1
00:00:08,400 --> 00:00:12,570
All right, so in the last lecture, we talked about the network layer, the data like layer, you learned

2
00:00:12,570 --> 00:00:19,560
about Mac addresses and the importance of the different jobs that are necessary in order to deliver

3
00:00:19,950 --> 00:00:23,190
frame or even a packet end to end.

4
00:00:23,670 --> 00:00:25,230
Now we're going to dig into something.

5
00:00:25,230 --> 00:00:29,310
And, you know, something really freaks a lot of people out because there's a lot of perhaps it's a

6
00:00:29,310 --> 00:00:32,160
lot of steps and it doesn't really seem relevant.

7
00:00:32,160 --> 00:00:32,960
Like who said.

8
00:00:32,970 --> 00:00:33,420
That's right.

9
00:00:33,430 --> 00:00:36,990
You just go online and type in an IP address and get the subnets that are inside of that particular

10
00:00:36,990 --> 00:00:42,870
address as an ethical hacker, a penetration test or whatever, you absolutely need to know how to subnet

11
00:00:42,870 --> 00:00:44,580
because you need to know which network you're on.

12
00:00:44,760 --> 00:00:46,410
You need to know if you're in scope.

13
00:00:46,410 --> 00:00:51,850
And also it'll help you determine to help you sort of diagnose why a particular connection is failing.

14
00:00:51,990 --> 00:00:55,770
Maybe you're trying to pivot to another system in the target users environment.

15
00:00:55,770 --> 00:01:00,060
And it's felt like for some reason that could be because they're on another network or VLAN or even

16
00:01:00,060 --> 00:01:05,040
a private plan which has different controls and technical restrictions in place, which is preventing

17
00:01:05,040 --> 00:01:05,760
lateral movement.

18
00:01:06,510 --> 00:01:08,130
So let's just get right into this.

19
00:01:08,130 --> 00:01:11,370
And I think the easiest way to get into subletting is just to look at an IP address.

20
00:01:11,680 --> 00:01:12,960
OK, so we open a command prompt.

21
00:01:14,100 --> 00:01:19,230
I just typed IP config and you can immediately see this beautiful trifecta.

22
00:01:19,530 --> 00:01:19,840
Right.

23
00:01:20,250 --> 00:01:24,180
So for Ethernet zero, which is my current Ethernet adapter, here's my IP address.

24
00:01:25,160 --> 00:01:29,150
Ten three zero thirty four is my subnet mask.

25
00:01:30,380 --> 00:01:35,080
In his malleefowl gateway, OK, we're going to get into what this means in detail, but Ticino just

26
00:01:35,090 --> 00:01:41,240
off the top, this mask is really, really important because it tells the computer when it's time to

27
00:01:41,240 --> 00:01:43,430
send a packet to the default gateway.

28
00:01:44,500 --> 00:01:49,600
It tells the computer basically which network a particular asset resides on, you know, if you try

29
00:01:49,600 --> 00:01:54,430
to ping a host that is in a different network, then it's going to have to go to the default gateway.

30
00:01:54,440 --> 00:01:58,360
So the default gateway getting a look at its routing table and try to figure out which interface it

31
00:01:58,360 --> 00:02:00,940
put forward that frame out of in order to get it to the next top.

32
00:02:01,360 --> 00:02:02,670
So I know that sounds a little bit confusing.

33
00:02:02,680 --> 00:02:06,190
A mysterious let's just get right into this and how is all this stuff works.

34
00:02:06,760 --> 00:02:08,440
So let's just draw this IP out.

35
00:02:08,860 --> 00:02:09,580
Got 10.

36
00:02:11,280 --> 00:02:17,560
Dot three, dot zero, dot thirty four.

37
00:02:18,080 --> 00:02:20,460
OK, and this is how we see it, right?

38
00:02:20,460 --> 00:02:23,700
These are how this is how humans see IP addresses as a human.

39
00:02:24,030 --> 00:02:24,900
We see this number.

40
00:02:25,530 --> 00:02:25,850
Right.

41
00:02:26,460 --> 00:02:29,060
And that's not exactly how the computer sees it.

42
00:02:29,100 --> 00:02:31,500
The computer doesn't see a decimal number like this.

