 Hello everyone, welcome to computer science e1. This is lecture for the internet continued So last time what we were talking about we talked about a whole bunch of things related to the internet So we started with a little bit of information on IP addresses and how each IP address is made up of basically four octets We're basically four bytes of information so that each octets as it's so-called or each number in this IP address is One byte of information and can store 256 different values and so total we have about 4 billion IP version for addresses and we talked about how as a result we were sort of running out of IP addresses and in fact the last block has been allocated a couple of weeks ago now But despite that we do actually see that we do have some leeway with these IP addresses through some technologies that that have come out well not too recently but that have existed for a little while and Help us out in this. We'll talk about more about those a little bit later today So another thing that we spent a bit of time on was DNS or the dynamic name system So you might hear DNS referred to in a couple of ways it stands officially for the dynamic name system But a DNS server is is all another name for that could be like a domain name server And so these are all sort of synonyms for the same thing for the same system Which is basically like an address book where you ask you query this server You give this server a Domain name that you want to look up for example cnn.com or harvard.edu or what have you and it will return back to your computer The IP address associated with that domain name and as you might recall There's there can be more than one IP address that can be returned for a given domain name And we give a couple of reasons for that Perhaps load balancing is one of them and for redundancy in case one happens to be unreachable for whatever reason There's a whole variety of reasons why we might want to do that and so just to Talk a little bit more about domain specifically domain is something that looks like this harvard.edu and specifically It's a word or a phrase then a period and then something called a TLD or a top-level domain and the reason that we use these obviously is that it's a bit easier to remember than the IP address of a given website so it's much easier to type cnn.com into our browser than it is to type 64.236.16.20 which at the time that I made the slide happen to be one of the IP addresses that they're using But realize that domains are made up of multiple segments and one of the segments sort of the the most The the broadest segment is found in the far right of this the dots edu and this is called a top-level domain and A while ago probably about 15 16 years ago We there are only a few top-level domains in existence and you're probably familiar with all if not or most if not all of these Including comm.edu.gov.net.mil so on and so forth.net.org But there is this list has been expanded in recent years to allow for top-level domains or to allow each country that exists It's own top-level domain as well So not only do we have generic top-level domains like.com.net.org.edu.mil so on and so forth We also have TLDs that are specific to countries so dot US for example is the top-level domain associated with the United States Dot UK is for the United Kingdom like we saw last week when we did the trace route to Japan We had cnn.co.jp for Japan and there's another one that's actually kind of popular these days Dot TV does anybody happen to know what country dot TV might be from it doesn't actually mean dot TV doesn't actually mean television It's actually it's actually a country code that's represented up here and a small island nation of Tuvalu Actually owns this this domain and somehow they knew they were smart enough to realize that dot TV might actually be relatively popular So they allow you to buy domains within their country within their their top-level domain space So there are registrars there. There's people that own all of the domains with that that are That exists within each of these country codes and that you can you can buy them So some countries have more restrictions than others. I think Italy for example. I think you actually have to Provide some proof that you have a Business or a home there like you actually have to have an address there and some other countries Just do not care quite so much whether or not you use one of their domains and it sort of makes sense I think for Tuvalu that they can capitalize on this and Also because I mean they're so small that most likely not everybody on in that in that nation is going to be using All of the domains that are possible in existence now in addition to top-level domains and In addition to sort of the domain as a whole which we talked about is this Harvard edu There can also be subdomains which are even more specific So whereas top-level domains are sort of the most generic part of the domain and then the remainder part of the domain That's more specific. So Harvard edu sort of organizational You can also have subdomains which within an organization might be used to represent different things So Harvard for example has a variety of subdomains including DCE FAS ECS post law so on and so forth just for all of their various sub organizations that exist within this domain And so the domain name system or the dynamic the dynamic name system when it does all of when it when it is trying to look up The information for this basically what happens is that it looks at the domain that you are requesting for example FAS dot Harvard dot edu and it will first look at the top-level domain And there is a hierarchy of DNS servers The first the top level of which is responsible for a top-level domain So there might be a DNS server Associated with for example dot edu So the very first thing that the domain names server would do is contact this server and say okay Well, I know that I have a top-level domain In dot edu and what I want to know is what is Harvard edu? And so this then might respond with another IP address of another DNS server That's a little bit more specific and in this case it might actually be Harvard's DNS servers So all of these organizations can actually have their own DNS server as well to provide this sort of level of nesting so Harvard DNS server might have one and so they say okay well now This is where Harvard edu exists now We can ask this system where one of these sub domains might actually be like post or FAS And so there's what's important the important takeaway here is that there's this hierarchy There's not sort of one Authoritative DNS server in existence in the internet there. It's very it's very spread out across a variety of DNS servers And in fact when we looked at the configuration the network configuration for my computer We saw that when I connected to the internet and through DHCP I Received a variety of configuration options one of which was my IP address another one was the subnet mask Another was the DNS server that DNS server might belong to Harvard It might actually be this one that actually sort of copies a lot of the information or it doesn't necessarily copy But at least caches a lot of the information so that when I ask the server of What the IP address of say CNN comm might be it will try to figure that out through this hierarchy of DNS servers And remember that answer for a certain level of time before that that record expires and And it will have to go fetch that from that hierarchy of DNS servers So the important takeaway here is that there's more than just one DNS server that exists on the internet It's spread out all over the place and through this hierarchy based on the top level domain than the domain than the subdomain Can we figure out what? What IP address we are actually trying to go for now realize that we can have even further subdomains as well Generally, you don't see much more Hierarchy than this but it is certainly possible to have more than just one subdomain you could have nested subdomain within that as well Now any questions on oh, yes, right? Dot me Let's see. I so that's definitely a top level domain, but I don't know if that's I don't know offhand if that's actually a country code Hopefully my little cheat sheet here. Oh, yeah, it's not me right here is a country code Tld so we would if we wanted to find out which country it was I don't happen to know offhand then a quick Google search would reveal so you could just look for Me country code tld and probably something like Wikipedia or some other resource would be able to tell you what country it's from I'm sorry Something after that indicating if it's an organizational. Oh, so you mean the equivalent of com so so Right, so for example the the domain that we looked at in trace routes last week cnn.co.jp Realize that this breaks down in a similar way There is a j.jp for the the cut the top level domain, which is this equivalent of the dot me that we're talking about But usually there's not anything after or in fact, there's never anything after the top level domain This is the highest level of the hierarchy. Yeah, but so before so this Dot co or this co.jp is actually a domain name So this is probably owned by some company or by some entity that then gives out some domains to this This co.jp or co.uk Domain and so then they can so then this entity so this body whoever happens to be responsible for That's that domain would then be able to give out a subdomain whether it's for purchase or not It's it's sort of unclear probably depends on on the entity itself But then they could then resell or give away these subdomains that belong to this ip so just because this has Something that looks familiar like a dot-com in it or the equivalents of a dot-com. It's it So right so mobile me so mobile me is owned by Apple and they are probably using So I know that let's see. I don't know the I know that they own for example at me dot-com And so that domain is is me.com and and that's that's different. So having a domain name something like I don't know D arm and my you know my username at me dot-com That's different than having something that is that it's like D arm and at Dan dot me Right because the top level domain in each of these is the very last item So dot-com is the top level domain here dot me is the top level domain here Dot me in the case of this address and realize that these addresses translate not only to email addresses But also web pages and anything that that basically has to look up the hostname So this dot me is actually a country code as you can see up here So this is owned by some country and it's possible it might be possible depending on on that country codes policies Whoever runs this this country code that you can as a person that does not live in this country be able to purchase a Domain that has your name dot and me. So that's