 All right folks All right, let's get started today. We'll do a recap of the sign-up for Keep track of every interesting thing that I saw How many people discovered that you could anybody could edit a gaza post I mean The other trick that people use this after they discovered or ever they would then switch the note for the question Whatever to private so it's just to us the instructors, so I have all of these posts with insane history The Really interesting thing that I saw so was it true that if you made a follow-up post to a post that nobody else could Use a class of all defense mechanisms You would say look in the comments for this and then the follow-up discussion would have your actual keys everything Let's see other cool thing that I hadn't seen before was people Hating videos of themselves going like those weird. I mean not weird But the interesting thing was seeing people try it's like submit both their real and their adversarial to get Like prove that they're trustworthy by giving you their adversarial Let's see oh this other great post so this I Saw this and I think I've redacted all the names of all the people here because I can see your Cool, so this was I was signing people's keys And the really funny thing is that You all chose to a lot of you chose to pose anonymously when you were actually being truthful But then everyone else doesn't believe what you're saying because you're posting anonymously particularly in this case I This one's good. Yeah. Yeah I Actually don't know if it's the same person if it was a coordinated team of people commenting on it anonymously Yeah, so that's super interesting because of course if you had gone to my website you can see that this is not my public key So this is the hash of my public key. It's on the website. You could have imported it and checked that I Unfortunately, I don't regret yet. I'm still importing all of your crazy submissions. So Hopefully later today definitely by Thursday. I can go over the distribution of Scamming people because maybe I want to share what they learned Oh Oh Very hard to find this Yeah, for sure that definitely could happen. I don't know that it did I was we were pretty careful but not endorsing any of the answers on those crazy Yeah You have some right people you send it to the email You'll only get there Using the Gmail auto-complete feature Is there a way to change that? Yes, so people are not in their bed. So maybe it wasn't a great way to verify Maybe seem like a good A general question I'm just pulling all the data down to one key ring so I can see all the signatures from everybody And then I know Did it every discover or maybe didn't discover so I can disclose some of the adversarial tricks that people used Was you could send somebody a gbg file that had multiple keys in it Some of you are shaking their heads, right? So I know this happened in the past I don't know if it happened this year where somebody created a fake CSC 365 call 19 key that had a different fingerprint and they would Append so because you could change your user ID of your adversarial key to your name and then after that was Done with moves all the signatures that you have before so now the core signature doesn't exist So what people would do is create a fake course key sign their own key with it and then ship both keys to somebody So if you weren't actually checking that this fingerprint exactly matches the one on the server Then you would get stamped into Now just the fingerprints, I don't really care about the Signatures are just for you to know what keys are valid, right? So if you change your user ID and then drop that signature everyone else Nobody else would ever sign that key because it's not signed by the server No, yes Let's see. Um, anybody use the key servers That was this was the surprising thing that didn't come up So nobody used the GBG key servers. So they're a network I think I'm in one of those docs I linked to sometimes the course finds these key servers. So people They said you can upload your public key to the key server so that other people can just download it So you don't have to email each other keys. I think the first year guys like this people Created weaponized Python scripts where it would actually work to like it was a Python script I'm a check like check that another key was valid except for the person that created that Python script it would It would work for them and so they could trick other people that way Let's see one year. They need to create a certificate authority Or have some kind of group trust system Yeah, would you get what do you do? With a big Google Doc, they're gonna just submit and then I would be added to Google Doc Scam that Google Doc They were gonna have like a two-phase commit so your key had to be verified by two different like the two leaders And then they would add you to this Google Doc, but one person figured out like trick Not their adversarial name added to the certificate authority and scam like the 20 or 30 people that was on that list Yeah, so you'll find out soon Interesting thing to learn for tricks No, no you wouldn't you couldn't it checks so this is why The way to verify This Yes similarly I use the ASU class roster for this class to verify names I Will anything else So yeah make a phishing domain that would be interesting One year with somebody trick like they're not friends permission that wasn't in the horse So they changed their adversarial user ID to be that like a person But it was actually an ASU student and everything and then with that other trick of having a fake CSC 365 fall 19 key Trick people assign it to this from a real end the person agreed to let them use their ASU