CCNA Cyber Ops SECFND 210-250 Lecture 1 (TCP-IP fundamentals)

  • 5 months ago
Transcript
00:00bismillahirrahmanirrahim assalamu alaikum welcome back
00:03and we have come to lecture number 1
00:07CCNA cyber op security fundamental lecture
00:11210-250 you know about the book
00:14we are reading this book if you buy the library
00:17210-250 and 210-255
00:20security fundamental and security operations
00:23we will cover both of them
00:25so lets start
00:27there is no catch up, TCPIP is fundamental
00:29before starting all this work
00:31let me give you a suggestion
00:33that you go to urdu it academy
00:37this is urdu it academy
00:39go to courses, cisco
00:41and this CCNA ICND 1
00:43i assume you have read all of this
00:45because this is very important for you to read
00:48without this i have no point
00:51to try to reinvent the wheel
00:55this is the best shot we have given
00:57everyone who works at the SOC
00:59should know about TCPIP
01:01this is protocol suite
01:03fundamental of IP packet
01:05OSI layer model
01:07application presentation session
01:09transport layer
01:11IP addresses
01:13169.254 IP addresses
01:15because one day
01:17you will be sitting in a SOC
01:19and you will be monitoring
01:21some security activity
01:23and you will see
01:25there is an IP address
01:27which is coming from 169.254
01:29and it is producing some traffic
01:31and your colleague
01:33will tell you
01:35this is a malicious IP address
01:37this is a strange behavior
01:39this is a Chinese IP address
01:41so you will be sitting there
01:43and will say this is a misconfiguration
01:45this is not security
01:47now when you will be talking
01:49with your legs crossed
01:51it means you know these things
01:53so you have to be on that level
01:55you should know about TCP3 way handshake
01:57you should know about UDP
01:59what is the difference between TCP and UDP
02:01I will give you a common example
02:03one day a guy will say
02:05you opened UDP port 23
02:07and I can't check
02:09I will tell you a common thing
02:11if you have
02:13I don't have a telnet port
02:15open
02:17if you want to see your access
02:19to a server
02:21so you will do
02:23telnet
02:25cisco.com
02:27space 80
02:29and you will see a blank screen
02:31you will say
02:33port 80 is open
02:35now what will happen
02:37he will say you opened port 80
02:39but I am doing telnet
02:41so port 80 is not opening
02:43this is a common troubleshooting
02:45if you want to use port 443
02:47you will type 443
02:49and it will show
02:51if 443 is open or not
02:53now
02:55what he was doing
02:57he said I did telnet
02:59and you said 443
03:01or 123 port is not opening
03:03I said telnet is a protocol of TCP
03:05and I opened port UDP
03:07so
03:09I didn't have to google
03:11you should know these basic things
03:13this is a networking 101
03:15type thing
03:17you should know
03:19ARP reverse
03:21DCP
03:23ICMP
03:25many people ask
03:27to confuse people
03:29tell me
03:31which port does ICMP work
03:33if I ask you this
03:35you will be confused
03:37which port does ICMP work
03:39ICMP is a different protocol
03:41it doesn't use TCP UDP
03:43ICMP uses ICMP protocol
03:45how to do packet delivery
03:47I have explained it in detail
03:49so
03:51let's start OSI layer model
03:53we know OSI layer model
03:55what are bridges
03:57switch hub and router
03:59if you don't know
04:01go back
04:03we know data
04:05and here
04:07we have segmentation
04:09here packets
04:11here frames
04:13what are segments
04:15what are packets
04:17application layer, presentation layer, session layer
04:19transport layer, headers
04:21network layer
04:23IP header, data link layer
04:25frames, MAC addresses
04:27physical layer
04:29we know all these things
04:314 layer TCP IP model
04:33ISO layer model
04:35is of 7 layers
04:374 layer TCP IP model
04:39also
04:414 layer TCP IP model
04:43TCP IP stack
04:45or
04:47DOD model
04:49Department of Defense
04:511974 protocol of packets
04:53network
04:55in 1982
04:57TCP IP DOD
04:59Department of Defense
05:01to connect all devices
05:03ARPANET
05:05switch towards TCP
05:07NCP
05:09legacy protocol
05:13history layers
05:15in 1960
05:17ARPANET
05:19DARPA
05:21internet
05:23published in 1984
05:25OSI
05:277 layer model
05:29in 1983
05:31ARPANET
05:33TCP
05:35OSI
05:374 layer TCP IP
05:397 layer OSI
05:41map
05:43TCP IP stack
05:45OSI
05:47TCP IP application
05:49OSI model
05:51application
05:53presentation
05:55SMTP services
05:57HTTP
05:59application
06:01TCP IP
06:03application transport
06:05physical layer
06:07ATIP
06:13ATIP
06:15ATIP
06:17ATIP
06:19ATIP
06:21ATIP
06:23ATIP
06:25ATIP
06:27ATIP
06:29ATIP
06:31ATIP
06:33UDP
06:35UDP
06:37TCP port 80
06:39TCP header
06:41TCP encapsulation
06:43IP
06:45IP address
06:47IP address
06:49Ethernet
06:51Ethernet
06:53Ethernet
06:55Ethernet
06:57Ethernet
06:59Ethernet
07:01so 1,2,3,4 these are the 4 layers
07:05this is the encapsulation
07:08when it reached the receiving end
07:10it first removed Ethernet header
07:12then IP header
07:13then TCP header
07:14then HTTP post request
07:15and sent it to the server
07:17and the web services running behind it
07:19it processed it and did whatever needed to be done
07:21ok
07:22tell me one very interesting thing
07:24I think I haven't taught this
07:26one person asked me in an interview
07:28that the communication between a server and a client
07:34tell it in as much detail as you can
07:37I told OSI layer model and everything