certainly a possibility and so even though Me.com is owned by Apple. This is something that's a little bit separate just because these are separate domain names Even though they look similar because they both have the word me in them. Yes Okay What is what is the ME country code? So, okay, so who's the who owns it? What's the country code for? Oh, okay So according to Wikipedia and me dot me country code belongs to to Montenegro. And so they can actually It's specific to them except they provide exceptions for a variety of things. It sounds like some blogs Wordpress and some other things that that would allow you to purchase a domain at their country code. Yes Sure Yes, the top-level domains are fixed. You cannot create one that does not exist here there has it has to go through a body that approves all of the top-level domains and so in fact, there's there's been a recent hoopla about Creating a new top-level domain for porn sites and they've been saying oh, what should the top-level domain be for that if anything at all? And so they've been going back and forth about that sort of thing and it's it's sort of this long thing that that's been drawn out Just for just for something awfully specific. Yes Is the country related in any way to its location or IP so? Well, yes, I mean So I'm having a hard time answering that question because obviously a country is located somewhere Geographically, oh the DNS server itself So not necessarily so each of these So really it's not it's not necessarily the domain name servers responsible for each of these top-level domains They don't necessarily have to exist within the countries themselves. I imagine most of the larger countries would actually host their own Their their own DNS servers, but it doesn't have to be the case just by the way that the internet works This is only a mapping to IP addresses and and that's that separation allows any IP on You know on the internet to be able to use or to be able to be a DNS server if one is Set up to be that way Yes There is no one overarching DNS server for the top-level domains So if you enter a yes So when you go to something like Harvard edu for example what the basic steps are yet your computer asks The whatever DNS servers configured on your network configuration What's the IP address of Harvard edu is if that DNS server happens to have that answer cached Then it will return that immediately but if not because say Harvard edu is not a domain that's looked up very frequently then it will look up the The top-level the the DNS server that's responsible for that top-level domain So there's a list of of DNS servers There's sort of this authoritative list that maps top-level domains to an IP address That's meant to be this authoritative list for each of these top-level domains But it's not the case that there's one big server that hosts all of them They're probably splintered all over the place and probably a variety of them hosts multiple Top-level domains as well any other questions. Yeah Who decides the top-level domains? I forget off-hand. There's some Internet governing body. I don't know if they're elected or if they're selected by a committee I don't really know to be honest, but they're I believe so I believe they are international But I don't know the details about it. I just know that there does exist this body that that defines what are allowed Country or what are allowed top-level domains and in fact, I think just recently they now allowed non Latin characters So for example now top-level domains can include For example Chinese lettering and and I think also some some Arabic I believe those are those are the two major ones. They probably have some other ones as well and That was sort of an interesting An interesting update that they did to the top-level domain system for the top to the top-level domains That exists right now. So there are actually more Tlds that are listed on this slide as well Okay, so So don't forget so there's in a domain you have something that looks like Harvard edu or CNN comm Or anything like that and then of course you can have the top-level domain Which is the furthest right aspect of that and you have the generic top-level domains comm edu gov mil not Nets rather or again all the country codes that exist as well and in addition There's a variety of new ones as well like dot MOBI that's supposed to represent mobile dot museum dot name There's just a whole bunch of generic Tlds Not all of which have actually caught on these days And of course you can also make it a little bit more specific as well and have a domain that looks like or has That includes a sub domain as well. In fact something that a lot of people tend to do Not a lot, but what some people tend to do is they try to play tricks with the The domains that exist and they try to make words out of the combination of subdomain and domain and And country code as well. So for example, there is a service called delicious, which looks like this is Yes, and so this is just this is an actual domain name that includes the DEL subdomain in the ICIO Domain and the US country code, but all together it actually looks like it's a word And so this is something that's interesting that some people now try to do Quite often I think but some of the the most useful country codes Like dot it for example from from Italy a lot of those are actually Difficult to obtain a domain from unless you actually happen to be living there But so just be aware that all of this stuff still takes Still takes effect even if we have something that looks like this and even if we have a lot of sort of Crazy things in front of this so realize that we could have another Another domain in fact, this is something that's sort of relevant to internet security Let's say that we had something that looked like this. So Harvard dot edu dot Bad guy dot com Harvard dot edu dot bad guy dot com so what is this domain if I were looking at a website On this domain Harvard edu dot bad guy dot com. Does this mean that I'm on Harvard's website? No, it doesn't just because that is listed as a subdomain to bad guy dot com So this is actually the site that owns this subdomain Harvard So Harvard edu in this case is just a subdomain to this full domain here that includes bad guy Com and in fact there's you'll see this a lot You'll see that especially in in phishing emails and we'll talk more about phishing in the security lecture But in emails that try to obtain your Your username and password to various sites even though these sites do not belong to you know Even though these sites are not who they say they are they might try to use a trick like this where you can look at it And say oh Harvard at edu is in the is in the front part of the URL So this must mean that it is in fact Harvard's website That's just something to watch out for that they can use tricks like this to change the domain name Or to make it look like it's a different domain name than it actually is Okay now in order so in order for us to start talking a little bit more about some of the nitty-gritty in Internet and the networking we do have to talk about a couple of important Relationships first of all a lot of the things that we've been talking about follow this model the sort of client server model And this model is is very much like when you visit the web page Your computer is the client and you are requesting a web page from a server and Generally a server is something that we think of as being as big Machine that has a lot of hard drives and it's very loud is very noisy It's very expensive something like what we see at the very top here. That doesn't necessarily have to be the case In fact server Really can change meanings depending on the context. So my computer even though It's just sort of a tiny little laptop couldn't in fact be a server for a certain number of services The same thing with my phone, you know, it's just the phone It can also be a server it can actually host it's possible to host webpages So even though we talk about servers you really have to think about it in context. What does Server in this context actually mean now most of the time almost all of the time when we're talking about a client server Relationship we are actually referring to this where your client is the client is in fact your computer and the server is some big machine That exists elsewhere on the internet But there exists also another model as well that we can actually that's actually relatively popular and that's peer-to-peer And so both of these in effect act as both clients and servers that both of these machines are sort of Communicating with each other and so really the idea of a client and server is that with the client a client is usually Requesting data from the server so the server has a whole bunch of data whether it be a web page Or well any variety of information that you want like this DNS server has a whole bunch of Host mappings from domain name to IP address. There's a variety of other servers as well FTP server and we'll talk some more about that mail Mail servers all of this sort of stuff. So all of these things have content that your computer wants So you are the client requesting content from the server And so really peer-to-peer then is you sharing content with each other and peer-to-peer was really much more popular Especially in the days of Napster and Kazan all these other File-sharing sites where this was this model is actually much more popular But this actually continues to this day with more modern protocols like bit torrent and and instant messages that are or That actually open a direct connection between one computer another in these cases These are actually peer-to-peer Machines now in each of these cases realize that it's it's possible for every machine And especially servers to operate services on a variety of ports So what this means is that one machine one big computer sitting somewhere can operate a variety of servers So what I mean by that is that there could be one machine responsible for say serving websites And that same machine could also be responsible for say providing email and it also could be responsible as a DNS server It could also do file sharing could do a whole bunch of things and so one machine then is in essence multiple servers So this is what I mean where the context it really depends on the context of the word server in this case We're using the word server to mean it's serving an actual Protocol it's actually serving something that we want to connect to whereas we could also call the the actual machine itself a Server because it is in general a server that's serving up all of this content It's providing all these things so again really don't get confused by the fact that we're using server in a variety of different ways It's just that it could mean either something like we could be referring to a machine