43
00:02:31,500 --> 00:02:33,240
The computer sees a binary number.

44
00:02:33,780 --> 00:02:36,660
And so you need to understand what these numbers are like in binary.

45
00:02:37,170 --> 00:02:39,130
But before you can do that, you need to know the place value.

46
00:02:39,150 --> 00:02:44,280
So an IP address consists of a bit, which is either on or off.

47
00:02:44,460 --> 00:02:46,860
And there are eight bits in a bite.

48
00:02:47,730 --> 00:02:48,510
This is one bite.

49
00:02:49,130 --> 00:02:49,850
This is one bite.

50
00:02:49,860 --> 00:02:50,520
This is one bite.

51
00:02:50,520 --> 00:02:51,270
Is another bite.

52
00:02:51,450 --> 00:02:52,020
Four bites.

53
00:02:53,160 --> 00:02:53,520
Tasty.

54
00:02:54,000 --> 00:02:54,300
All right.

55
00:02:54,540 --> 00:02:56,070
So it's actually a bite.

56
00:02:56,070 --> 00:02:59,040
B, why t eat a bite?

57
00:02:59,740 --> 00:03:01,770
That's the correct way to refer to it.

58
00:03:02,520 --> 00:03:08,580
Then you really need to know here is that this bite is represented in binary with various place values.

59
00:03:09,180 --> 00:03:16,790
So what you have actually is you have a one place, you have a tooth place, a four eight.

60
00:03:16,800 --> 00:03:17,490
I'm just doubling it.

61
00:03:17,790 --> 00:03:21,000
16, 32, 64.

62
00:03:21,950 --> 00:03:26,630
One eight, OK, and these are the place values.

63
00:03:29,340 --> 00:03:30,960
That all the bits will fit into.

64
00:03:32,370 --> 00:03:34,460
Make a little table here.

65
00:03:36,290 --> 00:03:40,250
So what we can do is we look at each one, let's start with zero, because it is the easiest to understand

66
00:03:41,120 --> 00:03:47,180
zero in binary, it's just zero zero zero zero zero zero zero zero.

67
00:03:47,540 --> 00:03:47,780
Right.

68
00:03:47,810 --> 00:03:49,520
I mean, there should be no surprises there.

69
00:03:50,060 --> 00:03:51,170
That's why I actually started there.

70
00:03:53,240 --> 00:03:55,400
Now, what about the number 34?

71
00:03:55,710 --> 00:03:56,300
What would that be?

72
00:03:57,560 --> 00:03:58,160
Number three for us?

73
00:03:58,160 --> 00:03:58,760
A little bit different.

74
00:03:59,450 --> 00:04:05,280
So we need to do is we need to convert this number to binary to see it's 34 right there.

75
00:04:05,300 --> 00:04:06,980
No, 128 and 34.

76
00:04:07,490 --> 00:04:09,130
There are no 64 and 34.

77
00:04:09,740 --> 00:04:10,580
There's 132.

78
00:04:12,460 --> 00:04:16,930
So now that means there's just two left, there's no sixteen's and two there's no eight and two there's

79
00:04:16,930 --> 00:04:23,770
no four and two and there's one two into this number is 34 and binary, OK?

80
00:04:24,100 --> 00:04:26,530
And that's what the computer sees with its last octet.

81
00:04:27,220 --> 00:04:31,930
And of course, you have the number three, but you can see these last two bits, some to make three

82
00:04:32,320 --> 00:04:33,670
to one plus two or three.

83
00:04:33,880 --> 00:04:35,500
So that's number three.

84
00:04:37,410 --> 00:04:39,750
And very and then lastly, you have the number 10.

85
00:04:40,750 --> 00:04:43,030
And you can just add eight plus two to make ten.

86
00:04:44,150 --> 00:04:45,470
And I feel the rest of my Xeros.

87
00:04:46,690 --> 00:04:50,500
So now that we figured all this out, we can actually trace this all and show you what it looks like,

88
00:04:50,500 --> 00:04:50,980
a Pinery.

89
00:04:51,890 --> 00:04:52,230
Right.

90
00:04:52,250 --> 00:04:53,210
So we figured out, Tim.

