WEBVTT 00:01.047 --> 00:02.093 - All right. 00:03.180 --> 00:04.970 Testing, good levels, ready to go. 00:04.970 --> 00:06.070 All right, we're good. 00:09.270 --> 00:11.780 This next section is probably my second favorite section 00:11.780 --> 00:13.980 just 'cause it's kinda cool stuff. 00:13.980 --> 00:17.420 Show of hands, people with a networking background, 00:17.420 --> 00:19.010 OSI model, blah blah blah, 00:19.010 --> 00:21.790 all that other kind of fun stuff, please? 00:21.790 --> 00:23.745 Remember that question you asked me downstairs? 00:23.745 --> 00:25.617 - Yes. - That's kind of what... 00:25.617 --> 00:27.141 (presenter chuckles) - I know a bunch of this stuff 00:27.141 --> 00:29.376 'cause I teach some of it 00:29.376 --> 00:33.326 but I've never actually (speaking faintly). 00:33.326 --> 00:35.253 - You've never actually what? - I teach it 00:35.253 --> 00:37.850 but I never actually bothered to learn it. 00:37.850 --> 00:38.683 - Yeah. 00:40.711 --> 00:41.943 This is a cool section. 00:43.090 --> 00:44.253 It's really fun. 00:45.710 --> 00:47.520 We're gonna do a lot of, like it says here, 00:47.520 --> 00:49.803 talking about the OSI model and everything. 00:51.140 --> 00:53.230 In my opinion, this section 00:53.230 --> 00:56.320 is really kind of the foundation for a lot, 00:56.320 --> 00:58.453 just being in this field. 00:59.570 --> 01:01.920 When I got started in this field, it was funny, 01:03.278 --> 01:06.860 my buddy across the street who was a sales engineer, an SE, 01:06.860 --> 01:08.820 and he said, he goes, "Yeah, I think you ought to be an SE." 01:08.820 --> 01:09.840 I go, I don't know what that is. 01:09.840 --> 01:12.057 He says, "Well, it's a technical person 01:12.057 --> 01:14.037 "who pairs up with a salesperson 01:14.037 --> 01:16.277 "and you're in charge of the technical sale, 01:16.277 --> 01:18.167 "and you have to be technical 01:18.167 --> 01:19.657 "but you can't be too technical 01:19.657 --> 01:21.377 "'cause some people who are really technical, 01:21.377 --> 01:22.227 "you can't speak to them 01:22.227 --> 01:25.197 "'cause they don't talk to humans very well. 01:25.197 --> 01:26.907 "And then you can't be, 01:26.907 --> 01:28.637 "you have to be social but not sales-y 01:28.637 --> 01:30.760 "'cause nobody wants another sales guy in the room." 01:30.760 --> 01:31.593 I said, okay. 01:32.480 --> 01:34.170 How do you go about this? 01:34.170 --> 01:35.947 He goes, "Well, you ought to go get this certification. 01:35.947 --> 01:37.167 "It's called an MCSE." 01:37.167 --> 01:39.820 And I said, okay, I don't know anything about that. 01:39.820 --> 01:41.350 And, of course, he brings out a stack of books 01:41.350 --> 01:44.150 about this tall and says, "Here you go, start studying." 01:45.110 --> 01:46.980 It's funny, I actually had to borrow money 01:46.980 --> 01:49.050 from my (chuckling) wife to go do this computer school 01:49.050 --> 01:50.780 to get the certification. 01:50.780 --> 01:52.740 But I remember when I wasn't sure 01:52.740 --> 01:53.950 if I was gonna go into the industry, 01:53.950 --> 01:56.030 one of the books that I read 01:56.030 --> 01:57.437 and was the basis of everything, 01:57.437 --> 02:00.190 it was called Networking Essentials. 02:00.190 --> 02:01.330 It was about this thick. 02:01.330 --> 02:03.300 And I told my wife, I said, here's what I'm gonna do, 02:03.300 --> 02:04.680 'cause she told me to drop out of school. 02:04.680 --> 02:05.960 I said, all right, here's what I'm gonna do. 02:05.960 --> 02:07.260 I'm gonna read this book. 02:07.260 --> 02:08.720 I don't have to understand anything, 02:08.720 --> 02:10.640 but if I find it interesting, 02:10.640 --> 02:13.190 I'll go ahead and keep pursuing this MCSE thing 02:13.190 --> 02:15.290 and go into this career field. 02:15.290 --> 02:16.150 She says, "Okay." 02:16.150 --> 02:18.650 So, I read it, I didn't understand a damn thing, 02:18.650 --> 02:20.160 but it was interesting. 02:20.160 --> 02:21.330 When I got to the end of MCSE, 02:21.330 --> 02:22.710 that's one of the first things we did, 02:22.710 --> 02:24.460 we went into Networking Essentials. 02:25.400 --> 02:27.740 I really think that you could do, 02:27.740 --> 02:29.570 like, a Network+ certification 02:29.570 --> 02:31.260 would be something along those lines, 02:31.260 --> 02:33.780 but this section is really kind of the basis 02:33.780 --> 02:34.993 for everything we do. 02:35.990 --> 02:37.950 If you're not that familiar with IP addresses 02:37.950 --> 02:39.840 and subnet masks and stuff like that, 02:39.840 --> 02:40.930 you're gonna wanna be. (chuckles) 02:40.930 --> 02:44.040 At some point, you're gonna have to know this stuff. 02:44.040 --> 02:47.920 I'll do my best to go through it at a decent pace 02:47.920 --> 02:51.150 but, again, this is gonna be similar to crypto 02:51.150 --> 02:53.680 in that I'm probably gonna find myself 02:53.680 --> 02:55.950 coming back a little bit and getting people caught up 02:55.950 --> 02:57.930 because we don't have time, I don't have time 02:57.930 --> 02:59.080 to teach you subnet masking 02:59.080 --> 03:01.320 'cause that could take months. 03:01.320 --> 03:02.180 If you know it and you just (fingers snap) 03:02.180 --> 03:04.630 need to be reminded, then we'll probably be okay. 03:07.360 --> 03:10.860 We talk about OSI, the OSI model, 03:10.860 --> 03:13.922 which you're gonna see in the next slide here. 03:13.922 --> 03:15.890 And as a matter of fact, this TCP/IP, 03:15.890 --> 03:18.090 this is all part of the whole suite of protocols. 03:18.090 --> 03:19.710 We're gonna talk about each of these individually, 03:19.710 --> 03:22.010 so screw that slide, let's get to the picture. 03:25.140 --> 03:26.440 This is the OSI model. 03:26.440 --> 03:27.953 We'll talk in depth about it. 03:28.960 --> 03:31.860 What's the purpose of having this model? 03:31.860 --> 03:34.280 Why do we have it, why is it important? 03:34.280 --> 03:35.780 - [Audience Member] Troubleshooting? 03:35.780 --> 03:37.560 - Troubleshooting is absolutely one of, 03:37.560 --> 03:39.160 is an important thing, 03:39.160 --> 03:42.010 but even before you get to that point, what's, 03:42.010 --> 03:43.530 why do we have this framework? 03:43.530 --> 03:44.763 What does it help with? 03:45.974 --> 03:47.130 - [Audience Member] Design. 03:47.130 --> 03:49.200 - Yeah, it helps with design 03:49.200 --> 03:51.930 and the idea that different vendors 03:51.930 --> 03:54.080 can create different products, 03:54.080 --> 03:57.650 but they can all talk to one another and communicate 03:57.650 --> 04:01.880 because we use the same basic framework to design them. 04:01.880 --> 04:03.933 So, it's about interoperability. 04:05.046 --> 04:07.830 We have the seven layers of the OSI model. 04:07.830 --> 04:09.190 If you don't know them, you're gonna need 04:09.190 --> 04:10.960 to know them, for sure. 04:10.960 --> 04:13.570 There's different mnemonics to remember it. 04:13.570 --> 04:14.973 Some people say: 04:17.170 --> 04:21.750 all people should try new data processors. 04:21.750 --> 04:22.840 Or some people do: 04:22.840 --> 04:26.784 please do not throw sausage pizza away. 04:26.784 --> 04:28.390 (chuckling) You knew that one? 04:28.390 --> 04:30.650 There's another one that I can't say in mixed company 04:30.650 --> 04:32.190 so I won't, 04:32.190 --> 04:33.260 but it is pretty funny 04:33.260 --> 04:35.070 and you'll (chuckling) never forget it if you ever hear it, 04:35.070 --> 04:35.943 that's for sure. 04:38.290 --> 04:40.800 Anyway, these are the seven different layers 04:40.800 --> 04:43.970 and what they're trying to show you with these arrows 04:43.970 --> 04:46.827 is the idea that when you talk about data, 04:46.827 --> 04:49.240 and it travels through these layers, right, 04:49.240 --> 04:52.550 this is a kind of virtual construct, 04:52.550 --> 04:55.320 when it travels through these layers, 04:55.320 --> 04:57.730 as the data comes down from each layer, 04:57.730 --> 05:01.960 each layer adds on information as a header and a trailer, 05:01.960 --> 05:03.500 they add on information, 05:03.500 --> 05:05.720 and then as it goes down, 05:05.720 --> 05:08.210 and I'm not gonna put this up on the main board 05:08.210 --> 05:09.910 but I'll just draw it here. 05:09.910 --> 05:12.283 If you're at the application layer here, 05:13.669 --> 05:15.210 you're at the application layer, 05:15.210 --> 05:16.363 here's your data, 05:18.120 --> 05:20.970 the application layer will then add 05:20.970 --> 05:23.490 a little header and a little trailer, 05:23.490 --> 05:24.460 that's application, 05:24.460 --> 05:28.870 and then it sends it down to the presentation layer, 05:28.870 --> 05:29.760 and that would come down here, 05:29.760 --> 05:31.800 and then if I drew that down here, 05:31.800 --> 05:33.370 the presentation layer would then add 05:33.370 --> 05:37.210 its own little header and trailer here, 05:37.210 --> 05:38.270 presentation layer, 05:38.270 --> 05:40.560 and it would just keep going and going and going 05:40.560 --> 05:42.610 as it comes all the way down the layers. 05:42.610 --> 05:44.210 There's a name for that process. 05:44.210 --> 05:46.130 What is that called? 05:46.130 --> 05:47.850 It starts with an E. 05:47.850 --> 05:49.706 Rather long word. 05:49.706 --> 05:50.710 (audience members mumbling) 05:50.710 --> 05:52.063 Encapsulation. 05:55.080 --> 05:57.860 It's an important process, and here's why. 05:57.860 --> 06:00.820 What happens is the data that starts up at layer seven, 06:00.820 --> 06:01.880 it starts coming down. 06:01.880 --> 06:04.230 Every layer adds on a little bit, a little bit. 06:05.170 --> 06:06.670 When it gets to the other computer, 06:06.670 --> 06:07.850 this is computer one, 06:07.850 --> 06:09.530 when it comes over here to computer two, 06:09.530 --> 06:11.263 it goes back up the stack, 06:12.300 --> 06:17.030 each layer peels off its respective header and trailer 06:18.122 --> 06:19.640 from the other computer. 06:19.640 --> 06:22.560 So, by the time you get down here to the physical layer, 06:22.560 --> 06:25.260 it's adding its little things over here, 06:25.260 --> 06:28.400 and when it comes over here and it goes up to layer one, 06:28.400 --> 06:30.570 the physical layer pulls off that information 06:30.570 --> 06:32.470 then the data link pulls off its information, 06:32.470 --> 06:34.000 blah blah blah. 06:34.000 --> 06:37.180 The reason they're showing these arrows between the layers, 06:37.180 --> 06:38.940 what they're trying to get you to understand 06:38.940 --> 06:43.130 is that each layer, by adding that header and trailer, 06:43.130 --> 06:47.580 is communicating with its brother or sister layer 06:47.580 --> 06:49.120 at the other computer. 