 All right, we're recording locally. Zoom is also recording for us. Let's see, how many people do we have in here? 117 people so far, nice. How many people are in the class total? 365, I think 360, 370. We'll try to get started in a minute. Let me see about how many people would I estimate with a physical class, I have no idea. It's actually really difficult to count in that room just because it's such a big room. We definitely had, I think, 360 people there for the midterm last two Thursdays ago. So if you were there for that, cool. Can everybody see my screen? Yes? Okay, cool, thanks. I'm monitoring the chat. I have it on a separate window here, so I'll try to be monitoring that. If you want to keep your video on, that's nice so I can, I don't know. It's nice to not just talk to the screen to have at least some people to look at on the right, but feel free to do whatever works best for you. Cool, well, thanks for joining us, everyone. We have now 150 people who've joined us. I think this is the, let's see, most people I've done in an online class before, so we'll see how this goes. Okay, so you should, everyone should be able to see my screen, hear me, see me, that should be good. I can see some of you, that's also good. Yeah, so I think I did set that option to mute people when they joined, but I'm not 100% certain if that actually worked. And I can also click mute buttons on people as I talk, but it's a little difficult to do that, so yeah, cool. Okay, let's see how this goes. So yeah, so we're, you know, after spring break, it's not exactly where we thought we'd be after the midterm, but here we are. And Brave New World, we will work our way through it. So yeah, we can talk about some ground rules. So I'm looking at the chat on the left. So if you have questions, feel free to type them in the chat. And yeah, we'll try to go from there. If you have good tips, feel free. If you, you know, the tricky thing for me about this is as you know, this is a very kind of interactive class. So I want there to be interactions and we'll, you know, we'll try to do as much as we can of interacting and talking. So, you know, if you have a question, feel free to unmute yourself, interrupt me, ask a question. I'll try to be good about giving people time to talk so we can actually discuss things. Yeah, so hopefully that goes well. Hopefully everyone has also their kind of, if you can set your name on your Zoom, that would be nice too. So that not just I know who you are, but other people know who you are when you're asking questions. I think that would be really good. Cool. And yeah, so, okay, first thing. We have, we're currently grading the midterm. So I know you probably don't want to think about this at this moment, but we're currently in the process of that. We didn't do a lot over spring break because as you know, TAs also have spring break as well. So they were doing that, but we're currently in the process of getting the midterm. We'll, yeah, I'm not too experienced on the raise hands functions. Can somebody try raising their hand so I can see what that does? Oh yeah, cool. Okay, yes, that's awesome. So thank you for that. Okay, cool. Then that actually is really nice. It shows up. It's kind of in my peripheral, but I will definitely be looking at that. So if you do have something, feel free, raise your hand and I'll check you out there. That's awesome. Oh, the, where is the raise hand function? Can somebody on participants? Yeah, so if you click on the participants, you can even pop that window out. Oh, it pops up a popup window for me. That's nice. Okay, cool. And yeah, then you pop up on the participants list so that I can see you there. And then I can, I also get a notification. Cool. Just like, it's just like being in class. Okay, cool. So first thing, the fund doesn't stop. You know, we're gonna get right back where we were planning on going. And so our first assignment is going to be a new assignment called the web of trust. This is always assignment that is a lot of fun, at least I think, and it really kind of, the goal of this assignment is to get you used to thinking about how we do trust in public key cryptography. So in public key crypto, we have public keys and private keys and we talked about, we talked about that various ways of signing keys in order to verify that you trust somebody else. And so essentially we're gonna do that. We're gonna build a web of trust in this class. So basically the high level idea is you're gonna be learning about public key crypto and actually using tools, not just kind of conceptually thinking about how public key crypto works. Yeah, somebody have a question, Oscar or Mohamed? Okay, I will lower your hands. That's a weird thing I can do. Okay, cool. So what you'll be doing is you're going to be kind of working through and trying to answer and deal with this problem of verifying identities. How do you verify actually identities? So essentially what you're gonna be doing, your goal is you'll be creating a GPG public and private key pair. So you'll be creating your own public private keys. You will then register your public key with the submission server and we'll talk about that in a second. And then are with the, this should say grade scope. And then you'll get your key signed by 30 of your fellow students in the class. No, you don't need to meet in person for a key signing party and that's gonna be what's the fun thing you're going to learn about and deal with. So yeah, cool. And the key thing about this class and about this assignment is you're gonna avoid signing any fake keys. So you'll need to figure out and try to learn and understand how do you verify each other's identities. And let's wait till the end of this so everyone understands the assignment and then we can talk about what's kind of in scope and out of scope. Because yeah, there's a lot of different ways you could do this and we're very open to any kind of thing. Let's talk kind of high level. What is this going to look like? So essentially, you student in the class. Okay, so we need to first understand what is in scope. So we have, there is a course. Oh wow, this is really slow. That's interesting. Wow. Okay, huh. Okay, I must be all the sharing and the windings. All right, cool. So we'll start very simple. There is a course key. So this is the course key. It's on the course website. I don't think it's the bandwidth. I think it's the, it's probably because Zoom is recording and I have my own recording going because I don't really trust Zoom. But yeah, something's happening and that's not working as well as I thought. But anyways, so we have this course key. It's CSE 365 spring 20. It's the course public key. And the way to think about it is any key that signed by this key is a valid key in this course. And so any key that has been signed by this you know is a valid key in this course. So part of what you'll need to do, download this key, verify the fingerprint, verify it matches, import it into your local GPG key ring. And the goal is what you're gonna do is generate a, so let's see if I can try drawing