1
00:00:08,100 --> 00:00:12,910
Last year, we talked about the network ports, which need to be aware of that reporting protocols and

2
00:00:12,960 --> 00:00:20,100
that we just want to take in to the network layer network layer in this layer.

3
00:00:20,690 --> 00:00:27,360
We are concerned with really one thing, and this is the thing that most people aren't aware of is IP

4
00:00:28,110 --> 00:00:28,610
addresses.

5
00:00:29,610 --> 00:00:37,410
But you have a source, IP address, IP, all that data, all that information was here.

6
00:00:37,420 --> 00:00:42,220
And this is referred to as a hockey player for TCP.

7
00:00:42,390 --> 00:00:43,410
First you out of the segment.

8
00:00:44,340 --> 00:00:49,320
But when it gets down to a three, the data, the protocol, you, to be more precise, becomes a packet

9
00:00:49,320 --> 00:00:54,360
and then it layer to the protocol data unit or the packet becomes a frame.

10
00:00:54,930 --> 00:00:55,250
Right.

11
00:00:55,890 --> 00:01:00,240
And the frame really just looks like this.

12
00:01:00,690 --> 00:01:03,090
Conceptually speaking, we can do.

13
00:01:03,980 --> 00:01:05,450
It's going to get us out and said here.

14
00:01:06,860 --> 00:01:15,740
Data link where OK, so I have a data link later, we have friends, but we really have Mac addresses.

15
00:01:15,740 --> 00:01:20,720
So let's put frame here and you have a source Mac address.

16
00:01:21,410 --> 00:01:24,170
You have Adeste Mac address.

17
00:01:25,100 --> 00:01:26,770
This is what switches care about, right?

18
00:01:26,840 --> 00:01:29,450
Switches forward frames in the Mac addresses.

19
00:01:29,450 --> 00:01:33,530
Really are concerned with your local network packets are concerned with the Internet.

20
00:01:34,220 --> 00:01:39,560
So when you think about an IP address, think about end in connectivity.

21
00:01:40,190 --> 00:01:40,480
Right.

22
00:01:40,490 --> 00:01:47,120
Point A to point B when you think about a Mac address, think about the immediate next top.

23
00:01:47,690 --> 00:01:50,440
Let's call this like eight point one, OK?

24
00:01:51,720 --> 00:01:57,210
There's all these other devices like routers and but yet there's a bunch of routers between, you know,

25
00:01:57,240 --> 00:01:59,530
my computer and the ultimate computer that I want to get to.

26
00:02:00,920 --> 00:02:10,610
And so the frame is going to hop between these devices to up three, so on and so forth, until it gets

27
00:02:10,610 --> 00:02:11,540
to its final destination.

28
00:02:12,140 --> 00:02:13,910
So when you look at Mac addresses.

29
00:02:14,930 --> 00:02:20,240
The definition of Mac is not going to be this far in whatsoever, but down here, it's actually going

30
00:02:20,240 --> 00:02:25,970
to be your local router or your gateway is going to be the Mac address of interface on your default

31
00:02:25,970 --> 00:02:26,390
gateway.

32
00:02:26,930 --> 00:02:27,250
Right.

33
00:02:27,560 --> 00:02:32,960
And then the frame is going to be forwarded to the next top, which will most likely be another device,

34
00:02:32,960 --> 00:02:36,410
a router that is between you and the ultimate website.

35
00:02:36,710 --> 00:02:39,430
So you can actually see this kind of an action if you weren't.

36
00:02:40,700 --> 00:02:42,780
So let me show you what I'm talking about here.

37
00:02:43,430 --> 00:02:46,010
So if I go into this computer.

38
00:02:48,630 --> 00:02:49,200
Simbi.

39
00:02:51,130 --> 00:02:53,910
I went ping on example about.

40
00:02:58,120 --> 00:03:01,260
Let's say up to IPV six a.m., that's kind of annoying.

41
00:03:02,710 --> 00:03:08,560
I think we need to disable that, so what we're going to do TechNet, S.H., I'm sorry, inseparate

42
00:03:08,560 --> 00:03:09,070
KPL.

43
00:03:10,970 --> 00:03:13,250
And let's disable IPV six.

44
00:03:14,500 --> 00:03:16,450
If we can use my network adapter.