91
00:04:58,200 --> 00:04:59,100
We figured out three.

92
00:05:04,270 --> 00:05:05,200
We could have zero.

93
00:05:08,080 --> 00:05:09,160
And finally, 34.

94
00:05:10,870 --> 00:05:14,480
And by the way, while I'm doing this, I'm counting in my head, I'm saying 128, no.

95
00:05:14,480 --> 00:05:15,410
64, no.

96
00:05:15,920 --> 00:05:19,550
32, yes, 16 no.

97
00:05:20,120 --> 00:05:23,330
You know, when I say 32, that means only two.

98
00:05:23,330 --> 00:05:24,070
Left, right.

99
00:05:24,080 --> 00:05:26,870
So I'm saying how many sixteen's are in it to none?

100
00:05:27,350 --> 00:05:30,470
How many eights are in it to none?

101
00:05:30,650 --> 00:05:32,950
How many forces are in it to none?

102
00:05:33,260 --> 00:05:34,900
How many twos aren't it to one?

103
00:05:35,150 --> 00:05:35,800
Nothing less.

104
00:05:36,230 --> 00:05:38,210
So that should be this number in binary.

105
00:05:38,210 --> 00:05:41,210
And what we can do is check it just to open up the calculator.

106
00:05:41,650 --> 00:05:41,900
Right.

107
00:05:41,900 --> 00:05:43,070
So I can go down here.

108
00:05:43,580 --> 00:05:45,620
What I'll do is I'll change this into.

109
00:05:48,080 --> 00:05:50,440
And Billy Programer does it, yeah, there we go.

110
00:05:52,180 --> 00:06:00,040
So we can now type 10 and you can see ten in binary is one zero one zero leading zeros don't count.

111
00:06:01,230 --> 00:06:03,420
Of course, we can go back here is a three.

112
00:06:04,490 --> 00:06:08,360
Zero zero one one zero, obviously, will be all zeros.

113
00:06:08,580 --> 00:06:10,820
And finally, we clicked decimal to make your own decimal.

114
00:06:10,860 --> 00:06:12,320
We hit thirty four.

115
00:06:13,540 --> 00:06:14,380
And you can see.

116
00:06:15,880 --> 00:06:16,810
Everything matches up.

117
00:06:17,740 --> 00:06:19,120
OK, so now what do we do with this?

118
00:06:20,550 --> 00:06:25,380
Well, you may recall that in this case, we had a 24 mask, a 24 bed mask, right.

119
00:06:26,160 --> 00:06:26,940
And here was the mask.

120
00:06:26,940 --> 00:06:27,750
I'll give you the mask again.

121
00:06:29,390 --> 00:06:41,360
255, 255, 35, that zero, also known as a slash 24 y, because the first 24 bits are all ones, so

122
00:06:41,360 --> 00:06:44,720
a mask basically has to have contiguous bits, right?

123
00:06:44,720 --> 00:06:47,830
So by contiguous, I mean that the bits are next to each other.

124
00:06:47,840 --> 00:06:51,110
There's no breaks, there's no change in the digits.

125
00:06:51,140 --> 00:06:52,990
They're all ones consecutively.

126
00:06:53,660 --> 00:06:54,800
So this mask.

127
00:06:56,250 --> 00:07:02,130
255 represents one, two, three, four, five, six, seven, eight, all the bits are on in this byte.

128
00:07:03,160 --> 00:07:08,320
One, two, three, four, five, six, seven, eight, all the bits are on in the second octet, third

129
00:07:08,320 --> 00:07:12,490
octet, one, two, three, four, five, six, seven, eight, and then finally the last octet.

130
00:07:14,400 --> 00:07:16,280
Has nothing enabled, right?

131
00:07:18,790 --> 00:07:22,030
So what this is from the computer's perspective, and this is key, guys, this is key.

132
00:07:23,200 --> 00:07:27,430
All those ones from the computer's perspective, this represents the network.

133
00:07:28,160 --> 00:07:28,500
OK.

134
00:07:29,430 --> 00:07:30,690
And then the Xeros.

135
00:07:31,720 --> 00:07:32,790
Represent the host.

136
00:07:33,200 --> 00:07:34,210
So this is a network.

