You are on page 1of 17

1:00

who is coming onto the channel and is viewing my videos. Thank you from the bottom of
my
1:07
heart. Right, without wasting much time, let's get straight into today's class. Today we
1:11
would be filing in those gaps that has come in in the last 7 videos. Although today is
1:18
day 6, technically, we have already put 7 videos online, so this will be the 8th video,
1:25
that is, we have day 1, day 2, and day 3 is broken into 3 different videos, so you have
1:30
day 3 AM, day 3 PM and day 3 LN, then we have day 4, day 5 and today is day 6. Right,
without
1:39
wasting much time, let's get straight into today's video.
1:44
Today we would be dealing with 3 important topics. The first one being DHCP, then we
1:49
would look into TCP Transmissions and then we will look into common port numbers.
Right,
1:55
so we spoke about IP addresses. And, one critical factor in IP Address configuration is
DHCP.
2:04
Now the full form of DHCP is dynamic host configuration protocol and what it
literally
2:11
means is it's a protocol that helps you configure IP addresses to hosts dynamically,
right?
2:19
So we have all seen this screen. So, when we click on the option obtain an IP address
2:26
automatically, what it literally does it is it actually sees or searches for a DHCP
2:33
server that is configured in the same subnet and it sends different packets and requests
2:40
for an IP address. DHCP has 6 messages, for which 4 are critical for assigning an IP
address.
2:50

The first message is the DHCP discovery message. Now, DHCP discovery message is
like a hello
2:59
packet. Now, what I mean by saying hello is when a new device comes onto the
network,
3:05
the device literally asks or shouts out in the network asking if there is a DHCP server
3:12
around. So, like you see on the screen, it's like a broadcast, it's a shout to the DHCP
3:20
server. Now, this shout, like I said, is a broadcast, so all the devices in the network
3:26
hears this broadcast. Now, if there is a DHCP server, what it does is it sends a DHCP
offer
3:35
packet. Now, DHCP offer packet is where the DHCP server replies to the DHCP
discovery
3:43
that the client sent by telling the DHCP client to take a certain IP address. Now what the
3:51
DHCP server does is it reserves an IP address, let's say in this case 192.168.1.2, it
reserves
4:00
it, it doesn't give it, it reserves saying OK, I'm offering this for somebody.
4:05
And it tells also in that packet, DHCP offer packet, it also tells his IP address. Now
4:11
If there are more than 1 DHCP servers configured in this network, even the other DHCP
server
4:19
would have got the broadcast from the client and he too would offer an IP address like
4:24
in this case 192.168.1.50 and it would tell that the server's IP address is 192.168.1.200.
4:30
Now, ideally we wouldn't configure 2 DHCP servers in the same network but sometimes
4:37
it happens, right. So when this DHCP offer is sent back to the client, the client gets
4:43
2 DHCP offers. Now, it's up to the client to decide which DHCP offer it wants to accept.
4:50

So let' assume it wants to accept the first one, so, what it dose is it sends a DHCP
request
4:57
packet. Now the DHCP request packet says OK, I will take 192.168.1.2 offered by
DHCP server
5:08
192.168.1.1, right. Now that's again sent back to the network and the DHCP server
hears
5:16
that. Now, when the DHCP server at 192.168.1.1 hears that, he says Al right, I
acknowledge
5:25
that, so he sends a DHCP ACK to that. The other DHCP server, what it does is, it had
5:31
reserved the IP address 1.50, right. So what it would do is that it would put that IP
address
5:37
back to the pool so it could assign that IP address to another client if there is another
5:43
request. So these are the 4 critical messages that a DHCP exchanges in the initial
DHCP
5:51
IP address assignment. Now, DHCP also has 2 more messages that is DHCP
information message.
6:00
The information message is issued by the client if it needs more information than the
information
6:08
that is provided by the DHCP offer, that was the second step. So in the DHCP offer, if
6:14
the server had not given enough information or if the client needs more information than
6:20
the information that was there in the offer packet, the DHCP information is what is sent
6:26
to obtain those extra information. There's one more message, the DHCP release. Now,
DHCP
6:34
release is the message sent by the client to the server to tell that it wants to release
6:39
the IP address that it already has. But most of the time what happens is the user just
6:45