in general like a generic server machine Or we could be referring to us actually providing Protocol or us actually providing some service on that machine Now in any case a server can actually provide all of these different services through the use of ports and of each machine Can actually have a variety of ports from zero to I think about 65,000 536 or so something like that and what each of these those ports allow you to do is to connect To a server operating on this machine off of that port So we we have a whole bunch of services that we have just been Just been talking about so for example HTTP is where is the sort of protocol that we would use for webpages FTP is something that was popular especially more more years a few years ago for transferring files Pop three I map though these two are both used for email for example So all of these are just the names of different types of protocols or different types of services that a machine Can provide and a machine can't actually provide a service on the same port That wouldn't make a lot of sense if I tried to connect to a server that was operating a Web server for example and on the same port that's all that server was also operating an email server for examples That wouldn't it wouldn't know what to respond to it wouldn't know What exactly is going on and so this is why we have ports is that it allows us to use? Multiple services multiple protocols on one machine without the machine getting necessarily confused So a variety of these protocols actually operate on known ports, so HTTP for example almost always operates off of port 80 Almost always I map and pop three that actually changes all the time sometimes you will see I think 25 and sometimes 487 and some other ones as well But each of these are ports that are sort of commonly used ports for each of for for IMAP and and pop three SSH secure shell that allows you to create a secure connection between your computer and a server and to issue some Commands to it that usually operates off of port 22 so just all of these things can operate operate off of these sort of known ports, but Nothing is stopping these services from operating off different ports as well But before we talk more about that realize that each of these protocols are Use this concept of clients and servers So if a server is going to be hosting one of these if a server is actually going to support this protocol Then that machine has to be running some software on it that acts as a server for one of these protocols And almost all of the time will this protocol operate off of this port and so when we're talking about ports Think about it sort of Let's see so if a serve if a if a server is providing a Service so one of these one of these protocols for example like IMAP or HTTP for webpages or FCP to share files Then we can imagine that there's we want to actually Provide each of these services in different places so an analogy for this might be something like I don't know like a marketplace For example, so you when you actually go to a market or when you go to a mall you can actually find out each of the each of the Stores in that mall is operated out of a different location. It's the same sort of idea We wouldn't want all of these stores in one location like you have to go in there It's it would just be sort of a big mess But you can look up in the in the map for example You could look up where each of those Services are located and then you can go to that specific location and retrieve That that data or that that thing that you actually want to purchase And so this is sort of a weak analogy for what the port actually is as well So we have we can operate servers on different ports just to allow our machine to run a variety of different protocols Off of it and so we can then run all of these various things. So there's a whole bunch of other protocols as well AFP Apple filing protocol bit Torrent boot PDMS DHCP IRC There's secure versions of almost all of these as well. So for example HTTP is the insecure version of Well HTTP it's the insecure way that you would get webpages that operates off the port 80 Whereas HTTPS the secure version which where you would actually connect to say a banking website or anything like that Actually operates off of a different port 443 and so you can actually contact each of these servers dependent on the protocol that Actually exists and so just to give you an idea of what I mean realize that in almost all cases Can we visit a web page and not only specify for example? It's Not only specify its domain name, but we can also specify its port number as well So for example if I wanted to visit computer science One net I can also specify the port number that I want to Contact in this case in a URL and almost in almost any time when you can enter in a domain name You can enter in a colon and then the port number after that We talked about how HTTP almost always operates off of port 80 And so what's going to happen when I hit enter on my browser is it's going to look almost exactly the same as We've seen before when I hit enter We're just going to expect the web page to load in fact after a few moments. We see that it does in fact load So what this means is that we have on whatever machine is hosting this web page? There is a web server operating off of port 80 Yes 443 uh-huh So in this case yeah, no, so you notice that it went to HTTPS That's because we actually forward all HTTP connections to HTTPS to be secure So I can also go to to sort of prove the same point I can go to computer science one dot net But notice now that the protocol is HTTPS at the very beginning I can go to 443 and you will see that the same thing results So I go basically to the same the same web page. Yes HTTPS yes, it is technically a different protocol just because it's the secure version of it It is it it encrypts the information going both ways But once you go beyond the encryption then it's essentially the same protocol But for all intents and purposes because it's encrypted we can consider it to be unique The other questions now a lot of times what you might see if you're visiting a website that's sort of hosted by a small company or by some Somebody that's Just sort of trying to host their own website You might actually notice that the URL is not hosted off of the typical ports And so sometimes other ports that you might see are 8080 Just as an example and that's just another port that couldn't that can exist that a rather web Server can exist for you to contact now in this case if I were to hit return We're not actually running a web server on port 8080 So it's going to happen is probably it's going to eventually time out I hope and it won't actually load up this page So notice that it's saying it's connecting to computer science one net But now it's connecting to that port specifically and because there's no server operating off of port 8080 on Our on our server computer science one net nothing is going to happen eventually It's just going to time out But it is possible to specify that you want a web server to run off of a different port And this is useful because if you don't actually own the machine that you are that you're running so for example Let's say that you are running you you are on a shared machine with some other people as well Then chances are you can't actually run a server on ports lower than about a thousand or so And so using a very high numbered port like 8080 Does you do circumvent that issue and also you didn't hear it for me a lot of ISPs actually filter They actually block Servers that are running so let's say you are sitting at home and you decide oh, I want to run my own web server You certainly could do that But most ISPs actually block incoming connections at low port numbers And so by running a web server at a high port you can sometimes get a get around that same limitation This isn't something that I recommend just because if they catch you most ISPs frown upon you running your Own web page your own you running your own web server, but it is something certainly possible that can happen Okay, so now you can see that the request is timed out That just because it tried to connect to computer science one net to port 8080 and no server actually exists on that port at all And so that's what is is allowing this or that's what brings up this specific thing this specific problem Right here now realize that this is relatively low level when we are talking about ports We're talking about a pretty low level thing. This is sort of on the same level as Nearly as as IP addresses and so when we are up when we are asking our computer to Contact a DNS server for example It's contacting a DNS server and it's doing it off of a specific port or when we ask our computer To connect to a web page even though we usually don't type port 80 It's implied that most of the time unless we are an HTTPS Are we going to be visiting a web page hosted by that computer on port 80? But the HTTP protocol all of these protocols actually Communicates in an entirely different layer. So all of this stuff that we've been talking about Basically implies a different set of layers for all of this data So at the very low level is this actual physical connection that exists between say your computer and The and your router so in the case of my computer, I'm not Connected using a an Ethernet cord, so I'm just using wireless So this means that the link is basically the the wireless waves that exist between my computer and the access point that exists Down below, but this same link can actually be a physical connection as well It can be a satellite connection like we've talked about in all these other things build upon these actual links these actual connections So the next thing above that would be the internet. So for example of IP addressing So actually providing an IP address actually exists one level above that just because we are then using the link to communicate in this world of IP addresses and IP addresses all the stuff communicates in packets basically all of the Requests that we that we are issuing whether it be to a web server to a DHCP server to a DNS server Anything to a mail server doesn't really matter what it is it all boils down to breaking up our request into packets and our packets are then Put into this sort of IP layer and sent off into the world and at the very top of this hierarchy And this is a simplified version of these of this TCP IP model that exists There's actually seven or so layers depending on the on the model that you're looking at But the very top layer is the application The application are these protocols that we had just talked about before so FTP HTTP. I'm at pop FTP let's see SSH SNTP all of these other things DNS DHCP all of this rests on top of these lower level things all these rely upon the first The physical link that exists between