account So it came from a real ASU account like it was a real person It just wasn't a person in the class Max human writing from yours here that we're good. I think the certificate authority stuff was my year Yeah All right, now we're gonna shift gears a bit. Oh, did I be finding an easy way to distinguish between the two Yeah Right, so yeah, the email was one thing to key on One year, I think people a group collected and shared Everybody's adversarial and real keys and they're able to find that there's some difference in the exact Like the like this key whatever 496 Like I think the adversarial keys were using like DSA for some reason and I couldn't fix it to make them be exactly the same for Some reason So there were weird differences between the adversarial keys and the normal keys that I know some people just said like I'm never gonna Sign anything that has this This specific type of key Cool, all right now we can all trust each other again. All right, so now on to network security. So now we've kind of got The goal here is we're we're gonna be learning and talking about different how networks actually work Specifically through the lens of how we can attack and exploit them So we're gonna get kind of a crash course on how Two different machines talk to each other on the broad internet and then specifically We're gonna be looking at all these led layers and thinking okay, what are the security implications of doing this thing? So and so it's important that we have We can cover things like Firewalls and intrusion detection systems all this kind of stuff that we'll talk about for the end What's actually understand how the systems work? You need a good solid understanding of how these protocols work because without that We're just talking kind of in the abstract and this is kind of an interesting problem, right? So you have this problem of how is your laptop that is out right now? How is that talking to let's say Google? Right, how's your dad actually get from here to there and have me have a conversation with the remote system that you It's kind of something that we take for granted, but it happens literally all the time So we'll look at the protocols that actually make this up so It kind of starts out with the IP the internet protocols suite It's a set of protocols that are used to transport data Y'all it's also called the TCP IP stacks week whatever all kinds of things Very nice. It's based on abstraction and Capsulation all of these layers kind of break down and we'll see that so for instance Do you does Google need to know that you're on a Wi-Fi network to talk to you? 4g or an LTE network Right, those are all different ways So you think I don't know if anybody see is there a Wi-Fi router in this room Yeah, you all pointed in different directions There's one of the exact same thing right over here, so I don't know where it is, but I guess maybe We're maybe Right so your information has to get somehow from your laptop to that Wi-Fi router that's somewhere in here Right and then from there needs to go from ASU's network all the way to Google's network and then it has to come all the way back so The nice thing about how this designed is Google doesn't care if you're on a Wi-Fi network or a wired network or whatever You can still talk to each other Kind of built up in these terms of layers, so there's this physical layer about how does that I get from like physically across the air medium of whatever fight 802.11 whatever Here for wireless for LTE. There's a different protocol, right? There's all these different ways of how to actually talk from one machine to the other I know exactly how all these things work. You can go look it up and find it and Then we kind of build up from there to say okay, we have a way to talk from one to the other Then how do we have these two ends of a link actually talk to each other? So how does one how does your laptop say hey? I have some data. I want to send to the Wi-Fi router and how'd your Wi-Fi router know if it's your laptop I'm not somebody else's laptop or somebody else's phone, so it needs some ways to disambiguate there All the way up to how do we then talk to Google and how does our data get there? To then all the way up to the applications that we want to actually talk about so what are the HTTP? I think we should be pretty familiar with that protocol, right? But basically all that kind of stuff was SMTP4, mail, DNS, domain name service It exists so that we don't have to remember 32 bit numbers when we're trying to access websites We want to go to Google.com, not whatever their IP address is NFS, file system, so a way to have file system. So there's all these different applications. This is a an important thing to Remember when you're discussing networking with somebody to make yourself seem like you know, you're talking about if you just call everything the web or the internet We're gonna mix these two But the web is just one application that runs on the whole IP stack There are many others. Speaking of SMTP, did anybody spoof any emails or attempt to spoof emails to scan people? Some people. So there's a couple hands, three hands, four hands The problem is getting that reply back. Yeah, so you could spoof an email to Somebody from your, from whatever email address you want, but of course getting that reply back is difficult Okay So we're gonna first start at the beginning. So we need to know how to talk to each other Right. So the other thing, the thing I really like to think about is in terms of the postal service Although maybe this is getting more and more out-of-pain. Has everyone sent and received a letter through a postal system? No, have you seen a