Use Models to Understand IP Networking

0:00Hello and welcome. My name is Keith Barker and I can still remember back many

0:04decades ago when I was first introduced to computer networking.

0:08I thought, "My goodness, this is the most amazing thing ever!" And it was and

0:12is.

0:13Now the problem is, if somebody wants to learn about IP networking, there's a

0:16lot to take in and no one's ever just born being an expert at computer networks

0:21.

0:21So in this set of videos, we'll take a big picture look at the world of IP

0:24networking and then we'll proceed to use models to break it down into smaller

0:28and easy to understand.

0:29parts.

0:00<v Instructor>So let's take a moment and take a look</v>

0:01at the big picture regarding IP networking.

0:04So here's a representation of a network,

0:06a beautiful picture with lots of devices.

0:08However, for this discussion,

0:10I'd like to focus in on just a couple components here

0:13in this network topology.

0:15So the two devices I'd like to focus on first is a computer.

0:18So here's a computer, computer 2,

0:20and let's also go ahead and focus on this icon right here,

0:24which represents a server.

0:26And down here, this computer could be acting as a client.

0:29And you know what?

0:29That is a great point also to discuss here for a moment

0:32regarding networks in general.

0:34If we have some device that's requesting

0:36or asking for something, in that moment,

0:38that device is acting in the role of a client.

0:41So make a note here that says clients request.

0:44So let's imagine this client opens up their favorite browser

0:47and wants to connect either to a server inside the company

0:50or maybe a server out on the internet.

0:52And when that website responds back

0:54and that computer now gets the information from that server,

0:57in that moment, that device that's running that webpage

1:00is acting as a server.

1:01So the role of servers is providing or giving something.

1:06And this is a very common occurrence

1:07with clients running their browsers, going to websites,

1:11and those sites that are responding back acting as servers.

1:14Or behind the scenes, it's the server

1:15that's hosting the website.

1:17So here's an example of that.

1:18We have this computer that I'm currently sitting at.

1:20This is in our lab environment.

1:21If we open up a browser, I'll just go ahead

1:23and click on the icon here for Chrome,

1:25and let me go to the IP address

1:26of the server I have here in the company.

1:28So I have it here as a bookmark.

1:29So I'll click here on the 10.20.0.11 bookmark,

1:33and boom, there is the website.

1:35So here, the client PC with the browser

1:37is acting as the client, and the website

1:39that we're hitting at, this IP address,

1:41is acting as a server, responding back to us,

1:44handing all that information back

1:45and feeding it into our browser.

1:47Another interesting fact is that sometimes a server

1:49is not just a standalone server.

1:51Sometimes that server may be accessing

1:53yet another server for information.

1:55So for example, if the client connects to the website

1:57and that website is asking the client to authenticate,

2:00for example, put in a username and a password,

2:03maybe when the user supplies that username and password,

2:05this server, we'll call it server A,

2:07is checking with a database server, server B,

2:11to verify whether or not

2:12the username and password are correct.

2:14So in that instance, this server A is acting as a client

2:17as it's making a request to server B

2:20for the purpose of verifying the user's password.

2:22So if we look at it in the broad sense of clients

2:24and servers with a client requesting something

2:26and a server providing something, sometimes one system,

2:29for example, this computer right here,

2:31computer A, could be acting as a server

2:33providing webpages back to the client

2:35while at the same time acting as a client over to server B,

2:39requesting to see whether or not the username and password

2:41were correct that were submitted by the client.

2:44So we can think of the clients and servers as roles

2:47based on the current activity that's happening.

2:49And behind the scenes, there's a lot of additional detail

2:52regarding what's happening here at the client

2:54as it formulates that request

2:56and forwards it into the network.

2:57And also, a lot of details are happening here at the server

3:00as it's responding back to that client,

3:03including information that might be used

3:04by these intermediate devices like switches and routers

3:07and firewalls who would be forwarding that traffic

3:10between the clients and the server.

3:11So if we were to chat and discuss

3:13about all the individual components that goes into a request

3:16and the response here from the server,

3:18and all the forwarding that's done by these network devices,

3:21that is a very, very large topic.

3:24But fortunately, we can leverage the concept

3:26of using a model, and we can carve

3:28that whole logical process up into smaller components.

3:32So we can go ahead and focus on this part

3:34and then this part, and then this part.

3:35And that way, we can get clarity

3:37and better understand the overall process

3:39and the interrelationship of all these devices

3:41and the protocols that are being used

3:43by breaking it down piece by piece using a model.

3:46And we'll take a closer look at the models

3:48in the next video.

0:00<v Instructor>So in the previous video, we did an example</v>

0:02of a computer like this one right here,

0:04communicating with a server like this one right here

0:06with the computer two acting as the client

0:08and the server acting as a web server

0:10feeding the responses back to the client.

0:12Now, behind the scenes, what's not so obvious

0:15is that this computer who made the request,

0:17put a lot of information together

0:19before shipping it over the network towards the server.

0:23And as far as making the request with all the details

0:25that go into it, this is one of the benefits

0:27of using a model.

0:29And the first thing I'd like to chat with you about,

0:31about using a model to describe

0:33what this client is doing when it makes a request,

0:35is to drive home the point that the model is just a way

0:38to break a very complex topic

0:40down into smaller and more easy to digest parts.

0:44And one of the most oldest models out there

0:47for describing network communications

0:49is referred to as the OSI model,

0:52which stands for the Open System Interconnection Model.

0:56And the OSI model was created in the '70s

0:59by an organization called

1:00the International Organization for Standardization,

1:04whose acronym is ISO.

1:06However, at the end of the day,

1:07we don't really need to worry about when it was created

1:10or the actual organization that created it.

1:12We can just remember it as the OSI reference model,

1:14the Open System Interconnection model.

1:16And the goal of the OSI reference model

1:18was to break down into seven layers,

1:21the details of what's going on in a computer

1:23or a network system

1:25when it's gonna send data across the network.

1:27In our example, we had our client that was using a browser,

1:30which is a program that's running on this computer.

1:33And then these seven layers of the OSI reference model

1:35represent logical subsections of what has to be done

1:39and put together for that request

1:41that the browser's making to be sent out over the network.

1:44So I've got good news and better news.

1:46The OSI reference model is not what we use today

1:49on the internet and our corporate environments.

1:51What we use is a set of protocols

1:54called the TCP/IP Protocol Stack.

1:57Sometimes it's referred to as the TCP/IP Protocol Suite.

2:00Sometimes it's referred to as IP in general,

2:03where the IP stands for internet protocol.

2:06And if you'll notice the TCP/IP Protocol Stack,

2:08it doesn't match up exactly with the OSI reference model.

2:12And that's because the OSI reference model

2:14is just a reference model where the TCP/IP Protocol Stack

2:17is literally a protocol stack that we use

2:20on computer networks today, including the internet.

2:23And then I have one additional wow factor,

2:26and this is probably the most important takeaway

2:28from this specific video,

2:29and that is this column right here.

2:32Even though we are using the TCP/IP Protocol Suite,

2:35the suite of protocols in our corporate environments

2:38and on the internet today,

2:40when we refer to the actual layers and individual components

2:43of our TCP/IP Protocol Suite,

2:45we borrow a few of the numbers

2:48and names from the OSI reference model.

2:50We keep a few of them from the actual TCP/IP Protocol suite,

2:54and this is actually how we refer to what we use today.

2:58So what we're using is indeed the TCP/IP Protocol Suite,

3:01but we have modified the layers and numbers

3:04to make it match a little bit more

3:06with the OSI reference model.

3:07So about 20 or 30 years ago, I would've said, yeah,

3:10it'd be a great idea to memorize

3:11all these layers of the OSI reference model.

