00:00:00
00:00:02
If you need to move a box
from one place to the other,
00:00:05
a common way to accomplish
that is to get a moving truck.
00:00:08
We can put boxes in
the moving truck,
00:00:09
move that box to
another location,
00:00:11
and unload the moving truck.
00:00:13
In the case of networking,
the road that we're driving on
00:00:17
is the network.
00:00:18
So if you've got a wireless
network, a DSL network,
00:00:21
a cable modem network, or
you have an ethernet switch,
00:00:24
that is the road that
we're using to transport
00:00:27
this particular package.
00:00:28
In this metaphor,
the truck itself
00:00:31
is what we will consider
Internet Protocol or IP.
00:00:35
We've designed all
of these networks
00:00:36
so that this type of truck
can move most efficiently
00:00:39
between one point and another.
00:00:41
In each moving truck is a
box, and inside of that box
00:00:45
is your data.
00:00:46
The moving truck has no idea
what's inside of that box.
00:00:49
All it knows is that
it has one job, which
00:00:52
is to put the box in
the back of the truck,
00:00:54
transport it across
the network, and unload
00:00:56
that box on the other side.
00:00:59
If you were to open
up the box, there
00:01:00
would be a certain type
of information inside.
00:01:02
It may be specific to
a certain application
00:01:05
or a particular function
on your network.
00:01:07
You can think of the
information in this box
00:01:09
as belonging to a particular
room in your house.
00:01:12
So when the box is
delivered, that box
00:01:14
needs to be moved to the
bathroom, the kitchen,
00:01:16
or the living room.
00:01:18
It's this encapsulation
process that
00:01:20
allows us to move all kinds
of data across the network
00:01:23
so we would have application
data we would put inside
00:01:26
of a box.
00:01:27
We would place that
box inside of a truck.
00:01:29
That truck would then
move across the network
00:01:31
and on the other side, we
remove the box from the truck.
00:01:34
We open up the box and we
take out the application data.
00:01:38
It you were to look
at this visually,
00:01:39
this is the way that
our networks operate.
00:01:42
On one side may be your device
a workstation, a client,
00:01:45
a laptop computer, and on
the other side is a server.
00:01:48
This could be a web
server or a mail server
00:01:51
or any other type of server
that you'd be connecting to.
00:01:54
This client is going to send
information to this server.
00:01:57
And if this is across
an ethernet network,
00:01:59
then everything inside
of that ethernet packet
00:02:02
is what we call our
ethernet payload.
00:02:04
In ethernet, we
also have a header
00:02:06
at the beginning of
this particular frame
00:02:08
and an ethernet trailer that's
at the end of the frame.
00:02:11
This ethernet payload could
have anything inside of it.
00:02:14
But as you're probably aware,
the most popular protocol
00:02:16
we use on our networks is
the Internet Protocol or IP.
00:02:20
So our ethernet payload
will have an IP header
00:02:23
and then there will
be an IP payload
00:02:25
within that particular
part of the frame.
00:02:28
Obviously the IP payload has
information inside of it.
00:02:31
This could be TCP data with a
TCP header and a TCP payload.
00:02:36
And as you probably can
expect, that TCP payload
00:02:39
can be separated out into
different types of data.
00:02:42
So for this entire ethernet
frame, inside we have IP.
00:02:45
Inside of IP we have
TCP, and inside of TCP we
00:02:49
have HTTP data.
00:02:52
Let's drill down
into this IP packet
00:02:55
at the TCP protocol
and the UDP protocol.
00:02:58
TCP and UDP are transported
inside of that IP packet.
00:03:02
We commonly say that they
are encapsulated within IP.
00:03:05
And they are two
very common ways
00:03:07
to move data from one part
of the network to the other.
00:03:10
You may be using TCP
for some applications
00:03:13
and UDP for other applications.
00:03:16
You might also hear
someone refer to TCP or UDP
00:03:19
as operating at the transport
layer of the OSI model.
00:03:22
Sometimes we refer to
this as OSI layer 4.
00:03:25
You may think that
IP is all you would
00:03:28
need to be able to move data
from one part of the network
00:03:30
to the other, and in many
ways you would be correct.
00:03:33
But TCP and UDP add
additional capabilities
00:03:36
that IP can't provide.