letter? Don't they still teach you that in grades 4? No, I don't know. I don't know. Things go, where does? Okay So, how does the post office know how to get your letter from one place to another? So destination address, so what does that consist of? Postal contact code the name of the person the town, the city, the state apartment number address the specific address on the street Right, so all of this information is an attempt to uniquely identify the location of a person. Apparently, I don't know if this is still the case, but it used to be that As long as you've got the city roughly correct I mean not roughly, but correct, then the postmaster there would be the one to deliver your letter And so you could say things like the red barn that's like two streets down from the doctor or whatever And as long as the postmaster knew how to deliver that, they could actually figure out what you were talking about But can you do something like that with computers? Do we say I want to send this packet to I don't know to San Jose, California We can specify a street No, we need some way to we need some notion of We need some way to reference each other, right? And so we need to know okay if I want to send a letter you can think about at this point on the internet to another machine I need to know what that destination is of where that letter is supposed to go and this is the concept of the IP address so Hosts have one or more IP addresses usually on their network interface. So network interface is if you have a Desktop wired machine where you connect your ethernet. It's your Wi-Fi card on your laptop All that fun stuff. So one of the fundamental things of an IP address is it's 32 bits Do we usually write out so we know we can interpret 32 bits as What's that hexadecimal number? Do we think about hexadecimal numbers as upper IP addresses as hexadecimal numbers? Do we think about that as just integers? Like base 10 integers? Yes, I'm sorry Yeah, base 10. So you say I want to talk to 2964 Well, there's periods to 192 point. Yeah, there's a different way of interpreting them. So but actually so this is an interesting point a lot of Systems you can actually reference an IP address just by the number So if you have a firewall or a system that's blocking you from accessing a local host like 127001 You may be able to get through by putting the Inger value of the number So this what we call Goddard decimal notation should be very similar to how you're used to Thinking about IP addresses and maybe you've seen this before what does this represent? So I said it's the same thing So what does this represent? Yeah, so every byte so the so so it's 32 bits, right? So 32 bits we have eight the first eight bits The second eight bits Third and the fourth so what's the range of each of these and so we'll put a dot in between them Yeah, so we have their eight bits so zero to 255 for each of these Cool, so this is a nice way to Think about Where and so this gives us how many different IP addresses Two to the 32 how much is that? 4 billion seems like a lot right? Yeah 4 billion. It's a big number It seems like a big number it is a big number 4 billion is a lot If I was gonna give you 4 billion dollars if you say no, that's not enough money It's a small Lot of dollars. I would like to have that please I don't have four billion dollars to give you sorry So the question though is that how to essentially portion up these 32 bits to all the different entities that want them so It used to be you had kind of and It used to be I think different classes of IP addresses so one organization would get a chunk of IP address space and Where this is done is we got to talk about Okay, so Key thing about the IP address is kind of like kind of like in the In the example of a letter right? We had a postal code and a city which told Roughly, how do I get my packet to where it needs to go? Or how do I get my letter to where it needs to go and then the other information specified specifically within that region of How do I deliver that so similar things about the internet one of the very important concepts? So what is an internet mean? How's that different than an intranet? Don't mean what does it mean? Yeah, so you guys should think of it in both ways right so it kind of encompasses both so the intranet so inside in Tra I believe so a network of computers that's all controlled by one entity or organization and then so let's say we have ASU very nicely here as one Network that is controlled right as you can decide exactly how information goes and travels inside but now when ASU wants to send data to Google which has its own internet, right? We need protocols of how that's going to happen because there may be other places along the way like Where our service provider is? So basically what we need is in some sense some notion of how do I get from this? I he addressed how do I know? Where this should go or what? Let's say another way to phrase this is what part of this is the postal code and what part is? specific to that that destination So it used to be you had fixed sizes so so you'd say okay the first So you'd say the first was a class a I think it's 11 bits or something So the first 11 bits specifies Organization so anybody that had the same 11 bits goes to Google.com and then they figure out what the rest of the bits mean internally Okay It turns out that's a very inefficient way to distribute ID addresses because you're giving some people huge ranges and other people very small ranges so there was this idea of classic what cider classless inter domain Routing which allows you to specify this boundary between and we'll get into this more of it To specify the network