your computer and the router or the internet at large and then on top of that It relies on the IP address and the packets that are broken up At our at the request of our computer when sending this data from one point to another and on top of all of this Are these protocols and each of these protocols allow computers to basically just send very simple commands from one to the next? So let's break this down just a little bit So we've talked about how when I am when I open up my computer and I first connect to the internet There's a variety of things that happen sort of behind the scenes the first thing is I actually Caused a link to be to be started whether that be a Wi-Fi link or whether I am physically connecting an ethernet cable to my computer It really depends on on my mood and and what's appropriate for my computer and the internet connection at the at my particular location So let's say that I first accomplished that link by say turning on Wi-Fi and connecting to the Harvard Wi-Fi Network that exists then after that my computer does not yet have an IP address It needs an IP address recall that all computers on the internet require IP addresses to be able to send data from one place To the next and to retrieve data from from a server for a server more specifically to send data back to our computer All computers have to be addressed with this IP address So my computer uses this protocol called DHCP which operates at this sort of low level and it says okay I want an IP address and so there's a DHCP server somewhere that exists somewhere in the network and it replies not only with an IP address That my computer can use but it also replies with a variety of other useful things that we talked about last week like the DNS server the subnet and The first router that my computer should use when trying to send a message out to the internet Now once all of that has done then I can start to to actually send some data So for example, I actually want to visit the web page like computer science one net or CNN calm And so when I enter in that information all of this stuff relies on the sort of the previous Layers that exist before it. So let's say that I visit a web page Just as an example that web page is sending back some data to me And that data is just going to be in in very simple form Just something like just some text that I'm not quite sure what it is yet Just because the server hasn't sent it to me now What happens at the very low level is that all of that data is broken up into packets all Requests that are sent over the internet are broken up into packets so that they can be sent in relatively small chunks So I have here actually a demo of what this is going to be like So pretend that I am a server and somebody here is actually computer and you as the computer have requested some information from me So I've actually received your request. I've processed it. I've determined what sort of data I actually need to respond with and I've actually created that data on a sheet of paper And so it's my messages over here So now what I'm going to do is I'm actually going to rip up me as the server and I'm actually going to rip up This information into a variety of packets and this packet will be sent To the receiving computer in a variety of in this case envelopes, which is just an analogy for this packet So realize that we have a response and this response can be big But this response is sent to us in Quantized packets and relatively small packets and all of these whether it be a big message or whether it be a small message It's always sent to us in these packets So I'm gonna need a volunteer somebody who doesn't mind giving me either their real name or their fake name Nobody yeah, well, so you can stay there. You know, you don't have to come up here or anything I just need to know either your name or a name of fake name just Jonathan okay, so what I'm doing now is I am actually writing. I'm addressing these packets And so in this case, I'm pretending that that the name Jonathan is actually an IP address And so what I am doing then is I'm actually creating a set a series of packets with the response with the request Or with the data rather that I want to send to Jonathan And so a packet is actually a pretty complicated thing There's a lot of little bits and pieces of information associated with it Don't worry about all of this junk basically realize that packets include just the basic level of information Including who would this is to so in this case this these sets this series of packets is to Jonathan and it also includes who it's from so in this case it's from Dan and Also another thing that it includes are numbers the numbers of the packets So in this case you'll notice that I have three packets here and there are numbers sequentially This is packet one of three. There's packet two of three and there's packet three of three So now I have broken down this request or this response rather into a variety of these small packets that I can now Send over the internet and so basically what's going to happen is I'm going to just pass it along to my router Well, it's gonna be my router real quick So basically I'm going to pass these along to my router and my router will decide what is the best route to send these packets So basically all you need to do is just pass them along and preferably you will decide that You will pass one along and decide that that route is no longer good So just sort of distribute the three packets everywhere And so basically what should happen is that these packets They're being passed from router to router each router is looking at to the destination of this packet And then that router should then decide to pass it along to the next destination That will be closer than to ultimately Jonathan So this is essentially what we've been talking about yesterday where or not yesterday two weeks ago Where what we wanted to do was break down send these requests over the internet from router to router to router Each of these are hops. So all of you that are participating in this are actually a hop in this larger internet Okay, so would you mind in the purpose would you mind actually tearing up the packet? So you yeah, just tear it up So you are a bad router and you have decided that you don't like this destination or this packet So you've actually torn it up. Okay, so that's good. So let's continue continue passing along all of the packets It doesn't matter. I like yeah, no, you don't have to pass along the torn up packet So just for some reason let's say that that router doesn't actually have a connection anymore Let's say that router has become dead for whatever reason if through any variety of means a packet can be lost at some point Just like we have lost one here. We don't know which one quite yet But that is why we have actually numbered each of these packets by the time Jonathan actually Receives all of these packets and you'll notice that we have here a little bit of latency And this is one of the reasons why things also are a little bit slow on the internet because they can actually be taking Perhaps different paths from one router to the next could actually be taking us a little bit of time to pass all of our packets along From one computer to the next but ultimately Jonathan will receive both of will receive all of the packets and you can look at them and say okay These are to me and they are numbered and on these numbers I can see that I have say two of the three of them and Jonathan which one hour are you missing? Three so okay, so basically he responds to me and he says okay I received all packets but number three of three and so me being the computer that initiated the request can say okay Well, that's fine. That's no big deal What I can do is actually recreate that packet and so I didn't know then what's the what packet was going to be lost So I have to recreate the message that's in this packet put it back in here and then Renumber the packet This is packet three of three and again. I have to readdress it to Jonathan So this is to Jonathan from Dan number three of three pass it back to my router And then my router will pass it back to Jonathan and basically what's going to happen Is that now even though this message has been broken down and even though the perils of the internet have caused some of the Message to be lost now what you can do Jonathan is actually open up all the packets and reconstruct the original message based on their Numbering so that they're ordered from one to three and so we can just then recreate this data that I have sent To Jonathan and so basically what he will do is then just open all of the packets and retrieve the data From these packets and reconstruct them based in the original order that I had sent them in because they were remembered Numbered and ordered and so then I know then what the the message is so Jonathan. What is the message? Oh, hello Welcome to the net so that is the message that has been broken apart into basically two words per packet That's that is the message that has been sent to Jonathan And so using this this is how the internet actually works at a sort of low level where we can actually Retake well relatively low level where we can actually even though this message to Jonathan was in English I use this idea of IP packets to send that message along so this message was broken down into packets Addressed with a to address which even though right now was a name But in the in concept of the internet would actually be an IP address It also had a from address so that everybody knows where this message came from as well And all these packets were numbered so that in the end it doesn't matter what order the packets arrive They can be reconstructed in their original order and the original message can actually be received Yes at what point does The client tell the server or vice versa that I have not received the packet That's this is very low level this exists down in the sort of IP level here in this in the set of layers Where it's basically all of this stuff is is Performed by your network card so whether it be an Ethernet card or by your Wi-Fi card all of this all of these packets are received And there's a certain timeout that exists There's a certain amount of time that's a card will wait for all of the packets that it expects If one has not been received in that time then it will respond to that initiating server and say okay I'm missing packet n of 15 or what have you and it will actually then get Rescent over the internet's until all of the packets have been received So this is a pretty low-level thing most of the time you're never going to see any of this stuff You're never going to know what order packets come in But this is important to realize that your request and it doesn't matter what sort of request It is whether it be to a web page whether it be to an