3:14But you know, what I'm gonna say today

3:15is that we really don't care about the OSI specifically

3:20or the TCP/IP Protocol Stack specifically

3:23because when we refer to the TCP/IP Protocol Stack,

3:26we are gonna be using this column right here.

3:28And here's what that means.

3:29If we're having conversations in the future

3:31from right now going forward,

3:33and we're talking with somebody and they say,

3:34"Oh, from the OSI reference model,

3:36that is layer three," which would be right here,

3:39or if they're saying, "In the TCP/IP Protocol Stack

3:41is the layer two," which is right here.

3:44What we're actually doing is referring to this hybrid

3:46where we're really using the TCP/IP Protocol Stack,

3:49but we're borrowing some of the labels and numbers

3:52for the layers from the OSI reference model

3:55as we describe and talk about the TCP/IP Protocol Stack.

3:58So if we have friends and loved ones

4:00or coworkers that talk about the OSI reference model,

4:02layer three or layer two,

4:04what we're really talking about is layer three right here

4:07or layer two as we talk about this hybrid approach

4:11to describing and characterizing

4:13the actual TCP/IP Protocol Stack

4:15that we're using on our networks today.

4:17So as far as models go,

4:18the only one we really need to worry about and talk about

4:21and get familiar with is this one right here.

4:24And we'll continue this discussion

4:26by breaking these sections down in the next video.

0:00<v Instructor>So now that we've whittled down</v>

0:01to one effectively model, slash, protocol stack hybrid,

0:05we're gonna focus on this stack in this video.

0:08And we could call this the TCP/IP stack or suite.

0:12We could call it the IP protocol.

0:14And in either case, when we're talking about those,

0:16we're referring to this suite of protocols

0:18or these sections of this model

0:21for the TCP/IP protocol stack that we use and love today.

0:24So let's start off with some naming

0:26of these different sections

0:28that help describe the communications

0:29that happen over a network.

0:32And let's start at the top.

0:33This level right here is referred

0:35to as the application layer.

0:37And I remember getting involved with networking back

0:39in the 80s when I heard the word application,

0:41I thought of like, you know,

0:42a program that we'd run on a computer.

0:44But in the context of the TCP/IP protocol stack,

0:47the application layer is referring to some type

0:49of a network service or function that we're looking for.

0:53For example, let's take this client again.

0:54This client opens up a browser

0:56and they go to a website in the background.

0:58What that client's really requesting

1:00is an application layer service regarding HTTP.

1:04So that's one example

1:05of an application layer service called HTTP,

1:08and that stands for Hypertext Transfer Protocol

1:12or HTTP in uppercase for short.

1:15There's also a secure flavor of that,

1:17which is called HTTPS, we'll put a slash there with an S,

1:21and also it's being used behind the scene

1:22as the application layer service

1:24when we go to a typical webpage.

1:26And there are hundreds and hundreds

1:28of different application layer services.

1:30And just to round it out a little bit,

1:31let's do an example of one other one, and that is DNS,

1:35which is an acronym for Domain Name System.

1:40However, I've also heard people pronounce it

1:42as Domain Name Service,

1:44possibly because it is an application layer service.

1:46So regarding what exactly is this application layer service

1:49called DNS, Domain Name System,

1:51it's sort of like a phonebook.

1:52And I just realized as I said that,

1:54that perhaps there are people within the sound of my voice

1:58that don't actually use a phonebook.

2:00But in the old days, if we wanted to, for example,

2:02look up the phone number or the address

2:05for an organization for an entity,

2:06we'd go to a phonebook, look up their name,

2:08and it could give us their address or their phone number.

2:11I guess a better example today would be to go

2:13to your mobile device and you want to go to a restaurant,

2:16so you look up the address.

2:17So you know the name of the place, but you need the address,

2:19you need to find that information out.

2:21So I'll jot that out as learning the address based

2:24on the name.

2:25So the restaurant, you know the name,

2:26and you do a search to figure out what the address is

2:28so you can actually go there.

2:29So HTTP or HTTPS is an application layer service

2:33that delivers webpages.

2:35And DNS, Domain Name System,

2:36is an application layer service

2:38that can give us the address regarding a specific website.

2:41So if this client is going

2:42to a website like myfavoritewebsite.com,

2:45behind the scenes, it's leveraging DNS, Domain Name System,

2:48to return or figure out the actual address

2:52so the computer can include that as part of the request

2:55before it sends that request into the network.

2:57So HTTP and DNS are great examples

3:00of application layer services in the TCP/IP protocol suite.

3:04So I have put them up here in green just to give a reminder

3:07that those are both application layer services.

3:10So as we move down the protocol stack,

3:12this next section here

3:13in this orange color is called Layer 4,

3:16and below it is Layer 3 and then Layer 2 and Layer 1.

3:21So if you're thinking, "Oh,

3:22do they call the application layer Layer 5?"

3:24No, today we just call the application layer

3:26in the TCP/IP protocol stack.

3:28We just refer to that as the application layer.

3:30We don't give it an actual number.

3:32So if we think of HTTP and DNS as these services

3:35that we want or the applications that we wanna use,

3:37each of those applications is associated

3:40with a specific set of rules.

3:43It's called a protocol here at Layer 4.

3:45And that layer in the TCP/IP protocol stack has a name

3:48and that is the transport layer.

3:50And that's already spelled out right here.

3:52So if we zero in on this section here, the transport layer,

3:55there's several different sets of rules

3:57or protocols that could be used,

3:59and let me go ahead and list a few of them.

4:00We have a protocol called Transmission Control Protocol,

4:03and its friends just call it TCP for short.

4:06Another common protocol at the transport layer

4:08or Layer 4 is called User Datagram Protocol,

4:12which its friends just like to call it UDP for short.

4:15And although there's several

4:16other Layer 4 transport protocols that are included

4:20as part of the TCP/IP protocol suite,

4:22the TCP option and the UDP option are the two most popular.

4:26So if we're sitting at a computer

4:28and we're going to a website,

4:29the end user doesn't really get to choose or control

4:32which Layer 4 protocol is gonna be used,

4:35and that's because these application layer services

4:37like HTTP and DNS,

4:39they are already associated

4:41with a very specific Layer 4 protocol,

4:45and that's what they're gonna use.

4:46So if the user here is sitting at the browser

4:48and they're going out to a website leveraging HTTP,

4:51in addition for the transport layer section information,

4:54that computer is going

4:55to include the appropriate protocol at Layer 4.

4:59And using these two application layer services

5:01that we've already identified for HTTP,

5:04the protocol that's gonna be used

5:05at Layer 4 is TCP, Transmission Control Protocol.

5:10And if we're using DNS, for example,

5:12we wanna find out the actual address being used

5:14for a specific website and we're using DNS,

5:17when DNS is used at the application layer, at Layer 4,

5:20DNS is gonna be using UDP or User Datagram Protocol.

5:26So up to this point,

5:26we've now identified two very common

5:29application layer services as part

5:31of the TCP/IP protocol suite.

5:33We've also identified two primary protocols at Layer 4,

5:36the transport layer with TCP

5:38and UDP being those two that we've mentioned,

5:40and identifying the HTTP behind the scenes using TCP

5:43at Layer 4 and DNS.

5:45The application layer is gonna be using UDP.

5:48And to help drive that home,

5:49let's go back to our computer here, computer two.

5:52Let's go over to our web server again

5:54and let's demonstrate both.

5:56So here at our computer,

5:57let's go ahead and bring up a program.

5:58I'll bring up Chrome, a browser.

6:00And here in Chrome, let's go to dc-nug.nuggetlab.com.

6:06So I'm putting in here a name

6:08of a website that I wanna go to.

6:10However, behind the scenes,

6:12this computer is also gonna leverage

6:14the application layer service of DNS

6:16to figure out what is the actual address of that website.