ID and the host ID so where this boundary is So if you've seen an IP address of the form or to come up with numbers, let's say one two eight One two five zero ten so a slash Slash sixteen would mean that the cutoff is here In between the second and third octet so the first 16 fights determine the network that it goes to and the last 16 determine the host and similarly so Zero dot ten a slash 24 Wouldn't say that the network host is the first 24 bits and then the exact post is the last bits and So we've actually I think technically run out of IPv4 addresses We'll talk about why that's not a huge issue or whites Okay, so it's how to read IP addresses we'll get into exactly how cider is used and how this net This split between the net ID and the host ID is actually used to deliver packets So we're going to start out kind of actually in the middle of the diagram So we're going to start out with the internet protocol so at the IP level So essentially it's you can take it as the glue of the internet. It really is the way in which data moves throughout the network one of the really cool things about the internet is It doesn't really matter how a specific organization so as you could decide hey, we don't want to use IP internally We're gonna use something completely different But to get packets where they need to go as long as they can talk IP to other networks your packets can go where they need to go Very important to understand the different capabilities that each of these networking protocols provide each of these layers IP is Unreliable best-effort Daggering military service. So what this means is that? You say hey, I want to send an IP packet to this other machine You know what that other machine's IP address is through another mechanism The network will do what it can but it means that your packet It's not It's not guaranteed to get there It's not guaranteed that what gets there is exactly what you sense integrity It's not getting the order which means that if you send packet a and then packet B The other side may receive it B then a there's no guarantee in what order they receive things Bandwidth isn't guaranteed. So you're not guaranteed a certain chunk of data But very cool. It allows you to change data between any two nodes So as long as they have IP addresses Like they both have IP address then you can exchange data between any two most on the internet So this is why it's such a key core principle. So why? So let's look at this first. So Do we is that a good thing? So I talked about Connectionless unreliable best effort Is that good? You'd like the internet to be reliable Right, so you'd like it to be the fact that when you send something something actually gets there Right. Have you ever sent somebody like a text message that they didn't receive? Think about I mean your human Communicating imagine trying to make computers talking to each other when package just magically disappear Yeah, so you're gonna have to do something like you We'll see later exactly how these mechanisms work But you have to do extra work in order to make sure hey, did you get my message, right? So you need to make sure there has to be more communication overhead The other thing to think about is look at where in the stack the IP layer is right? So you have the internet protocol layer which allows us to send data between any two posts on the internet Right. We're talking about what data we're trying to send or any specific applications So you want something that's kind of at this layer to be essentially support almost all protocols Right or any possible protocol that you think they have So is there protocols where or is there an application where you actually don't care if you lose data or lose a packet? Yeah, so skype in video calls Like you said so many packets Right so an audio call or you can think of like an audio call right if you drop a packet That's maybe a quarter of a second of audio Do you want to delay the other person's communications until you find that data and then keep talking right? Then you'd have huge latencies whenever there was a drop packet. Yeah another one like an online game How so because The same reason there's so much being said if you had a guarantee to slow it down and so to be quick Yeah, so an online game branch You have a bunch of clients connecting to a central server and the server is storing the state of the game and pushing out The state of the game to every client so if one of the packets was lost Who cares you're gonna get another update in you know another second or whatever which will update your game state Right? So yeah, so it's interesting to think about like that looking at this this seems insane like why do we want a protocol that Unreliable is best effort has no integrity. So why no integrity? Sure, so okay, so that like a post office you send it out and Whatever Some letters are gone from your message A whole bunch of different networks Yeah, so this is all the reasons why it's not but is this what you want But why do they do it like this? So one of the important things to learn is to look at a system and this happens a lot Even in your professional career you're gonna come to some application that was written over the last five to ten years And you're gonna read the code you've got why in the world are they doing this way This is the dumbest possible way to do this thing and then after you talk to people you realize What crazy constraints they were under that you don't understand which is why the book looks the way it does So one of the things to always ask yourself is like well, why aren't they doing this here? Like why isn't integrity important? Yeah, so one of the ways is again