disconnects before the client can send that message to the server, right. So before the
6:52
client can even send that message, the computer is shut down or the computer is
disconnected.
6:59
Now that's up to the user right, it's up to you and me, for us to just pull the plug.
7:04
But, the client, the machine, your computer/laptop, whatever, it doesn't have enough for
it to
7:10
send the DHCP release message. So, in the DHCP process, DHCP release is not a
mandatory
7:18
step, right. So, the mandatory steps are DHCP discovery, DHCP offer, DHCP request
and DHCP
7:28
acknowledgement. So that is how an IP address is configured. Now, when you talk
about DHCP,
7:33
I need to also say that DHCP is configured as we will learn in maybe one of our future
7:39
videos when we create a DHCP pool, but normally when we configure a DHCP server,
yo would
7:44
tell the DHCP server what is the pool. What I mean by pool is you tell the DHCP server
7:51
that you can assign IP addresses from 192.168.1.1 192.168.1.254. So the DHCP
server will
8:01
assign IP addresses only from that pool of 254 IP addresses. So this is something as
8:07
an administrator, you and I can configure. Right, now next we will look at TCP
transmission.
8:13
Now I dont know how many of you know what this tin can phone is, but when we were
young,
8:20
we used to run around and we used to make these tin cans, we used to put a string and
8:25
we used to talk to each other. That's how our childhood was, but now unfortunately
today's

8:30
children don't have that luxury I would say. I mean today, children are in front of the
8:36
TV right from I think age 1, they're in front of the TV, they play PSP and they really don't,
8:43
I don't know, maybe that's debatable. But I think we had a better childhood, we really
8:48
went out and played, but today the children are couch potatoes. And I have a 1 year old
8:56
boy and I don't know, I can already see that he's addicted to the iPad, I mean he's too
9:02
small but I don't know somehow today's kid's are born with that knowledge of how to
use
9:12
electronic devices so anyway, that's a debatable topic. But what I was trying to say is
when
9:17
we were young, when we were playing, we used to make these tin cans and when we
tied this
9:24
string and we talk from one end, the other end, the other person could hear, right. So
9:31
that's more like a connection. Now even for a TCP transmission, there needs to be a
connection
9:37
that needs to be established before the real transmission can start. Now like we
discussed
9:42
in our previous topics, TCP is a connection oriented transmission, whereas UDP is a
connectionless
9:51
transmission. So, UDP is like saying that I will throw the ball and it's up to you to
9:58
catch it. Now whether you're ready or not is not my problem, I'm going to throw it.
10:02
But TCP is more like you talk to the guy, you say You know what, I'm going to throw
10:07
the ball and you have discussion, you have connection and then you throw the ball. So
10:12
he's ready to accept that, right. So compare that with what happens with TCP, it's like
10:18

the TCP actually builds a connection, then it starts doing the real transmission. Now
10:23
how does it do, how does it build that connection. It builds that connection by going
through
10:28
what we know as the 3-way handshake. Now it's a technical term, I know it looks very
non-technical
10:37
but 3-way handshake is actually a technical term in TCP communication. So 3-way
handshake
10:42
is initiated by the sending device. Now how it does that is by creating a SYN packet.
10:49
Now this device, so lets assume that this girl who's face you can see, we call it device
10:55
A, or the girl A and the girl who you cannot see the face, that is girl B. So A sends a
11:02
SYN packet to B. So the SYN packet goes to B, B receives that. So B says OK,
somebody
11:08
wants to communicate with me. Now, I need to tell them that I'm ready for it, so how
11:13
do I say I'm ready for it? I would send another SYN packet. But instead of sending the
SYN
11:18
packet and then an ACK, acknowledgement for the original SYN packet, for this packet.
11:24
So instead of sending an ACK separately for this packet, what it does is it combines a
11:29
SYN and ACK in one packet and it sends through the network. So, at this point, device
A SYN
11:39
is sent and is received or she's received in this case, she's received an ACK for that.
11:47
Now, device B has sent a SYN, now device A has to send an ACK back, so what it will
do,
11:54
it'll just send an ACK back. So at this stage, device A has sent a SYN and has received
an
12:03

ACK and also received a SYN, device B also has received a SYN and it also received
an
12:08
ACK. So both of them have received a SYN from the other device and an ACK for his or
her
12:14
own SYN message. Now at this stage we say that the connection has been established
or
12:20
this is the basic 3-way handshake in a TCP transmission. Next we will deal with TCP
transmissions
12:28
windowing technique. Now, what is windowing technique? If you've tried, now especially
in Windows, we've tried transferring a big file from one drive to another drive. Let's
12:38
say a 2GB file. Initially it would come back and say Al right, this transmission is
12:43
going to take about 1 year and you would say Wow, 1 year!. And a few seconds
12:49
it would say Oh wait a minute, It's not 1 year, I think it's about 6 months. After
12:54
some time it's going to say Wait a minute, I think maayyybe I can do this in 1 month.
12:59
And then after sometime it comes back Mmm. 1 day. and then few seconds later 6
13:04
hours, 3 hours, 1 hour, 20mins, 10 mins, 3 mins. So finally it
13:10
stops at 3 mins and that's exactly the time it takes, it's going to take 3 mins for the
13:14
transmission, transfer of those files. Now what happened? SO initially when your device
13:19
tried to communicate with the other device, it sends one packet. Now it sends one
packet
13:25
and it waits for an acknowledgement, right. Now, it sends that packet and it waits for
13:31
a long time for the acknowledgement and it says OK, if at this speed I have to complete
13:36
this entire 2GB of data, it's going to take about 2 years.. Now, after sometime it
13:42
receives the ACK, and it thinks Al right, I have sent one, I've received the ACK. That