6:19And then once the DNS happens,

6:21it's gonna follow it up with the actual request

6:23for the HTTP, which would give us the webpage,

6:26assuming both of those work.

6:27So we'll press Enter, and boom.

6:29Both of those activities happen in the blink of an eye.

6:32And as part of the educational experience,

6:34let's go ahead and confirm that together.

6:36So I'm gonna go ahead and close that browser.

6:38I'm gonna bring up a Command Prompt,

6:40and here the Command Prompt on this Windows computer,

6:42I'm gonna do an ipconfig/flushdns.

6:46And what this is gonna do,

6:47it's gonna tell the computer to go ahead and forget

6:50or flush the cache regarding

6:52any DNS-related queries it had made.

6:55And the reason I'm gonna do that is

6:56because I wanna do the DNS again,

6:58because if the computer still remembered

7:00what the actual address was of that website,

7:02it wouldn't bother using DNS and asking again.

7:05So now with that in place,

7:06I'm gonna use this little tool called Wireshark.

7:08Now, Wireshark is an example of a packet capture utility.

7:13Think of it like a visual representation of all the details

7:17that's going on when a computer is sending information

7:19out to the network.

7:21And our focus here is gonna be taking a look

7:23at both the DNS information

7:25and also the HTTP-related request.

7:28So I'll go ahead and start the capture

7:30and let me make this a little bit bigger.

7:32So this utility called Wireshark

7:33is simply gonna help us reinforce the concept

7:36of the application layer

7:37and the transport layers associated with them.

7:39So let's go ahead and minimize our Command Prompt.

7:42And let's go back to our browser.

7:43We'll open up Chrome again, and once again,

7:45we'll go to dc-nug.nuggetlab.com,

7:49which is a computer here in my lab environment.

7:51We'll press Enter and I'm gonna go ahead

7:53and do a refresh a couple times just

7:54to make sure it's really going out to the website,

7:57not just pulling it from the local cache memory here

7:59on this Windows computer.

8:00And now that's done, let's bring back the packet capture.

8:04So here at Wireshark,

8:05I'm first gonna go ahead

8:06and do what's called a display filter

8:08by typing in DNS here at the top and pressing Enter,

8:11and that's gonna show us just the DNS request.

8:13So there is a lot of DNS requests this computer's making,

8:16but the one I'm looking for is right there.

8:18So I'm gonna go ahead and double click

8:20and make that full screen.

8:21And what I wanna point out is

8:22that the application layer service is DNS.

8:25So if we open that up,

8:26it's showing right here in the details,

8:28there's a request and the actual query.

8:31If we scroll down,

8:32we're looking for the address behind this site,

8:34dc-nug.nuggetlab.com.

8:36So I scooch this down a little bit.

8:38So the DNS is the application layer service

8:41that we're using, and then behind the scenes,

8:43DNS is gonna be using User Datagram Protocol

8:46for the Layer 4 information as part of making that request.

8:49So we'll go into further detail on these protocols,

8:51but I wanna reinforce for this video,

8:54the application layer services

8:55as well as the Layer 4 protocols

8:58that they are associated with and that they use.

9:00So that's the DNS information.

9:01Let's go ahead and close that.

9:03And let's do a search for HTTP.

9:06So I'll type HTTP up here in the top left

9:09as a display filter.

9:10So it'll just show us that. So here's one that'll work.

9:12I'll go ahead and double click on that, we'll open that up.

9:15So here the application layer service is HTTP,

9:18Hypertext Transfer Protocol,

9:20and the Layer 4 protocol that it's using is TCP,

9:24Transmission Control Protocol.

9:26So now we've discussed a couple

9:28of different application layer services

9:30in the TCP/IP protocol stack and their well-known protocols

9:34that they're using at the transport layer.

9:36Now if you're thinking, "Whoa, whoa, whoa.

9:37We need more information,

9:38What about Layer 3 and Layer 2 and Layer 1?

9:40What about those?"

9:41And the answer to that is we're gonna get to that as well

9:44because we'll pick up the next part here,

9:45the network layer in the next video.

0:00<v Instructor>So if we continue our discussion</v>

0:01of this client making a request to go to this website,

0:05which, in our case, that was dc-nug.nuggetlab.com.

0:10That caused the computer to use the DNS service

0:12to figure out what the address was for that server.

0:15And as part of that,

0:16it included UDP information

0:18at the layer for the transport layer

0:19as part of that request.

0:21And then after that was all successful,

0:23it then used HTTP

0:25to make a web request for the webpage at that server.

0:28And when that HTTP request was made at Layer 4,

0:31it was leveraging in the background

0:33Transmission Control Protocol.

0:35So next, let's take a closer look at the Layer 3 information

0:38that would also have to be included by this computer

0:41before it sends out a request out to the network.

0:43And the primary information here in the network layer

0:46is the address information.

0:49And I think we're all familiar with addresses.

0:51Imagine that we're sending a physical letter to somebody.

0:55We're gonna go ahead and put an address on it.

0:56So it's probably gonna have their name on there.

0:58We're very likely going to include the street name.

1:00That's if we want this to be delivered correctly.

1:02So we have the street name and also the house number.

1:06And also very likely we put our return information

1:08in the upper left-hand corner

1:09in case they need to reply back to us

1:11or in case the postal delivery service

1:14needs to deliver it back to us.

1:15And this is an example of an address.

1:17So in the world of the TCP/IP protocol stack

1:19or the TCP/IP protocol suite,

1:21what exactly is an address?

1:23Well, it's very much like

1:25the address we have here on an envelope.

1:27We're gonna have the street name.

1:29In the world of IP they call that a network address.

1:32So think of a network address very similar to a street name.

1:35And then we're also gonna have the house number

1:37or the device number on that street.

1:40And so we're gonna refer to that as a host address.

1:43So imagine we have a street.

1:45Let's go ahead and call this Elm Street.

1:46And then we have a house on that street,

1:48this is the driveway, and we have a house number.

1:51So that information, if we're delivering a piece of mail,

1:53we'd put that information on the envelope

1:55so it could be delivered correctly.

1:57And in the world of IP networks,

1:59instead of using a street name literally,

2:01we're gonna have an IP network address,

2:04which is also going to include the host address,

2:06which is like the house number

2:07or individual device address on that Common Street.

2:10So gonna go ahead and clean this up a little bit.

2:12And let me give you an example.

2:14And the example I'm gonna give you is an IP

2:16which stands for Internet Protocol Address.

2:19And the reason I'm putting here in blue

2:21is because I wanna remind us

2:23that this information is gonna be kept here

2:25in the network section of the TCP/IP protocol stack.

2:28And that's also referred to as Layer 3 or the network layer.

2:31And the major protocol here is IP, the internet protocol.

2:35And there's two different flavors of IP.

2:38There is the old traditional flavor called IP version 4,

2:41and there is another version called IP version 6.

2:45And visually,

2:46they look very, very different than each other.

2:49And we'll have further discussions about both of them

2:51in greater detail.

2:53But for right now, I'd like to give you an example

2:55of an IP version 4 address.

2:57So let's imagine we're focusing on this computer right here.

3:00And let's imagine this computer

3:01is on the IP network of 10.10.0.

3:05And let's imagine those first three numbers

3:07separated by the periods there,

3:09that represents the actual street or network.

3:12And let's imagine

3:12that the actual house number on that street

3:14is 50 for this computer right there.

3:17So I'm gonna make a little note

3:18that that represents the actual house number,

3:20this 50 right here.

3:22So I'll put a little dividing line there for a reference,

3:24and we'll have a whole separate set of skills

3:26based on detailing:

3:27How do we know where that dividing line is

3:29between the street name or the network number

3:32and the actual house address

3:33or host address on that network?

3:35So let's measure this computer here is 10.10.0.50

3:39and that the server that we're trying to go to

3:41is at 10.20.0.100.