00:03:38
For example, these
provide multiplexing
00:03:40
so that you can have many
different applications
00:03:42
on your system communicating
to a separate server
00:03:45
all simultaneously.
00:03:47
So your workstation is
sending a lot of information
00:03:50
for a lot of different
applications to the server
00:03:52
and the server is
able to determine
00:03:54
what applications are
in use through the use
00:03:56
of this multiplexing.
00:03:58
Let's really break down the
difference between TCP and UDP.
00:04:03
TCP stands for the
Transmission Control Protocol.
00:04:06
We often refer to this as a
connection oriented protocol.
00:04:09
That's because there
is a formal process
00:04:11
to set up the flow from
one device to the other
00:04:14
and a formal process to
tear down that flow when
00:04:17
the conversation is over.
00:04:18
We sometimes refer to
TCP as reliable delivery.
00:04:22
This doesn't mean
that TCP somehow
00:04:24
works better or faster than
other protocols on the network.
00:04:28
It means that TCP
has a built in system
00:04:31
to ensure that data
that has been sent
00:04:33
has been verified as being
received on the other side.
00:04:37
This allows us with a
number of different features
00:04:39
behind the scenes.
00:04:40
And one of the most
important is that TCP
00:04:43
can reorder messages that
may have been received out
00:04:46
of order, which
sometimes can happen
00:04:48
on networks that have multiple
links to a single location.
00:04:51
And TCP can manage a
retransmission process
00:04:54
so that if any data is not
received by the destination,
00:04:58
that information can be
resent from the source.
00:05:01
TCP also has a flow
control mechanism
00:05:03
so that if a device feels that
it's receiving information
00:05:06
too quickly, it can tell
the other side to slow down
00:05:08
the process so that
information can be received
00:05:11
at a more reasonable rate.
00:05:13
UDP is the User
Datagram Protocol.
00:05:16
With TCP we had a
connection oriented flow,
00:05:20
but UDP is a
connectionless flow.
00:05:22
There's no formal process
to set up a traffic flow
00:05:25
and there's no formal process
to tear that down at the end.
00:05:28
UDP simply sends data from
one place to the other.
00:05:31
And it's a very
simple transaction
00:05:33
to be able to send information
across the network.
00:05:36
Because there's no
acknowledgment being
00:05:38
sent by the destination device,
we refer to UDP as unreliable.
00:05:43
Again, this doesn't
mean that UDP does not
00:05:45
work as well as any other
protocol on the network.
00:05:48
It only means that we have
no receipt or any knowledge
00:05:51
that the information
that we've sent
00:05:53
was really received by the
device on the other side.
00:05:56
With TCP, we had
a way to regulate
00:05:59
the flow of communication
across the network.
00:06:01
But because this is a single
conversation between one device
00:06:05
and another, there's
no flow control on UDP
00:06:07
and no way to determine whether
a device should slow down
00:06:11
or send information faster.
00:06:13
If you compare
these two protocols,
00:06:15
it does sound like UDP
is not as functional
00:06:18
and therefore may not be
the best choice for sending
00:06:21
information over our network.
00:06:22
But in reality, UDP plays
a very important role
00:06:26
in being able to
send information
00:06:27
very quickly over the network.
00:06:29
UDP is most associated with
real time communication,
00:06:33
communication where
you can't stop,
00:06:35
retransmit information, and
then catch up with yourself.
00:06:38
If you're on a
phone call, there's
00:06:40
no way to rewind
the conversation
00:06:42
and send a packet that may
have been missed a second
00:06:45
or two ago.
00:06:46
With UDP, we simply
send the data.
00:06:49
If it makes it to the other
side, then we were successful.
00:06:51
If the information was
dropped along the way,
00:06:54
we simply keep the
conversation going.
00:06:57
An example of protocols that
use this connectionless form
00:07:00
of communication is DHCP,
which is the Dynamic Host
00:07:04
Configuration Protocol.
00:07:06
This is the protocol that we
use to automatically assign
00:07:09
IP addresses to our devices.