email server whether it be to file a file transfer protocol All of this stuff is broken down into these small packets and sent over the internet from one router to the next in this manner Yes, I'm not quite sure what you mean if there's two different servers that it's two different computers that go to the same domain No, it's it's the the request the data is not broken up in the same way It really depends on what the contents of that data are So I suppose if you are responding with the same data over and over and over again Then sure those packets will probably look the same because that data has not changed and there's probably not much randomness in terms of Packing one of these packets and in fact the packets have a very well-defined size where they can they can maximally be So large and so they'll fill up a packet up to that much and then move on to the next packet and fill up that packet So I suppose it's possible that or it seems probable In fact that if you are sending the same data over and over and over again Then it's sort of the same packets over and over and over again, but what will be different then are the two address And well mostly the two address. They'll be just addressed to different to different IPs on the on the on the internet Any other questions? Okay, so with all of that said realize that now things like HTTP These are actually protocols and these can actually The way that this works is is a much higher level. It's much higher up this chain of layers But realize that all of this stuff that we talked about in terms of protocols is then broken down into these packets Whether it's a DNS request whether it's an HTTP request It's still broken down into packets and sent to the appropriate IP address But when we talk about protocols in actual application like an email or a web page Then there's a separate concept Related to protocols all together for example if we hijack The the HTTP headers as it's called we can actually see the actual protocol Between my computer and a server when I'm looking at a web page So for example when I go to HTTPS computer science one net slash and then a whole bunch of other stuff at the end My computer actually has to initiate a request from my computer to the server So first of all, how does it know what server it is? What is well, okay, let me rephrase that question. What is the server in this top request that's highlighted right now? Right computer science one dot net, but more specifically. It's WWW dot computer science one dot net So WWW is usually a subdomain that most web pages actually operate off of doesn't necessarily or operate off Doesn't really matter if that WWW is there in the case of our computer in the case of our server We actually forward requests that come in for computer science one dot net only we forward them over to WWW computer science one dot net that's sort of an uninteresting or rather a not really necessary Implementation detail so okay, so my computer knows that it has to contact WWW computer science one dot net in fact That's the host thing that you see here now these this text that you see After that sort of space in my request. This is the request that my computer sends to that server My computer looks up the IP address of WWW computer science one dot net it then has the IP address of that server Then it connects to that server on what port because this is HTTP Port 80 right so it connects to computer science one dot net rather WWW computer science one dot net on port 80 then a connection is established and remember all of this stuff That's happening is happening over I is happening over packets, but we don't care about that That's at a much lower level than what we're looking at right now Then I begin my request this very top line get slash 2011 slash spring slash main underscore page HTTP slash 21.1 Now this request actually Specifies to the server a variety of things first of all you can see that I'm trying to get a Web page I'm trying to get the contents of a web page Next the very next thing that you see is the page that I want on this server in this case It's slash 2011 slash spring slash main page Right and you can see that that's part of the request at the very top just without the server because we're already connected to that server We don't have to specify that next after that we see that it says HTTP slash 1.1 this is the protocol that my computer is actually using to communicate with this server We are actually using the HTTP 1.1 protocol. We're telling that to the server so the server knows okay If I support HTTP 1.1, which it does then I will respond in the HTTP 1.1 version 1.1 protocol now my request that isn't actually done I can actually send a variety of other things as well for example host. I'm telling it and this This may seem redundant to tell the server that I'm connected to what server I want to get the data from but this is actually important because we talked about how multiple web pages multiple Domains can actually point to the same IP address And so if one computer is a web server, then how does that computer know which which domain you are actually requesting? It's using this This request right here, so I'm actually telling this server Okay, you might have a whole bunch of you might be hosting a whole bunch of other web pages But I want main page from computer science one dot net now my computer now my request continues I give it some information about my computer and this all happens under this under the hood In your web browser the next line is the user agent and the user agent just tells us a variety of things like you'll see what kind of Computer I'm running what version it is. It's a Macintosh running Mac OS 10.6 It's an Intel Mac and in fact if I if I scroll over to the right a little bit You will see that it even tells you what version of a browser. I'm using using Firefox 3.6 point 13 It also tells you what my language is English us en dash us and sort of the left over here So in the user agent string I'm the browser tells the server a variety of information About my computer now some of the other stuff isn't that interesting so we'll skip over this But all of this is still part of the request from my computer to the server. Yes How much of this existed early on in the Internet and how much of this now is is relatively new so I would say I'm sorry Yeah, so I think when Well this protocol is is this text that you see here is specific to the HTTP protocol But I suspect that all of this stuff all of this actually a good number of this is actually optional And this depends on what the server will accept so you will notice that all of these are in the form It's from here on down It's in the form some word and then some and then a colon and then data after that So these are what are this is called a HTTP header so this is information that my computer is sending to the server and Nowadays modern browsers send almost all of this information I think initially we didn't see very much if any of this information except for this sort of thing The actual web page that we wanted it really is up to the the browser and also the server what is sent Back and forth so in this case my browser has decided to send all of this information to the server Now this is my request to the server and now the server says okay processes all of this information It says okay it decides what it wants to do and it sends headers back to me and these headers are actually sent While the or right before the web page is sent so this is the response from the server HTTP slash 1.1 again. That's the protocol 200 Okay, so 200 may not look very May not look very common and that's actually but it's sort of a white lie because 200 is actually the most common HTTP Request or response that you will get from a server just because that means that everything is okay But you have probably seen other ones as well like 404 or 400 or 403 or 500 this is the code that that is referring to this is the code that's returned from the server If you see like HTTP error 404 something like that file not found that is an actual HTTP error code That says that my request my get request cannot be processed because this file that I've requested just does not exist It's not found for some reason. There's a whole bunch of these error codes as well 403 means permission denied and there's a whole bunch of other stuff as well But most of the time you don't see these codes But the most common one is 200 just because you're indicating that okay That file has been found and I can return it to you Now you'll notice there's a variety of information that the server sends to my computer as well like the date the language of the content What sort of server it actually is Apache is actually the name of a web server a very popular web server That exists. It's just that you can download it You can actually run an Apache web server on your own computer You'll notice a variety of other things that relate to the data as well So this is the the actual this is behind the scenes the protocol the HTTP protocol that sent from my computer to the server And this is the response from the server back to my computer And remember that all of this stuff even though this is all text This is still being broken down into packets and being sent over the internet in its in in that small packet form in these small envelopes so to speak and then It's rebuilt by the receiving computer and any packets that were dropped are invisibly requested back from the initiating computer and and and sent back so that we basically get this in the end and Actually, it's it's completely possible to and hopefully I'm not going to mess this up even though. I it's very easy to mess up To mess up live demos here you can actually cause you can actually Communicate with the server directly for in HTTP. So for example, you can open a connection using telnet To www.computerscience1.net on port 80 What will happen is that it says okay? I've looked up I've performed a DNS lookup and I found that the www.computerscience1.net is found at 140.247.63.234 And so now I'm actually connected to port 80. So what I can do is I can actually type a request get slash HTTP slash 1.1 now what gets slash means means that I just want if you were to type a page If you were to type a domain like cnn.com and not type anything after that That's what it's referring to. It's just the default. It's just the blank You know the default thing that we are requesting from them And so what this means is that when I hit enter it's going to return to me Let's see after this it's going to return to me What is going on and so you can see I've gotten an error code HTTP slash 1.1 from the server 400 bad requests and it gives me again the headers, but you can see it down here There's actually a web page and it says that it you can sort of there's a whole bunch of gobbly goop But