3:45So that's their IP addresses.

3:48So how in the world does this computer,

3:50if we're going to dc-nug.nuggetlab.com,

3:54how in the world does this computer learn

3:57about the actual IP address?

3:58Because it needs to include the IP address

4:00in the Layer 3 header information.

4:02And the answer is DNS.

4:04This computer is gonna use DNS

4:06to make a request to a DNS server,

4:09somebody who knows the information,

4:10and this client's gonna say,

4:11"Hey, I need the IP address for dc-nug.nuggetlab.com,"

4:15at which point the DNS server,

4:17who knows that information can respond back to this client,

4:20and that's how this client gets the IP address

4:22of the destination it's trying to go to.

4:24And there's a couple different ways

4:25we could verify that's happening here at computer two.

4:28In fact, let me show you.

4:29So back here at our client computer,

4:31let me go ahead and hit the Up Arrow key.

4:32I'm gonna do an ipconfig, space, /flushdns

4:36just to make sure this client computer

4:37isn't hanging onto anything.

4:39And then we'll do an ipconfig/displaydns

4:42and we'll press Enter.

4:43So this is showing us everything

4:44that this computer currently knows about

4:46regarding names to IP address mappings.

4:49So if we are gonna do a ping, for example,

4:51and pinging is a great tool

4:52just to verify basic connectivity,

4:54let's do a pinging to DC Nug.

4:57So dc-nug.nuggetlab.com, and press Enter.

5:01So in the background,

5:02I used DNS to resolve that name to IP address.

5:05So here, it's showing that the IP address came back

5:07as 192.168.1.100.

5:09And if we hit the Up Arrow key a couple times

5:10and do an ipconfig/displaydns and press Enter,

5:14here is showing us that the response that came back

5:16for that DNS request actually provided this answer,

5:18192.168.1.100,

5:21and it also provided this one as well.

5:23Meaning there was two entries,

5:25two different IP addresses

5:26associated with the name dc-nug.nuggetlab.com.

5:31Also, if we go back to our capture

5:32that we did in a previous video

5:34and we did a quick filter for DNS.

5:37So we look at this request right here for this DNS request,

5:40and in fact, we can expand this and take a quick look.

5:42So in this query, we're looking for dc-nug.nuggetlab.com.

5:47Also in this packet capture is gonna be very kind

5:49and tell us where the response is.

5:51So I'll click on packet 13,

5:53the hyperlink there to take us to packet 13,

5:55and here is the response.

5:57So for the response here in this response packet,

5:59here are the answers.

6:01So if we scroll down,

6:02there's the two addresses from a DNS server

6:05based on the DNS request that we made.

6:07So I'm going to update the IP address here

6:09to add 192.168.1.100

6:14as also an address that is used by this server.

6:17So once the client made the DNS request

6:20and learned about the actual IP address,

6:21it included the IP address in the Layer 3 header

6:25in that compartment as part of the TCP/IP protocol stack

6:27for communicating with that server.

6:29So if this was the letter,

6:31we'll go ahead and put the letter here.

6:32In the Layer 3 header section,

6:34it would have the destination address.

6:36And depending on what the computer actually wanted to use,

6:39it could use either of those addresses

6:40because it got both of those back.

6:42It would also include the source information

6:44for this computer.

6:45So this computer is at 10.10.0.50,

6:50and that source and destination information

6:52would be included as part of the network layer

6:54or Layer 3 header information here as part of the request

6:58that this computer's about to send out to the network.

7:00Another question that might come up is,

7:01"Okay, how exactly do we verify

7:04what the local IP address is on this local computer?"

7:07And the answer is we can simply ask it.

7:09Now, it's gonna vary a little bit

7:11based on whether it's a Macintosh

7:13or whether it's a Linux computer or a Windows computer.

7:16So since we have our Windows computer up and running,

7:18let me show you how simple it is

7:20to ask this computer what its IP address is.

7:23And it would go something like this.

7:24On a Windows computer, it's ipconfig,

7:26I-P-C-O-N-F-I-G with no spaces, press Enter.

7:29And that's gonna show us the IP address

7:31or addresses if there's multiple adapters

7:32and multiple addresses

7:34on the actual network interface cards.

7:36So here on this computer,

7:37it has the IP address of 10.10.0.50.

7:41We'll take a closer look at the mechanisms,

7:43including the mask and so forth.

7:44It's used as part of that.

7:46And also this computer has learned

7:47that if it needs to get off the local network,

7:49for example, if it needs to go out to 10.20

7:51or 23.58.70 or some other address that's not local,

7:56it can go ahead and forward the traffic

7:58that it's gonna send to its default gateway,

8:00and then it's up to the default gateway,

8:02also known as a router,

8:04to go ahead and forward that traffic

8:06in the correct direction towards the final destination.

8:08So the takeaway here

8:09is that with this command on a Windows computer, ipconfig,

8:12it's gonna show us the actual IP address

8:14associated with this computer's network card.

8:17So let me go ahead and do a little cleanup here on IL9.

8:20So in our example so far,

8:22the green represents the application layer.

8:24The TCP and UDP are two examples of protocols

8:27that can be used at Layer 4 or the transport layer.

8:30And now at Layer 3, the network layer,

8:32and I'll put this in blue, we have the IP information,

8:35including the source and destination IP addresses

8:39that are gonna be used for the communications

8:41on the network.

8:42So that'd be true for an HTTP request

8:44and it'd also be true for a DNS request.

8:46So the IP information would be logically included

8:49right here in the Layer 3 header,

8:51including the source and destination addresses.

8:55In fact, we still have a packet capture open

8:57from our initial conversation

8:59from this computer over to the server.

9:01So we can take a look at that right now.

9:03So here at our client computer,

9:05if we go back to our packet capture,

9:07and let me go ahead and do a filter for HTTP

9:09in the upper left.

9:10So here is an HTTP request, HTTP is using TCP at Layer 4.

9:15And then the next layer, which is the network layer,

9:18has the information about the IP addresses.

9:20So if we open up this packet,

9:21let me go ahead and open it up and take a closer look.

9:24So here's showing us that in the IP header,

9:26effectively the Layer 3 section

9:28of the TCP/IP protocol stack,

9:30the main ingredients here are the source

9:33and destination IP addresses.

9:35So for the source,

9:36it's specifying both here and the summary at the top,

9:38and also here specifying the source is 10.10.0.50.

9:41That's our computer's IP address

9:43where it's making the request from.

9:45And when we did the capture,

9:46we were sending the traffic to the website at 10.20.0.100.

9:51And again, the source and destination IP address information

9:54is logically included in the Layer 3 component

9:58or compartment of the TCP/IP protocol stack.

10:00And oftentimes, that's referred to as a IP header.

10:03Think of a header as the space or section

10:05where we're gonna keep that information.

10:07So this is pretty much the discussion

10:08I wish somebody had had with me 25, 30 years ago

10:12when I first started getting into IP networking

10:15because by breaking it down

10:16into these logical sections or components,

10:19it's easier to understand those individual components.

10:23And if you're wondering,

10:23"Well, are we gonna cover the rest here,

10:25the data link and the physical layer?"

10:27The answer is absolutely yes,

10:28and that will be in an upcoming video.

0:00<v Instructor>As we work our way down the protocol stack,</v>

0:02at the data link layer, there is a fascinating little thing

0:05that happens on every single network adapter.

0:08And this applies to wired connections,

0:10where a physical wired connection that goes into a switch,

0:13or if we have a wireless connection,

0:15every single network adapter on these computers

0:17has it's own address and this is burned in from the factory.

0:21So when you get a computer, it has a network interface card,

0:24again, whether it's wireless,

0:25or a physical network interface card

0:26that's physically connected to the network,

0:28the manufacturer has burned in a little layer two address.

