 We've seen net stat gives us some statistics if we use the minus s option The net stat the networks data showing statistics What are the two transport protocols which are common? Everyone should remember the two common transport protocols and you'll see here TCP and UDP TCP is very common most of the applications. We're using in this lab use TCP When we secure a shell into another computer access a website you send emails TCP before we send data we set up connections So here the stats say there are seven active connection openings 72 passive Active is usually when we initiate the connection open passive when someone connects to us Your stats will be different from mine on your computer So TCP we set up a connection transfer data and then close the connection So one thing we commonly want to look at is what connections do we currently have open? Who's currently connected to us? And in fact net stat can show that if you run the command And I'll do it here so I can zoom in a bit better And on computer 10 net stat Minus T shows us the TCP connections And I'm going to use again the minus end because I want the no nicknames I want the raw addresses the minus T option show me the TCP connections the current ones and Here in this case. I'm on computer 10 here. It shows me there is one connection So net stat minus T show me the current TCP or the active internet connections and The two or three columns of interest of the local address foreign address and state The protocols TCP because I set the minus T option Local address know that it has two addresses There's an IP address That's me 10 10 16 2 1 0 because I'm actually logged into computer 10 now and a port number port 22 and The foreign address is another computer 10 10 16 2 1 and a port number as well So the addresses contain both IP address and port number and the state says that this connection is currently established We're connected right now The state may change normally what happens when you finished communicating You the state the connection closes, but it actually stays Temporarily open for a couple of minutes. So it then it fully closes. You'll see some other states like time wait here if I Connect to another computer I'm currently on computer 10 How do I connect to another computer? What's W get do? everyone remember Get a web page And every computer in this lab runs a web server so I can get the web page of computer 2 2 1 W get just downloads the web page from computer 21. I'm going to visit their website Save the file to index.html in this case. So I don't want to show you the page I just want to download it W get does that and now if we look at net stat I've got the original connection between Computer 10 and computer 1 and there was another connection from computer 10 to computer 21 because W get Uses HTTP to access a website and HTTP uses TCP as the transport protocol So this shows me I recently Computer 10 using port 5 3 4 6 3 Contacted computer 21 on port 80 the state is time wait The connection is not established this normally means that we've We established the connection we transferred some data we closed the connection and then we're just waiting it for it to fully close We wait a couple of minutes before So in just in case there's some extra communications. So time wait means we're waiting for it to close After I think a couple of minutes or not so long it disappears So you see the connection from my computer to computer 21 is no longer there It's fully closed now So net stat minus T gives us some information about our current connections TCP connections We can often estimate or guess who What application is being used? by the port numbers port 22 What server uses port 22? Easy one. What server uses port 80? HTTP or a web server. So HTTP uses port 80 so that this line tells me I connected to a web server the 5 3 4 6 3 port is is Allocated by the operating system to my browser W get but port 80 is usually fixed and used by a web server. So when I see this I know I recently contacted a web server Here, what's this? data I'm still connected to port 22. What do you think port 22 is? SSH remember I secured shell into another computer There's a secure shell server web server uses port 80 secure shell uses port 22 Good ones to remember If you can't remember them There's a file on your computer that reminds you. It's in the ETC directory. It's called services Have a look in the file. It's just a text file that lists the port numbers and the server names or the services Have a look in slash ETC services So when there's a quiz question, what what is the port number for? FTP or for SMTP you'll look up this file and see the answer We see SSH is port 22 HTTP port 80 and Some others you may recognize over time 443 is down here somewhere HTTPS when we connect to a secure web server different port numbers used While we're looking at text files. Let's look at one other slash ETC slash protocols What's the protocol number for TCP? What is the protocol number for UDP and others? Look in the file and it will remind you the protocol number a List in the protocols file IP is zero ICMP is one TCP is six UDP is 17 The common ones will see Transport protocols are given numbers But there are many others here as well Those files are typically on Linux operating systems in that location so that software can look them up So what you should do is contact some other computers either secure shell into them access their websites and then Look at net stat minus T to see the the connections net stat minus T What if I? access the ICT server Using my web browser links Because I'm logged into computer 10. I don't have a graphical interface So I'm sitting at my computer, but I'm actually secure shell into computer 10. I can't open Firefox Not without other settings. So I'll use my text-based web browser links access ICT and it takes me to the ICT server We visit Moodle Do I want to accept cookies? Yes, let's allow that and now I'm on the Moodle website now. Let's quit Yes, I'm sure and look at our connections my connection Disappeared there in that case links close the connection immediately after I ended so not a good example Even better. Let's try this one Use W get that's better Try it again links close the connection and deleted the connection states straight away So that wasn't a good example, but W get download the ICT web page look at net stat and I see in there because I just did it twice. There were two connections to the ICT server I know that the ICT server has a special IP address or a local IP address of 10 dot 10 dot 6 dot 11 It's just upstairs on the third floor the server So these were my two connections to the ICT server if I connect again Then there's another connection and they're in the time wait state because the connections been closed But it's waiting for a couple of minutes for it to to fully close Whereas with links it fully closed it straight away, so I didn't see it So cannot contact some different servers and see the output with net stat