06:49.120 --> 06:52.510 It's a virtual conversation between those layers 06:52.510 --> 06:54.427 and that's what it's trying to show you. 06:56.819 --> 06:57.652 Did I do that? 07:00.200 --> 07:02.150 That's all that's about. 07:02.150 --> 07:04.650 Application, presentation, session, transport, 07:04.650 --> 07:06.570 network, data link, physical. 07:06.570 --> 07:08.170 We'll talk about all that stuff. 07:09.540 --> 07:11.540 It's funny, my wife who is, 07:11.540 --> 07:14.770 she is so anti-technology, it's quite scary. 07:14.770 --> 07:18.250 It took me a decade to teach her Ctrl + V, 07:18.250 --> 07:20.400 you know, Ctrl + C and Ctrl + V. 07:20.400 --> 07:22.920 It took her 10 years to remember it. 07:22.920 --> 07:25.700 But the one thing she does remember that I taught her 07:25.700 --> 07:30.700 is that 80% of troubleshooting is layer one. (chuckles) 07:31.000 --> 07:34.130 Almost all the time, I'm like, oh, this thing doesn't work. 07:34.130 --> 07:36.280 Plug it in, schmuck, right, that kind of stuff? 07:36.280 --> 07:38.350 So, now, it's funny, doesn't matter what it is, 07:38.350 --> 07:40.230 if I call her up and I'm like, 07:40.230 --> 07:41.780 hey, you know, something's wrong with the truck. 07:41.780 --> 07:43.460 She goes, "Did you check layer one?" 07:43.460 --> 07:44.820 I'm like, all right, smart-ass. 07:44.820 --> 07:45.713 I got you now. 07:46.840 --> 07:48.390 She gets that. 07:48.390 --> 07:50.200 We're gonna talk about each one of these, 07:50.200 --> 07:52.640 but just remember, you have encapsulation, 07:52.640 --> 07:55.130 and then you have the decapsulation on the other side, 07:55.130 --> 07:58.110 and each layer is talking to the same layer 07:58.110 --> 07:59.500 but at the other computer. 07:59.500 --> 08:02.480 So, when it adds headers and trailers at its own layer, 08:02.480 --> 08:05.550 the reason it's doing it, those are instructions 08:05.550 --> 08:06.840 for the other side. 08:06.840 --> 08:08.300 Oh, this is what I'm supposed to do with this? 08:08.300 --> 08:09.620 Pass it up to that guy? 08:09.620 --> 08:10.453 Got it. 08:19.230 --> 08:20.300 There are different models. 08:20.300 --> 08:22.553 This says the TCP/IP model. 08:23.490 --> 08:26.220 You'll see it says TCP/IP protocol suite, 08:26.220 --> 08:29.060 there's a TCPI model and the OSI model. 08:29.060 --> 08:33.580 Now, these last two, TCP/IP model and the OSI model. 08:33.580 --> 08:34.980 You probably wanna know both of them. 08:34.980 --> 08:37.125 You definitely need to know both of them. 08:37.125 --> 08:39.410 The OSI model has the seven layers. 08:39.410 --> 08:41.800 The difference with the TCP/IP model 08:41.800 --> 08:44.800 is that it still does all of those functions 08:44.800 --> 08:46.980 but it only has four layers. 08:46.980 --> 08:48.750 You have the application layer, 08:48.750 --> 08:51.690 which includes layers five, six, and seven, 08:51.690 --> 08:52.970 then you have transport, 08:52.970 --> 08:54.650 and they don't call it the network layer, 08:54.650 --> 08:56.930 they call it the internet layer, 08:56.930 --> 08:58.970 and then you've got the network interface layer 08:58.970 --> 09:00.850 which just combines one and two. 09:00.850 --> 09:03.080 Now, you may look at it and go, what? 09:03.080 --> 09:04.870 Kinda goofy, I'll just have to memorize that. 09:04.870 --> 09:08.140 You don't really have to if you think about it this way. 09:08.140 --> 09:12.800 Layer five in the OSI model is the session layer. 09:12.800 --> 09:15.610 What they're talking about is a session 09:15.610 --> 09:18.250 between two applications, 09:18.250 --> 09:20.280 and then how that information is presented 09:20.280 --> 09:22.890 to the application, and then the application itself. 09:22.890 --> 09:26.650 So, those top three things all have to do with applications. 09:26.650 --> 09:30.000 Hence, the application layer in the TCP/IP model. 09:30.000 --> 09:32.430 Transport and transport, that's the same. 09:32.430 --> 09:34.430 Now, they call this the network layer, 09:34.430 --> 09:35.940 they call this the internet layer. 09:35.940 --> 09:37.330 Well, guess what the internet is. 09:37.330 --> 09:38.810 It's a giant network. (chuckles) 09:38.810 --> 09:40.630 So, it still makes sense. 09:40.630 --> 09:44.700 And then they call this the network interface layer. 09:44.700 --> 09:45.533 Why? 09:45.533 --> 09:47.580 Because you have layer two and layer one. 09:47.580 --> 09:51.310 Well, what physical piece of equipment 09:51.310 --> 09:52.911 resides at layer two? 09:52.911 --> 09:54.570 - [Audience Member] (speaking faintly) Switch? 09:54.570 --> 09:57.760 - That's true, but in a computer, in the actual. 09:57.760 --> 09:59.400 The NIC, right? 09:59.400 --> 10:01.455 Which is called what, what does that stand for? 10:01.455 --> 10:02.420 (audience member speaking faintly) 10:02.420 --> 10:03.890 Right, the network interface card. 10:03.890 --> 10:06.320 Therefore, the network interface is indeed, 10:06.320 --> 10:09.020 includes the NIC, layer two, 10:09.020 --> 10:12.160 and it also includes the cable itself, layer one. 10:12.160 --> 10:16.120 You got a Cat5 or Cat6 or whatever you got going on there. 10:16.120 --> 10:19.170 So, it's really not that bad. 10:19.170 --> 10:20.003 Now, we're gonna talk 10:20.003 --> 10:23.230 about a lot of the different protocol suites now. 10:23.230 --> 10:24.460 A lot of times, people forget that. 10:24.460 --> 10:25.957 They say TCP/IP, they're like, 10:25.957 --> 10:27.160 "Oh yeah, those two protocols." 10:27.160 --> 10:28.570 They are two protocols, 10:28.570 --> 10:30.850 but it is the name of a protocol suite. 10:30.850 --> 10:33.010 It includes many other protocols, 10:33.010 --> 10:34.540 some of which you see here, 10:34.540 --> 10:37.340 and they even broke them down into the layers for you 10:37.340 --> 10:41.230 and showing you that, well, kind of did, 10:41.230 --> 10:42.960 yeah, they did that pretty well, 10:42.960 --> 10:46.300 frame relay, which technically is layer two, 10:46.300 --> 10:47.530 you just can't, you can push it up there, 10:47.530 --> 10:48.363 there's nothing really here. 10:48.363 --> 10:51.180 On layer one, if you were to actually do this, 10:51.180 --> 10:52.580 you would have bits. 10:52.580 --> 10:53.413 We talked about that. 10:53.413 --> 10:56.120 I said everything gets down to it. 10:56.120 --> 10:57.320 If you didn't know that, by the way, 10:57.320 --> 11:01.610 the word bit is actually a shortened word for binary digit. 11:01.610 --> 11:02.730 That's what it means. 11:02.730 --> 11:04.240 So, when you get down to bits, 11:04.240 --> 11:06.430 you're talking binary digits, zeroes and ones, 11:06.430 --> 11:08.550 and it's electrical signals or light 11:08.550 --> 11:11.020 or whatever we're carrying, radio waves. 11:11.020 --> 11:14.105 But then these other things are all part of layer two, 11:14.105 --> 11:15.880 ethernet, ATM. 11:15.880 --> 11:18.290 And then layer three, the IP, 11:18.290 --> 11:19.670 internet protocol, lives there. 11:19.670 --> 11:24.170 IPSec, which is internet protocol security, is layer three. 11:24.170 --> 11:27.500 And then transport layer, talk about the connection 11:27.500 --> 11:29.830 between the two hosts themselves, 11:29.830 --> 11:32.750 and you can either have connection-oriented TCP 11:32.750 --> 11:35.300 or connection-less UDP. 11:35.300 --> 11:36.697 And then finally, you get up to layer seven, 11:36.697 --> 11:39.833 you got a whole bunch of protocols that we use all the time. 11:42.290 --> 11:43.273 Questions yet? 11:45.270 --> 11:46.480 Some of this coming back for you all? 11:46.480 --> 11:47.517 - [Audience Member] Mm-hmm. 11:53.350 --> 11:55.150 - Yeah, none of this is particularly sexy. 11:55.150 --> 11:56.700 Let's just get into the layers. 11:59.300 --> 12:00.133 Data link layer. 12:00.133 --> 12:02.030 We're talking about layer two. 12:02.030 --> 12:03.113 Data link layer. 12:04.820 --> 12:06.580 Combined with physical layer, of course, 12:06.580 --> 12:08.950 in the TCP/IP model, that's true. 12:08.950 --> 12:10.600 They call it the data link layer. 12:13.770 --> 12:17.110 It's everything that has to do with MAC addresses. 12:17.110 --> 12:18.940 So, when you see, like it says, MAC addresses, 12:18.940 --> 12:21.290 which, on the NIC, that's the hardware address, 12:22.880 --> 12:25.300 switches, we'll talk more about infrastructure 12:25.300 --> 12:26.650 a little bit later but that is correct 12:26.650 --> 12:29.560 when you said the switch at layer two, that's true. 12:29.560 --> 12:32.390 Now, here's something you don't hear all the time. 12:32.390 --> 12:35.190 Does anybody remember what a collision domain is 12:35.190 --> 12:36.993 and what a broadcast domain is? 12:38.660 --> 12:41.500 There's some pretty basic stuff here. 12:41.500 --> 12:42.630 You heard the terms? 12:42.630 --> 12:44.331 Can you define it for me, or do you remember? 12:44.331 --> 12:45.164 - [Audience Member] (speaking faintly) When you have 12:45.164 --> 12:47.330 two devices on the network but the same IP 12:47.330 --> 12:48.560 and they're colliding. 12:48.560 --> 12:50.670 The traffic is colliding. 12:50.670 --> 12:51.610 - Yes and no. 12:51.610 --> 12:53.220 What I will say is that 12:53.220 --> 12:55.643 they wouldn't have the same IP address, 12:55.643 --> 12:57.310 they got a different IP addresses, 12:57.310 --> 12:59.730 but yes, their traffic is colliding. 12:59.730 --> 13:02.900 They've sent information at the same time 13:02.900 --> 13:04.150 or near the same time 13:04.150 --> 13:05.470 and those signals have collided. 13:05.470 --> 13:06.720 That part, I'll give you. 13:08.190 --> 13:10.653 Where's my little controller here? 13:12.820 --> 13:14.050 Let's do some basic stuff. 13:14.050 --> 13:15.910 We'll probably cover, end up covering a couple slides 13:15.910 --> 13:17.810 just by doing this. 13:17.810 --> 13:18.860 Where'd I put my pen? 13:21.600 --> 13:23.143 Okay, it can't be that hard. 13:25.040 --> 13:26.630 You all know I had that pen in my hand. 13:26.630 --> 13:27.913 There it is, all right. 