0:33And as a result, this little address

0:34has many different names that it can be referred to as.

0:37One is, we could call it a layer two address,

0:39or because it's burned in by the manufacturer

0:42to the network interface cards,

0:43sometimes it's called a burned in address.

0:46That's BIA for short.

0:47Also because it's part of the physical card,

0:49sometimes it's referred to as the physical address,

0:52or it can also be referred

0:53to as media access control address.

0:56But we just abbreviate that as MAC,

0:57not to be confused with Macintosh,

0:59but rather media access control.

1:01And because most of our networking today is with ethernet,

1:04sometimes that burned in layer two address is referred

1:06to as an ethernet address.

1:07So that is five different terms for that little address

1:11that is burned in to the individual network interface cards.

1:15Also, the network interface card has it's own acronym

1:17that is a NIC for short.

1:19So if you see network adapter, network interface card,

1:22or NIC, they're referring to the little network adapter

1:24that's in these computers that's allowing them

1:26to communicate with the network.

1:28So one of the cool observations is that in addition

1:30to having a layer three logical IP address that we're using

1:34to communicate back and forth with,

1:36at the individual network interface card,

1:38we have an additional address.

1:40Again, we can call it layer two address,

1:42or burned in address or physical address or MAC address,

1:44or ethernet address.

1:45And this is represented by 12 characters,

1:471, 2,

1:483, 4,

1:505, 6,

1:517, 8,

1:529, 10,

1:5311, 12.

1:54And I got a little bit creative here at the end,

1:56because these 12 characters are not written

1:59in normal decimal.

2:01They are representing hexadecimal characters.

2:04Behind the scenes, each hex character represents four bits.

2:06So we'll have a further set of discussions regarding binary,

2:09and decimal and hexadecimal.

2:11But for now, I just wanna point out

2:13that these burned in addresses,

2:14these layer two addresses, these ethernet addresses,

2:17they are represented by 12 characters,

2:19and behind the scenes, that's representing a 48 bit address.

2:23And it's up to the manufacturers

2:24to make sure that they're all unique.

2:26And the way I like to think of it is like this.

2:28Let's imagine we have our street.

2:29So let's say this is Elm Street,

2:31and we have a house on Elm Street, maybe it's house 51,

2:34and house 52 and house 53,

2:37or in a computer network,

2:38this could be network 10.10.0.0.

2:42And this could be host with the IP address ending

2:45in 51 and .52 and .53.

2:48And the analogy that makes sense

2:49for me is imagine that these houses,

2:52they don't have their own individual mailboxes

2:54right in front of the house.

2:56Instead, they have a community mailbox area

2:59with multiple slots.

3:00Let's say there's slot number one and slot number two,

3:03and slot number three and slot number four and so forth.

3:05And so the mail carrier, when they deliver the mail

3:08to the final destination,

3:10they go to the common mailbox area,

3:12and then they have to know,

3:13for example, slot one, it goes to house 51,

3:16or slot three or slot four goes to house 52,

3:20or whatever the mapping is there.

3:22And that way the mail person can go ahead,

3:23and put the mail in the correct slot.

3:25So think of these individual slot numbers,

3:27think of those like the individual burned in,

3:29or layer two addresses on these computers.

3:32So before the computer sends traffic out onto the network,

3:35they are going to include at layer two,

3:38they're going to include the source,

3:40and destination layer two addresses.

3:43And again, we could use any of these names

3:45as we're specifying those layer two addresses.

3:47So at layer three, they're including the source,

3:49and destination layer three IP addresses.

3:51And at layer two, it's gonna be including in that header,

3:53in that section, the source,

3:55and destination layer two addresses that that data's

3:58gonna need as it progresses it's way through the network.

4:01So one of the questions that may come up is,

4:02"How do we tell exactly what the layer two address

4:06is on a computer?"

4:07And the way you determine that layer two address

4:09varies a little bit based on the platform.

4:12So because we are currently working with a Windows client,

4:14let's take a look for a moment,

4:15and identify on this Windows computer right here,

4:18exactly what it's layer two address is.

4:21So here to command prompt on this Windows computer earlier,

4:23we did the command ipconfig

4:25to show the local IP address on this computer.

4:27And we can use that same command again,

4:29ipconfig /all or we could do a

4:33<v ->all.</v>

4:34And on more modern versions of the Windows operating system,

4:37the -all works as well.

4:39And what that command does, ipconfig -all or /all,

4:43either way is great,

4:44that's gonna show us the network interface cards.

4:46And it's also gonna show us the layer three information,

4:49including the IP address here.

4:50And it's also gonna show us the layer two information.

4:54So here, it's calling it the physical address,

4:56but what we're looking at here is the layer two address,

4:59the physical address, the MAC address, the hardware address.

5:02They're all referring to this 12 character address

5:05that's been assigned by the manufacturer.

5:07That information is gonna be included

5:09in the layer two header for any traffic

5:12that this computer is sending out to the network.

5:14And we can also verify that,

5:15because we still have our packet capture open.

5:17So we bring back our packet capture here.

5:19Here is our HTTP session at the application layer.

5:22Here's the transmission control protocol, layer four,

5:25here's the internet protocol at layer three.

5:27And here is the layer two header information.

5:30And the key part here is the source MAC address.

5:33Check it out, 14:75:5b:67:83:10, that's this computer,

5:38our client computer's MAC address

5:40that it included in the layer two header information

5:43of traffic before it sends it out to the network.

5:46It's also going to include in the layer two header,

5:48the layer two address of the next destination

5:51that it needs to forward to.

5:52So as far as whose destination layer two address

5:55is it going to include,

5:56that's a discussion for another set of videos.

5:59But for now, I wanna just reinforce the concept

6:01that the layer two information includes the source,

6:05and destination layer two addresses that are gonna be used

6:08by the network devices to forward

6:10that traffic onto it's destination.

6:12So if we went back to a command prompt,

6:14here, we have the default gateway that

6:16this computer's gonna use.

6:17So effectively this computer says, "You know what?

6:19If I'm gonna send traffic to somebody

6:21on a different network."

6:22So this computer's on the 10.10.0 network,

6:24if we're gonna reach out and talk

6:26to a server at 10.20 something,

6:28this computer's gonna use it's default gateway,

6:31and for the traffic there.

6:32And as part of using it's default gateway,

6:34this computer would also need to learn the layer two address

6:38of it's default gateway.

6:39And the method that we're gonna use in IPv4 networking

6:42is the protocol called ARP.

6:44So on a Windows computer, if we type in ARP,

6:46which stands for address resolution protocol,

6:49think of it like DNS for layer two.

6:52And on a Windows computer, if we do an arp -a,

6:54that'll show us all the cached ARP entries.

6:57So right here is showing us that this computer

6:58has dynamically learned the layer two address

7:01for it's default gateway, 10.10.0.1.

7:04And that layer two address is this one right here,

7:06ending in 0.0.0.8.

7:09And if we go back to our packet capture,

7:10that would've been the destination layer two address

7:13that this computer included as part of the layer two header.

7:16In fact, let's take a peek.

7:17So right here in the layer two header information,

7:19here, it's showing the destination layer two address

7:22is the one ending in 0.0.0.8,

7:24which is the corresponding layer two address,

7:27the MAC address, hardware address, physical address,

7:29ethernet address that's associated

7:31with the default gateway's network interface card.

7:34And that's useful because we're gonna need

7:35to forward traffic at layer two

7:38over to that default gateway,

7:39so that when that data gets to the default gateway,

7:41it can take that information including

7:44what's in the layer three header and forwarding it

7:46on towards this final destination.

7:48So lemme clean this up a little bit,

7:50and here, we'll jot down at layer two

7:52that we're including the MAC addresses.

7:55Again, we could call that the ethernet addresses,

7:57or layer two addresses or physical addresses.