this Creating a broad protocol, right that you're not enforcing anything that upper level protocols can do if they want Yeah, but the the shipping packets being set around the world to guarantee integrity for everything the master of overhead So this is another thing to think about is what was the context what year was it when they were creating these I believe late 70s or the 80s But so you think about the integrity there doing like what we talked about so you can actually send with every message or Okay, that's a good question. So if you assume, okay We'll use some kind of hash function, but you look at the hash function back then Adding that to every single message that was being sent could actually be significant CPU overhead Plus you have this problem of What's your actual threat model? So integrity kind of of what are from who so so let's say Every packet you have been a hash of the message that you send in Does that guarantee integrity? Not just corrupted, but if you're going to guarantee me integrity that means that Eve who's listening to the packets and can modify and change those packets that they're going across To change the message calculate their own hash of the message put it there and send it across, right? So we need not only integrity, but we need who generated that IP address, right? So then we have the problem of public private keys and you kind of get into all of this craziness If you want to guarantee some sort of integrity Cool, okay, let's Look at the an actual IP packet. So this is from one of the other things I try to urge people is don't be afraid to look into standards So this is RFC 791 an RFC is a request for comments the Internet Engineering Task Force puts out the people write up these and submit them as kind of standards different kinds of standards So if you want to learn what is everything I need to know about the IP protocol You can go to read this document and it will you will be an Moderate expert at IP by the time you're done Okay, so how do we read this diagram? Left to right to bits. Yeah, so this is data that's being sent right So why don't we just send the data? Why isn't this just like here's the data to send? We need stuff right just like a letter you can't just write a letter and just throw it into a mailbox I expect somebody to magically know where it's supposed to go So if we think of it from that perspective, what stuff do we need? So this is the other thing before we even look at it. We should think what has to be on here What are we looking for? So the destination I need to rest right who are we trying to talk to? Make sense. Just like a letter. We need the destination address on there. What else the actual content the content content has to be somewhere What else who sent it? Is that strictly necessary? Only if you want something back, but oftentimes why are we sending a message if we don't expect something in return, right? So just like on an actual Letter as well or if it's technically an envelope whatever you put the senders All the sender's information so that you can get a response back, right? So we would assume that we have the content the destination IP address the source IP address The other thing to think about it is how big can the content be? Yeah, okay. So yeah, it could be we don't want to specify that every message has to be a thousand bytes Or whatever right so we probably also need to what's the size of the message because somebody needs to be able to read How much are you trying to send? So we can see that okay cool All right, so the first four bits are going to be the version number Why is that important so we spent a little bit of time thinking through these things or like why is The first four bits that are sent the version number. Yes, it tells you how to parse the rest of it Right, and then I do the fourth IPv6. There's actually a very good design principle for a lot of things so this Good like a rest API that you're talking to might have the version number in it so that in the URL so that you can know What version you're talking to? Specifically here if it's IPv6 or IPv4 that defines how you're going to parse the entire rest of the packet Right and how you interpret those bytes because it may depend on which one So that's why this has to be a sense of the first four bytes or first four bits that you receive sorry Okay, then some other stuff We finally get to the total length of the packet so this tells us the entire length of everything I believe including the content and the head and the packet We have something we didn't talk about We have an identifier we'll get I don't know if we'll get into exactly how this works some flags So we can set different flags to mean different kinds of things, but it's an interesting one. So The basic idea is okay, let's say we so should we assume that them can we Can we assume that the networks are perfect? Why not yeah for many reasons right you can say humans are developing it you can say Fundamentally on the internet our dad is being sent to some other machines that we don't control Right, so I said okay. I want to send a packet. I want to send a letter to Google.com or whatever Google.com's IP addresses, right? So I send it out and then How do I know that it's So one of the cases I could happen is you get into a weird networking loop where one system gives us a next one And now we need to do a third system which is a back to the first one Which is the second one on the third one and then you have just this message that continually exists in the system as being passed around forever Right. This is actually things that can happen. It's very easy to mess up systems So they do this so there's a built-in mechanism to not have that happen We're essentially this time of day value starts at some certain value and then every step of the way it gets Decorative and when it's zero gets dropped on the floor, so this prevents kind of infinite routing loops that can happen Interesting bit here is the protocol. So this is information in the IP address header that specifies what the higher-level protocol is Which is one of these weird breaking of abstraction layers and then interesting enough there's actually a So we said it doesn't guarantee integrity and yet inside this header there's a checksum Which is used to see if Would you use to validate the rest of it? We'll go back to that in a second source IP address So double-check does this make sense in this diagram? How big is IP address? 