13:32.050 --> 13:32.893 Let's do this. 13:34.200 --> 13:35.750 I'm actually gonna start and we're gonna talk 13:35.750 --> 13:38.140 about some devices here that are coming up later, 13:38.140 --> 13:40.110 but let's do it now 'cause I think it sets up 13:40.110 --> 13:41.890 a lot of the conversation. 13:41.890 --> 13:43.573 Let's start here at layer one. 13:45.550 --> 13:46.383 Layer one. 13:49.420 --> 13:51.870 I'm gonna talk about a device that, for the most part, 13:51.870 --> 13:54.970 doesn't exist anymore, but you need to know, 13:54.970 --> 13:57.900 it'll help you understand all of this stuff. 13:57.900 --> 14:00.850 In the beginning, when we started making computer networks, 14:02.190 --> 14:05.940 we needed a device to be able to put them all together, 14:05.940 --> 14:08.580 and this is even after some other technology 14:08.580 --> 14:10.200 that you don't need to know, probably. 14:10.200 --> 14:12.200 There was a device that we used to use, 14:12.200 --> 14:13.990 I'll even put a little picture of it, 14:13.990 --> 14:16.380 it kinda looks like this. 14:16.380 --> 14:18.403 I'm just drawing circular ports here. 14:20.380 --> 14:22.210 The idea is that you would plug 14:22.210 --> 14:23.840 four different computers into this thing 14:23.840 --> 14:25.193 so they could all talk. 14:26.670 --> 14:27.575 Yeah, say that again? 14:27.575 --> 14:29.557 - A hub. - A hub. 14:31.470 --> 14:35.650 Now, a hub is something that you can plug into 14:35.650 --> 14:39.500 and everybody can hear everybody else on it. 14:39.500 --> 14:42.480 As an example, let me just plug in some computers here 14:42.480 --> 14:43.367 for a minute. 14:44.970 --> 14:49.023 Here's computer A, B, C, and D. 14:52.080 --> 14:56.180 When a message is sent from computer A, 14:56.180 --> 14:58.660 I don't care who computer A is sending it to, 14:58.660 --> 15:00.630 I don't care if it's B, C, or D. 15:00.630 --> 15:01.860 Doesn't matter to me. 15:01.860 --> 15:05.640 The bottom line is that everybody connected to the hub 15:05.640 --> 15:07.210 is gonna hear that message. 15:07.210 --> 15:08.330 Everybody. 15:08.330 --> 15:13.190 Because it is what is called a single broadcast domain. 15:13.190 --> 15:16.160 What happens, though, is that A will send a message, 15:16.160 --> 15:18.270 and, of course, what are the two addresses 15:18.270 --> 15:20.200 that a host has to have 15:20.200 --> 15:22.580 to be able to communicate with another host? 15:22.580 --> 15:24.050 There's two different types of addresses 15:24.050 --> 15:25.650 and they're at different layers. 15:28.326 --> 15:29.660 - [Audience Member] Network address? 15:29.660 --> 15:32.270 - Okay, but what do you call that thing? 15:32.270 --> 15:33.103 - [Audience Member] IP address? 15:33.103 --> 15:35.830 - Okay, an IP address, which is at what layer? 15:35.830 --> 15:38.175 - [Audience Member] The transport. 15:38.175 --> 15:40.787 - Oh, on (speaks faintly). - No, no. 15:40.787 --> 15:42.010 Three. - Three. 15:42.010 --> 15:45.210 IP is at the network layer. 15:45.210 --> 15:46.043 And the what? 15:46.043 --> 15:46.876 - [Audience Member] The MAC address? 15:46.876 --> 15:49.090 - The MAC address which is at what layer? 15:49.090 --> 15:50.518 - The physical. - No. 15:50.518 --> 15:52.360 - It's two. - Two. 15:52.360 --> 15:53.193 It's on the NIC. 15:53.193 --> 15:55.690 The network interface card is two. 15:55.690 --> 15:57.900 You have to have both of those addresses, right? 15:57.900 --> 16:01.330 So, if computer A knows both the IP address 16:01.330 --> 16:03.820 and the MAC address of computer D, 16:03.820 --> 16:05.930 it can send what's called a unicast. 16:05.930 --> 16:07.710 What does that mean? 16:07.710 --> 16:08.720 - [Audience Member] Same room. 16:08.720 --> 16:11.750 - That's right, it's a direct message to that box. 16:11.750 --> 16:13.288 I know your IP, I know your MAC, 16:13.288 --> 16:14.980 (fingers snap) boom, here comes the message. 16:14.980 --> 16:17.930 But, because all of these computers 16:17.930 --> 16:20.760 share the same backplane on the hub, 16:20.760 --> 16:22.760 that thing just gets scattered everywhere. 16:22.760 --> 16:23.980 But here's what happens. 16:23.980 --> 16:26.690 Computers B and C, they hear that traffic. 16:26.690 --> 16:28.730 It comes up through their physical layer 16:28.730 --> 16:30.593 into their data link layer, 16:31.590 --> 16:33.610 and even up to the network layer, 16:33.610 --> 16:35.570 and it says, oh, this traffic is meant 16:35.570 --> 16:38.500 for IP address this and MAC address this. 16:38.500 --> 16:39.360 That ain't me. 16:39.360 --> 16:41.310 So, it just dumps it. 16:41.310 --> 16:42.460 Doesn't do anything, it ignores it. 16:42.460 --> 16:44.110 Bit bucket, boop, throw it away. 16:44.110 --> 16:47.170 So, everybody hears this message 16:47.170 --> 16:50.170 but only D will actually respond and do something 16:50.170 --> 16:53.913 'cause that is what's called a single broadcast domain. 16:55.150 --> 16:57.920 Not only is it a single broadcast domain, 16:57.920 --> 17:00.180 it is a single collision domain. 17:00.180 --> 17:05.180 What that means is that if computer A and computer D 17:05.180 --> 17:09.270 both send a message at the exact same time, 17:09.270 --> 17:12.060 those two messages come in to the backplane of the hub 17:12.060 --> 17:13.380 and guess what happens. 17:13.380 --> 17:14.240 Boom. 17:14.240 --> 17:15.620 They blow up. 17:15.620 --> 17:16.623 It's a collision. 17:17.820 --> 17:20.230 We'll get into the details about it a little bit later 17:20.230 --> 17:22.980 but the point is the data gets destroyed 17:22.980 --> 17:24.310 and then, eventually, each one of them 17:24.310 --> 17:25.780 has to resend and hopefully, now, 17:25.780 --> 17:27.380 it's not at the exact same time. 17:28.410 --> 17:32.410 A hub at layer one, and you have to look at, 17:32.410 --> 17:34.000 when you look at the layers 17:34.000 --> 17:36.440 and the equipment that works at those layers, 17:36.440 --> 17:38.770 you have to understand, what, 17:38.770 --> 17:41.050 you have to know, what does it understand? 17:41.050 --> 17:43.970 A hub understands one thing and one thing only: 17:43.970 --> 17:45.160 electricity. 17:45.160 --> 17:46.320 That is it. 17:46.320 --> 17:49.810 It is either a voltage or a no-voltage. 17:49.810 --> 17:50.910 Those are your two choices 17:50.910 --> 17:52.830 'cause that represents zero and one. 17:52.830 --> 17:53.820 That is it. 17:53.820 --> 17:55.470 So, it understands electricity. 17:55.470 --> 17:58.090 Some people call this a dumb hub. 17:58.090 --> 18:00.800 I don't like that term, I think it's not very nice. 18:00.800 --> 18:02.180 I would call it maybe an ignorant hub. 18:02.180 --> 18:04.270 It just doesn't know any better. 18:04.270 --> 18:05.760 All it's got, what's that? 18:05.760 --> 18:06.593 - [Audience Member] We call it dumb. 18:06.593 --> 18:08.800 - Yeah, of course, most people do call it dumb hub. 18:08.800 --> 18:11.750 But anyway, all it understands is electricity. 18:11.750 --> 18:14.670 A hub represents a single broadcast domain 18:14.670 --> 18:16.400 and a single collision domain. 18:16.400 --> 18:18.430 Now, if you have a small network, 18:18.430 --> 18:19.850 this isn't such a big deal. 18:19.850 --> 18:21.930 But in the beginning, when we started having 18:21.930 --> 18:23.120 bigger and bigger networks 18:23.120 --> 18:25.300 and we started using more and more hubs, 18:25.300 --> 18:27.140 and you'd have some, I'm making this up, 18:27.140 --> 18:29.940 but you'd have a bunch of hubs connected together 18:29.940 --> 18:33.410 and you'd have a thousand computers on it, 18:33.410 --> 18:36.126 what do you think happened to the collision rate? 18:36.126 --> 18:38.190 (whistles) Through the roof 18:38.190 --> 18:39.833 'cause they're all on the same backplane. 18:41.770 --> 18:44.030 Then, all of a sudden, you have a denial of service 18:44.030 --> 18:46.400 'cause nothing can get through, so that sucks. 18:46.400 --> 18:47.910 So, everybody was like, okay, well, this sucks. 18:47.910 --> 18:49.700 We got this hub, we got some connectivity, 18:49.700 --> 18:51.760 but now, we got a problem. 18:51.760 --> 18:53.380 So, they said, okay, well, 18:53.380 --> 18:55.770 you can't do much with a hub after that. 18:55.770 --> 18:57.630 Let's do something a little bit different here. 18:57.630 --> 18:59.033 Let's go up to layer two. 19:00.660 --> 19:03.350 Now, what we're gonna do is we're gonna create a box 19:04.780 --> 19:05.913 with some ports. 19:08.730 --> 19:12.650 And now that this is layer two, it's no longer a hub. 19:12.650 --> 19:14.110 This is a hub. 19:14.110 --> 19:15.460 What do we call this thing? 19:16.332 --> 19:17.432 - [Audience Member] Switch? 19:17.432 --> 19:18.660 - Switch. 19:18.660 --> 19:20.290 - [Audience Member] Bridge! 19:20.290 --> 19:21.560 - Yeah, we could, but I hate that. 19:21.560 --> 19:23.330 I hate bridges, nobody uses bridges. 19:23.330 --> 19:24.170 But yeah, we did. 19:24.170 --> 19:25.950 We did go, it's true, though, 19:25.950 --> 19:27.930 I have to at least acknowledge it. 19:27.930 --> 19:30.820 We did go from hubs to bridges, 19:30.820 --> 19:32.840 and we can talk about that later. 19:32.840 --> 19:34.167 They're relatively boring. 19:34.167 --> 19:35.490 Let's just get to switches. 19:35.490 --> 19:37.460 But the idea was we did do that. 19:37.460 --> 19:38.760 The reason we did that 19:38.760 --> 19:42.140 was because if you had all these computers on a hub 19:42.140 --> 19:44.560 and they started, you know, having a lot of collisions, 19:44.560 --> 19:48.120 what you would end up doing is use a bridge, 19:48.120 --> 19:49.920 and this was a layer-two device, 19:49.920 --> 19:51.810 and you would just put, 19:51.810 --> 19:52.970 there were two ports, basically, 19:52.970 --> 19:55.430 you just put a lot of computers on one side, 19:55.430 --> 19:57.320 a lot of computers on the other side, 19:57.320 --> 20:02.320 and you would, essentially, break up this collision domain 20:02.510 --> 20:05.450 and break up the broadcast domain, 20:05.450 --> 20:06.710 and so now, 20:06.710 --> 20:08.010 or actually, the same broadcast domain, 20:08.010 --> 20:09.340 break up the collision domain. 20:09.340 --> 20:11.360 You would cut down the collisions by half, 20:11.360 --> 20:14.810 but yet the bridge would always forward messages 20:14.810 --> 20:16.190 so it was the same collision domain. 