8:00And I'm gonna go ahead and choose to use MAC addresses here,

8:02including the source and destination MAC addresses.

8:05And we just saw that a moment ago in the layer two header.

8:08And that would be true if we're doing HTTP

8:10at the application layer or DNS at the application layer.

8:13As we get it on the protocol stack,

8:15we're including the source,

8:16and destination layer two addresses

8:19before we're sending this information out on the network

8:21to be forwarded to it's final destination.

8:23So once this computer has gathered all this information,

8:26we then come to the point where we're gonna have to send it,

8:28and that's the physical layer which we're gonna chat about

8:31in the next clip.

0:00<v Instructor>So now as we take a look</v>

0:01at all the work our client has done

0:02before ever sending the data into the network,

0:05it has included the application layer information,

0:08whether it's a DNS request or an HTTP or HTTPS request.

0:12It's added the appropriate layer

0:13for a protocol that's associated and well-known

0:15with that application layer service,

0:17whether it's TCP or UDP,

0:19it's included the source

0:21and destination IP addresses at layer three

0:23in the layer three header.

0:24If it didn't know the destination layer three address,

0:26it would do a DNS request to find that information.

0:29It would then include at layer two,

0:31the source and destination MAC addresses,

0:33and then it's finally time to get busy and send the data.

0:36And that's at layer one.

0:37So layer one represents the actual connectors and signals

0:42and the media that's used to forward that traffic.

0:45And so our primary media options here

0:47in the world of ethernet networking

0:49and high-speed networking today

0:51include ethernet and the ethernet standards.

0:54And that would include both copper and also fiber optics.

0:57And we also have a large portion of our devices now

1:01that are using wireless communications as well.

1:03So in that sense,

1:04the airwaves are acting as part of the physical layer

1:08for the communication of that data into the network.

1:11So here's a fair question.

1:12Why does this computer

1:13who's trying to simply go to a website,

1:15why does it have to go through all the work

1:17of including source and destination IP addresses

1:19and the MAC addresses involved for forwarding that traffic?

1:23And the answer is that the devices in the network

1:26are gonna be using that information to forward it.

1:29And let me give you a sneak peek at what I mean by that.

1:31When that information enters the network,

1:34a device called a switch,

1:35specifically a layer two switch,

1:37is gonna be looking at that information

1:39in the layer two header,

1:39including the source and destination layer two addresses

1:42to make a forwarding decision at layer two.

1:44And that's what a traditional layer two switch does,

1:47it makes forwarding decisions based on MAC addresses

1:49or physical addresses.

1:51And then routers, when they receive the data on the network,

1:53they're looking at the source and destination IP addresses,

1:56and they're making a forwarding decision

1:58based on the destination IP address.

2:00So in the case of this client talking to the server,

2:02the router would look at that layer three information

2:04and hopefully if it knew how to forward,

2:06it would forward this direction to the firewall

2:08who then forward it over to the server.

2:09Also, there's some general terms

2:11regarding data at those layers.

2:14So if somebody's talking about the network layer

2:16and the IP address information there,

2:18we could call that a packet, for example,

2:21a packet of data that's being sent.

2:23If we're focusing and putting our attention

2:25into the layer two header information,

2:27which includes the source

2:28and destination MAC addresses,

2:30we could refer to that as a frame of data.

2:32And as that data is actually being sent over the network,

2:35we could refer to that as just a series of bits

2:38being sent over the network like Morse Code,

2:40beep, beep, beep, beep, beep, beep, beep, fast, fast, fast,

2:43but being sent one bit at a time.

2:45Or if we're focused on the TCP

2:47or UDP portion of the protocol stack,

2:50we could refer to that as a segment.

2:52And like many things in life,

2:54these are not hard and fast rules.

2:55In fact, most of the time with casual conversations,

2:59we're gonna be just talking about packets

3:00being sent back and forth over the network,

3:03regardless if we're focusing on layer two

3:05or some other aspect of the traffic that's being sent.

3:09So if we wanna be literal,

3:10we can talk about packets at layer three

3:12and frames at layer two.

3:13Or if we just hear somebody talk about packets,

3:15we need more information or context

3:17to make sure we understand exactly

3:19what they're talking about.

3:20Because somebody could say,

3:21we're saying a packet as a DNS request over to a DNS server,

3:24or we're saying a packet over

3:26to a HTTP server for web services.

3:29And so take the actual terms here

3:31with a little grain of salt.

3:32So we get to have future sets of discussions,

3:35you and I, regarding details at the application layer

3:38and at these various layers of the protocol stack.

3:40And the key takeaway for this set of videos

3:42is just to be aware of the types of content

3:46that are gonna be included at these various layers

3:48of the TCP protocol stack

3:50and that it's up to the clients to gather and collect

3:53and put all that information together.

3:54And this process is referred to as encapsulation.

3:58And the reason it's referred to that

3:59is because we're starting with the client

4:01making some type of request,

4:02but then they're adding the TCP information

4:04in the case of HTTP, they're adding IP information

4:07and they're adding the layer two address information.

4:09And so we're adding on

4:10and encapsulating the original request

4:12with this additional content before we send it.

4:15And the reverse process happens

4:16when the traffic is finally delivered to the server.

4:18It'll take a look at the layer two information,

4:20say, oh, that destination is my MAC address.

4:23It'll then continue to look at the layer three information,

4:25say, oh, that destination is my IP address.

4:27It'll then take a look at the layer four

4:29and the server will say, yep, I'm running HTTPS

4:31on the well-known ports associated with this TCP protocol.

4:34And at that point it can then go ahead and respond back.

4:37And that process of opening up the traffic

4:39and looking at all the individual parts

4:41as it goes up is referred to as deencapsulation.

4:44And again, we'll have more discussions

4:45in future sets of videos

4:47regarding additional detail on TCP/IP

4:50and how those components interact and work together.

0:00One of the best ways to help reinforce the concept and to build skills is hands

0:05-on practice

0:05and that's exactly what you and I get to do right now in this hands-on lab.

0:09And for this lab, although there's a lot of network objects shown here in this

0:13topology,

0:13we are going to focus our attention right here on this Windows 11 computer that

0:18is called

0:18Client-Nug.

0:20And so to help make sure that we are on the same page, the same sheet of music,

0:24let me

0:24show you from the lab environment exactly how to access this little virtual

0:28machine.

0:29So here in the lab environment, here in the upper right hand corner is our

0:33little shortcut

0:33for client-nug.

0:34So if we go ahead and double click on client-nug right there, it'll bring up

0:38the window for

0:39that virtual machine.

0:41So this is our client-nug VM and I also have a little copy of our topology

0:44right here for

0:45added convenience.

0:46So if you want to double click on this icon here for the lab topology, you can

0:49open that

0:49up if you want a little smaller, you can zoom in and out using these controls

0:53in the bottom

0:53right right here.

0:54And again, this is just a convenience right here in the lab environment.

0:56It's the same topology that we also have in the skill itself.

1:00So again, this little virtual machine right here that we're not working with

1:03represents

1:04this little PC in our topology.

1:06And for this lab, we're going to do most of our work from right here from this

1:09client-nug

1:10machine.

1:11So with that in mind, let's go back to our lab tasks and take a look at what we

1:13're asked

1:14to do in this lab.

1:15So on this Windows 11 client-nug computer, I would love you to identify what is

1:20the layer

1:21three IP address is currently assigned to this computer.

1:25And then secondly, it also like you to identify what is the layer two MAC

1:28address.

1:29That's the burned in hardware address, sometimes called the physical address or

1:32the layer two

1:33address or the burned in address.

1:36And both of these can be discovered on a Windows computer by using the command

1:39IP config

1:40in a space, then either a slash all or you can also on the current version of

1:44Windows,

1:45you can also do a dash all and either option slash all or dash all will give

1:49you not just

1:49the layer three information, but a whole bunch of other details, including the

1:53layer two

1:53address regarding the network interface card on that computer.