13:48
means it's perfectly fine, the receiving device is capable of receiving 1. OK let me try
sending
13:53
10 instead of 1. So it sends 10. After sometime it sends the ACK for 11. So that's
14:02
how it works. If it receives 10, then the receiving device will send the next message.
14:08
So lets say if it has sent the 10th packet, then it says ACK 11 which means that it's
14:15
expecting the 11th packet. Now the sending device says Fine.. He sends maybe 100
14:21
packets this time. And the receiving device says I received it, I'm expecting 101 now.
14:27
So as time goes by, it increases the number of packets that it's sending. Now that is
14:34
exactly why you see that time dropping from 2 years to 1 year 6months. Because
every
14:39
time it's doubling or increasing it's capacity of how much it is transferring. Now it'll
14:45
reach a point where let's say it would've send 10,000 but the receiving device buffer
14:53
can only take about 9,000. So, it would say Al right, I received 9,000. Now I'm waiting
15:00
for the 9,001 packet. At that point, the sending device realises that Al right, the
receiving
15:06
device buffer is that, I mean it's buffer capacity is only 9000. It will constantly
15:12
start sending 9000 packets and that is about the time when the time like in the example
15:20
of file transfer where the time would've come down to 3mins and 3mins is constant
because
15:26
now the both of them have established and realized what is the capacity. Now that is
15:31
exactly what windowing is. It is one of those flow control mechanisms where both of
them,
15:39
gradually, by doing this, it realizes what is the capacity of the transmission. Now,

15:45
there might be a question, Why can't they negotiate that earlier, or why don't you
already
15:50
know this is the capacity of that device? Now thats not possible because there are
15:54
various types of devices on the network, so you'll have an iPad, maybe iPad's capacity
15:59
of transmission is different, you might have an iPhone, capacity of transmission is
different,
16:03
you might have different types of phones, or maybe you have a very old computer. So
16:09
everybody has got different capacity of network transmission. So depending on that,
when they
16:14
do this, when they start doing windowing technique, so they start with the small number,
then
16:21
they keep increasing that window so you send one packet, 5 packet, 10 packet, 1000
packet,
16:27
10,000 packet, you're slowly sliding that window bigger and bigger until it reaches
16:32
a point where that is the maximum they can send at any one point of time, right. So
that's
16:40
another concept called windowing that is also part of the TCP transmission. Next, we'll
16:47
look at the common port numbers. Now, this is a classic situation or classic scenario
16:54
where you have 1 server, maybe thats a data centre, right. So it has a file server,
17:00
web server, email server, DHCP server. Now, if a device communicates with that server,
17:09
like for instance, this red data traffic that was going, that was the file server traffic,
17:14
so that was going to a particular port or particular application or particular server.
17:19
Now how did that server know which server this traffic was supposed to go to? It knows
17:25

by looking at the destination port number, right. So, there is standard port numbers,
17:32
in every transmission if you look at the frame, there is a place where it mentions the
destination
17:41
port number. It also gives a source port number. Now, source port number is required
for it
17:48
to send back. Now like in this case, there is a blue traffic, now blue traffic is a web
17:52
traffic. Now both of them, blue and red, go to the same server or same physical server
17:58
which has different servers installed in that. So maybe, it's like I said, it's a data centre,
18:05
it's virtualized, so virtual servers. So how did it know that the red traffic had to return
18:10
back to this IP address. They know this by making use of port numbers. If you go to this
18:16
website in Wikipedia, that's a very good website, it lists all the standard port numbers.
Now,
18:24
let me just show you that. Al right, this is a beautiful website. Now, if you look at
18:31
it, it has all the port numbers listed. Now let me just scroll down, whoa! That is a biiiiig
18:38
biiiiig biiiig biiig biig list. Okay, that goes up to some 61,000. Port numbers can go
18:50
from 1-65,565, something that range. The numbers from 1-1024 are known as the wellknown port
19:04
numbers, right. So, you have port numbers like 21 TCP ftp. 22 is ssh, 23 is telnet,
19:14
then we have port 80, TCP port 80 is http, TCP 443 is https which is like the secure
version of http. So, some of the ports
19:38
TCP and UDP is the same thing but some of the port, for instance, port 80, port 80 TCP
19:47
is different, TCP port 80 is http, UDP port 80 is again http but it's different http.
19:55
So, just because a port number is something in TCP, don't always assume that UDP
also