45
00:03:17,400 --> 00:03:18,090
Properties.

46
00:03:22,380 --> 00:03:23,190
IPV six.

47
00:03:24,570 --> 00:03:26,370
OK, close.

48
00:03:27,680 --> 00:03:30,770
Close, let's open up an elevated command prompt.

49
00:03:32,740 --> 00:03:33,740
And as administrator.

50
00:03:39,330 --> 00:03:42,450
We'll say half example com.

51
00:03:43,550 --> 00:03:44,720
This is my general address.

52
00:03:46,280 --> 00:03:52,160
This is layer three network address, and by the way, example, dot com is a real website example,

53
00:03:52,160 --> 00:03:52,640
dot com.

54
00:03:54,180 --> 00:03:59,430
So this is a real page on the Internet, as you can see, it's taking forever a prisoner that I can

55
00:03:59,430 --> 00:04:03,860
respond, but this is another I.P. address on my local network.

56
00:04:04,290 --> 00:04:05,520
So megadoses are being Utøya.

57
00:04:05,520 --> 00:04:06,480
You can actually see them.

58
00:04:06,480 --> 00:04:09,000
I could reference and show you this.

59
00:04:10,460 --> 00:04:13,610
That are being resolved by my computer.

60
00:04:15,720 --> 00:04:20,110
Ah, ah, ah ah, so ah, address, resolution, protocol.

61
00:04:20,610 --> 00:04:23,910
Show me everything and the IP config.

62
00:04:27,800 --> 00:04:33,710
You can see 190, 116 zero one, my default gateway, one of seven is my actual address that.

63
00:04:35,490 --> 00:04:40,410
Zero one is by default gateway, and it's the macros that, if it was learned dynamically, right,

64
00:04:40,890 --> 00:04:44,190
is a few of the devices on here, because I've got a few other devices listening in my lab.

65
00:04:44,460 --> 00:04:48,840
But the point is now this is the definition math, right?

66
00:04:48,840 --> 00:04:54,180
For that first frame we fired up Wireshark, you would actually see this Wireshark.

67
00:04:56,810 --> 00:04:59,250
Called this out, you know why that's taking so long?

68
00:05:00,200 --> 00:05:00,590
Here we go.

69
00:05:00,680 --> 00:05:01,450
Making some progress.

70
00:05:02,960 --> 00:05:08,920
Let's start this over so control see, I'm just going to clear this out.

71
00:05:11,260 --> 00:05:14,770
Let's get Wireshark going to capture on our Ethernet adapter.

72
00:05:16,080 --> 00:05:19,320
People say path paying, for example.

73
00:05:19,590 --> 00:05:19,980
Com.

74
00:05:24,070 --> 00:05:27,010
Should be able to filter down by ICMP just to look at the pings.

75
00:05:28,970 --> 00:05:35,080
And you can actually see the entire, you know, what's stock here, this is the application layer protocol.

76
00:05:35,090 --> 00:05:39,530
In this case, there's an application layer protocol because I sent it directly from the command prompt.

77
00:05:40,010 --> 00:05:42,440
So we're starting here at layer four.

78
00:05:42,920 --> 00:05:43,640
This is TCP.

79
00:05:45,480 --> 00:05:51,330
And you can actually see the sequence numbers over here, by the way, then we have layer three where

80
00:05:51,330 --> 00:05:52,710
you have now a packet.

81
00:05:53,070 --> 00:05:55,350
So the segment moves down, it becomes a packet.

82
00:05:55,920 --> 00:05:57,720
Here's the source and destination IP address.

83
00:05:59,330 --> 00:06:05,600
And then the packet becomes a frame and you have the source destination Mac addresses if you look at

84
00:06:05,600 --> 00:06:07,040
AAFP or type AAFP.

85
00:06:08,660 --> 00:06:10,970
You'll see a list of all the devices on my network.

86
00:06:11,480 --> 00:06:14,810
I've got a lot of activity, but you can see my computer doing some work here.

87
00:06:14,810 --> 00:06:19,370
So if I go into the command, prompt the IP address again.

88
00:06:20,060 --> 00:06:21,590
You see him zero point one of seven, right?

89
00:06:23,200 --> 00:06:27,550
Here you can see my computer and seeing who is one only two one six zero one one seven.