20:16.190 --> 20:17.930 So, yes, technically, he's right, 20:17.930 --> 20:19.510 we did go to bridges. 20:19.510 --> 20:21.210 And then we used those for a little while 20:21.210 --> 20:22.280 but our networks got too big, 20:22.280 --> 20:24.190 and we're like, okay, screw this, we need something better. 20:24.190 --> 20:25.640 That's when we finally got to switches. 20:25.640 --> 20:26.473 Thanks for bringing that up. 20:26.473 --> 20:27.520 That's actually true. 20:27.520 --> 20:29.580 So, we go to switches. 20:29.580 --> 20:30.910 Now, switches are cool 20:32.120 --> 20:34.390 because a switch... 20:35.710 --> 20:37.483 Computers A, B, C, and D. 20:43.570 --> 20:45.860 If you had one broadcast domain 20:45.860 --> 20:47.760 and one collision domain here, 20:47.760 --> 20:50.580 you went to a bridge, you had two collision domains 20:50.580 --> 20:53.070 and still one broadcast domain, 20:53.070 --> 20:54.920 here, in a switch, 20:54.920 --> 20:59.210 now, you get rid of collision domains altogether. 20:59.210 --> 21:04.150 Each computer is on its own collision domain, if you will. 21:04.150 --> 21:06.570 Now, in the very beginning, they did weird things. 21:06.570 --> 21:08.450 They would take a cable on the switch 21:08.450 --> 21:09.620 and hook it up to a hub 21:09.620 --> 21:11.150 and then put a bunch of computers on there 21:11.150 --> 21:13.130 and you'd still have a problem down here. 21:13.130 --> 21:15.030 But the real way a switch is meant to be used 21:15.030 --> 21:16.500 is a single host on it. 21:16.500 --> 21:17.333 Whoa. 21:17.333 --> 21:18.290 God dang it. 21:18.290 --> 21:19.590 Hit the button. 21:19.590 --> 21:21.113 No, back. - Back. 21:22.270 --> 21:23.273 - [Presenter] Thank you. 21:26.290 --> 21:29.110 Now, if you have a switch, 21:29.110 --> 21:32.030 computer A wants to talk to computer D. 21:32.030 --> 21:34.005 What two addresses does it need? 21:34.005 --> 21:35.076 - [Audience Member] IP and MAC. 21:35.076 --> 21:36.450 - IP and MAC. 21:36.450 --> 21:40.150 It has that, so it can send a direct message to D. 21:40.150 --> 21:41.160 Well, guess what happens. 21:41.160 --> 21:43.900 When it does that, inside of the switch 21:43.900 --> 21:46.000 is something called a CAM table. 21:46.000 --> 21:50.350 It is basically a mapping, I'm the switch now, 21:50.350 --> 21:54.860 I keep a mapping of every port that I have 21:54.860 --> 21:58.620 and the MAC address that's on that port, 21:58.620 --> 21:59.830 'cause I'm a switch. 21:59.830 --> 22:00.710 I'm at what layer? 22:00.710 --> 22:02.940 - Two. - So, I only understand 22:02.940 --> 22:03.830 layer-two shit. 22:03.830 --> 22:05.529 And what layer is MAC address? 22:05.529 --> 22:06.362 - One. - Two. 22:06.362 --> 22:08.380 - Two, so I gotta understand it. 22:08.380 --> 22:11.140 So, I know the MAC address for every single system 22:11.140 --> 22:12.833 that's hooked up to my ports. 22:13.930 --> 22:18.100 If you're on port one and you're on port 12, 22:18.100 --> 22:19.640 and you wanna send a message, 22:19.640 --> 22:23.040 you send a message with the IP address and the MAC address 22:23.040 --> 22:25.410 of port, of the computer that's on 12, 22:25.410 --> 22:26.820 you send it to me. 22:26.820 --> 22:28.450 Now, I get this information. 22:28.450 --> 22:29.470 I'm a switch. 22:29.470 --> 22:31.250 There's an IP address and a MAC address. 22:31.250 --> 22:33.696 What do I do with the IP address? 22:33.696 --> 22:35.200 (audience members speaks faintly) 22:35.200 --> 22:37.210 Nothing, I don't understand it. 22:37.210 --> 22:39.120 I'm a layer-two device, that's a layer-three thing. 22:39.120 --> 22:40.460 It might as well be Mandarin Chinese. 22:40.460 --> 22:42.520 I got no idea what the hell that thing is. 22:42.520 --> 22:44.670 But I know you sent me a MAC address, too, 22:44.670 --> 22:46.920 and I go, oh, you wanna send a message to MAC address 22:46.920 --> 22:48.170 blah blah blah blah blah? 22:48.170 --> 22:49.270 Let me look it up in my table. 22:49.270 --> 22:50.690 Ooh, that's port 12. (fingers snap) 22:50.690 --> 22:53.120 And I send your message right out port 12. 22:53.120 --> 22:55.500 So, do any of the other ports hear it? 22:55.500 --> 22:56.440 - No. - Nope. 22:56.440 --> 22:57.340 They don't hear it. 22:57.340 --> 22:59.473 It's directly to him. 23:01.390 --> 23:05.940 You have individual collision domains, one per port. 23:05.940 --> 23:07.460 However many ports you have on a switch, 23:07.460 --> 23:09.250 that's how many collision domains you have 23:09.250 --> 23:10.960 'cause it's only one per port. 23:10.960 --> 23:14.060 Now, let's say, for instance... 23:15.370 --> 23:17.200 Let's go back to hub for just one second 23:17.200 --> 23:18.600 and I'll come back up here. 23:18.600 --> 23:21.690 If I have hub, I've got computer A. 23:21.690 --> 23:23.373 He wants to talk to computer D. 23:26.240 --> 23:30.300 He knows the IP address of computer D 23:30.300 --> 23:32.140 but he does not know the MAC address. 23:32.140 --> 23:35.163 What protocol does he use to find out the MAC address? 23:36.090 --> 23:38.531 We talked about it yesterday. (audience member mumbles) 23:38.531 --> 23:40.540 (audience member speaks faintly) 23:40.540 --> 23:41.480 Yes. 23:41.480 --> 23:42.870 - It is ARP? - It is ARP. 23:42.870 --> 23:44.970 Address Resolution Protocol. 23:44.970 --> 23:49.130 What happens is computer A ARPs. 23:49.130 --> 23:50.630 Address Resolution Protocol. 23:50.630 --> 23:54.090 What he does is he yells out, he says, hey! 23:54.090 --> 23:58.200 What's the MAC address for IP address 10.10.10.10? 23:58.200 --> 24:01.360 When he sends that message, who receives it? 24:01.360 --> 24:03.340 - All of them. - Everybody on the hub 24:03.340 --> 24:04.910 'cause it goes everywhere. 24:04.910 --> 24:07.550 But computers B and C ignore it, why? 24:07.550 --> 24:10.660 'Cause they're not IP address 10.10.10.10. 24:10.660 --> 24:13.188 D hears it and says, oh, that's me. 24:13.188 --> 24:15.000 Let me look down at layer two. 24:15.000 --> 24:17.370 Here's my MAC address, sends it back, 24:17.370 --> 24:19.300 and now, he sends a unicast, 24:19.300 --> 24:20.580 but still everybody hears it 24:20.580 --> 24:24.830 because of the way it's built on a single broadcast domain. 24:24.830 --> 24:27.130 In this situation with a switch, 24:27.130 --> 24:29.933 A says, you know, hey, 24:31.320 --> 24:33.530 hey, Kool-Aid, (chuckling) right, 'cause he yells it out, 24:33.530 --> 24:38.530 who can tell me the MAC address for IP address 10.10.10.10? 24:38.610 --> 24:40.460 That hits the switch. 24:40.460 --> 24:44.370 Now, all the switch hears is, 24:44.370 --> 24:47.470 hey, I need the MAC address for this IP address. 24:47.470 --> 24:50.397 But does the switch understand IP? 24:50.397 --> 24:51.380 - No. - No, 'cause that's 24:51.380 --> 24:53.130 at layer three, so you know what it does? 24:53.130 --> 24:57.260 It forwards that request out all of its ports. 24:57.260 --> 24:59.770 It broadcasts them, all of them. 24:59.770 --> 25:02.265 But who's the only one who responds? 25:02.265 --> 25:03.470 - D. - D. 25:03.470 --> 25:08.050 D responds and says, hey, switch, my MAC address is this. 25:08.050 --> 25:10.300 And the switch goes, oh, I understand MAC address. 25:10.300 --> 25:11.710 Let me write that down now. 25:11.710 --> 25:14.250 He writes it down in his table, passes it back to A, 25:14.250 --> 25:17.820 and now, A sends a unicast directly to D, 25:17.820 --> 25:20.510 which the switch now knows 'cause of its mapping 25:20.510 --> 25:23.210 which port it is and which MAC address. 25:23.210 --> 25:24.310 So, that's kinda cool. 25:25.730 --> 25:28.780 You break up collision domains and, 25:28.780 --> 25:31.100 but the switch will still forward-broadcast 25:31.100 --> 25:32.050 'cause it needs to. 25:33.460 --> 25:35.030 Moving up one layer. 25:35.030 --> 25:36.253 Now, I can do this. 25:37.900 --> 25:39.200 Now, we're gonna do three. 25:40.100 --> 25:42.400 What device, what networking device 25:42.400 --> 25:44.681 lives at route, layer three? 25:44.681 --> 25:45.870 (audience member mumbles) - A router. 25:45.870 --> 25:47.080 - Yeah, I heard somebody say it. 25:47.080 --> 25:47.913 A router. 25:50.080 --> 25:53.780 Yes, if you're in England or some place that speaks UK, 25:53.780 --> 25:55.003 it's root-er, yes. 25:57.050 --> 25:59.270 But it's a router, and a router... 26:00.150 --> 26:02.362 That's not xor, in this case, it's a router. 26:02.362 --> 26:03.997 (chuckles) Could be either. 26:03.997 --> 26:08.370 A router breaks up broadcast domains. 26:08.370 --> 26:10.920 So, if you wanna actually go 26:10.920 --> 26:12.360 from one network to another one, 26:12.360 --> 26:15.090 you have to go through a router so it'll route you. 26:15.090 --> 26:19.720 So, if you send a broadcast on an internal network, 26:19.720 --> 26:22.470 let's say you send a multicast or something like that 26:22.470 --> 26:23.580 where you send it out to everybody, 26:23.580 --> 26:24.730 or a broadcast, where everybody, 26:24.730 --> 26:26.050 you send out a broadcast, 26:26.050 --> 26:28.953 everybody on your local network will hear it, 26:29.960 --> 26:31.690 but it won't cross over a router 26:31.690 --> 26:34.023 'cause routers break up broadcast domains. 26:35.890 --> 26:37.403 Layer three router, all right. 26:38.890 --> 26:40.590 Whew, that's a lot of information. 26:42.790 --> 26:44.480 We're gonna come back to some of that stuff 26:44.480 --> 26:45.680 a little bit later, too. 26:54.710 --> 26:57.080 We got collision domains, broadcast domains. 26:57.080 --> 26:58.660 I'm not worried about VLANs yet. 26:58.660 --> 27:00.580 We got some other stuff coming up. 27:00.580 --> 27:02.560 MAC addresses, we know what those are. 27:02.560 --> 27:04.373 This last bullet point with the, 27:05.990 --> 27:07.850 I think, that's another thing we use. 27:07.850 --> 27:09.600 What version of internet protocol 27:09.600 --> 27:11.130 do we commonly use right now? 27:11.130 --> 27:13.160 - IPv4. - Right. 27:13.160 --> 27:16.050 But which one exists but we don't commonly use it yet? 27:16.050 --> 27:17.453 - IPv6. - That's right. 27:19.480 --> 27:22.260 Some folks are probably using it somewhere or they're, 27:22.260 --> 27:23.860 some networks will say, oh, you have to use IPv6 27:23.860 --> 27:27.120 and then they end up just putting IPv4 stuff inside of it 27:27.120 --> 27:28.850 and tunneling it through. 