07:40but what I was lacking at that time
07:42was that when you are pulling data from HTTP
07:46rendering it and showing it in your browser
07:49it would have been better if you told that detail too
07:52well, I didn't get that job
07:54anyway
07:55after that we go to the IP protocol
07:58this is the IP protocol
07:59the TCP we were talking about
08:01this is the IP protocol
08:03we are talking about the inter-network layer
08:05we are not reading the TCP header
08:07we are reading the IP header
08:08I have explained it in detail
08:09layer 3 of OSI model
08:11ok
08:12connectionless protocol
08:13where is the connectionless protocol
08:15ok
08:16don't worry about the sequencing
08:17addressing network and host IP addresses
08:19network ID, host ID
08:21this is the IP protocol
08:22that's why connectionless is written
08:25ignore it
08:26so this is your entire header
08:27ok
08:28what is the purpose of teaching this
08:29because this is the IPv4 header
08:31after this we have to see IPv6
08:33ok
08:34so this is the version
08:350 to 4
08:36what version of IP version 4
08:38you are using
08:39IP header length
08:40this is the IP header
08:41this is a bit out of sync
08:42ok
08:43this is the version
08:44ok
08:45this is the IP header length
08:46minimum of 20 bytes
08:47ok
08:48type of service
08:498 bits are used in this
08:50for quality of services
08:51DSCP takes 6 bits
08:53ok
08:542 for congestion notification
08:55if there is congestion in the network
08:56ok
08:57entire length of packet
08:58ok
08:59this is 65,535 bytes
09:01of entire header
09:03that's why there are so many bits
09:04which can be presented
09:05ok
09:0616 to 31
09:07how many will be there
09:0816 will be there
09:09and then
09:10these 3 fields are used
09:11for the fragmentation of packet
09:12and identifying them
09:13and using them
09:14to resamble
09:15identification
09:16assembly
09:17disassembly
09:18whatever it is
09:19flag
09:20you know
09:21fragment
09:22ok
09:23header
09:24check
09:25source
09:26IP
09:27destination
09:28option
09:29I remember
09:30I discussed in the
09:31previous lecture
09:32that
09:33whenever
09:34someone is
09:35telling you
09:36this
09:37then
09:38he tells
09:39version
09:40blah blah
09:41source
09:42IP
09:43destination
09:44IP
09:45option
09:46padding
09:47ok
09:48all the stories
09:49are lost
09:50I have told
09:51routing
09:52decision
09:53minus 1
09:54increment
09:5529
09:56ok
09:57what is the reason
09:58not to create
09:59loop
10:00in the network
10:01ok
10:02if there is a packet
10:03which is roaming
10:04in the network
10:05for no reason
10:06when it is
10:07on the
10:08counter of 0
10:09then
10:10the router
10:11will discard it
10:12if it is
10:13coming with
10:140 value
10:15or
10:16with 0 value
10:17the way
10:18it reaches
10:19the router
10:20ok
10:21hackers
10:22use
10:23this
10:24kind of
10:25packets
10:26ok
10:27after that
10:28comes
10:29what IP
10:30ok
10:31this
10:32is a
10:33mistake
10:34which
10:35IP
10:36header
10:37field
10:38help
10:39preventing
10:40the
10:41loops
10:42TTL
10:43packet
10:44prevents
10:45loop
10:46routing
10:47loops
10:48value
10:49ok
10:50A
10:51class
10:52127
10:53RFC
10:541918
10:55private
10:56IP
10:57address
10:58A
10:59class
11:00B
11:01class
11:02C
11:03RFC
11:041918
11:05separate
11:06IP
11:07ranges
11:08class
11:09A
11:10class
11:11B
11:12class
11:13C
11:14class
11:15D
11:16class
11:17E
11:19class
11:20C
11:21class
11:22B
11:23class
11:24D
11:25class
11:26E
11:27which
11:28is
11:46reserved
11:47network addresses all 0s in the host portion, broadcast addresses all 1s in the host portion,
11:54directly broadcast address 10.255.255.255, local broadcast address never broadcast outside
12:00its local segment, local loopback address 127, RFC 3947, APIPA automatic private IP
12:08addressing, 169.254.0.0, I cannot get to my DSCP server, what IP address my PC will get,
12:23standard question, answer C, public and private IP addresses, IANA, IANA under ISOC, Internet
12:34Society, Afrikanik, APNIC, ARIN, Latin America, RIPE, IPv4, RFC1918, 10, 172, 192, these are
13:01private IP addresses, you do not browse on the internet with these IP addresses, you
13:06should have a net in front of these IP addresses which is a public IP address, I have discussed
13:11this in detail in ICND1, I think it is defined according to the plate of the car.
13:18In IPv4, there are 4.3 billion addresses, IPv6, watch the lecture, in IPv6, I would
13:28like to say that your header information has been simplified, identification flag, fragmentation,
13:35header checksum, all these things have been removed because path fragmentation lies with
13:41the host, it is the host's responsibility to send these things, host discovers the path
13:47MQ before it sends the packet, and which fragment size to use, all these things are not put
13:54in the header, and the fields that have been added, and the name that has been kept is the
14:01version number, source address, destination address, and the new field that has been added
14:06is the flow label, flow label possibly can be used for the QoS purpose, and IPv6 in short
14:13has been simplified, now you can see in the IPv6 header there are 8 fields, IPv6 has 16
14:28hexadecimal fields, watch the CCNA lecture, this is the unicast address, multicast address,
14:33loopback address, unspecified networks go towards the default route, and this is the
14:39way to define the unicast route,
15:09Allah Hafiz