you can see that it basically says yours your browser sent a request that this server cannot understand So let's retry this request, but instead let's do something that is a More compliant with the specs on this case I'm going to do get slash and then HTTP slash 1.1. They don't need to specify the host www.computerscience1.net I hit enter and then the way that the server knows that I'm done with my request is that I put in a blank space Now you can see there's another response from the server and even though I've Retrieved or I've requested the default page the one at slash normally keep in mind that the default page that you would find is something like index.html or Index.http or not .http.php or .htm all of these are sort of the standard default, but we are using some non-standard Default page just because we're using media wiki. You can see that what it's returning to me is a moved permanently and there is a Different location. It's been moved to some other location. So I can actually then I Can actually if I were to send this I should probably use a different host and I will after the break But we can actually get the actual document that's been requested by my browser So let's take a quick five minute break when we come back. We will keep talking about the internet Hi, everybody So before the break we were talking about the HTTP protocol and how this is built upon Everything that's sort of below it realize that even on top of this protocol There's data that sent to us and we saw all of this data in the form of this sort of like gobbly goop that we saw That's actually html. So html is this file type It's just a text file basically that includes a bunch of tags that look like this and it basically just specifies The content and the layout of a web page and so this is then built even on top of HTTP where the browser and the server use HTTP to communicate to figure out which web page we actually want but when the web page is sent to us from the server It's sent to us over HTTP and of course all the underlying technologies below It's including IPs and packets and all that stuff, but it's sent to us in this html or xhtml They're sort of interchangeable for our purposes in this sort of format That's right here just to show you then the end results if we were to go to say Harvard.edu we would see a page that looks like this. So there's a whole bunch of stuff here. There's text. There's graphics There's colors. There's all sorts of funny stuff But if we were to actually look underneath the hood we could look at the source code for this page This page is made up of just text and it does refer in text to images that the browser can download and display to you But all of these colors in this layout and all of the text that actually appears is because of this sort of right now confusing looking HTML or xhtml Web page and so when we when I sent a request to Harvard.edu because I'm already connected What happened was it then what's the first step in this in this sort of lookup when I want to request the web page from Harvard.edu. What's the very first thing my computer has to do? Assuming I'm already connected to the internet. I already have an IP address all that stuff So I go to Harvard.edu. What does my computer need to do? So almost so before that it has to connect to the server, but how does it know has to do something with the domain? Right, so it does a DNS lookup first so it converts doesn't convert It looks up what Harvard.edu should be in terms of an IP address then it connects to Whatever that IP address is 140.247.something.something at port 80 and then it does that get request initiating this sort of HTTP protocol then after this get request is completed the server then sends back to us a Text file that looks like this and my browser then takes this text file this HTML xhtml file And it actually renders it it displays it on the screen dependent on the rules That that exists when laying out a page like this and this is actually what you will be working on for your final project You'll actually be creating an HTML page. You're not going to have to worry about all the underlying technologies You're not going to have to run your own server You're not going to have to do anything like that But what you will be doing is creating this text file that will be then sent from the server to the client and Interpreted by your browser to be displayed Here on the web browser, so I talked before about how we can sort of fake a Communication with the web browser by using this sort of telnet application So I want to do that again, but show you that now that because now there's no sort of a Weirdness going on with the media wiki, which is the software we use in computer science one dot net I can actually request then get slash using HTTP slash one point one from this server What what didn't you like get? slash HTTP slash one point one host www.harvard.edu and I hit enter twice Then you'll see after a short delay because the server has to process all this information Does it send all of this this document basically to my computer? And so we if I scroll up a bit I think I've scrolled up too much We can actually see also the headers that the server has sent back to my computer as well Hopefully that's gonna come up soon. You can see this is kind of a big page Okay, so this was my initial request get HTTP or rather get slash HTTP 1.1 that was my initial request then the response from the server is immediately blow it HTTP slash one point one two hundred okay Then it's also sends a variety of headers telling me some information about the server and about the page that it's sending me as well So in this case, it's using an Apache server again Like I mentioned this Apache is very popular web server that exists right there x powered by PHP PHP is just a language that's used on the server to generate webpages. We're not gonna have to you don't have to worry about that There's also this idea of cookies and we'll talk more about what cookies are in The security lecture, but basically a cookie is just something that the server can ask your computer to set Just it will just remember this information for a little while so set cookie platform equals computer set cookie page type equals basic So this is these are cookies This is some information that the server is requesting that my web browser actually save Because I'm not actually using a web browser obviously my computer is not going to save this We're just looking at this right now then we can see some other information here as well and below that Does the actual HTTP page begin itself? So you can see that the beginning part says exclamation point doc type HTML This is exactly what we saw in the source code as well at the very top up here Even though Firefox is now making it pretty and coloring it for us so that we can actually see what so this is the Exact same thing so that's sort of a behind-the-scenes of how this HTTP Thing works and so this is an application that is built upon all of these previous technologies That we have in fact talked about so when we are talking about now Sending all of this data from one computer to the next we've talked about a variety of things This is worth repeating because it's important every year I see people get confused between all these acronyms remember that we you don't have to know Necessarily with the acronym stand for just what they do what they mean in the grander scope of things so we talked about DNS What is DNS do basically and that's not this slide, but what is DNS do? DNS Basically the phone book right so we can we can look up the IP address given a domain name or given a specific domain name We will get returned back to us the IP address for a machine DHCP even though this boat they both start with D They do something very different DHCP what this allows us to do is actually perform a request like I need an IP address and There a DHCP server will then send back to us the IP address that we should use Honor all that other information the DNS servers to use the subnet mask the router So on and so forth then of course we have on top of that. We have these IP packets These IP packets are are the data that's actually sent by being broken down all this data is broken down into these packets and sent over the Wire from one computer to the next and routers when routers When data is sent from one computer to the next there's actually a couple of different ways that it can be sent from one to the next And so there's two basic types of technology a hub and a switch and so basically What they do is they allow us to send data from one computer to another computer So for example, let's say we have four computers One is a computer a then computer B C and D and each of these are connected to a switch through saying ethernet Through an ethernet cord for example, and so on a hub and a switch are basically the same thing What happens is that? You you being computer a will want to send some data and this data will of course be broken down into packets and These packets will be sent from computer a to the hub in this case into the switch and each of these devices is responsible For sending this data out to the the computers that are directly connected to it This is different from a router in that a router will send information from one router to the next in order to Send data from one network to another network. This one is meant hubs and switches are meant to be very local So they are what you are directly connected to so a hub for example Is very stupid device and it will just send out everything that it receives to all of the machines that are connected to it and this is not a Very smart thing for a hub to do just because then if I send a request to a machine specifically machine D Then all of the other machines machines B and C will also see they could potentially look at the packets That I have sent out just because the those packets were also sent to these machines as well Whereas a switch and the switch is nowadays much more common when you have a Home router for example that has a variety of ethernet ports in the back This usually acts as a switch where it's actually smart enough to know what is connected to it And it will say okay Well, I am sending a message from a to D so I receive a message from a the switch knows then to send that message to D Instead and so what happens is what if you have a variety of machines that are trying to send data at the same time? So this is a busy network for example You're trying to send data from both a and B to say C and D Respectively so what happens is that this hub then tries to send out both of these things at the same time But what you get is a collision it can't actually do this right if it gets two packets at the same time It just is not going to be able to handle it And so there's there's this there's sort of this delay