1:56I'd also encourage you to jot down whatever that IP address is that you

1:59discover on that

2:00computer, whether that's an online document that you're using or a physical

2:03piece of paper,

2:04either way is great, but make a note of what the layer three address is and

2:07also what the

2:07layer two address is associated with the network interface card on that Windows

2:1111 computer.

2:13And there's two reasons for that one, I want you to be able to identify what

2:15those addresses

2:16are and also remember that they're associated with layer three and layer two

2:20from the protocol

2:20stack. And then secondly, we're going to be leveraging that information later

2:24on when

2:24we take a look at a packet capture. All right, so let me clean that up just a

2:28little bit.

2:28And the next thing I'd love you to do right here on this client and machine is

2:31to open

2:32Chrome. There's a shortcut on the taskbar. We're going to go ahead and show you

2:35that

2:35real quick. So here on our client and a computer right here, I've got on the

2:39taskbar, a little

2:40shortcut for Chrome. So that is right here. You can go ahead and click on that

2:44once to

2:44go ahead and open it up or you can also double click if you choose to double

2:47click on the

2:47shortcut here on the desktop. So as an example, I'm going to go ahead and click

2:51on Chrome

2:51in the taskbar. There it is. And then here I have a bookmark for server one dot

2:56nuggetlab.com.

2:57So what I'd love you to do is simply click on that bookmark right here for

3:01server one.

3:02And that's going to open up the web page that server one is providing. So what

3:05's happening

3:05is we're going to be sitting at client nug and the actual web page we're

3:08opening up is

3:09from this server over here, server one. And this is the actual URL is being

3:12used behind

3:13that bookmark. Now behind the scenes, one of the magical things that's going to

3:16happen

3:17is this client needs to figure out, okay, what is the actual IP address behind

3:22this

3:22URL server one dot nugget lab.com. So in the background, the client is going to

3:27be making

3:27a DNS request to ask a DNS server, hey, what is that IP address? And then after

3:32that,

3:33it can then go ahead and start making its communication requests for HTTP

3:37traffic for

3:37web services to the IP address that it learned from DNS. And because in this

3:42lab, my focus

3:43is for us to reinforce the concept of the protocol stack. What I've done is I

3:47've created a capture

3:48packet from wire shark that includes the DNS request and the HTTP request from

3:53this client

3:54to the DNS and web server. So long story short, once you open up this URL, the

3:58DNS and the

3:59HTTP as a result of that are going to happen in the background. And then what I

4:02'd like

4:02you to do is open up that capture packet. And I'd like you to identify from

4:07that capture

4:07that wire shark capture the following for packet number one that's inside this

4:12capture

4:13file. I'd like you to identify what is the application layer protocol? Is it

4:18HTTP or

4:18is it DNS or is it HTTPS or is it SSH or is it some other application layer

4:23protocol?

4:24It'll be shown inside the packet capture. And that is again for packet number

4:28one. Now

4:29once you've answered that question, I'd like you to reinforce our knowledge of

4:32layer four

4:33of the TCP/AP protocol suite by identifying from packet number two, what is the

4:38transport

4:39layer protocol that's being used at layer four? And then for packet number

4:42three, I'd

4:43like you to identify at the network layer, what is the source IP address

4:47included as

4:48part of that packet? And again, the goal here is to help reinforce the concept

4:52of behind

4:53the scenes, this logical protocol stack, this logical network model that we're

4:58using to

4:58communicate back and forth over a network. And then for packet number four and

5:02the packet

5:02capture, I'd like you to identify at the data link layer, that's layer two, I'd

5:07like

5:07you to identify what is the destination layer to address for the packet shown

5:12here in entry

5:13number four in this packet capture. And just to make sure that you know exactly

5:16where this

5:17packet capture is, let me show you that as well. So back in the lab environment

5:21here

5:22in the client and the computer, I'm going to minimize the browser there. And I

5:25'll go

5:25ahead and also minimize the command line there. And here on the desktop is that

5:29capture

5:30file called DNS plus HTTP capture. So once you've opened up that web page that

5:35goes to

5:35the server, I'd like you to then go ahead and open up this capture file simply

5:38by double

5:39clicking it right here on the desktop of the client and a computer. And just to

5:43confirm

5:43that's all in order, let me go ahead and double click on DNS and HTTP capture.

5:47And

5:47there it is. So we have four packets that are shown here. And what I want you

5:51to do

5:51is by taking a look at each of these, we can look at the details at each of the

5:55layers

5:56of the protocol stack. For example, in packet number three here, if we click on

6:00that, it's

6:00showing us that the application layer services HTTP. And that's using at layer

6:06four, the

6:07TCP protocol. So you can go ahead and collapse or expand these to take a closer

6:11look. So

6:12up here, you click on the actual entry itself. And then down here, you can

6:15expand each of

6:16the individual sections. And for this packet capture that I did, I captured the

6:20traffic

6:20right here as is going in and out of this network interface card on our windows

6:25client

6:25machine. So that my friend is the lab exercise, have some fun with it. And then

6:29once you're

6:29done, you identify the application layer protocol in packet number one and the

6:34transport layer

6:34protocol and packet number two and so forth. Please feel free to join me and

6:38they'll walk

6:39through where we'll walk through the entire process together. So have some fun

6:43and I'll

6:43see you when you are ready.

0:00In this walkthrough, our objective is to walk through the lab tasks.

0:03Then what we can do is we can compare what we discover and

0:07glean here in this walkthrough with the results you got when you did the lab on

0:11your own.

0:11The goal here in this lab is to help reinforce the concept of the IP protocol

0:16stack,

0:16and the actual functions and the layers associated with various protocols as

0:21computers like

0:22this client and that computer right here communicates with a server over here.

0:25With that in mind, let's go to our lab environment and let's do this walk

0:29through together.

0:29So here in the lab environment, I'm going to go ahead for convenience.

0:32I'm going to double click on the icon for the lab topology right there.

0:35And then I'm going to make it a little bit smaller and go ahead and

0:38simply move it over the right a little bit so I have it in eyesight all the

0:42time.

0:42Great, great, great switch right there.

0:44And then we're going to move our attention up in the upper right hand corner to

0:47client-nug.

0:48We'll double click on it to open up the interface for that Windows 11 client

0:52machine.

0:53So here is client-nug right here.

0:55We'll give that a minute to initialize and I'm going to scootch this a little

0:58bit to the left as well.

0:59Fantastic, so the first task asks us to identify the layer two and layer three

1:04addresses associated

1:05with the network interface card on this client-nug computer.

1:08So to do that, we're going to open up the command prompt.

1:10So I've got a shortcut there on the taskbar.

1:12And if we run the command IP config as currently shows right here, that's going

1:16to show us

1:17information such as the IP address.

1:19So we got that part, that's 10, 10, 0, 50, fantastic.

1:22However, what it's not showing us is not showing us what the layer two address

1:26is.

1:27So for that, what we're going to do is the same command IP config, but this

1:30time do a

1:31dash all.

1:32Or if you're in older version of Windows, you might need to do a slash all.

1:35Either way works great because we're here on a Windows 11 computer.

1:39And this in addition to showing us the IPV for address right here, which is 10

1:43dot 10 dot

1:440 dot 50 for our little client-nug machine.

1:46It's also showing us what the layer two address is.

1:48So on this network interface card, this physical address, which goes by many

1:52different names,

1:53such as the layer two address or the MAC address, meaning media access control

1:58address or the

1:59burned in address.

2:01Those are all referring to this 12 character address and behind the scenes that

2:0412 characters

2:05that's in hex.

2:06And it actually represents 48 bits of data.

2:09And we'll get it more into hex when we look at IPV six.

