
What's your name?

41
00:03:08,790 --> 00:03:09,120
Mark.

42
00:03:09,120 --> 00:03:09,650
OK, cool.

43
00:03:10,770 --> 00:03:11,940
You know, then we start talking.

44
00:03:11,950 --> 00:03:12,170
Right.

45
00:03:12,180 --> 00:03:18,180
And that brief interaction between me and you before we actually get to the point is called the three

46
00:03:18,180 --> 00:03:19,980
way handshake and TCP lingo.

47
00:03:20,610 --> 00:03:26,310
So let's get into that really fast, because I don't know if other people really understand this three

48
00:03:27,360 --> 00:03:31,090
way and shake.

49
00:03:32,760 --> 00:03:34,250
So we've got these two computers again.

50
00:03:35,790 --> 00:03:42,960
Get the computer here that you look pretty happy today and you've got the server right now, let's say

51
00:03:42,960 --> 00:03:44,880
you want to connect to that Web server, what's going to happen?

52
00:03:45,510 --> 00:03:47,570
Well, obviously, you're going to type in the domain name, right?

53
00:03:47,860 --> 00:03:49,890
It's called Acme dot com.

54
00:03:51,660 --> 00:03:53,030
And then DNS is going to happen.

55
00:03:53,040 --> 00:03:56,910
DNS basically as a protocol that's responsible for mapping domain names to IP addresses.

56
00:03:57,610 --> 00:04:02,070
Then once you have an IP address, let's say it's one, two, three, not four, you're going to try

57
00:04:02,070 --> 00:04:06,120
to establish a TCP connection with that IP.

58
00:04:06,810 --> 00:04:08,130
You can try to connect over.

59
00:04:09,240 --> 00:04:11,220
What are some things that have to take place first before that happens?

60
00:04:11,820 --> 00:04:16,770
Well, first you are going to send what's known as a synchronization request.

61
00:04:17,610 --> 00:04:20,940
So in this first Tsipi second comes over, you're going to send a signal.

62
00:04:21,390 --> 00:04:24,030
That's why in which is short for synchronization.

63
00:04:24,690 --> 00:04:27,300
OK, and this is just saying, hey, I want to talk.

64
00:04:27,990 --> 00:04:33,120
A thing is in the synchronization request, you're going to have some data on one of the pieces of data

65
00:04:33,120 --> 00:04:39,270
that you're going to see is what's known as a sequence number, which is abbreviated as you.

66
00:04:39,990 --> 00:04:45,090
And this number is usually like a really, really long number, like nine six one five eight one five

67
00:04:45,240 --> 00:04:45,540
one.

68
00:04:45,790 --> 00:04:47,160
The computer just pulls it out of the air.

69
00:04:47,610 --> 00:04:52,140
But if you're looking at an Wireshark, it probably just shows zero or one, because by default, Wireshark

70
00:04:52,140 --> 00:04:53,550
uses relative sequence numbers.

71
00:04:53,940 --> 00:04:57,230
And so you're not going to see the actual sequence number unless you explicitly request that.

72
00:04:57,750 --> 00:05:03,210
But when you've got the sequence number here and the synchronization segment you're indicating to the

73
00:05:03,210 --> 00:05:06,300
target or the destination that you want to start communicating.

74
00:05:06,690 --> 00:05:09,570
OK, and we know that Web service listen for E.T..

75
00:05:10,320 --> 00:05:11,440
So what's going to happen is the website.

76
00:05:11,440 --> 00:05:14,610
We're going to get that and what they're going to respond.

77
00:05:15,400 --> 00:05:16,060
But with what?

78
00:05:16,770 --> 00:05:21,900
Well, the website was going to respond with acknowledgement saying, yep, I got what you wanted,

79
00:05:22,530 --> 00:05:25,950
but the acknowledgement is going to be your sequence.

80
00:05:25,950 --> 00:05:26,310
No.

81
00:05:27,290 --> 00:05:32,360
Plus one, OK, so this is the fifty one, so the acknowledgment number is going to be nine six one

82
00:05:32,360 --> 00:05:34,220
five eight one five two.

83
00:05:35,130 --> 00:05:36,510
That's the acknowledgement from the server.

84
00:05:36,530 --> 00:05:37,210
Back to you.

85
00:05:37,770 --> 00:05:44,610
In addition, the response is also going to include that remote computer's own sequence number because

86
00:05:44,610 --> 00:05:47,040
it also wants to talk, establish a connection with you.

87
00:05:47,500 --> 00:05:50,970
OK, and then the final part of a three way handshake.

88
00:05:50,970 --> 00:05:53,280
The third part is when you then respond.

89
00:05:55,890 --> 00:05:59,520
So, by the way, this is an act, the secret number also has a scent in here.

90
00:06:00,600 --> 00:06:04,750
Let me put it in green cell.

91
00:06:05,850 --> 00:06:10,230
So you initiate with a scent the remote in response with a Sinak.

92
00:06:10,800 --> 00:06:17,190
The act includes your sequence number plus one and then the sequence number of the remote end that you

93
00:06:17,190 --> 00:06:21,390
respond to the Sinak with an act in this act.

94
00:06:22,690 --> 00:06:28,930
Basically includes the remote computer sequence number plus one, so it's going to be one zero zero

95
00:06:28,930 --> 00:06:32,240
zero two and now at this point, you guys can't communicate.

96
00:06:32,650 --> 00:06:33,660
That's the three way handshake.

97
00:06:34,000 --> 00:06:34,700
That's how it works.

98
00:06:35,050 --> 00:06:42,910
Now, the connection is established and you can start sending push or message segments to the remote

99
00:06:42,910 --> 00:06:44,860
end and communication will start to happen.

100
00:06:45,700 --> 00:06:46,600
That's all there really is.

101
00:06:46,600 --> 00:06:50,050
A three way handshake to Cincinnati back.

102
00:06:50,350 --> 00:06:52,540
But now, you know, a little bit more than just sense.

103
00:06:52,540 --> 00:06:53,390
And I can write it.

104
00:06:54,010 --> 00:06:56,980
You have the sequence numbers that are set in a synchronization segment.

105
00:06:57,340 --> 00:07:02,680
The acknowledgement comes back what the sequence number plus one, and then the remote, its own sequence

106
00:07:02,680 --> 00:07:05,160
number, which is sent to the initiating client.

107
00:07:05,170 --> 00:07:10,360
And finally, the client responds with an acknowledgement that is one more in a remote end sequence

108
00:07:10,360 --> 00:07:10,650
number.

109
00:07:11,260 --> 00:07:12,970
That sounds kind of complicated, but that's how it works.

110
00:07:12,970 --> 00:07:17,040
And if it feels complicated, just keep going through this next year until it starts to be sense.

111
00:07:17,560 --> 00:07:22,270
But that's it for that in the next election to be able to put into place reports are really important,

112
00:07:22,270 --> 00:07:27,270
especially when you doing penetration testing, retaining someone, speaking to the ports and saying,

113
00:07:27,550 --> 00:07:30,300
you know, everything that tells you guys.