1
00:00:10,010 --> 00:00:15,560
Before you start to learn about hacking and all of the fun stuff with cybersecurity First you need to

2
00:00:15,560 --> 00:00:22,880
have a good understanding about network protocols and addresses that are used in networking.

3
00:00:22,880 --> 00:00:24,670
So what is a network.

4
00:00:25,190 --> 00:00:29,360
Networks are a collection of nodes that communicate with each other.

5
00:00:29,870 --> 00:00:38,880
And now were can be smaller in size like your home network or large like the Internet network models

6
00:00:38,880 --> 00:00:43,400
are used to standardize how networked devices communicate with each other.

7
00:00:43,410 --> 00:00:48,650
Each network model layer plays a different role to help data forward out of point.

8
00:00:48,690 --> 00:00:51,830
Now we're interface cards onto the network.

9
00:00:51,900 --> 00:00:54,160
There are two types of network models.

10
00:00:54,420 --> 00:01:01,500
TCAP IP and oocyte both models have the same objective but they have some differences including the

11
00:01:01,500 --> 00:01:09,310
types of layers that are used as you can see each layer has different sets of protocols protocols can

12
00:01:09,310 --> 00:01:16,240
be thought of as different languages that are used between network devices at each layer.

13
00:01:16,240 --> 00:01:21,670
Now let's take a look at each of these layers to help you understand the traffic flow for a network

14
00:01:21,670 --> 00:01:22,970
device.

15
00:01:24,180 --> 00:01:32,050
At the application layer data like web applications and email are created application layer protocols

16
00:01:32,050 --> 00:01:38,090
like HTP are used to sign communication between endpoint applications.

17
00:01:38,140 --> 00:01:44,980
In this example you can see that the HTP protocol was used to ask the Web server for the Web site's

18
00:01:44,980 --> 00:01:46,570
home page.

19
00:01:46,570 --> 00:01:52,930
Once the data has been created it is passed through each model layer to prepare the data to be transferred

20
00:01:52,990 --> 00:02:01,200
onto the network TZP and UDP our transporter protocols that are used for host to host communication

21
00:02:02,490 --> 00:02:10,370
these protocols use port numbers for sockets to control which applications received data on endpoints.

22
00:02:10,680 --> 00:02:18,150
Once TCAP or UDP is used to establish a connection between hosts then the higher layer data like TTP

23
00:02:18,450 --> 00:02:26,730
can be sent to an TZP is considered to be a reliable protocol to handle host connections since it uses

24
00:02:26,730 --> 00:02:32,250
acknowledgements and requires a three way handshake to establish a connection.

25
00:02:33,270 --> 00:02:40,150
UDP is unreliable transport protocol since it does not track the state of a connection.

26
00:02:40,680 --> 00:02:44,940
Here's a list of well-known TCAP and UDP ports.

27
00:02:46,410 --> 00:02:53,380
Allée cybersecurity engineer you should know what ports applications use so that you can secure vulnerable

28
00:02:53,380 --> 00:02:55,260
applications.

29
00:02:55,270 --> 00:03:03,950
In fact most firewall filtering is based on TCAP and UDP port numbers at the network layer.

30
00:03:03,970 --> 00:03:06,230
IP addresses are used.

31
00:03:06,640 --> 00:03:14,360
These later three addresses are used to route IP packets from one network to another between routers.

32
00:03:14,950 --> 00:03:17,860
They serve the same purpose as phone numbers.

33
00:03:17,860 --> 00:03:23,140
When someone wants to call you they type in the phone number that is assigned to your phone and the

34
00:03:23,140 --> 00:03:28,360
phone call is routed all the way through the phone network to you and your phone rings.

35
00:03:28,720 --> 00:03:33,540
Just like a phone call when a computer wants to talk to a network device like a printer.

36
00:03:33,610 --> 00:03:41,080
It points to the IP address to connect every network device needs an IP address just like every phone

37
00:03:41,140 --> 00:03:43,810
needs a phone number.

38
00:03:43,810 --> 00:03:49,420
IP addresses can be public or private depending on if they are on an internal network like a home or

39
00:03:49,420 --> 00:03:51,140
business or the internet

40
00:03:54,940 --> 00:03:58,060
once IP addressing information is added to a packet.

41
00:03:58,120 --> 00:04:04,960
It is then wrapped into an Ethernet frame the Internet frame is responsible for error checking and forging

42
00:04:04,960 --> 00:04:08,120
data after it has been routed onto a LAN.

43
00:04:08,530 --> 00:04:15,940
Frames rely on Ethernet addresses called MAC addresses to deliver frame data MAC addresses are globally

44
00:04:15,970 --> 00:04:21,140
unique addresses that are assigned to network interface cards.

45
00:04:21,280 --> 00:04:27,580
Once data has traveled through each layer we end up with an encapsulated frame that contains all of

46
00:04:27,580 --> 00:04:31,910
the higher level information once the frame is ready.

47
00:04:32,000 --> 00:04:37,670
It is settled down to the physical layer the physical layer is responsible for sending our data ones

48
00:04:37,670 --> 00:04:49,450
and zeroes as signals out of the network interface card NICS can connect via wire or wireless.