32 bits we have exactly 32 bits here for the source IP the destination IP any Optional heading optional headers padding and then finding the data So one thing to ask is why is this header checks up? It's a crappy fast Output I would say it's definitely not a cryptographic hash function but it can detect if Let's say a bit was flipped somewhere along the way And so you could at least see if there's any kind of those transmission errors Yeah question. Um, yeah, so each row of this What is what is each one a packet or is a whole thing a packet the entire thing is a packet Okay, all the way it starts at an end the way to think about this is just a string of bits Right, so it's way more than 32 bits the back. Yes, we're just splitting up the 32 bits for ease of viewing So you get all these bits and it just keeps coming and then The other side has to then parse those bits back into what they mean CRC Yeah, it's very bad at I think if you flip a bit and then flip another bit the other way then the tracks on will be the same It's like it's very prone easily from the problem But it's at least good enough to know that like hey a bit flip Maybe I should drop this packet, but there's nothing to guarantee that don't mess with the package now important thing to Understand from here when I go through this log in is so Again remember this is just some data that's being sent from one side to the other so when So a is there anything in here about encrypting the data that we're sending No No, this is essentially the way it actually is probably the best analogy to think about Packets sent through the network is in terms of postcard So it's different things like a postcard in a letter in an envelope An envelope technically is sealed right and you can even do I mean you can put a wax seal on it to see if anybody's broken It or open it or whatever right where as an envelope or sorry a postcard Right everybody can read the contents every postal worker that touches back and read the contents of that note Right, so very similarly here the data can all be read We'll go back to this Okay So the question is So we have So be a switch we'll get to in a second So we have us we are here We have Google so we want to send a packet to Google or sorry. I need another person somebody say name Sarah Okay, so we want to so Sarah has an IP address Google has an IP address. I don't like this us IP addresses. So I'm going to send a message to Sarah So just on this diagram, right? What's the difference between Sarah and Google? so we think about those Switches or something that's going to take our packet from one place to the other we'll get exactly how this works We see that we need to essentially transfer go across two of them to get to Google But Sarah is on the same network essentially that we're on the question is how do you know that so? I'm going to draw a dashed beautiful dashed line around our network So us and Sarah we're on the same network. How do we actually know that? Yeah, so let's look at something we'll call Sarah ten zero zero three will be ten zero Two and Google will be Alright, so when we configure our network right for us We're Ten zero zero two, but that's not the only piece of information. I need to know to be able to send packets Right. I need to know What is our local network versus everyone else? Right. I need to know this dotted line distinction. I need to know is Google on the same network is us or not And how I do that is through Basically what we talked about before the net ID post ID Otherwise the thing about this. Let's oh no, I'll go to the server. Oh, sorry. This is really small So if we look at this So on the website Ethan at zero so this is the ethernet adapter its IP address is one seven two thirty one dot six dot two fifty So that's IP address now. We need to know How I determine local versus remote so it comes down to that cider thing we talked about so here The there are many different ways to look at this one is this net mask. So this is Says okay, so this is my IP address One seven two thirty one dot six dot two five zero and my net mask is two five five Zero So what's two five five and binary All once yeah, so we can see Okay, so it's all one so this is one one one one eight ones here same here eight ones two forty is One one one so all that's the first four bits One two three four and then zero zero zero one two three four five six seven eight Okay So essentially it says everything that's a one is what we use to determine the local host so something so What we do is take any IP address and it with this value It matches at all once then we know exactly where to send it. So this would be a Slash was this this is a 16 and four slash 20 So as a slash 20 network, so this means use the first 20 bits in order to determine if an IP address is in your local or your remote IP so Then with this information then here we can tell okay