27:28.850 --> 27:31.630 Bottom line is the last bullet point with the MACs, 27:31.630 --> 27:33.410 that stuff, that's all IPv6 stuff. 27:33.410 --> 27:35.060 We're not too worried about that. 27:36.490 --> 27:38.163 We're still pretty much on v4. 27:40.430 --> 27:43.023 Here's a switch, we talked about this already. 27:44.180 --> 27:46.903 It has the MAC table, which I told you about. 27:48.190 --> 27:49.023 Let's see. 27:49.023 --> 27:52.670 Can relay broadcast packets to the entire broadcast, yeah. 27:52.670 --> 27:54.050 Vulnerable to MAC spoofing. 27:54.050 --> 27:54.910 Sure, of course, 27:54.910 --> 27:56.650 because if you have somebody 27:56.650 --> 27:59.180 that is pretending to be somebody else, 27:59.180 --> 28:02.000 what was the name of the attack that we discussed 28:02.000 --> 28:07.000 where you substituted your MAC address 28:07.020 --> 28:10.370 and put it in my blank table? 28:10.370 --> 28:11.820 - [Audience Member] Man in the middle? 28:11.820 --> 28:13.373 - What was that? - Man in the middle? 28:13.373 --> 28:15.160 - Boy, it is a man-in-the-middle attack 28:15.160 --> 28:16.890 but, in particular, what? 28:16.890 --> 28:18.773 It was something cache poisoning. 28:20.055 --> 28:21.480 - ARP? - ARP. 28:21.480 --> 28:22.740 - ARP cache, yeah. 28:22.740 --> 28:24.373 It was the ARP cache poisoning. 28:26.300 --> 28:27.896 That was one example of it. 28:27.896 --> 28:32.697 (audience members speaking faintly) 28:32.697 --> 28:33.680 VLANs. 28:33.680 --> 28:35.410 We talked a little bit about VLANs. 28:35.410 --> 28:36.930 What this picture is trying to show you 28:36.930 --> 28:41.550 is that if you have a switch with these 16 different ports, 28:41.550 --> 28:44.970 you can set them up so no matter what you plug in, 28:44.970 --> 28:46.440 they can be on different networks. 28:46.440 --> 28:47.563 Here's why this is important 28:47.563 --> 28:49.610 and why this first came around. 28:49.610 --> 28:52.410 Before we had VLANs, you just had regular LANs, 28:52.410 --> 28:53.550 physical LANs. 28:53.550 --> 28:57.170 So, if we were in a building, and that building 28:59.070 --> 29:01.683 had engineers and developers in it, 29:02.760 --> 29:04.710 you could put the engineers on one switch, 29:04.710 --> 29:06.070 the developers on another switch, 29:06.070 --> 29:07.770 and they could all be a part of their own 29:07.770 --> 29:10.247 local area network, divide it up with a router, 29:10.247 --> 29:12.010 and you're good to go. 29:12.010 --> 29:14.290 But, what would happen, though, 29:14.290 --> 29:16.130 if you had multiple buildings 29:16.130 --> 29:18.380 and there were engineers spread out everywhere? 29:18.380 --> 29:20.270 Well, you still want the engineers 29:20.270 --> 29:22.810 to be on their own local area network, 29:22.810 --> 29:26.130 but because they were in a different physical location, 29:26.130 --> 29:27.660 very difficult to do. 29:27.660 --> 29:28.880 So, now, what you can do 29:28.880 --> 29:31.740 is that you can have them at a different physical location 29:31.740 --> 29:35.560 but logically create a LAN, a virtual LAN, 29:35.560 --> 29:36.700 and then put them all on there. 29:36.700 --> 29:40.690 So, physical, your physical location didn't matter anymore. 29:40.690 --> 29:44.780 You could be in a building a mile and a half away 29:44.780 --> 29:47.050 and still be a part of the local area network 29:47.050 --> 29:48.840 for the engineers 29:48.840 --> 29:50.550 and have access to all the resources 29:50.550 --> 29:52.340 that you would need on that network, 29:52.340 --> 29:54.597 and it didn't matter where you physically sat. 29:54.597 --> 29:55.947 That was the benefit of it. 30:01.210 --> 30:04.860 Layer three, talked about this already, routing protocols. 30:04.860 --> 30:06.420 Oh, that's a good one. 30:06.420 --> 30:07.560 I'm not gonna get too deep into this 30:07.560 --> 30:09.783 'cause I don't think you need to know it anymore. 30:09.783 --> 30:11.940 When we talk about protocols, 30:11.940 --> 30:15.700 there's a difference between a routing protocol, I-N-G, 30:15.700 --> 30:18.820 and a routed, E-D, protocol. 30:18.820 --> 30:20.453 Anybody remember the difference? 30:22.920 --> 30:27.920 A routing protocol is a protocol that works at layer three 30:28.250 --> 30:31.240 that will tell you how to get from one point in the network 30:31.240 --> 30:32.550 to another one. 30:32.550 --> 30:34.970 There used to be one called RIP, 30:34.970 --> 30:37.740 Routing Information Protocol, RIP, RIPv2. 30:37.740 --> 30:40.920 There's also OSPF, open shortest path first. 30:40.920 --> 30:44.170 There are many, IGRP, EIGRP, there's a bunch of them. 30:44.170 --> 30:47.460 The point is a routing protocol maps the network. 30:47.460 --> 30:49.720 It lets you know how to get from one point to another. 30:49.720 --> 30:53.410 A routed protocol is a protocol that carries data. 30:53.410 --> 30:55.773 TCP is a routed protocol. 30:56.610 --> 30:58.950 It carries the actual data. 30:58.950 --> 31:00.330 That's the difference between routed and routing. 31:00.330 --> 31:01.570 So, when you see routing protocol, 31:01.570 --> 31:03.103 they're talking layer three. 31:05.290 --> 31:08.183 This is kinda weird, they, in the network layer, 31:09.470 --> 31:11.750 allows larger networks, reduce congestion. 31:11.750 --> 31:13.610 It says prevents switching loops. 31:13.610 --> 31:15.930 That doesn't make any sense to me, where they put that, 31:15.930 --> 31:18.580 because a switch isn't at the network layer. 31:18.580 --> 31:19.480 What layer is that? (chuckles) 31:19.480 --> 31:21.510 A switch is at data link layer. 31:21.510 --> 31:22.770 It's a layer-two thing. 31:22.770 --> 31:25.840 And actually, the thing that stops these loops, 31:25.840 --> 31:29.670 these switching loops, is a protocol called STP, 31:29.670 --> 31:30.990 Spanning Tree Protocol. 31:30.990 --> 31:33.420 Spanning Tree Protocol, you run in your switch 31:33.420 --> 31:34.850 to keep it from creating loops. 31:34.850 --> 31:36.330 I'm not quite sure why that's there, 31:36.330 --> 31:38.180 but all right, whatever. 31:38.180 --> 31:40.703 At least, now, you heard it from somebody else. 31:42.840 --> 31:44.453 Routers, here we go. 31:45.750 --> 31:49.270 Separating broadcast domains, very good. 31:49.270 --> 31:50.953 Separating subnets, yeah. 31:53.050 --> 31:56.000 Communicate with other routers, yeah, all that's true. 31:56.000 --> 31:58.514 Nothing particularly sexy here. 31:58.514 --> 32:00.533 We talked about routers already. 32:04.460 --> 32:06.380 Now, they wanna switch gears on us 32:06.380 --> 32:08.790 and talk about IP packets. 32:08.790 --> 32:10.270 This is one of those funny things 32:10.270 --> 32:14.570 that, if you talk to a network engineer, 32:14.570 --> 32:17.110 they're gonna get a little bit persnickety with you as well 32:17.110 --> 32:18.410 on your language. 32:18.410 --> 32:21.130 People tend to say, they'll say, like, 32:21.130 --> 32:22.970 oh, yeah, like packet sniffing. 32:22.970 --> 32:25.130 This is one of the famous things they call it, 32:25.130 --> 32:26.880 packet sniffing. 32:26.880 --> 32:28.160 Network engineers hate that 32:28.160 --> 32:30.230 because there is no such thing as packet sniffing. 32:30.230 --> 32:31.530 It doesn't exist. 32:31.530 --> 32:32.740 The reason it doesn't exist 32:32.740 --> 32:34.340 is because what you're talking about 32:34.340 --> 32:39.290 is you're talking about sniffing information off the wire. 32:39.290 --> 32:41.280 Well, packets aren't on the wire. 32:41.280 --> 32:44.170 Packets are a layer-three phenomenon. 32:44.170 --> 32:46.850 It's part of an IP packet, that's layer three. 32:46.850 --> 32:48.250 Well, we're talking about layer one. 32:48.250 --> 32:49.410 What's on layer one? 32:49.410 --> 32:50.610 - Bits. - Yeah, bits. 32:50.610 --> 32:52.880 Binary digits, zeroes and ones, 32:52.880 --> 32:55.870 but it's constructed in what's called a frame. 32:55.870 --> 32:58.790 Frames are actually built in layer two 32:58.790 --> 33:00.510 and then dropped down onto layer one 33:00.510 --> 33:03.290 and are sent via electrical signals. 33:03.290 --> 33:07.623 So, technically speaking, you're not packet sniffing. 33:08.640 --> 33:10.270 Most people will know what you're talking about 33:10.270 --> 33:13.610 but a network engineer will just give you a hard time. 33:13.610 --> 33:14.950 Here, you have a packet. 33:14.950 --> 33:16.630 That's what it's called. 33:16.630 --> 33:19.200 At layer three, you have packets. 33:19.200 --> 33:21.973 At layer two, you have frames. 33:23.370 --> 33:25.667 There's the payload, which is the data, if you will, 33:25.667 --> 33:27.090 and then of course, there's a header. 33:27.090 --> 33:28.980 There would also be a trailer but it's not there. 33:28.980 --> 33:30.680 There's also a trailer. 33:30.680 --> 33:33.670 There's this idea of TTL or time to live. 33:33.670 --> 33:35.900 Anybody know what TTL or what, 33:35.900 --> 33:40.040 what utility do we use and it uses TTL? 33:40.040 --> 33:41.533 What's TTL all about? 33:44.040 --> 33:46.540 Time to live is a setting inside the header 33:46.540 --> 33:50.080 that allows you to... 33:51.360 --> 33:53.610 It deprecates every time it goes through a hop. 33:53.610 --> 33:56.240 Anytime I say the word hop, it means router. 33:56.240 --> 33:57.803 It's a layer-three term, hop. 33:59.130 --> 34:01.503 If I wanted to know, let's say, 34:02.430 --> 34:03.930 let's say you're a server, 34:03.930 --> 34:06.400 you're cisco.com's web server 34:06.400 --> 34:10.100 and I wanna know how many hops, 34:10.100 --> 34:13.340 how many routers do I have to go through to get to you. 34:13.340 --> 34:16.750 There's a command you can run called tracert. 34:16.750 --> 34:19.310 It's usually T-R-A-C-E-R-T. 34:19.310 --> 34:21.560 It looks like tracert, but it's trace-route. 34:21.560 --> 34:25.637 What you can do is you can type in tracert, space, 34:26.535 --> 34:29.970 www.cisco.com, and you hit enter. 34:29.970 --> 34:32.410 What it does is it creates a packet, 34:32.410 --> 34:35.410 it's like, I think it's an ICMP packet, as a matter of fact. 34:36.740 --> 34:39.770 It sets a time to live of one. 34:39.770 --> 34:42.110 What happens is, that means, one means 34:42.110 --> 34:44.980 go to the first router you get to and then die, 34:44.980 --> 34:47.040 and let me know that it's dead. 34:47.040 --> 34:48.790 So, it goes to the first router, 34:48.790 --> 34:50.260 it goes, boom, and it dies. 34:50.260 --> 34:52.290 It comes back and it says, I made it to this router 34:52.290 --> 34:53.980 and it tells you the name of the router. 