49
00:04:49,460 --> 00:04:57,980
OK so now what we're going to do is fire up my computer and go to a Web site and then open up a packet

50
00:04:57,980 --> 00:05:08,210
capture software so that I can show you what each layer looks like in a real world connection on a network.

51
00:05:08,270 --> 00:05:10,980
So I'm going to open up my wireshark software here.

52
00:05:12,030 --> 00:05:19,500
Boyer's shark is a free pass to capture software and it will actually show you broad data for what's

53
00:05:19,500 --> 00:05:22,040
happening at each of your network model layers.

54
00:05:23,030 --> 00:05:29,630
If you check the resources for this video lecture you will see that I posted a link to the wireshark

55
00:05:29,630 --> 00:05:33,300
Web site so that you can download the wireshark software.

56
00:05:33,350 --> 00:05:39,660
If you don't already have Ok so the first thing has to do with wireshark to capture data is choose which

57
00:05:39,870 --> 00:05:43,120
network interface card you want to capture data on.

58
00:05:43,380 --> 00:05:50,400
So my layer 1 network interface that I'm going to use is my wireless connection besides the fact I know

59
00:05:50,400 --> 00:05:52,060
I'm connected to the wireless.

60
00:05:52,170 --> 00:05:58,680
I can see that primarily my network data is traversing this network interface card.

61
00:05:59,100 --> 00:06:05,640
So I'm going to double click on that and now I have a packet capture open up and it's capturing all

62
00:06:05,640 --> 00:06:15,480
of my traffic so I'm going to launch a Web browser here just by going to being dot com I have created

63
00:06:15,480 --> 00:06:23,960
network data on my computer Susan I know that my connection to being dotcom was a HTP connection.

64
00:06:23,960 --> 00:06:30,380
I'm going to filter with wireshark which does have some like pre-built filters if you hit this filter

65
00:06:30,380 --> 00:06:34,670
option and it will only show you packets that match that filter.

66
00:06:34,670 --> 00:06:43,170
So I'm going to filter to HTP and it looks like here's my connection to being non-comp so I've clicked

67
00:06:43,170 --> 00:06:53,100
on this traffic flow so this shows that for my IP address of my wireless network interface card of 10.0

68
00:06:53,110 --> 00:06:58,170
the 11. Loven it went to this destination IP address.

69
00:06:58,170 --> 00:07:02,510
So this is back to the analogy about making a phone call.

70
00:07:02,550 --> 00:07:11,490
I have my network address as my source and I'm sending my request to this web servers IP address so

71
00:07:11,490 --> 00:07:17,520
that's all I'm getting from point A to point B from my house all the way across the Internet all the

72
00:07:17,520 --> 00:07:22,240
way to the web server at being dot com.

73
00:07:22,500 --> 00:07:25,660
So now that I have that packet selected.

74
00:07:25,830 --> 00:07:33,880
If you look down below here you can actually drill down into each network model layer.

75
00:07:33,960 --> 00:07:35,640
So we already know for layer 1.

76
00:07:35,880 --> 00:07:38,220
I'm using my wireless network interface card.

77
00:07:38,550 --> 00:07:42,070
Well let's jump to layer 2 so layer 2.

78
00:07:42,330 --> 00:07:50,250
It shows that here's my source and destination MAC address so we have our layer to frame that was built

79
00:07:50,250 --> 00:07:52,560
here with my network interfaces.

80
00:07:52,560 --> 00:07:59,850
MAC address and then my Gateway's MAC address and then down to layer 3.

81
00:08:00,060 --> 00:08:10,380
We have our IP address information to route across the network and then here we have our layer for information

82
00:08:10,380 --> 00:08:17,760
which HTP uses TCAP as a transport protocol and uses the well-known TCAP port 80.

83
00:08:18,060 --> 00:08:21,150
So my computer picked a random source poor.

84
00:08:21,660 --> 00:08:28,680
And then since I knew I wanted to talk to the HTP application on the being web server I set my destination

85
00:08:28,680 --> 00:08:31,470
TCAP port to port 80.

86
00:08:31,740 --> 00:08:37,800
And here you see some of the application data that I requested when I sent traffic from my computer

87
00:08:37,830 --> 00:08:38,990
to that server.

88
00:08:41,100 --> 00:08:46,980
In addition to wireshark if you're on a Windows Mac or Linux computer there are certain commands that

89
00:08:46,980 --> 00:08:52,220
you can run to verify your network information on your computer.

90
00:08:52,400 --> 00:09:00,620
I am on a Windows computer and I can run IP config and that commands are going to show me my IP address

91
00:09:01,970 --> 00:09:04,480
for my wireless network interface card.

92
00:09:04,640 --> 00:09:11,700
And if I do IP config for it all I could actually find out more information like my my mac address for

93
00:09:11,700 --> 00:09:17,890
my wireless network interface card up here somewhere right here.

94
00:09:17,890 --> 00:09:27,780
So this shows me my really my layer one layer 2 Layer 3 information for my puter.

95
00:09:27,780 --> 00:09:32,820
OK so now that you should have a pretty good understanding of the networking fundamentals and the next

96
00:09:32,820 --> 00:09:40,240
video we're going to take a look at some of networking protocols that can be used in network attacks.