is Eight eight eight eight eight eight is it local for this? Yeah, none of the bits match right? I mean starting from the beginning so no What about one seven two dot thirty one dot? one three seven dot Twenty is this local Slash 20 so this is what we're going with here. What is what is the binary one three seven take? One three seven is one zero zero zero one zero zero one So the way we can think of this do the first two octets match Yes, so the first sixteen bits match then here. This is we expand this out. It's one zero zero zero One zero zero one you say do these match? Does this match this? Just six. Yes. No No, so this is not a local address, okay Ten dot twenty Yes, let's see. We'll do ten here We see that the first four bits are all zero, which is the same as the original one. So yes, it is local, right? So let's say that my IP address here is a Slash 24 which means my net host boundary is here in between all those octets So it's making it easier since we're not splitting in the middle of an octet so is with this information now, so my IP address my net mass that defines my local network is ten zero zero two slash twenty four So is Sarah in my local network? Is Google in my local network? No Since the only piece of information I need is my IP address and my network Then I can decide if something's in my local network or not Now if Sarah is in my local network, then I can send the packet using Direct delivery through the physical network. So let's look at this And so essentially And this is kind of building up So we had when we looked at before our IP address header some IP data That's gonna be encapsulated into a link layer into some frame header and frame data Which is usually ethernet in most cases. I think almost all so This means we can deliver it to directly essentially so we know somebody's on our local network It means that we can speak a link layer protocol and talk to them directly and send it to them Which means that here the other way There's another way to look at the subnetwork. So one eleven ten twenty. So this means that that's is our net our subnet So we can see that we have one machine So this will be the physical the link layer address or the MAC address which we'll see in a second and We need to send we want to send a packet from 121 2.14 and so we need to Create this packet, but we need to know how to create this packet. So And that gets into then ethernet. So Ethernet is a much simpler format So first we need to know cool. So ethernet is at the link layer. So let's go back to the link layer So we can see here from our stack We have IP so we need to send that IP packet on our local network using the link layer, which is ethernet We'll go here This uses a 48 bits for addresses. So if you've seen this kind of everybody's seen a MAC address before it has this kind of Cold and separated values like each of these is 0 to 255 represented as hex So we have destination addresses. So 48 bits source addresses 48 bits Then we'll have this specific type of message and data can be between 1500 bytes and a minimum of 46 bytes and then we have Again a CRC checks. Let's look into this really quickly So this is actually a much simpler file format because there's not much We don't have to have all this metadata about who we're sending it to and all these options We just have the destination MAC address we're trying to send to the source MAC address specifically what type of message of ethernet message we're sending and Then the data and then followed by a CRC 32 So in case the data is an IP diagram Which is the case we're interested in right now the type would be set to that and the data would be the IP diagram There are various types of messages here, which we'll get into in one second But we've hit a roadblock a bit of a roadblock here So I lied a bit or maybe I lied I said before that we're 111.10.21.21 and we want to send a message to 111.10.20.14 So we have our source IP address We know their destination IP address and we know the data we want to send But what else what don't we know yeah, we don't know any of these numbers like or we know ours, right? We can know our MAC address, but we don't know what their physical link layer addresses, right and so We need some way of mapping. Hey, we're trying to talk to IP address on 111.10.20.14. What's their MAC address? So you have this interesting mix where these layers have to blend where you want to know What MAC address has this specific IP address so that you can talk to them and That is a great And this part of the application So we need some way to talk it's added different layer So the link layer here is the ethernet layer, so we're essentially operating at the internet layer We know the IP address we want to talk to we don't know their MAC address Necessarily and so we need to figure that out based on their IP address Possibly but you can configure you can have multiple IP addresses on one name on one MAC address So you could it's not directly a one-to-one mapping Well going back the other way is a huge pain if you ever have it on your network where multiple machines have the same IP address with different MAC addresses But this allows you more flexibility because think so you have a network of a thousand machines, right? So they all have different IP addresses Maybe you hard-code that somebody gets a new machine with a new MAC address because that MAC address is tied to that physical card Now you have to update all 999 machines, but what's this new MAC address for this IP address? When the network has this flexible protocol to MAC it has a way to ask hey, who has the MAC address for this IP address? MAC address is 100% changeable, so you