00:07:11
And another protocol
that uses UDP
00:07:13
is TFTP, or the Trivial
File Transfer Protocol,
00:07:17
which uses UDP as its
transport mechanism,
00:07:20
since both of these protocols
are using UDP, information
00:07:23
is simply sent
across the network
00:07:25
with no type of
acknowledgment that the data
00:07:28
was received on the other side.
00:07:29
It's up to the
application, therefore,
00:07:32
to keep track of who
has received information
00:07:35
and who has not
received information.
00:07:37
So in the example
we gave before, DHCP
00:07:39
is responsible for making sure
that information may have been
00:07:42
received by the other side.
00:07:44
So if it sends information and
doesn't receive a response,
00:07:48
DHCP is responsible
for resending that data
00:07:51
over the network.
00:07:52
With TCP, we receive an
acknowledgment for any packets
00:07:56
that are sent over the network.
00:07:57
An example of protocols that
take advantage of this return
00:08:00
receipt functionality is HTTPS.
00:08:03
That's the Hypertext Transfer
Protocol Secure, commonly used
00:08:07
to send information
in our web browsers
00:08:09
and protocols like Secure
Shell, or SSH, which provide us
00:08:12
with an encrypted form
of terminal communication
00:08:15
between our systems.
00:08:17
If our HTTPS data between
a web server and a client
00:08:21
somehow loses a packet
between point A and point B,
00:08:24
TCP will recognize that
packet was missing.
00:08:28
It will ask to retransmit
that information
00:08:30
and the transmitted data
is sent over the network.
00:08:33
All of this happens
automatically
00:08:35
with TCP and HTTPS
and SSH don't have
00:08:38
to worry about managing
the process of getting data
00:08:41
from one side to the other.
00:08:44
So far in our moving
truck metaphor,
00:08:46
we know that we have
our IP delivery truck.
00:08:49
This trunk is moving information
from one physical address.
00:08:52
In the world of networking,
this is one IP address.
00:08:55
And it's delivering it
to another IP address.
00:08:58
Just as every house
that's on your block
00:09:00
has a unique mailing
address, every computer
00:09:04
that's inside of your network
has a unique IP address.
00:09:07
At this point, our
moving truck IP
00:09:10
has taken information
from one IP address
00:09:13
and moved it to
another IP address.
00:09:15
Once that box is received at
the destination IP address,
00:09:19
there is more
information that needs
00:09:21
to be examined on the label
to determine where that box is
00:09:24
to go inside of the house.
00:09:26
Inside of your
house, for example,
00:09:27
you have many different rooms.
00:09:28
There's a bathroom, a kitchen,
a living room, and a bedroom.
00:09:32
And when this box
is delivered, we
00:09:33
have to determine what room
is going to receive that box.
00:09:37
In the case of TCP and UDP,
there's an additional piece
00:09:41
of information that's added
to all of those conversations,
00:09:45
and that piece of
information is a port number.
00:09:48
That port number determines
what room in the house
00:09:51
is going to receive this data.
00:09:53
Or in the case of
an actual server,
00:09:55
what application on the server
is going to receive this data.
00:09:59
The port number's written
on the outside of the box.
00:10:01
So when the box is
received at the front door,
00:10:03
we can look at the
box and see, oh,
00:10:05
that box needs to
go to the bedroom.
00:10:08
In the case of port numbers,
each room has a number
00:10:11
and we know that the
bedroom is port 80,
00:10:13
we have a living room of port
443, our bathroom is port 25,
00:10:17
and the kitchen
will be port 123.
00:10:20
When we receive the
box at the front door,
00:10:22
we look at the port number.
00:10:23
It says port 80.
00:10:24
So we can move this
box inside of the house
00:10:26
and deliver it into the bedroom.
00:10:29
In the case of our server, we
have four different services
00:10:32
running on the same IP address.
00:10:34
We have a web server sending
unencrypted data on port 80.
00:10:37
We have a web server sending
encrypted data on port 443.
00:10:41
We've got a mail
server on port 25
00:10:44
and a time server on port 123.
00:10:47
When this packet is
received by our IP address
00:10:50
at the front door, we
examine the port number.
00:10:53
And if the port number says
this is for the service running
00:10:56
at port 443, that packet is
delivered into that service
00:11:00
that's running on that device.
00:11:02
This is where the
multiplexing feature comes
00:11:04
from that I mentioned earlier.