that the hub tells the computer It says okay I can't deal with this packet right now come back in a later time and I'll try to send it again So the computer will wait a couple of nano milliseconds and then send that packet again Whereas a switch will actually be able to handle with using separate Pathways will actually be able to handle this sort of thing now Why do I mention hubs if they are old technology if we don't actually see them anymore? Well the the analogy of a hub even though we were talking at least in this case about wired computers This extends very well to the concept of access points access points are you know They exist over the the air and all of the data that sent from my computer to the access point and from the access point to my Computer it's just sent out to the air for any computer to be potentially be able to receive and in fact This is something it is actually possible even though most of the time your network card is is configured to ignore Packets that are not addressed to it. You can actually reconfigure your network card to accept all packets And as a result you can actually inspect all of the other things that people are doing You can see all of the packets that are flowing in the air from all of the computers and all of your cell phones that are connected to The Wi-Fi right now It's actually possible for another computer to be in so-called promiscuous mode and yes That's actually what it's called and in print promiscuous mode What it will do is it will just read all of the packets and it will try to reconstruct all of the messages And so it is therefore possible Using an access point because in the same sense as a hub sends out all of this data to all of the machines It's then possible to look at the data that is being sent from one computer to the next and this is something that is That you should actually be concerned about especially if you are on a public network Just because your data can potentially be sent unencrypted now if we were to talk about Some of the specifics to the hardware realize that access points they come in a couple of different speeds usually they're referred to by 802 dot 11 and then some letter indicating the speed and usually the first one was sort of was be that was relatively pokey at 11 megabits per second G was faster at 54 megabits per second and those were sort of compatible with each other you could actually run an 802 11 B network on a or rather an 802 11 B computer on a G network and vice versa then there's a couple of other ones as well a Which operates on a different frequency all together and it's actually pretty fast and the most recent one is n which is 248 megabits per second typically you get about 70 and this is a big increase over our b speeds of 11 megabits per second So just to reiterate we have b at 11 megabits per second g at 54 and at 248 and a which is not really you don't really see that all too much But it's typically around 23 or 54 or rather 54 megabytes or so for a now similarly when we're talking about dealing with these Dealing with hubs and switches usually they're directly connected and with direct connection You usually see the speeds in terms of base T so 10 base T for example refers to 10 megabits per second you might also see a hundred megabits per second or even a gigabit 1000 megabits per second and so even nowadays Can you get very very fast speeds much faster using a direct connection? Especially with a switch and a hub that supports speeds that are that fast and assuming also that your computers can support those speeds as well Much faster than what you can get over an access point as well So we've talked about what a router is a router is is it routes traffic from one network to the next so it's sort of like It's almost like a switch, but it's it has a much Grander scale it's on a much grander scale because it knows where to direct traffic to to direct it from one network To the next network so we've said that for example if we want to send a packet from a Out to the internet then the router knows to send that packet out to the internet as well Now similarly if we were to add some IP addresses and we've talked to Quite a bit about this last week about the subnet mask and how the how the router is then know What is local what machines are local to that network and what machines are considered to be outside of that network? Just by looking at the IP addresses of the machines connected to it and by using the subnet mask can the router then make a decision Okay, I'm trying to send and I I'm trying to send a packet to an IP address of like 24.63.500 not 500.128.32 for example And then the router knows okay that is outside of the subnet which means that it is outside of this network So I'm going to do is direct that packet to the other routers as well So basically we have a few different technologies a switch is basically something that's very local It just is for a couple of directly connected computers to a to a central switch an Access point is something that allows us to connect Multiple machines using Wi-Fi to a wired connection and an access point is basically it's the equivalent of a hub But wireless and in that same analogy that we talked about before and then a router actually directs the traffic from one network To the next now we've talked before and I did a whole bunch of hand waving about oh We're running out of IP addresses But we're probably not really at risk quite yet and the reason that this is true is through this technology called network address Translation and how I mentioned before how a router or how a device a network address translation device can actually have Multiple IP addresses it can have a public IP address that it displays to the internet at large And it can have a private IP address that is used to give Other IP addresses within the local internet so we have here It's basically acts like a bridge between our local private internet and the larger or not Our local private network rather and the larger internet as a whole and that's what this diagram is supposed to show at the bottom Is our sort of private network that we have we have a couple of machines We have one client that has an IP address of 192.168.0.2 for example Then you'll notice that there is actually a Internal IP address for the router 192.168.0.1 So all all requests that my computer sends as the client out to the internet over to the server at 64.236.16.20 Has to go through my router first and through this this it's not really magic But through the magic quote-unquote of network address translation my packet is first sent from my IP address From my computer to this router Then realize that these IP addresses 192.168 their private IP addresses They cannot be referenced from outside the internet from from the internet as a whole They're just not going to be addressable by any by any sense But my router actually has an IP address that belongs to the public or that doesn't belong to but it has an IP address That is addressable by the internet at large So what this router does is it takes this packet that initially had a from field that initially looked like it was from 192.168.0.2 and it changes it to say okay now it's actually from 24.28.4 43 so what this is doing is that it's translating the The addresses from inside to outside so then now because it actually has This this valid IP address can then send the packet to this other server that exists on the internet 64.236.16.20 and what it looks like to this server is that the request came from the router at 24.28.43 so what this means is that when the server replies It's going to reply to the router and it's up to the router The router will then have to figure out and I'm using router in a general sense here router in this in this case Means a home router that includes this network address translation a General router that you would find on the internet may not actually have this sort of network address translation capability But realize that this does exist in home routers So it receives then a packet from 64.236.16.20. It says okay Recently did this computer on my network send out a packet to that server? So it seems in all likelihood that this packet that I got back from the server is then destined for this machine So then it rewrites all of the necessary information and sends the data back to the client So in this way can we have multiple machines? We can actually have another client as well 1 9 2 dot 1 6 8 dot 0 dot 3 and 0.4 and 0.5 and all of these then share in a sense this one IP address that our Router has publicly facing to the rest of the internet and So this then allows us to extend in a sense the IP version for space Just because then we can have multiple machines and this router is smart enough to know where to send all of these requests all Of the data that's destined for it It knows to send it to computer a or computer b or computer c Dependence on the initial requests that these computers had sent out to begin with and so using then again This is network address translation and using this it allows us to extend the the IP version for space just by allowing Multiple computers or multiple machines that use IP addresses to share one publicly accessible IP address Any questions on that? It's sort of an important concept. I think okay now another concept altogether is this use of VPN virtual private networking and VPN Essentially creates a secure tunnel between your computer and another computer on a different network altogether the end result Being that it looks as though to both your computer and to the outside world that you are on Some other network all together and so what happens you can actually use a VPN client and Harvard Actually has a VPN service you can download a VPN client and create a tunnel between your computer and Harvard and what you get As a result is the secure connection where all of the data is secure between your computer and Harvard's VPN server This is actually a very useful thing by the way when I talked about before about how all of the data Sent between your computer on a Wi-Fi network to the access point is actually potentially exposed This is a way that you can protect yourself by using a VPN by using a VPN connection Just because all of this data is safe It's encrypted between your computer and Harvard servers now once it reaches Harvard servers Or once it reaches the VPN server more generally what happens is that data is then decrypted? And then it's at risk again of being of being sniffed by people that are on the same network but the chance of that is perhaps much lower than say you being at a coffee shop and Somebody else just sniffing all of the packets that exist in the coffee shop Just because those packets from between your computer and the VPN server are encrypted you have greatly increased your security You're not completely safe, but