1
00:00:00,150 --> 00:00:00,690
All right.

2
00:00:00,690 --> 00:00:07,980
So now we're moving into layer four which is the transport layer of the OS side model and we're going

3
00:00:07,980 --> 00:00:12,160
to talk about what is TGP and what is UDP.

4
00:00:12,180 --> 00:00:22,030
So what type that in here DCP vs. UDP so DCP is what is known as the Transmission Control Protocol.

5
00:00:22,260 --> 00:00:26,700
And you could think of that as a connection oriented protocol.

6
00:00:26,700 --> 00:00:30,670
And we also have UDP which is the user data Graham protocol.

7
00:00:30,840 --> 00:00:34,590
And this is a connection less protocol.

8
00:00:34,590 --> 00:00:40,700
So when we have these two protocols one is best suited when it comes to high reliability.

9
00:00:40,770 --> 00:00:43,500
That's TCB DCP is connection oriented.

10
00:00:43,500 --> 00:00:49,320
We want to make a connection win high reliability so you can get something like a Web site which is

11
00:00:49,360 --> 00:00:56,980
HDP or HDP s or you can think of something like SS age or f T.P. the file transfer protocol.

12
00:00:57,090 --> 00:01:03,990
Those all utilize TTP when you think about UDP you might think about something like a streaming service

13
00:01:04,020 --> 00:01:09,230
that's connection lists or DNS connections or voice over IP is connection lists.

14
00:01:09,420 --> 00:01:15,810
And when this comes into the importance of scanning scanning is super important we're going to be scanning

15
00:01:15,810 --> 00:01:19,600
both DCP and UDP as a penetration tester.

16
00:01:19,650 --> 00:01:23,070
And don't worry about scanning right now when we get into the scanning section that will make a lot

17
00:01:23,070 --> 00:01:24,300
more sense.

18
00:01:24,720 --> 00:01:28,610
But we need to know what DCP and TPR and define them broadly.

19
00:01:28,620 --> 00:01:35,700
So the most commonly commonly used protocol that you're going to be scanning is going to be C P.

20
00:01:35,700 --> 00:01:39,120
Now TTP works on what is called a three way handshake.

21
00:01:39,120 --> 00:01:42,980
Now if we look at the three way handshake it's going to look something like this.

22
00:01:43,020 --> 00:01:50,440
We're going to first send out a sin packet and then we're going to receive back a sin ACH packet.

23
00:01:50,610 --> 00:01:52,910
And finally we're going to send an act packet.

24
00:01:52,920 --> 00:01:54,240
Now how does this work.

25
00:01:54,270 --> 00:01:56,680
Now you could think of this as an interaction.

26
00:01:56,790 --> 00:02:01,680
So let's say you have a friend or a neighbor and you go to your neighbor and you say hello.

27
00:02:01,680 --> 00:02:03,000
That's a sin.

28
00:02:03,000 --> 00:02:08,070
Now sin act is going to be the response it's going to say hey sin I acknowledge you that's your neighbor

29
00:02:08,070 --> 00:02:09,570
waving hello back.

30
00:02:09,660 --> 00:02:14,370
And then you know you are good to go start a conversation so that's the acknowledgment.

31
00:02:14,370 --> 00:02:21,660
Now when we think about this in terms of ports now port is a item that could be open on a machine.

32
00:02:21,660 --> 00:02:24,140
It's a way to communicate with certain protocols.

33
00:02:24,240 --> 00:02:31,600
For example if you think about HDP that's over port 80 if you think about HP s that's over port for

34
00:02:31,610 --> 00:02:37,020
4 3 there's a lot of different protocols and there are sixty five thousand plus ports that can utilize

35
00:02:37,020 --> 00:02:38,130
these protocols.

36
00:02:38,130 --> 00:02:42,330
So everything related here is has to do with these ports.

37
00:02:42,330 --> 00:02:47,220
Now let's say that you want to connect to port for four for three on a Web site you're going to send

38
00:02:47,220 --> 00:02:52,320
out a send packet to that Web site you're going to say hey I want to connect to you on port four for

39
00:02:52,360 --> 00:02:58,620
three and if for four or three is open and available for connection they're going to say hey you can

40
00:02:58,620 --> 00:02:59,910
go ahead and connect to me.