20:02
it's going to be the same thing, right. So, you will not need to by-heart this entire
20:08
list. Of course it's practically not possible to by-heart this entire list, but some of
20:13
those popular and well known port numbers, it's best to remember, right. And like I said,
20:21
some of them are official port numbers which that means there is an RFC and there is a
20:25
standard and some of them are not official, like chromium, they say UDP port 80 is
quick
20:31
for chromium, for http, I don't know, but something, It's an unofficial port. So, there
20:38
are so many common port umbers and port numbers is what enables these traffic to go
and come
20:45
back and be delivered to the right applications, right. So now let's look at a data flow
through
20:53
our network with whatever little information we know so far. So, lets assume that this
21:00
computer 10.1.1.10 wants to communicate with this computer or this server, this file
sever
21:09
at 30.1.1.10. Now whatever you see below that in xxx, that's the MAC address. Now, I
have
21:18
put the MAC address with only the last 4 hexadecimal numbers because I mean this is
an example.
21:25
Normally, it is a 48-bit number, hexadecimal number, with 12 hexadecimal numbers. So
each
21:34
of those hexadecimal numbers are 4-bits long, so it's a 48-bit number with, like I said,
21:43
12-hexadecimal digits. Right, so if this device wants to communicate with this server,
first
21:51
like we know, part of the 3-way handshake, it has to send a SYN. So it creates a SYN,
21:58

it puts a source port number, now what's a source port number. Source port number is
22:03
a port number that is dynamically generated by Windows. Now Windows will just
randomly
22:09
take a port number between 1-65,000, mostly it will be in the upper part of that 65,000
22:17
because the lower 1-1024 is a well-known port number so it will not use those 1-1024.
Normally,
22:23
it will be 25,000+ port number. So, it'll create a random source port. Then it'll create
22:31
a destination port number, now in this case, the application whichever is trying to
connect
22:37
to this FTP server knows that it needs to send an FTP traffic, right. So it says the
22:45
port number is port 21, right. Then it says Okay, my IP address is 10.1.1.10, I need
22:54
to go an IP address of 30.1.1.10. This forms the packet, now this packet does not
23:01
change until it reaches the end of this communication. What we need to understand is
one of the things
23:08
that I want you guys to take from this video is to see how the data goes in through the
23:14
networks. So, when this computer sees the source IP address and the destination IP
address,
23:20
it realises one thing that this IP address is not in this local network. Okay, one more
23:26
thing that I haven't told is that these are all /24 IP addresses. So, if you look at /24
23:32
IP addresses, one shot the computer realizes that this 10.1.1.10 and 30.1.1.10 is not in
23:39
the same network. So, it realises that for it to go out of this network, it needs to
23:44
go to 10.1.1.1 which is the gateway and which is configured at one of the interfaces of
23:53
the router. So it knows it has to go to 10.1.1.1, so it knows that it's MAC address is
something

24:01
at 111, but it does not know the MAC address for 10.1.1.1. What does it do? Yes, it
sends
24:09
an ARP request. Now ARP goes as a broadcast, everybody in the network receives, but
only
24:15
the router with the IP address 10.1.1.1 would reply. Now he replies with his MAC
address
24:22
which is AAAA. What that device would do is put that in that frame. Once that frame is
24:29
ready, just before it goes out of the network, it would do something called as the frame
24:36
check sequence or CRC, it's just an error checking, error detection mechanism. So what
24:44
it literally does is it takes this entire thing, from SYN to this MAC address, puts
24:49
it through a hashing algorithm, it let's say MD5 hash, so it just puts it through a hashing
24:55
algorithm, it gets a hash value. What it does is it just attaches that hash value to the
25:01
start of the frame. So you have a FCS, FCS is frame check sequence or CRC which is
cyclic
25:08
redundancy check, now some people say FCS, some people say CRC, so I've just put
both
25:14
there but it's just a hash value, that's all it is. It is there to make sure that whatever
25:19
data is coming through the network, is error free. So when this data or frame goes
through
25:29
and reaches the router, the first thing it'll do is it'll take this FCS or CRC value, take
25:35
whatever is remaining, put it through the same hashing algorithm and see if the hash
25:41
that is generated by it is the same that came with this frame. Now if this FCS matches
the
25:47