34:53.980 --> 34:58.360 Then, you create a new packet but you set the TTL to two. 34:58.360 --> 35:01.370 And then it goes to the first one, deprecates it by one, 35:01.370 --> 35:03.218 and then goes to the second one and dies 35:03.218 --> 35:04.420 and gives you that information. 35:04.420 --> 35:08.040 So, it keeps doing this until it gets all the way out to you 35:08.040 --> 35:10.620 and it'll show you the whole route, trace route, 35:10.620 --> 35:13.290 traces the route of which routers you go through. 35:13.290 --> 35:14.123 I don't know if any of you guys 35:14.123 --> 35:15.070 are connected or anything now 35:15.070 --> 35:18.420 but if you pull up a command prompt and do tracert, 35:18.420 --> 35:19.830 you'll be able to see that. 35:19.830 --> 35:21.650 That's what TTL's all about. 35:21.650 --> 35:23.930 It deprecates the time to live by one 35:23.930 --> 35:26.690 so that every time it hits a hop, it deprecates one, 35:26.690 --> 35:30.017 and then eventually gets to wherever you want it to go. 35:30.017 --> 35:31.858 - Maybe. - Hopefully, yeah, right? 35:31.858 --> 35:32.691 Maybe. 35:32.691 --> 35:34.223 - [Audience Member] So, this will figure out 35:34.223 --> 35:36.260 where our router's failing, too. 35:36.260 --> 35:37.093 - Oh, without a doubt. 35:37.093 --> 35:38.700 Yeah, absolutely, 'cause then you can find out, 35:38.700 --> 35:40.860 it's got an interface down or something like that 35:40.860 --> 35:42.924 'cause it didn't get past it. 35:42.924 --> 35:46.415 (audience member speaks faintly) 35:46.415 --> 35:47.950 Okay, ICMP. 35:47.950 --> 35:50.980 We've talked about ICMP a few times. 35:50.980 --> 35:52.750 Mainly, 'cause we've talked about it with ping, 35:52.750 --> 35:53.650 as a great example, 35:53.650 --> 35:55.720 just talked about it again with tracert. 35:57.860 --> 35:59.803 Echo request, echo reply. 36:01.190 --> 36:02.023 Oh, I like doing that to people. 36:02.023 --> 36:05.150 Have you ever been on, like, Instant Messenger or something 36:05.150 --> 36:06.130 and somebody goes, ping. 36:06.130 --> 36:09.550 They type in the actual word, ping, to get your attention? 36:09.550 --> 36:11.560 Every time they do that, when that happens to me, 36:11.560 --> 36:13.840 I type in echo reply just to screw with them 36:13.840 --> 36:15.370 and, you know, see if they're paying attention. 36:15.370 --> 36:17.303 But yes, I'm here. 36:18.260 --> 36:19.810 You can get different messages. 36:21.320 --> 36:24.420 I told you about an attack yesterday. 36:24.420 --> 36:29.420 There was a reflective denial of service attack 36:29.730 --> 36:34.200 that I told you about that utilized ICMP via ping. 36:34.200 --> 36:35.853 What was the name of that attack? 36:37.562 --> 36:40.705 It was a reflective denial of service attack. 36:40.705 --> 36:43.350 - [Audience Member] Distributed denial of service? 36:43.350 --> 36:45.150 - [Presenter] Kind of, sort of, yes. 36:45.150 --> 36:46.600 Either one is fine. 36:46.600 --> 36:48.885 I'll give you a hint: little blue people. 36:48.885 --> 36:49.850 - Smurf. - Smurf! 36:49.850 --> 36:51.010 - [Presenter] Smurf, that's right. 36:51.010 --> 36:52.490 Smurf was the attack. (audience members chuckling) 36:52.490 --> 36:55.520 Now, there's another attack that's an old attack 36:55.520 --> 36:58.370 but it's really nifty the way this thing worked, 36:58.370 --> 37:00.080 that used ICMP. 37:00.080 --> 37:01.530 Do you remember the names? 37:01.530 --> 37:02.980 What was the name of the document 37:02.980 --> 37:04.470 that I told you you would have to go to 37:04.470 --> 37:06.480 if you wanted to understand the engineering 37:06.480 --> 37:08.173 behind certain protocols? 37:09.220 --> 37:10.513 You would go look at the? 37:11.390 --> 37:13.313 They're managed by the IETF. 37:14.310 --> 37:17.743 They're called RFCs, which stands for-- 37:17.743 --> 37:20.166 (audience member speaking faintly) 37:20.166 --> 37:22.080 - (chuckling) Yeah, I can't have you 37:22.080 --> 37:24.010 forgetting the other crap, right? 37:24.010 --> 37:25.163 Request for comment. 37:26.871 --> 37:28.840 There was an attack a long time ago. 37:28.840 --> 37:30.290 I think it was pretty nifty. 37:30.290 --> 37:33.303 It was called LOKI, L-O-K-I. 37:34.310 --> 37:37.280 The LOKI attack was neat and here's why it was neat. 37:37.280 --> 37:39.930 What it did was, basically, you would end up 37:39.930 --> 37:44.040 with this trojan horse virus or the trojan horse program, 37:44.040 --> 37:44.873 and you would double-click on it 37:44.873 --> 37:46.740 and it would run in the background. 37:46.740 --> 37:49.937 Let's say, as an example, it would have a listener in it, 37:49.937 --> 37:52.410 and the listener would have a list of banks 37:52.410 --> 37:53.680 and their websites. 37:53.680 --> 37:55.790 When you opened up a browser and went to, like, 37:55.790 --> 37:58.262 www.bankofamerica.com, 37:58.262 --> 38:00.880 (fingers snap) that listener would recognize that bank 38:00.880 --> 38:02.340 and go, oh, I'm paying attention now, 38:02.340 --> 38:03.870 let's see what happens here. 38:03.870 --> 38:05.323 You bring up the website. 38:06.350 --> 38:09.240 You then type in your username and your password 38:09.240 --> 38:10.490 and you hit enter. 38:10.490 --> 38:12.230 The listener records that. 38:12.230 --> 38:13.740 It gets your username and password. 38:13.740 --> 38:15.130 Now, here's the really cool part. 38:15.130 --> 38:16.347 Here's what LOKI did. 38:16.347 --> 38:20.780 The cool part was it would take your username and password 38:20.780 --> 38:23.640 and the first thing it would do is it would encrypt it, 38:23.640 --> 38:25.940 protecting confidentiality, 38:25.940 --> 38:29.190 so that only the hacker can know what it is. 38:29.190 --> 38:30.023 It would encrypt it. 38:30.023 --> 38:31.800 Now, the problem is the hacker's not local. 38:31.800 --> 38:34.130 The hacker's out om the internet somewhere, 38:34.130 --> 38:36.440 so it had to get that information to the internet 38:36.440 --> 38:37.820 or out to the internet to the hacker. 38:37.820 --> 38:39.350 How did it do that? 38:39.350 --> 38:42.340 It created an ICMP packet 38:44.120 --> 38:48.160 and it put the destination IP address. 38:48.160 --> 38:50.320 The source IP address was your computer. 38:50.320 --> 38:52.990 The destination IP address was the hacker's computer 38:52.990 --> 38:54.540 on the other side of the world. 38:55.470 --> 38:58.880 And then, it would take the encrypted username and password 38:58.880 --> 39:03.880 and shove it into the data segment of the ICMP packet, 39:05.820 --> 39:07.200 and it would send it out. 39:07.200 --> 39:08.650 Now, here's the thing. 39:08.650 --> 39:09.640 Remember, I told you, 39:09.640 --> 39:11.500 the people who created these protocols, 39:11.500 --> 39:13.616 were they security people or were they engineers? 39:13.616 --> 39:14.570 - [Audience] Engineers. 39:14.570 --> 39:15.870 - They were engineers. 39:15.870 --> 39:17.900 One of the things they did when they created ICMP, 39:17.900 --> 39:20.540 they said, yeah, you use it, you set the flags, 39:20.540 --> 39:21.800 and that's all you do. 39:21.800 --> 39:24.900 Yeah, there's a data portion, but nobody uses it. 39:24.900 --> 39:26.240 There's no need for it. 39:26.240 --> 39:28.520 The hackers knew that, that it existed, 39:28.520 --> 39:31.060 so what they did was they put that encrypted traffic 39:31.060 --> 39:32.800 in the data portion, 39:32.800 --> 39:34.940 and then they set the flag and the header 39:34.940 --> 39:39.940 and said, okay, I'm gonna send an ICMP echo request 39:40.740 --> 39:42.573 out your firewall. 39:43.560 --> 39:46.040 Now, I'm a firewall admin, and here it comes, 39:46.040 --> 39:47.600 and I happen to see this traffic. 39:47.600 --> 39:49.870 I see an ICMP echo request 39:49.870 --> 39:52.390 destined for some IP address out there. 39:52.390 --> 39:54.863 What utility do I probably think they're using? 39:56.520 --> 39:59.173 Why would you send an ICMO echo request? 40:00.160 --> 40:00.993 What's that? 40:01.870 --> 40:04.580 What utility do you do to find out 40:04.580 --> 40:06.223 if another computer's up and running? 40:06.223 --> 40:07.540 (audience members talk over each other) 40:07.540 --> 40:08.620 Ping. 40:08.620 --> 40:09.990 You do ping. 40:09.990 --> 40:13.540 A ping uses ICMP echo request, 40:13.540 --> 40:15.880 so when a firewall admin would see that, 40:15.880 --> 40:18.070 they would go, oh, somebody's pinging a computer 40:18.070 --> 40:19.610 out on the internet. 40:19.610 --> 40:20.560 No. 40:20.560 --> 40:22.100 All they're doing is sending 40:22.100 --> 40:24.130 their (chuckling) username and password out the firewall, 40:24.130 --> 40:26.630 and it just went out and you had no idea. 40:26.630 --> 40:28.890 So, that's a pretty nifty attack. 40:28.890 --> 40:31.330 That's a great example of how attackers 40:31.330 --> 40:33.320 will utilize a protocol 40:33.320 --> 40:36.150 in a way that it's not intended to be used 40:36.150 --> 40:38.130 but doesn't break any rules. 40:38.130 --> 40:40.470 There's nothing that says you can't put data 40:40.470 --> 40:41.920 in the data segment. 40:41.920 --> 40:44.210 It's not impossible; there's just no need to. 40:44.210 --> 40:45.900 Engineers aren't-- (audience members shouts) 40:45.900 --> 40:48.730 Oh, it got, well, they would eventually get caught 40:48.730 --> 40:52.010 because of the different firewall generations 40:52.010 --> 40:53.140 that we're gonna go over. 40:53.140 --> 40:55.120 Eventually, there was a firewall 40:55.120 --> 40:59.290 called an application protocol, an application proxy, 40:59.290 --> 41:02.100 and what would happen is the application proxy, 41:02.100 --> 41:03.700 it works at layer seven, 41:03.700 --> 41:05.460 and layer seven means 41:05.460 --> 41:08.010 that it could get all the way down to the data segment, 41:08.010 --> 41:09.990 and since it was a proxy and it understood 41:09.990 --> 41:13.040 how ICMP was supposed to work, 41:13.040 --> 41:15.610 it would examine that and go, what the, is this? 41:15.610 --> 41:16.877 Why is there data in here? 41:16.877 --> 41:18.430 And it would stop it. 41:18.430 --> 41:20.160 So, you had to have an application proxy. 