00:11:06
This front door is
going to be receiving
00:11:08
a lot of boxes destined
for this IP address
00:11:11
and the port number
allows us to know
00:11:13
exactly what service
running on this device
00:11:16
will be receiving that data.
00:11:19
So to complete this traffic
flow between these two devices,
00:11:22
we need some information.
00:11:23
The first would be the server's
IP address, a protocol that
00:11:26
would be in use
such as TCP or UDP,
00:11:29
and for that protocol what
server application port number
00:11:32
should be assigned for that.
00:11:34
In the example we had
before, we had the house that
00:11:36
had four different
ports running inside
00:11:38
of that house for port 80, port
443, port 25, and port 123,
00:11:44
those are all associated
with the server IP
00:11:46
address, the protocol, and
the application port numbers.
00:11:50
The client communicating
with that server
00:11:52
also has an IP address.
00:11:54
It's communicating
using TCP or UDP.
00:11:57
And there are port numbers that
it is using to send that data
00:12:00
so that when a
response is received,
00:12:03
we know exactly what that
response is associated with.
00:12:06
It's important on our
server that the port numbers
00:12:09
we're communicating
with are well known.
00:12:11
For example, if the
browser on a client
00:12:13
wants to communicate
with a web server,
00:12:15
we know that that web
server commonly uses
00:12:17
TCP port 80 and TCP port 443.
00:12:21
Every web server we communicate
with will use those same port
00:12:24
numbers so that we know exactly
where that service is located
00:12:28
on that IP address.
00:12:29
Because these port numbers
are usually permanent,
00:12:32
we refer to them as
non-ephemeral ports.
00:12:35
This means they are
non-temporary port numbers that
00:12:38
tend to be the same every
time we access that device.
00:12:41
Port number 80 is commonly
associated with HTTP.
00:12:45
Port number 443 is commonly
associated with HTTPS.
00:12:49
And if you go to any
web server, that's
00:12:51
usually the port numbers
that will be in use.
00:12:54
If you were to look
at those port numbers,
00:12:55
they're commonly between
port 0 and port 1023,
00:12:59
but these port numbers
can really be anything
00:13:02
as long as they're
port numbers that
00:13:03
are commonly known and well
known across multiple devices.
00:13:07
When you're communicating
to the server,
00:13:09
you need a port
number on your device
00:13:11
that you can associate with
this particular traffic flow.
00:13:15
These are usually
temporary port numbers
00:13:18
and once that
traffic flow is over,
00:13:19
will no longer use
that port number.
00:13:21
We refer to these as ephemeral
ports or temporary port
00:13:25
numbers.
00:13:26
And commonly an operating
system will assign a port number
00:13:28
between 1,024 and 65,535.
00:13:33
But this is often configured
in the operating system
00:13:35
itself and it's
assigned in real time
00:13:38
as you're using
these applications.
00:13:41
If you were to
look at a protocol
00:13:42
decode of these conversations,
both TCP and UDP
00:13:46
can therefore use any port
number between 0 and 65,535.
00:13:52
As we mentioned,
most services are
00:13:54
going to use non-ephemeral or
non-temporary port numbers,
00:13:58
but that's not always the case.
00:14:00
There are some applications that
use dynamic port numbers that
00:14:03
can change dramatically from
one device to the other.
00:14:06
Just keep in mind that this
is simply a number associated
00:14:10
with that service.
00:14:11
And if we know that, then
we're able to communicate
00:14:13
with that service and have
a conversation to send data.
00:14:17
You might also think
that you could change
00:14:19
the port number on the server
to something that is not
00:14:22
well known and that would be
more secure, because it might
00:14:25
hide the application or keep
other people from accessing
00:14:28
that application.
00:14:29
But port numbers
are not designed
00:14:31
to be a security mechanism.
00:14:33
They're simply designed to allow
you to access those services
00:14:36
on that particular device.
00:14:38
It's relatively easy
to use a port scanner
00:14:41
to find all of the open
ports on a particular server
00:14:44
and then begin to do more
research to determine
00:14:47
what service is really
running on that port.
00:14:50
This means when you access
all of the different sites
00:14:53
that you visit on the internet
that all of those sites
00:14:55
are going to be using the
same port numbers, which
00:14:58
are well known.