41
00:03:00,120 --> 00:03:04,620
And when you want to actually establish that connection you're going to send that acknowledgement packet

42
00:03:04,620 --> 00:03:05,720
back.

43
00:03:05,760 --> 00:03:08,150
Now let's make more sense of this.

44
00:03:08,160 --> 00:03:12,280
Let's go ahead and open up a tool called wire charger.

45
00:03:12,480 --> 00:03:14,530
So this is built into Cally Linux.

46
00:03:14,550 --> 00:03:19,800
I'm just going to type in wires shark and provide an ampersand here just so I have Shell access if I

47
00:03:19,800 --> 00:03:24,990
need it in the background and all I'm going to do is capture packet data.

48
00:03:25,020 --> 00:03:30,020
So this is going to be listening in on my neck and it's going to say Hey what's he doing.

49
00:03:30,020 --> 00:03:31,590
Let's capture all that data.

50
00:03:31,590 --> 00:03:32,760
So we're going to capture that.

51
00:03:32,760 --> 00:03:34,750
I'm going to start a capture here.

52
00:03:34,890 --> 00:03:36,720
You're gonna start to see a bunch of traffic coming through.

53
00:03:36,720 --> 00:03:38,640
You can see the different protocols here.

54
00:03:38,640 --> 00:03:40,940
You could see UDP is coming through right now.

55
00:03:41,220 --> 00:03:43,820
But we're gonna go establish a connection.

56
00:03:43,830 --> 00:03:46,320
So let's go out to the World Wide Web.

57
00:03:46,830 --> 00:03:49,520
And I've got Google up I'm just going to refresh Google.

58
00:03:49,530 --> 00:03:51,750
You can see a lot of traffic start coming through.

59
00:03:51,840 --> 00:03:55,680
So I'm going to go ahead just stop this right here.

60
00:03:55,780 --> 00:03:59,080
Look at all the data packets that get sent when you're using your computer.

61
00:03:59,080 --> 00:04:00,940
This is what's going on in the background.

62
00:04:00,970 --> 00:04:01,810
You don't even think about it.

63
00:04:02,350 --> 00:04:05,660
So we could see some sense and acts there those are in the gray.

64
00:04:05,680 --> 00:04:07,560
Let's see if we can find a good one.

65
00:04:07,570 --> 00:04:11,670
OK so here is one right here.

66
00:04:11,740 --> 00:04:13,900
So what we're gonna do actually let's find a better one.

67
00:04:14,080 --> 00:04:23,150
So we're going to come down to here and we're going to say OK so here we are we're our source IP is

68
00:04:23,230 --> 00:04:25,650
1 9 2 1 6 8 4 7 3 9.

69
00:04:25,720 --> 00:04:29,700
We're going out to destination is seventy four one twenty five twenty one one fifty five.

70
00:04:29,700 --> 00:04:34,460
We're saying hey I've got this port here I want to connect to your port so important for 4.

71
00:04:34,470 --> 00:04:35,790
This is a web page.

72
00:04:35,950 --> 00:04:42,430
We're sending a send packet if that port is open and available for connection and communication what's

73
00:04:42,420 --> 00:04:47,380
going to happen back is that IP address is going to say hey here I am.

74
00:04:47,380 --> 00:04:49,790
All of you to connect on this port.

75
00:04:49,960 --> 00:04:55,270
And if we make that final connection we're gonna go ahead and send the Act packet back which is right

76
00:04:55,270 --> 00:04:55,750
here.

77
00:04:55,750 --> 00:05:01,540
It's going to say Ach so that is the three way handshake please do you remember this is going to come

78
00:05:01,540 --> 00:05:05,880
back into play when we get into scanning and we'll talk about stealth scanning and how we modify the

79
00:05:05,890 --> 00:05:08,990
three way handshake to actually do some scanning.

80
00:05:09,010 --> 00:05:10,360
So that is it for this lesson.

81
00:05:10,540 --> 00:05:12,220
I will catch you over in the next one.