137
00:07:35,840 --> 00:07:38,540
This represents the host, OK?

138
00:07:40,310 --> 00:07:45,830
And the way it works is that the computer actually takes these two values and ends them together, and

139
00:07:45,830 --> 00:07:48,470
by that I mean it will take this one in this one.

140
00:07:49,310 --> 00:07:54,080
And if as long as both values are one, it will show up as a one.

141
00:07:55,260 --> 00:08:00,590
If these numbers are different or they're both zero and it's a zero, but if they're both one into one,

142
00:08:01,410 --> 00:08:07,500
so what the computer does is it takes the mask and the I.P. address ends it together and it says one

143
00:08:07,500 --> 00:08:07,990
in zero.

144
00:08:08,320 --> 00:08:08,700
OK.

145
00:08:10,350 --> 00:08:10,980
That's a zero.

146
00:08:12,040 --> 00:08:22,270
One in zero zero one in zero zero one one one one zero zero one and one one zero one one.

147
00:08:22,270 --> 00:08:22,450
Right.

148
00:08:22,480 --> 00:08:24,580
And this just goes down the entire list.

149
00:08:24,940 --> 00:08:29,020
And what you'll end up discovering when you do this is something really interesting.

150
00:08:29,920 --> 00:08:31,930
These are all zeroes, obviously, because zero 011 one.

151
00:08:32,970 --> 00:08:35,250
Two, three, four, five, six, seven, eight.

152
00:08:35,970 --> 00:08:43,070
This over here is obviously going to be zero zero zero because one in zero zero and these are all zeroes

153
00:08:43,410 --> 00:08:45,630
one zero zero zero.

154
00:08:46,140 --> 00:08:48,750
So what you end up getting are values.

155
00:08:48,780 --> 00:08:51,030
See these green values they match.

156
00:08:52,200 --> 00:08:54,070
This number here, 10 three zero.

157
00:08:54,870 --> 00:08:55,290
Why?

158
00:08:55,470 --> 00:08:57,390
Because the mask is telling you that's the network.

159
00:08:57,420 --> 00:09:00,960
This is the street that the host 34 lives on.

160
00:09:02,290 --> 00:09:03,040
These are hospitals.

161
00:09:03,070 --> 00:09:07,720
Remember, these are the hospital over here, these are the hospitals over here, and this is saying

162
00:09:07,720 --> 00:09:12,130
that this host at 34 lives on a 10 three zero network or street.

163
00:09:12,520 --> 00:09:14,930
OK, so far so good, I hope.

164
00:09:14,950 --> 00:09:16,470
Hopefully that's not too tricky.

165
00:09:17,410 --> 00:09:19,240
It can be tricky, but hopefully it's not too tricky.

166
00:09:19,900 --> 00:09:24,730
So what you can do from this is you can figure out how many hosts, you know live on this particular

167
00:09:24,730 --> 00:09:25,180
subnet.

168
00:09:26,140 --> 00:09:26,800
How do you do that?

169
00:09:27,660 --> 00:09:30,280
Let's clear off the screen so I can show you in the next lecture.

170
00:09:30,690 --> 00:09:34,980
So in the next lecture, we are going to dig into this a little deeper and I'm going to show you how

171
00:09:34,980 --> 00:09:37,870
you can see what the broadcast addresses know.

172
00:09:37,890 --> 00:09:39,210
What are the network ranges?

173
00:09:39,690 --> 00:09:41,010
How many networks do we have?

174
00:09:41,160 --> 00:09:44,180
And what IPS live on this particular network.

175
00:09:44,220 --> 00:09:46,680
OK, so this is really important, especially if you're doing port scans.

176
00:09:47,100 --> 00:09:48,780
We're trying to enumerate the network internally.

177
00:09:48,870 --> 00:09:53,670
You want to know what your boundaries are when you're crossing into a separate building and typically

178
00:09:53,670 --> 00:09:58,370
villans are aligned to networks and we'll see all this a little bit later.

179
00:09:58,380 --> 00:10:01,260
OK, so in the next lecture, we will get into this a little bit deeper.

180
00:10:01,470 --> 00:10:04,530
I will see you in the next lecture by.