41:20.160 --> 41:22.410 But before that, (chuckling) you didn't stop it. 41:22.410 --> 41:23.463 (fingers snap) Gone. 41:25.390 --> 41:26.540 Pretty cool attack. 41:26.540 --> 41:27.573 - [Audience Member] Dang. 41:30.470 --> 41:32.470 - All right, we get to talk about wireless stuff. 41:32.470 --> 41:33.923 This'll be fun. 41:36.520 --> 41:38.380 Wi-Fi signals. 41:38.380 --> 41:40.330 In general, it's probably just a good idea 41:40.330 --> 41:42.760 to know these levels, in terms of the gigahertz, 41:42.760 --> 41:44.623 2.4, 5, and 60. 41:46.230 --> 41:50.250 As you get higher in the power, in the gigahertz, 41:50.250 --> 41:51.590 you get shorter and shorter, 41:51.590 --> 41:52.490 oh, that was cool. 41:53.451 --> 41:54.520 - [Audience Member] I know, right? 41:54.520 --> 41:57.231 - Yeah, then there was light. 41:57.231 --> 41:59.040 (audience members chuckle) 41:59.040 --> 42:01.010 As you get higher in the gigahertz, 42:01.010 --> 42:03.170 your range gets shorter and shorter. 42:03.170 --> 42:07.460 So, you can see, like 2.4, relatively long range, 42:07.460 --> 42:09.870 all the way up to 60, really high data rate, 42:09.870 --> 42:11.150 you can pass a lot of stuff, 42:11.150 --> 42:12.800 you just (chuckling) can't do it very far. 42:12.800 --> 42:13.990 You can't even get through walls, right? 42:13.990 --> 42:15.330 Does our Wi-Fi go through walls? 42:15.330 --> 42:16.780 Of course, it does, normally. 42:17.700 --> 42:19.440 I remember when all these things started coming out. 42:19.440 --> 42:21.470 Remember how it used to get all mixed up? 42:21.470 --> 42:23.210 They had 900 megahertz and all this stuff 42:23.210 --> 42:24.337 before they got to the gigahertz, 42:24.337 --> 42:28.400 and you had baby monitors and Wi-Fi competing in your house. 42:28.400 --> 42:30.300 You had to say, okay, I'm gonna buy a phone system 42:30.300 --> 42:32.900 but my phone has to be at 2.4 if, you know, 42:32.900 --> 42:35.378 or at 5 if this needs to be at 2.4. 42:35.378 --> 42:36.578 It was just a nightmare. 42:39.290 --> 42:40.123 - [Audience Member] Now, your (speaking faintly) 42:40.123 --> 42:41.717 goes through your Wi-Fi (speaking faintly). 42:43.730 --> 42:44.680 - Yeah, absolutely. 42:48.070 --> 42:52.010 These antenna types, nothing really sexy here. 42:52.010 --> 42:55.223 The flat patch is just a really wide-angle one. 42:57.450 --> 42:58.810 Do they have parabolic in here? 42:58.810 --> 43:00.654 I don't see it in there. 43:00.654 --> 43:02.633 Oh, the yagi, yagi antenna. 43:02.633 --> 43:05.804 You ever seen those antennas that they have a long rod 43:05.804 --> 43:09.070 and then a bunch of parallel bars that come across it? 43:09.070 --> 43:10.759 That's a yagi antenna, it's a more-- 43:10.759 --> 43:12.390 - [Audience Member] They do have parabolic in there. 43:12.390 --> 43:13.223 - [Presenter] What's that? 43:13.223 --> 43:14.643 - [Audience Member] They do have a parabolic. 43:14.643 --> 43:15.865 - [Presenter] Do they have parabolic in here? 43:15.865 --> 43:17.150 - [Audience Member] Yeah, dish-shaped parabolic. 43:17.150 --> 43:18.150 - Oh, dish, yeah, there it is. 43:18.150 --> 43:19.600 Dish-shaped parabolic, right? 43:20.530 --> 43:22.440 It has a nice, little narrow cone 43:22.440 --> 43:25.270 but it has a good, long range 'cause it's kinda focused. 43:25.270 --> 43:27.280 And some of the homemade antennas that people do, 43:27.280 --> 43:29.710 they'll use like Pringles cans and stuff like that 43:29.710 --> 43:30.993 to really focus it. 43:33.400 --> 43:34.710 I guess you just got a lot of free time 43:34.710 --> 43:36.614 to play with that stuff. 43:36.614 --> 43:38.265 - Must be nice. - Yeah. 43:38.265 --> 43:39.833 (chuckling) Yeah, right, free time. 43:40.850 --> 43:42.170 Network convergence. 43:42.170 --> 43:43.320 Okay, this is kinda cool. 43:43.320 --> 43:44.690 This is just saying, 43:44.690 --> 43:47.150 this is kinda like teeing up things like IOT, 43:47.150 --> 43:48.160 the internet of things, 43:48.160 --> 43:50.963 and operational technology and things. 43:52.526 --> 43:55.870 You know, we talk about storage and HVAC, 43:55.870 --> 43:58.600 surveillance, industrial systems, SCADA. 43:58.600 --> 44:00.480 All these different things are coming into play now, 44:00.480 --> 44:01.940 and with the internet of things 44:01.940 --> 44:03.870 and all these different sensors, 44:03.870 --> 44:06.250 you've got this kind of convergence 44:06.250 --> 44:10.320 of operational technology and monitoring of systems. 44:10.320 --> 44:12.740 Think about, aw, shit, like how about Nest? 44:12.740 --> 44:16.020 The little Nest thermostat things? 44:16.020 --> 44:17.660 Yeah, you've got that. 44:17.660 --> 44:19.280 You've got smart fridges now, 44:19.280 --> 44:20.590 you got all this other stuff. 44:20.590 --> 44:21.960 And while it's kinda cool, 44:21.960 --> 44:23.330 it's little bit dangerous, too, man, 44:23.330 --> 44:25.260 'cause you're definitely opening yourself up. 44:25.260 --> 44:27.530 There's a lot of vulnerability still there. 44:27.530 --> 44:28.470 Somebody was saying something. 44:28.470 --> 44:29.650 Wasn't there something in the news recently 44:29.650 --> 44:31.620 about some Nest thing that got compromised 44:31.620 --> 44:35.170 and somebody was talking through it 44:35.170 --> 44:36.470 or recording something? 44:36.470 --> 44:38.610 There was like a mic in there 44:38.610 --> 44:39.750 that they didn't know was in there 44:39.750 --> 44:41.370 and they were recording like, you know, 44:41.370 --> 44:43.370 from whatever was in the house. 44:43.370 --> 44:44.700 There was all kinds of weird crap. 44:44.700 --> 44:46.940 Our TVs now, you gotta worry about that, too, right? 44:46.940 --> 44:49.970 All these TVs that are connected now to the internet. 44:49.970 --> 44:51.993 I'm like, well, if anybody wants to watch me at home... 44:51.993 --> 44:53.390 (presenter scoffs) (audience members chuckling) 44:53.390 --> 44:54.620 Dude, sick bastard. 44:54.620 --> 44:56.289 Knock yourself out. - Oh. 44:56.289 --> 44:57.881 (audience member speaking faintly) 44:57.881 --> 44:59.222 (audience member chuckles) 44:59.222 --> 45:00.055 - [Presenter] VoIP. 45:00.055 --> 45:01.070 Voice over IP. 45:01.070 --> 45:02.610 Pretty popular now. 45:02.610 --> 45:04.930 When VoIP first came out, though, 45:04.930 --> 45:07.250 you gotta think about how weird this was 45:07.250 --> 45:09.960 because we were used to, 45:09.960 --> 45:12.480 anybody remember what POTS stands for? 45:12.480 --> 45:14.150 - [Audience Member] Plain old telephone system. 45:14.150 --> 45:15.430 - [Presenter] Yeah, plain old telephone system 45:15.430 --> 45:17.913 that was just over a copper wire. 45:18.781 --> 45:20.759 God, I'm dating myself now. 45:20.759 --> 45:24.204 All that stuff I was thinking about. 45:24.204 --> 45:25.037 - [Audience Member] You keep saying that 45:25.037 --> 45:26.238 but I know what you're talking about. 45:26.238 --> 45:27.210 - [Presenter] (chuckling) Yeah, yeah, well, 45:27.210 --> 45:29.080 you're dating yourself, too. (all chuckling) 45:29.080 --> 45:31.780 But, you know, plain old telephone system and copper wires 45:31.780 --> 45:33.170 and all this other fun stuff. 45:33.170 --> 45:35.180 Well, then we decided, hey, wouldn't it be cool 45:35.180 --> 45:40.180 to pass voice over IP, internet protocol? 45:40.220 --> 45:41.530 And that's great, but then 45:41.530 --> 45:43.920 there's a whole host of security issues there, right? 45:43.920 --> 45:46.940 'Cause now, if you're sniffing wire, 45:46.940 --> 45:48.290 and you're sniffing packets, 45:48.290 --> 45:51.230 you can listen in quite easily on somebody's conversation 45:51.230 --> 45:52.930 'cause it's not protected. 45:52.930 --> 45:55.120 People do it now, they'll set up voice over IP 45:55.120 --> 45:58.086 on a dedicated VLAN, they'll encrypt the traffic, 45:58.086 --> 45:58.923 and there's a lot of things you can do. 45:58.923 --> 46:00.640 You can do it now, it's fine. 46:00.640 --> 46:05.256 But in the beginning, that wasn't the case. 46:05.256 --> 46:06.923 - [Audience Member] One of them is combined, too. 46:06.923 --> 46:09.673 We just upgraded ours last month. 46:10.733 --> 46:13.255 The way it works is they patch (speaking faintly) 46:13.255 --> 46:14.732 and then a VoIP phone, 46:14.732 --> 46:17.580 and then from the VoIP phone to the PC. 46:17.580 --> 46:18.413 - Okay. 46:18.413 --> 46:19.589 - [Audience Member] So, everything is 46:19.589 --> 46:20.680 run through (speaks faintly). 46:20.680 --> 46:23.130 - Now, are they encrypting that traffic, though? 46:23.130 --> 46:24.020 Yeah, I would imagine they would 46:24.020 --> 46:27.390 'cause that would be dangerous as hell if they weren't. 46:27.390 --> 46:29.270 I remember, this isn't related to VoIP, 46:29.270 --> 46:30.300 it's something that happened, 46:30.300 --> 46:31.890 just talking about convergence 46:31.890 --> 46:35.960 and cool stuff that happened in the past. 46:35.960 --> 46:38.940 There was a problem about, maybe it was, 46:38.940 --> 46:40.820 might've been eight years ago or so. 46:40.820 --> 46:42.610 I think it was Bank of America. 46:42.610 --> 46:44.560 They had a problem with all their ATMs. 46:45.440 --> 46:48.480 ATMs used to run on their own network, 46:48.480 --> 46:49.630 their own type of network. 46:49.630 --> 46:51.480 It wasn't an IP network. 46:51.480 --> 46:53.473 Well, then they brought them on to a regular IP network 46:53.473 --> 46:54.634 and then all of a sudden realized, holy crap, 46:54.634 --> 46:56.300 (chuckling) there's gonna be a lot of problems here. 46:56.300 --> 46:59.760 So, just moving stuff over to IP isn't always the answer. 46:59.760 --> 47:02.110 VoIP works well now. 47:02.110 --> 47:03.840 Also, there were big issues in the beginning 47:03.840 --> 47:05.477 with VoIP, too, around QoS. 47:09.130 --> 47:13.230 Voice conversations are really funky about latency. 47:13.230 --> 47:15.000 They don't like latency, right, 'cause then, 47:15.000 --> 47:17.740 you, start, (stuttering) like that. 47:17.740 --> 47:20.320 So, you had to make sure that VoIP traffic 47:20.320 --> 47:23.930 had a higher QoS, so it would, of higher priority, 47:23.930 --> 47:25.970 so that it would go ahead and get there first. 