90
00:06:27,580 --> 00:06:32,080
That's me right to my router saying, who is this guy trying to ping me?

91
00:06:32,830 --> 00:06:36,220
And remember, that's the first hop when we went to the path ping.

92
00:06:36,970 --> 00:06:37,300
Right.

93
00:06:37,960 --> 00:06:40,810
It's like Pathing Felde example.

94
00:06:40,810 --> 00:06:47,800
It's not going as well as I wanted to, but the first hop is going to be the the router, OK, my my

95
00:06:47,800 --> 00:06:49,540
personal router or my home network.

96
00:06:50,350 --> 00:06:53,550
And it's basically saying, you know, the router gets that frame.

97
00:06:53,570 --> 00:06:56,020
It's like, well, you know, who is this one?

98
00:06:56,020 --> 00:06:58,180
And two one six eight zero one seven guy.

99
00:06:58,420 --> 00:07:02,500
Tell me the router and then my computer responds with my address.

100
00:07:02,500 --> 00:07:03,670
And how do I know with my Mac address.

101
00:07:04,090 --> 00:07:05,500
This is 030.

102
00:07:05,620 --> 00:07:11,950
Well I can tell you right now I hear this f 030 is my back address because if you go to the command

103
00:07:11,950 --> 00:07:15,310
prompt IP config but you need to run.

104
00:07:18,250 --> 00:07:18,610
All.

105
00:07:24,240 --> 00:07:27,300
There it is, is my Mac address of 030.

106
00:07:29,270 --> 00:07:35,900
If there were 30, right, and so now my Mac address has been given to the router and now the router

107
00:07:36,050 --> 00:07:41,950
has a way of moving that frame to the next hop, which is going to be another router within my ISP network.

108
00:07:42,080 --> 00:07:42,650
They're going to get it.

109
00:07:43,190 --> 00:07:46,520
And, you know, they're going to say, well, who you know, who has this particular IP address?

110
00:07:46,900 --> 00:07:51,890
It's going to go through the entire resolution process all over again until it finally ends up at the

111
00:07:51,890 --> 00:07:52,700
example dot com.

112
00:07:53,800 --> 00:07:54,190
Domain.

113
00:07:55,370 --> 00:08:02,080
OK, so the main thing I really wanted you to learn here is that the data moves down a protocol stack,

114
00:08:02,740 --> 00:08:08,520
OK, transport network and doing OK.

115
00:08:09,100 --> 00:08:13,120
Your segment, as we said before, packett.

116
00:08:14,680 --> 00:08:18,610
Fred, and then it's going to keep moving.

117
00:08:20,120 --> 00:08:21,200
From routed around her.

118
00:08:23,100 --> 00:08:24,690
And between these routers, it's using.

119
00:08:26,180 --> 00:08:33,050
Mac addresses the Mac addresses a constantly changing as the frame moves between routers, but the IP

120
00:08:33,050 --> 00:08:35,600
address always stays the same.

121
00:08:36,410 --> 00:08:39,730
The source and destination IP, the source does always stay the same.

122
00:08:40,550 --> 00:08:44,420
But the the source and destination Mac address is always changing.

123
00:08:44,420 --> 00:08:44,680
Right?

124
00:08:45,080 --> 00:08:52,670
Because when you hear the source, Mac, it's going to be the source, the Mac address on my computer

125
00:08:53,270 --> 00:08:55,910
when the frame moves to the router.

126
00:08:56,360 --> 00:09:00,680
By the way, the destination Mac will be this rather my default gateway, but not one that gets to the

127
00:09:00,680 --> 00:09:01,010
router.

128
00:09:01,010 --> 00:09:05,300
The source, Mac, is not going to be the routers Mac address on this interface right here.

129
00:09:05,690 --> 00:09:11,750
The destination Mac is going to be this far end interface and then this matter is going to get it.

130
00:09:12,260 --> 00:09:16,280
And remember, the IP address stays the same, the source IP stays the same and the destination IP stays

131
00:09:16,280 --> 00:09:16,640
the same.

132
00:09:17,000 --> 00:09:23,150
Whether this router gets it basically encapsulates the frame and it looks at the source, Mac, and

133
00:09:23,150 --> 00:09:27,170
it says, OK, the source Mac, is this guy over here, destination Mac is me.