FCS generated by this router's interface card, brilliant! That means that there was no
error
25:53
that was induced during transmission, right. The next it looks at the MAC address, it
says
25:59
OK, MAC address AAA that means it is addressed to me, and it strips that away. Next
it
26:06
looks at the IP address, the minute it sees the IP address destination is 30.1.1.10, it
26:14
realises that this packet is not to the router but it is going through the router, right.
26:21
So what it does. It says OK, I need to see where 30.1.1.10 network is. Now, I
26:28
know we haven't covered or we havent reached the routing concepts but just know that
routers
26:33
would have a routing table. And in the routing table, there would entries for this network
26:39
30.1.1.0. Remember, it is not the host IP address that is going to be there but it's
26:45
going to be the network ID, right. So it would say 30.1.1.0/24 is reachable by going to
20.1.1.2,
26:55
right. Now you might ask, how does it know that? Just know for now that it knows, either
27:02
it could be automatically learnt by using routing protocols or maybe as an administrator,
27:09
you configured it there, a static route. But either way, this router's routing table will
27:15
have that entry there. Right, so it knows that it has to send this packet to 20.1.1.2.
27:24
Now assuming that this packet already knows the MAC address, we will continue from
here
27:30
but even if it doesn't know, the it'll run an ARP again, it'll try to get the MAC address
27:35
of 20.1.1.2 and then it'll continue. So, we're assuming that it already knows the MAC
address,
27:41

so it'll but the source MAC address as BBB, destination MAC address as CCC. It again
does
27:47
the same computation or hashing algorithm with this entire packet and puts the hash
27:53
value at the start of the packet, right. Then it sends that frame across the network, it
27:58
goes to the device, it again removes the FCS value, it checks, it does hashing and it
checks
28:06
if whatever data it received, is not corrupt. When the FCS matches with the hash that
the
28:14
device generates, it deduces that the data is good. Then it removes the MAC address
again
28:21
and it looks at the destination, it sees that it is 30.1.1.10 and it knows that 30.1.1.10
28:26
is connected to it's interface, right. So, the same process continues, it finds out the
28:36
MAC address, it puts those MAC addresses, does the hashing, attaches the hash to the
28:42
frame and sends it across the network. So when the receiving device receives that, it
28:48
again does the same thing, it checks if the hash is matching and if the hash is matching,
28:52
it knows it did not have any error that was induced. Next it will remove the MAC address
28:57
from the table, it will remove this protective cover which I put there for reference to tell
29:02
you that it never changes throughout the journey, from the start till the end, it looks at
the
29:08
IP address and it realises that it is the destination, it is the destination this packet
29:12
was supposed to go to. So it can strip out the IP address information which is layer
29:18
3 information, then it looks at the port numbers. It says it has to go to port number 21
and
29:23
it knows that it is an FTP traffic and also it looks at SYN. So it realises that somebody

29:31
is trying to establish a connection, so what it has to do according to what we know? It
29:35
creates a SYN/ACK packet, it will reverse this whole process, it'll send that back to
29:39
10.1.1.10. This device 10.1.1.10 will create an ACK, will follow the same process as we
29:50
did in this slide and send that to this device. Once that happens, the connection is
established.
29:57
Now one thing you need to know is that all this happens in less than a second. So it's
30:03
very very fast, it is just that we have tried to slow this process to show you exactly how
30:10
it works. This is something that we have learnt and I think it has been really useful.
What
30:18
I hoped with this video is that we could fill al the gaps that we had with whatever we
learnt
30:23
so far. So, if you have any questions so far, please write into me at
imran.rafai@nwking.org
30:29
or better you could just post your questions below this video. What I'm going to do from
30:38
next video onwards is pick 3 best questions from YouTube and I'm going to address, at
30:46
the end of every video from now onwards, I will have a section which says The best
30:51
questions, so I'm going to put that question with your name and I'm going to answer it
30:56
in the video, so what it's going to do is if I think a question is going to help a lot
31:00
of people I think that question should go in the video and I will answer it live, so
31:04
everyone gets benefit, right. So it is your opportunity to go in one of my videos. So
31:10
guys, start writing to me, put all your questions down there, ask some intelligent
questions
31:17
and I'm sure a lot of people are going to benefit from that. Thank you so much, thank

31:22
you for following, thank you for subscribing, and for those people who have not yet
subscribed,
31:28
please click on that red button subscribe to our video because it is also going to notify
31:32
you every time I put a new video. So thank you once again and have a wonderful day.
Buh-bye.

You might also like