00:14:59
This allows you to simply type
in the name of the website
00:15:02
and you're immediately
connected to that site
00:15:05
and able to transfer data.
00:15:06
If all of those
different websites
00:15:08
used completely
different port numbers,
00:15:10
we would have to have
another mechanism in place
00:15:13
to somehow determine what the
appropriate port number might
00:15:16
be for that individual site.
00:15:18
You can see why having
well known port numbers
00:15:21
makes the process
so much simpler.
00:15:23
Although these port numbers
can range between port -
00:15:26
and port 65,535, TCP has
its own set of port numbers
00:15:32
that are different than
UDP's port numbers.
00:15:34
This means that there
could be a service running
00:15:36
on TCP port 80 but a completely
different service running
00:15:40
on UDP port 80.
00:15:42
As you can imagine, having one
service running on TCP port
00:15:45
80 and another
service running on UDP
00:15:48
port 80 could be
a bit confusing,
00:15:50
which is why we don't tend to
do that in normal operation.
00:15:54
So let's take a scenario
from the picture
00:15:56
we looked at earlier.
00:15:57
We have a client
on the left side.
00:15:59
Its IP addresses 10.0.0.1.
00:16:01
It is communicating to a
server on the other side, which
00:16:04
IP address is 10.0.0.2.
00:16:07
And you can see there is web
server traffic communicating
00:16:10
over TCP port 80 to this server.
00:16:13
This server is also
voice over IP server
00:16:15
using traffic communicating
over UDP port 5,004.
00:16:18
This server is also an
email server communicating
00:16:22
over TCP port 143.
00:16:24
We want to send information
from this client to the server.
00:16:27
We'll send web server traffic
with HTTP data inside of it.
00:16:31
We'll send VoIP traffic.
00:16:33
There's the VoIP data
inside of that packet.
00:16:35
And email traffic with email
data inside of the packet.
00:16:39
If we were to look at
this a little bit closer,
00:16:42
we would see the
comparison of port numbers
00:16:45
on both sides of
the conversation.
00:16:47
So we have these two devices,
the client and the server,
00:16:49
and you can see the source
IP address of 10.0.0.1.
00:16:53
That's our client.
00:16:54
And the destination IP
address of 10.0.0.2,
00:16:57
which is our server.
00:16:58
When the client wants to
send data to the server,
00:17:01
it's sending HTTP data.
00:17:03
So we know we're going to be
sending data to a destination
00:17:05
port of port 80.
00:17:07
For our web traffic,
we know that that's
00:17:09
going to use TCP
data and we know
00:17:11
the well known port for
web traffic for the server
00:17:15
is TCP destination port 80.
00:17:17
But we need some port number
to send this information from.
00:17:21
So this client will pick
a random port number.
00:17:23
And in this example, this client
picked the random port number
00:17:26
of 3,000.
00:17:28
So the TCP source port is 3,000
heading to a TCP destination
00:17:32
port, which is a well known
port, a port 80, on the server
00:17:36
to be able to send
the HTTP data.
00:17:39
At the same time,
this client wants
00:17:40
to communicate to the
server using voice over IP.
00:17:43
Our source and destination
IP is the same.
00:17:46
You can see that UDP is
being used in this scenario
00:17:48
because we are
using VoIP traffic.
00:17:50
And VoIP traffic uses UDP.
00:17:52
The destination port is 5,004,
which is the well-known port
00:17:56
number for this VoIP server.
00:17:58
And we picked a
random port number
00:18:00
to send this traffic over
UDP using port 7,100.
00:18:04
The same thing applies
for the third conversation
00:18:06
that's occurring
simultaneously where
00:18:08
the source and destination
IP address in this example
00:18:11
are identical.
00:18:12
The destination port
number is TCP port 143
00:18:15
because this is email traffic.
00:18:17
And this client picked a random
source port of TCP port 4407
00:18:22
to send this email data.
00:18:24
You can see that we're
sending a lot of information
00:18:27
simultaneously
across the network.
00:18:28
But because we're using IP
addresses and port numbers,
00:18:31
the server knows exactly
where this traffic
00:18:34
goes once it's received by
this destination device.
00:18:38