134
00:09:27,170 --> 00:09:32,460
Cool when it decathletes the candidates at the packet, but it sees the IP address is not its latest

135
00:09:32,580 --> 00:09:32,920
address.

136
00:09:32,930 --> 00:09:38,610
Instead, it's the example dot com IP address.

137
00:09:38,670 --> 00:09:44,120
So now this router knows it needs to move that frame to the next hub that will play a role in getting

138
00:09:44,360 --> 00:09:46,070
that frame to its ultimate destination.

139
00:09:46,190 --> 00:09:47,270
So the traffic gets it right.

140
00:09:47,660 --> 00:09:51,980
It looks at the source Mac address, source Mac address is coming from this guy destination Mac.

141
00:09:52,160 --> 00:09:55,940
If this router sort of said, cool, let me open it up, let me look at the network layer.

142
00:09:55,970 --> 00:10:00,420
Network layer has a source IP of this address, which is fine definition.

143
00:10:00,830 --> 00:10:06,110
Is not this routers destination, it's not this routers layer three network interface card.

144
00:10:06,380 --> 00:10:09,080
So it moves the frame again to the next hub.

145
00:10:09,620 --> 00:10:14,000
And this happens until it gets to this example dot com server and when it gets there.

146
00:10:15,040 --> 00:10:18,850
This is the server that's running this whole thing is apple dotcom, let's say that's what this is.

147
00:10:19,060 --> 00:10:23,200
This server is going to get it and the destination, Mac is going to be this particular router destination.

148
00:10:23,200 --> 00:10:25,690
IP is going to beat this routers layer three IP address.

149
00:10:25,720 --> 00:10:34,720
Now, it knows that it can move that packet, which came in as a frame up to layer four, move it up

150
00:10:34,720 --> 00:10:37,750
to layer four, which is where the application was, which is listening.

151
00:10:37,750 --> 00:10:38,320
Aiport 80.

152
00:10:38,560 --> 00:10:38,920
Right.

153
00:10:38,930 --> 00:10:39,550
It could be a patch.

154
00:10:39,550 --> 00:10:45,190
You could be is it processes that data and sends back the response, which would be the actual page.

155
00:10:45,460 --> 00:10:45,790
Right.

156
00:10:46,390 --> 00:10:48,490
So we can look at that.

157
00:10:49,960 --> 00:10:51,190
It's clear the screen in the fast.

158
00:10:51,770 --> 00:10:55,750
You can see some of this happening if you look at chrome tools, dev tools.

159
00:10:56,200 --> 00:11:02,830
So we go here, we're going to go to dev tools, more tools, developer tools.

160
00:11:04,460 --> 00:11:05,150
It's a good network.

161
00:11:07,380 --> 00:11:08,600
Flip this over like this.

162
00:11:11,510 --> 00:11:12,980
So we're going to refresh this.

163
00:11:16,210 --> 00:11:18,790
Shift a five, let's safety a hard refresh, there we go.

164
00:11:23,050 --> 00:11:28,870
You can see the data that was requested, so there's the IP address, Port 80 CE in the response.

165
00:11:29,710 --> 00:11:30,730
Let's see, what do we get back?

166
00:11:31,770 --> 00:11:33,840
Response setters see the source.

167
00:11:35,570 --> 00:11:39,020
So here's the response headers in the contently with six forty eight, I mean, to set back the page

168
00:11:39,020 --> 00:11:42,500
that was six hundred forty eight bytes, which is exactly what you're seeing here.

169
00:11:43,240 --> 00:11:47,690
OK, and also sent back as Babycham, which is what you're seeing up here in Chrome.

170
00:11:49,590 --> 00:11:52,830
Of course, it was found that found so it tried to request it.

171
00:11:55,430 --> 00:11:57,500
It was a four or four, so it didn't actually get that back.

172
00:11:58,380 --> 00:11:59,780
That's basically how that works.

173
00:12:00,980 --> 00:12:06,590
You know, it's not really that complicated to remember the lessons for the land and or the internal

174
00:12:06,800 --> 00:12:11,150
that the communication, you know, within a subnet and then the IP addresses are encrypted.

175
00:12:12,080 --> 00:12:12,290
Right.

176
00:12:12,920 --> 00:12:14,240
So I hope that makes sense.

177
00:12:14,690 --> 00:12:16,640
And I will see you in the next one.