you have at least increased the security of your data. Yes The information that if somebody is sniffing your packets the information that they would have access to is Anything that is not encrypted that's sent between your computer and another computer Potentially passwords if they are sent unencrypted if you are going to if you go to a web page And it's not using HTTPS then that data is sent in the clear as it's called It's not encrypted and that data can actually be sniffed Another thing it's actually possible to hijack where it is to do this attack called hijack sessions So let's say that you are already logged in and in this case They don't even have to know your password but they can see that you were logged in to say Facebook or to some other website like that Gmail for example and They can actually do something called a session hijack where they because they're able to see all of the information That's being sent between your computer and the server They can actually then pretend to be you and then take over your your logged in session to Facebook and to And to Gmail now there is a way to protect yourself that one of these ways is to use VPN because you're then creating a secure connection between your computer and the the network and the network that you are connecting to but also if you use HTTPS most all of these concerns go away as well just for whatever pages are HTTPS You are on HTTPS, but there was a tool that came out recently called fire sheep I don't think I have it on this machine, but basically this this tool called fire sheep Didn't make it possible. It didn't show no it didn't Initiate all of these problems didn't show that all of these problems actually existed It just made it much easier to show that these problems actually existed and using this plug-in called fire sheep You can actually sit in a coffee shop and you activate fire sheep And it actually shows you everybody that's logged in or in the coffee shop to Facebook or to Gmail or to what having you can Actually log in as that person. It's actually a kind of scary in a way Just because anybody that's that's using their computer and they're connected to a server in an insecure manner it's very possible for somebody else to hijack that data and Either become you or at least inspect all of the data that's being sent between your computer and the server So again, there's two ways that you can or there's two major ways that you can protect yourself One is to use HTTPS everywhere that you can Facebook and Gmail now both have options that allow you to Encrypt all web pages so in the settings of both of these of both of these pages Can you actually make HTTPS enabled everywhere? So that means that you are then protecting your session from being hijacked from somebody else What might be a little bit more secure because those then using HTTPS is only secure for whatever page you're actually connected to at that moment Using something more general like VPN which encrypts all of the traffic everything between your computer and The and the outside internet This is generally a safer option to use VPN because then if there are any web pages that don't support HTTPS everywhere, then it's a it reduces that problem as well So how do you use VPN? So that is a good question Coming back tying us back to our discussion here So basically you are a computer on the internet somewhere and you have an IP address So let's say that I am this computer on a network 192.168.0.4 and I actually want to connect You know, it's actually the other way around. Let's say I'm somewhere on the internet It doesn't matter what my IP address is and I want to create a secure connection So I download a VPN client and you can do this from a FAS's download page and Depending on your work also you might have a VPN connection available to you But what you do is you establish a VPN connection between your computer and a machine that exists on another network Let's say Harvard's network. What this does is it encrypts all of the traffic between your computer and This other machine this VPN server then what the VPN server then retrieves all of that information Decrypts it and then issues all of those requests on your behalf So basically in essence what it appears is that your machine actually has an IP address on this other network So for example, even though my client could be somewhere else entirely I could actually retrieve this 192.168.0.4 address or Sitting in a coffee shop for example, and I connect via VPN to Harvard I could actually get a 140.247 address and so it appears as though I am on Harvard's network Not only to my computer, but also to other computers as well because then I basically have that IP address From this other network. So it does a couple of things first of all It secures all of the the data that's being sent between your computer and the server somewhere on this network And then the other thing that it does is it makes your computer have an IP address on this other network as well So that you can access local Resources on that network or you can make it appear as though your requests are coming from that computer or from that network itself, which is actually a pretty useful and interesting thing now Realized that there's another type of thing that we can use to protect ourselves In fact most computers have these enabled by default called a firewall a firewall All it basically does is it prevents other computers from contacting ports on your computer So let's say that you have a couple of services running on your machine You may not even realize it just because a number of computers actually have some services like Windows file sharing enabled by default Especially older Windows machines a firewall will actually prevent other computers from connecting to your computer at specific ports and in fact This is a very good way of securing servers as well You can create a firewall to block all ports except whatever Services happen to be available. So let's say it's a web server only you could block all ports except port 80 Just as an example so then any requests that come into other ports will be ignored or just dropped altogether now realize that We're talking about a whole bunch of Different devices, but when we refer to home routers home routers actually include a wide variety of services Not only are they routers in the sense that they will pass information from your Internal network to the outside world to the next router as well, but they are also DHCP servers They're also switches. They're also access points because you can connect to them using Wi-Fi They are also sometimes there'll be DNS servers, but not usually So DHCP so that your computer will actually be able to retrieve an IP address from the home router as well other things include a firewall so that it blocks all non All port access to your computers and also network address translation So all of these technologies are rolled into what we know as home routers Includes all of these technologies to give us in the end the effect that we desire and that effect is to have when we open Up our computer we connect say via Wi-Fi to the access point, which is this home router then via DHCP There's a DHCP DHCP server that each of these routers have and so then they will assign our computer in IP address and and a DNS server as well and Because this these routers use NAT use network address translation This IP address won't be an IP address from the outside world But it will be a private IP address and the routers will then very be very smart about Converting from or translating from the public IP address to the part the private IP address that they have given you As well and so if you have a multiple machines connected to it via an ethernet Via actual cabling then it's also acts as a switch between all of these machines as well So home routers do a whole bunch of things. They're not simple devices They're actually pretty complex in that they can support all of these technologies and all of these And all of these services as well Now finally One of the last thing that's important to talk about is our actual pipe is our connection to the computer or Our connection between our computer and the internet as a whole and we talked a little bit about ISPs and ISP is just an internet service provider and There's ISPs can really vary in terms of their quality and also how fast of a connection They can give you between the outside world and your computer itself And so how many of you remember these CDs that a well would actually pass out So yeah, so these were and these become coasters for a great many of us and back in the 90s But basically a well was just an ISP It was an internet service provider where you would use a dial-up connection You would initiate a link to the internet using a dial-up connection Whereas nowadays typically what you would find our DSL or cable connections from from your home router to the to the to the ISP and Additionally, we might also find other ISPs in mobile devices as well like AT&T and Verizon both Allow internet access on their phones And so they are in essence ISPs because they provide internet to your phones over the airwaves over these 3g connections And those are like we mentioned before a little bit slower even though generally what's slow about them is their latency They have very very high latency so recall the difference between latency and speed is that latency is the delay that That it takes between my request be sent from my computer and the Response to be received from the server generally the latency on the mobile devices is very very high Even if once the connection has been established, it's relatively fast Of course not the fastest thing in the world But once the connection has been established, it's also generally relatively quick So one of the things that I think is useful to to remember from all this are the different layers that all that the internet actually Exists in and think about what happens when we actually sit down and we open our computer when we open our computer what we want to happen as we as We connect to the internet and actually Visits a web page, but until next week when we have our first exam. Oh, yeah, don't forget next week I didn't say this on camera next week is our first exam It is actually cumulative it includes all of the material up through and including this lecture And it is going to be we're also going to have a review session this Friday from 5 30 to 7 30 in Emerson 108 is that right and then that will also be filmed and placed online and the the Exam is one week from today and will be the I believe the duration of the of the class time. Yes The formats will it will be a mixed format you can expect true false multiple choice long answer diagrams all sorts of stuff on The exam itself so with that good luck with your studies and we will see you next week