can theoretically if you're on some system like a Wi-Fi network that restricted you limited amount of access time to that network If you don't log in with the username password the only thing that it has to identify you is your MAC address So by changing your MAC address you can make it think that you're different devices every time you talk to it similar things could work if you bought internet let's say on your iPhone and That is tied to your MAC address If you turn off your iPhone and change the MAC address of your laptop to be your phone's MAC address The router would have no way of knowing that it's a new device Mostly no way of them Yeah, and actually I think I want to say iPhone either has an option to Randomize your MAC address when you're talking to public Wi-Fi hotspots because that's also a way you can get tracked by your MAC address When you talk to different Wi-Fi hotspots So yes, fundamentally, there's nothing stopping you from changing it The network needs a way to keep up and to catch up that you now change your MAC address cool, so we need a Protocol to translate between the two and it seems kind of crazy But we're going to essentially use ethernet to do this translation And this actually is one of the really cool key ways of how you can impersonate another machine on the network through through manipulating our The address So the key idea essentially you can think of it as a protocol where you blast out a message to everyone saying hey Who has this what's the MAC address associated with this IP address? That message goes to everyone and then the person who has that MAC address or that IP address responds So essentially let's say we have some network. We have those A and those B And this is actually something you can look at you can inspect your ARP cache on your local machine. So ARP-A is a way to show all of the The mapping between IP addresses and MAC addresses in your network. You can run this on your machine So host A wants to ping host B So it means so essentially it has some data that it wants to send to 192.168.1.10 As you know that this is on the local network Yeah, looks at the subnet mask figures out the network ID. There's the host ID says yes, this is Now host A will send a Host A will send a broadcast ethernet. So this is Output of TCP number of this. So we can see on the left here. This is the source MAC address and It's going out to and again So you need some kind of essentially Value that says hey this message is for everyone Everyone on this network. So that's what the all F's is So I don't know who the specific MAC address that should receive this right because I'm trying to ask everyone on the network Hey, who has 192.168.1.10? So if broadcast is it out to everyone who has 192.168.1.10 Every machine on this network will get this packet only the machine that has that IP address will respond back and Will now so the request goes to everyone Now host B will respond with a reply That will say Now at this point it has everything that it needs. It has it knows the destination MAC address Because of the original request packet, so it does exactly who to send it to and It says Our reply hey 192.168.1.10 is at 13 or 013 1d 98 b8 So this goes to host A, host A receives this and then updates its R table And of course because you don't want to do this for every time that you said this is cashed locally So you can see on the whole post B So now both post B and post A will have this mapping between IP address and MAC address Change which information what do you want to change? I mean you can make the other computers all tell a different computer You yes So this is we'll talk about kind of trust issues here when we talk about spoofing and hijacking these kinds of communications. So yeah, fundamentally There's nothing So a if you look there's nothing that links those two requests and responds together, right? There's nothing that says that host B actually has that IP address except for the fact that they respond to this request so host C could have responded and said yeah, I'm over here and Host B may never like so those you can play games like that Yeah, there's fundamentally nothing stopping you from doing that This happens all the time on your networks every time you connect the system. Yeah So I get like I get the mapping from IP to MAC address But how come like I should understand why we need it because only Open in a network all you need is IP address correct, and if an IP address uniquely identifies a host Can't you just use that instead of having to ask for a MAC address? You well you need some essentially need some way of getting data from one host to another Right, so that is at a high level that's IP, right? I love idea how you get data from one IP address to another with the actual mechanisms of how Data moves from one post to the other on a single local network It's not clear. So that's what the ethernet has to do. So you need something to do that right and the idea was they decoupled IP addresses from link addresses in some sense, so But you need to be able to kind of stitch them back, and that's why you need this protocol to translate between them And then once you have this so once you have the ARP Once you have all the ARP information, then you can easily just send the packet that you wanted to send So this was this last file IP packet that was sent from 192.168.1.10 to 192.168.1.100 So once we have that information, we have everything we need to send it, and then everything just happens So it's all on a local network when we have direct delivery We'll look at attacks on this and then we'll look at what happens when we need to pass data across multiple hops on Thursday