2:11But for now, I just want to be aware that that is the layer two address on this

2:14network

2:15interface card.

2:16And the IP address is the layer three address.

2:19And we've now just completed this first two tasks as far as the lab goes.

2:23The next task was asking us to go ahead and in Chrome, open the bookmark up to

2:27the server.

2:28So we'll go ahead and I'm going to click on the taskbar icon for Chrome to open

2:32it up

2:32right here inside of our client-nug computer.

2:35And then we'll go ahead and in the upper left hand corner, I've got the

2:38bookmark right

2:39here for server one dot nuggetlab.com using HTTP.

2:42So we'll go ahead and click on that bookmark right there.

2:45And that presents the web page being served up by that server.

2:48So client nug is acting as the client in this case.

2:51And our server one is acting as in this example, the web server.

2:54So I'll go ahead and close that.

2:56And then the lab is asking us to open this file right here, the DNS and HTTP

3:00capture

3:01file.

3:02So I'm going to go ahead and double click on that capture file on the desktop.

3:05And there it is.

3:06And now I've got four packets in this capture and the lab is asking us

3:10regarding packet number

3:11one.

3:12So I'm going to go ahead and click right here on packet number one.

3:15The details for that packet are just played down here.

3:18That is the application layer protocol being used in that packet.

3:21So right here it's showing us that it's using DNS.

3:24So that is the application layer service or the application layer protocol that

3:28's being

3:29carried in this specific packet domain name system.

3:32And that's the service that allows us to discover from a DNS server what the

3:36actual IP address

3:37is behind a name.

3:39So when we went to server one dot nuggetlab.com, we made a DNS request that

3:44said, hey, I need

3:45the IP address associated with that host and as a result, we got a response

3:49back that

3:50gave us the information about the IP address behind that server.

3:53And that's here in packet two, but that's going a little bit beyond what we

3:55asked in

3:56the lab.

3:57So in the lab, it just asks us what is the application layer protocol for

3:59packet number

4:00one and it is DNS.

4:02That's the application layer service.

4:04Then for packet number two, the lab is asking us what is the transport layer

4:08protocol used

4:09for packet number two.

4:11So here is packet number two.

4:13And what that is, that's the actual response from the DNS server.

4:16And so if we look here in the details for that packet capture at the

4:19application layer

4:20is DNS and then at the layer four at the transport layer, it's using UDP.

4:25And that is the layer four protocol that the original flavor of DNS is going to

4:30use as

4:30it communicates between a client and a server.

4:32Now there are some more advancements as time marches forward, but that is like

4:36the classic

4:37layer for protocol used with traditional DNS user, data gram protocol.

4:42Or as its friends like to call it UDP.

4:45So for this one, this is layer three, the network layer, we're asked to

4:47identify what

4:48is the source IP address that'd be the layer three address in packet number

4:52three.

4:53So let's go back to our client and a computer.

4:55We'll go to that packet capture.

4:56We'll click on packet number three.

4:58And let's take a look at the details for the network layer in that packet

5:02capture.

5:02Also, if you want this output bigger or smaller, there's options up here in the

5:05menu bar on

5:06top to make it bigger by clicking the plus symbol there on the magnifying glass

5:09or smaller

5:10by clicking on the negative.

5:12Please don't want us to see in the lab.

5:13So what we want to do is we want to make sure that packet number three right

5:16here is selected,

5:17which it is.

5:18So if we run through this, we have the HTTP.

5:20That's the application layer service.

5:22And that layer four, we have TCP.

5:24And then here at layer three, the internet protocol, that's our actual question

5:27in the

5:27lab.

5:28Let's expand that.

5:29I'm going to scooch this up just a little bit as well.

5:31It gives a little more room here.

5:32It's asking what is the source IP address.

5:34In fact, even without expanding that, we can see right here the source address

5:38in this

5:38packet is 10, 10, 0, 50 and the destination layer three address at layer three

5:43shown in

5:44this packet is 10, 40, 0, 100.

5:46So the answer to the question in the lab is for packet number three at layer

5:51three, the

5:51source address is 10 dot 10 dot 0 dot 50.

5:54So from our previous discovery, we would know that, hey, that's the IP address

5:57that source

5:57address is the IP address associated with the client nugg windows 11 computer

6:02that we're

6:02currently sitting at.

6:03And then the destination is 10 dot 40 dot 0 dot 100 and based on the

6:07application layer

6:08service here of HTTP, that's very likely our web server because that's exactly

6:12what we're

6:13sending over.

6:14And that's an HTTP request to that server.

6:16But again, for the lab, they're just asking about the source address, which is

6:1910, 10,

6:200, 50.

6:21And then the fourth question is what is the layer two or the data link layer

6:24destination

6:25address for packet number four.

6:27So we'll go ahead and simply click on packet number four.

6:29We'll simply go ahead and take a look here at the layer two information.

6:32Now, it says ethernet two.

6:35That just so happens that it's also referring to layer two of the protocol

6:38stack.

6:39But just be aware where it says ethernet two, that is not meaning OSI or model

6:43layer two,

6:44it just happens to be another iteration of ethernet protocol over time.

6:47But hey, if it helps us remember, if we see ethernet two that that's referring

6:50to the

6:51layer two information, that's a win.

6:53We can use that as well.

6:54So here in the ethernet header is showing us the source layer two address and

6:59also the

6:59destination layer two address.

7:01So the destination layer two address here in the packet capture is this one

7:06right here.

7:06So this is the actual layer two address.

7:09And then this part here where it says Microsoft, that's just the wire shark

7:12packet capture

7:13helping us to identify that, hey, these first six characters are associated

7:17with Microsoft.

7:18But the actual layer two address is this one right here.

7:21And this layer two address, the destination layer two address happens to match

7:24up with

7:25the actual layer two address of the client and the computer.

7:28So that means that this frame of data at layer two was being sent to the layer

7:32two address

7:33of this Windows computer client nug.

7:35And to verify that we could go back to our command line here and just confirm

7:39the layer

7:40two address.

7:41So it's going to look at the last four characters there, 0408 and sure enough,

7:46that's the last

7:46four characters here as well.

7:48So the purpose of this hands on lab, which focused right here from the

7:51perspective of

7:52client nug is to help reinforce that when clients connect to servers and

7:56devices communicate

7:57over a network, there are a series of protocols that are being used and help

8:01structure make

8:02sense of that.

8:03We use a network model where each of the layers has a specific responsibility

8:07like layer two

8:08with layer two addresses and layer three with IP addresses.

8:12And at the transport layer protocols like TCP and UDP and at the application

8:16layer application

8:17layer services like DNS and HTTP.

8:20And as we continue this journey together, you and I are going to have a lot of

8:23opportunities

8:23to get much more hands on practice, not only with end devices like, for example

8:28, Windows

8:29clients and Windows servers, but also as we proceed together, we'll have more

8:32opportunities

8:33to deal with infrastructure devices like Cisco layer two switches that make

8:37forwarding decisions

8:38based on layer two information.

8:41And we'll take a look at layer three routers, which are making forwarding

8:44decisions based

8:45on layer three IP addresses.

8:47And again, the takeaway from this lab and this set of videos, it's helped

8:51reinforce the

8:51concept that behind the scenes, we are using network models to make sense of

8:56and to categorize

8:57the individual components and functions that need to happen to move data across

9:01a network.

9:02And in this example, we're using the protocol called IP, which is short for

9:06internet protocol.

9:07So thanks for joining me in this set of videos and for this hands on lab.

9:11And I look forward to seeing you my friend in another set of videos and another

9:15lab in

9:15the very near future.

9:17Until then, remember to smile, continue having fun, keep putting in the time

9:20and I'll see

9:21you in the next video or lab.

9:23Until then, I hope this has been informative and I'd like to thank you for

9:26viewing.