47:25.970 --> 47:29.130 That was definitely one of the big ones with VoIP. 47:29.130 --> 47:30.560 The other one that was funky, too, 47:30.560 --> 47:32.380 do you remember all those services, 47:32.380 --> 47:34.450 I'm trying to think of the names of them, 47:34.450 --> 47:37.351 where you could have an IP phone at home 47:37.351 --> 47:39.788 and then, but you could take it anywhere you wanted? 47:39.788 --> 47:40.910 - [Audience Member] The magicJack. 47:40.910 --> 47:42.650 - Yeah, that kind of a thing. 47:42.650 --> 47:44.390 Well, one of the weird things about that 47:44.390 --> 47:45.617 was one of the things you were supposed to do 47:45.617 --> 47:48.940 was you were supposed to register that number 47:48.940 --> 47:51.180 with your physical location, 47:51.180 --> 47:53.990 because if I lived in Orlando, as an example, 47:53.990 --> 47:55.850 and I'm using my phone at home 47:55.850 --> 47:57.490 and that's all fine and dandy. 47:57.490 --> 47:59.890 But if I take that thing and I go to Seattle 47:59.890 --> 48:01.580 and all of a sudden I have that phone 48:01.580 --> 48:03.540 and I have a heart attack and I call 911, 48:03.540 --> 48:05.400 guess where the ambulance is showing up. 48:05.400 --> 48:07.430 Showing up in (chuckling) Orlando, right? 48:07.430 --> 48:08.450 That's problematic, 48:08.450 --> 48:11.250 so we definitely had some problems there, too, 48:11.250 --> 48:12.100 in the beginning. 48:13.050 --> 48:18.050 SCADA systems and all types of different control systems. 48:18.280 --> 48:21.120 SCADA's all the electrical grid and everything, 48:21.120 --> 48:22.360 industrial control systems. 48:22.360 --> 48:24.060 These are all coming together now. 48:28.000 --> 48:28.950 Gotta protect them. 48:29.980 --> 48:31.750 Network storage. 48:31.750 --> 48:33.683 Nothing terribly sexy here. 48:34.710 --> 48:36.000 I'm not too worried about RAID yet. 48:36.000 --> 48:38.670 We'll talk about that stuff a little bit later. 48:38.670 --> 48:41.110 The DAS or the directly attached storage 48:41.110 --> 48:42.670 that's up there on the far left, 48:42.670 --> 48:44.630 that's just really a bunch of internal drives 48:44.630 --> 48:45.770 on that system. 48:45.770 --> 48:48.240 And then you've got NAS next to that, 48:48.240 --> 48:49.850 network attached storage, 48:49.850 --> 48:52.100 which is, again, a bunch of drives 48:52.100 --> 48:55.710 with kind of a special appliance that it's a part of. 48:55.710 --> 49:00.230 It's still kind of just assigned drives for different users. 49:00.230 --> 49:03.820 And then you've got the storage area network on the end. 49:03.820 --> 49:06.000 The thing about a SAN that's cool, though, 49:06.000 --> 49:09.150 is that it's a little more flexible in terms of, 49:09.150 --> 49:12.060 you don't have to have everything formatted 49:12.060 --> 49:13.510 specifically for the user. 49:13.510 --> 49:15.863 They can format it and store whatever they want on it. 49:15.863 --> 49:17.840 It's a little more flexible that way. 49:17.840 --> 49:21.320 Whereas the DAS and the NAS is really just gonna be 49:22.160 --> 49:24.900 regular formatting, NTFS or whatever you're using 49:24.900 --> 49:26.203 in storing of files. 49:28.560 --> 49:30.543 All right, let's see if you guys learned anything. 49:32.210 --> 49:33.930 Oh yeah, gotta put these in the right order. 49:33.930 --> 49:34.763 Okay. 49:34.763 --> 49:36.690 From bottom to top, not top to bottom. 49:36.690 --> 49:38.070 Bottom to top. 49:38.070 --> 49:39.460 Physical? 49:39.460 --> 49:41.120 - Data link. - Yup. 49:41.120 --> 49:42.150 - [Audience Member] To... 49:42.150 --> 49:44.344 - [Presenter] And then call out the name. (chuckles) 49:44.344 --> 49:46.000 - [Audience Member] Transport. 49:46.000 --> 49:48.310 - [Presenter] So, physical, data link, what's next? 49:48.310 --> 49:49.727 - Network. - Yup. 49:49.727 --> 49:51.220 - Transport. - Yup. 49:51.220 --> 49:52.350 - Session. - Yup. 49:52.350 --> 49:53.552 - Presentation. - Yup. 49:53.552 --> 49:55.600 - Application. - Yup. 49:55.600 --> 49:57.090 Did we get them all? - Yeah. 49:57.090 --> 49:57.923 - Think so. 50:04.860 --> 50:05.993 Let's see. 50:07.336 --> 50:08.403 Oh, we didn't even talk about this. 50:08.403 --> 50:09.950 They didn't even have this in the materials. 50:09.950 --> 50:11.360 I'm not sure why. 50:11.360 --> 50:14.140 What kind of WAP is designed for use 50:14.140 --> 50:16.860 with a central WAN controller? 50:16.860 --> 50:20.030 The answer is, it's gonna be thin, it's gonna be D. 50:20.030 --> 50:22.700 The idea being that if you have a central controller, 50:22.700 --> 50:25.130 you don't need something with a lot of horsepower 50:25.130 --> 50:28.890 and CPU ability on the end, just like thin clients. 50:28.890 --> 50:31.570 If you remember that from, like, mainframe days? 50:31.570 --> 50:32.877 You would have a mainframe computer 50:32.877 --> 50:35.090 and a bunch of thin clients. 50:35.090 --> 50:37.170 They were just used for connectivity purposes. 50:37.170 --> 50:40.070 That's the same thing here with the wireless access point. 50:43.880 --> 50:48.760 What happens to a non-tagged frame on a VLAN trunk? 50:48.760 --> 50:50.680 Oh, yeah, okay. 50:50.680 --> 50:54.263 This is something, again, not really a part of this, per se. 50:55.980 --> 50:57.930 Let me draw a little picture over here. 51:02.187 --> 51:04.100 Just so at least you can visualize this. 51:04.100 --> 51:05.053 I think it'll help. 51:18.790 --> 51:21.450 These are two enterprise switches. 51:21.450 --> 51:22.760 I don't really like that term 51:22.760 --> 51:24.520 because the reality is it's both a switch 51:24.520 --> 51:26.233 and it does routing as well. 51:27.530 --> 51:30.940 What they're saying is that if you have a bunch of ports 51:30.940 --> 51:34.523 and you're connecting VLANs, this is all about VLANs, 51:35.560 --> 51:36.960 you have a bunch of ports 51:36.960 --> 51:38.950 and you're making a VLAN out of it, 51:38.950 --> 51:42.190 then to make sure those can communicate 51:42.190 --> 51:44.140 to other VLANs over here, 51:44.140 --> 51:45.500 you have to have a connection here 51:45.500 --> 51:46.923 that's called a trunk port. 51:49.075 --> 51:50.630 VLANs use tagging. 51:50.630 --> 51:54.790 I think it's 802.1Q, if you look that up. 51:54.790 --> 51:57.190 802.1Q, that sounds right. 51:57.190 --> 51:59.963 I triple-E 802.1Q is VLAN tagging. 52:01.290 --> 52:04.170 You always have a tag for whatever VLAN you're on. 52:04.170 --> 52:07.710 VLAN 10, VLAN 11, doesn't matter, there was a tag for it. 52:07.710 --> 52:09.730 What they're saying is that, 52:09.730 --> 52:11.240 wherever that question went. 52:11.240 --> 52:13.140 - [Audience Member] What happens to non-tagged? 52:13.140 --> 52:16.150 - [Presenter] Yeah, if you have something that's non-tagged, 52:16.150 --> 52:20.020 it'll just go to what's called the default VLAN, 52:21.720 --> 52:24.200 which is whatever's on, the VLAN on the trunk there. 52:24.200 --> 52:26.210 - [Audience Member] So, it's forwarded to the trunk. 52:26.210 --> 52:27.840 - Yeah, forwarded to the native VLAN, 52:27.840 --> 52:29.630 whatever that happens to be. 52:29.630 --> 52:31.490 Basically, if you have traffic 52:31.490 --> 52:33.960 that doesn't have an identifier of where it should go, 52:33.960 --> 52:35.270 it goes to the default place 52:35.270 --> 52:37.944 and the default place is the native VLAN. 52:37.944 --> 52:40.133 VLAN 0, or whatever they wanna call it. 52:45.290 --> 52:47.270 What protocol would an echo request, 52:47.270 --> 52:48.560 oh my god, if you don't get this right, 52:48.560 --> 52:50.320 I get to throttle you. 52:50.320 --> 52:51.530 Echo request. 52:51.530 --> 52:53.161 - C. - B. 52:53.161 --> 52:53.994 - There you go. 52:55.671 --> 52:57.321 (audience members chatter) Ping. 52:59.650 --> 53:02.010 Which storage option is just a refinement 53:02.010 --> 53:03.700 of traditional file servers? 53:03.700 --> 53:05.180 Yeah. 53:05.180 --> 53:07.770 The traditional file servers is the DAS, 53:07.770 --> 53:10.460 and then the next one over is NAS. 53:10.460 --> 53:12.000 It's the same thing, basically, 53:12.000 --> 53:15.013 but now it's just a little bit, 53:15.013 --> 53:15.962 a little bit more scalable. 53:15.962 --> 53:18.200 - [Audience Member] DAS isn't even on our paper. 53:18.200 --> 53:19.033 - DAS? - Oh, really? 53:19.033 --> 53:20.540 - [Audience Member] DAS. 53:20.540 --> 53:22.863 - DAS is-- - Not on my paper. 53:22.863 --> 53:24.941 (audience chattering) 53:24.941 --> 53:26.274 - [Presenter] A? 53:27.130 --> 53:28.790 - It's not an answer. - It's not a choice? 53:28.790 --> 53:31.187 - [Audience Member] It's not a choice, it just has three. 53:31.187 --> 53:32.020 NAS is there. 53:32.020 --> 53:34.457 I mean, iSCSI, NAS, and SAN are there. 53:34.457 --> 53:35.630 It's just DAS isn't on there. 53:35.630 --> 53:36.463 - [Presenter] Oh. 53:36.463 --> 53:37.296 It's 'cause, see, we don't even talk 53:37.296 --> 53:38.786 about that kind of stuff anymore. 53:39.630 --> 53:40.463 All right. 53:42.560 --> 53:43.400 Let's see. 53:43.400 --> 53:45.470 Network components, here we go. 53:45.470 --> 53:47.420 You wanna create a point-to-point wireless link 53:47.420 --> 53:48.540 between two buildings. 53:48.540 --> 53:50.720 Your goals are to keep a strong signal 53:50.720 --> 53:52.110 between the two transceivers 53:52.110 --> 53:53.930 while minimizing the area in which, 53:53.930 --> 53:55.150 so that means you want a nice, 53:55.150 --> 53:57.133 narrow type cone, if you will. 53:59.535 --> 54:00.368 - [Audience Member] Monopole. 54:00.368 --> 54:02.480 - [Presenter] Yeah, that one's that directional antenna 54:02.480 --> 54:04.504 that I described, which is a yagi antenna. 54:04.504 --> 54:08.337 - [Audience Member] I thought it's not a yagi. 54:09.620 --> 54:10.960 - [Presenter] Yeah, that's the one that I told you, 54:10.960 --> 54:12.016 it kinda looks like... 54:12.016 --> 54:12.849 - [Audience Member] The little thing? 54:12.849 --> 54:14.523 - [Presenter] Yeah, it looks like this. 54:18.317 --> 54:19.775 Like that, kind of. 54:19.775 --> 54:21.670 - [Audience Member] Point them at each other and boom. 54:21.670 --> 54:23.315 - [Presenter] And boom, yes, boom. 54:23.315 --> 54:27.148 (audience members chattering) 54:31.000 --> 54:33.333 All right, we'll take a break here. 54:35.190 --> 54:38.210 Come back at 10 after the hour, 10 after. 54:38.210 --> 54:40.951 It's 1:54, come back at 2:10, please. 54:40.951 --> 54:43.599 (audience members chattering)