again. Let's go. So you will generate, man, okay. You will generate a GPG public key with your name and it has to be, yeah, I may use text instead of drawing but I'm not sure how well that will work, but let's see. So let's see if I can get out of my way. Cool, so you will generate a GPG public key and part of your GPG key has your name on it and this will be your actual name. So as part of your GPG public key, it would actually have your real name. And so what you will do is you will then upload that to the, upload that through grade scope to the submission system where it will, you will get a version that is signed by the course key. So it will verify that this key is actually your GPG key. So it will be GPG, okay. So you'll get a GPG public key that's signed by the course key and this, you will import that and this is how you prove to everyone else that this key is valid. So only keys that have the signature of the course key are actually valid. Anything else is not valid. And so I wonder if this works better. It's still a little slow but a little bit better. I may switch to this. Okay, so now once you have your public key, the course submission, the grade scope will also generate you an adversarial key. So this is, so this is, it will generate the GPG adversarial key that has the exact same email that's in your GPG public key that you uploaded but with a fake name. So this is a name that is not your name. It's randomly generated and everyone will be given basically these two items. So you upload your public key, you get it signed by the course key and then so you get your real public key signed by the course key and you'll get a adversarial key that is a fake name that you also have. So then the goal in the assignment is you need to get 30 signatures on your key. So you need to sign 30 people's keys and you need to get 30 signatures on your keys. You have 365 people in this class. I think this is definitely easily doable and everyone should be remotely available so you don't even have to meet in person. So this is the first part that we went over is generated GPG key. The really important thing is because only keys that are signed, so every, to ensure that every person has only one real public key and one adversarial key, this means that we won't sign multiple keys. And so this means that if you lose your key it's entirely up to you. So I cannot stress this enough. I've tried to put this in many times. Do not lose your key pair. Please back it up. Have that be the very first thing you do because if you can't do that then you can't do the assignment and you ruin it basically for everyone. Okay, so generate a key pair, upload your public key, have it. And so that's the first two steps and then you have your public key and your adversarial key. Now, once you've done that now you need to get the key signed by at least 30 of your fellow students. And this is roughly half of, a little bit less than half of your grade, roughly 45% on this assignment. So there's a lot of resources out there and one of the keys of this assignment is I want you to be looking for resources and feel free to share resources on piazza of good things, good guides and sign other people's keys. But the key thing is you need to, you want to only sign, you want to only sign their public keys and you don't want to sign any adversarial keys because remember this is again the whole idea of this assignment is we're trying to get you to develop a web of trust and verify identity. So remember their GBG public key that will be signed by the course key and will be their actual real name that ASU has. If so, so the whole idea is most of your grade is based on signing. So sign other people's keys, have your key signed 30 times and that's going to be the bulk of the assignment. And of course the whole reason this whole thing works and how the web of trust works is if you're actually, well, so everyone just posted, yeah, let's think about that. I want you to think about this assignment. So the whole reason why this thing works is if you don't sign invalid keys, right? If you're just out there signing any key that anybody sends you, you're not really verifying identity because remember a signature says that you verified this person's identity. So the key is don't sign any adversarial keys. And so this is worth 10% of your grade total on this assignment is to not sign any. So if you don't, so the grading is pretty simple. If you don't sign any invalid keys or any adversarial keys, you will receive 10 points. But the more adversarial keys you sign, the more negative points those will be worth. And on the flip side, you can get extra credit by tricking people to signing your adversarial key because remember the assignment doesn't work if nobody is pretending to be an adversary because you just signed everything. So this is why trust becomes very important. Now the entire point is I don't really, I can't tell you the exact points yet because it depends on what happens because exactly as some people are talking about in the chat is if let's say, extra credit was worth two points and signing an adversarial key was worth negative one points. Well, you would all sign each other's adversarial keys which is what somebody is saying, right? So I get all the results at the end and I balance it so that it makes sense. But I can guarantee you if you, and this happened last semester, so if you sign one adversarial key, you're not gonna lose all 10% of this assignment. So don't freak out about it, but learn from that experience and go forward. So yeah, the amount of extra credit and the exact amount of negative will be determined kind of at the end of the assignment. What's the max credit I've given out for this assignment? Off hand, I don't know, but I think somebody got, I wanna say like what you'll find is some people are like really, really good at scamming people. So yeah, it was like, I don't think they got 37 points, but they definitely scammed 37 people which was more than 15% of the class or something like that. Yeah, so it's a fun assignment because not so, but the other way to think about it is, so that was somebody who's really good at scamming. The other way that works is it's not like one person was the victim over and over. I think they just were able to scam a lot of different kind of people. Cool, and then at the very end, as we'll talk about here, so you submit your public key with all your signatures. This is done by default when you export your key and you can optionally, if you chose to do adversarial, you can upload your adversarial key and a readme file that contains your name, ASUID and thoughts on the usability of GPG and key signing and how you tricked people to sign your adversarial key if you did. And so again, you won't actually, I'll need to change this, it's all through a grade scope. So the only way I can grade this is once everybody is in because all the signatures are on there, so you won't, this isn't an assignment, well, you'll be automatically graded right away, but you will, you'll at least know how many signatures we see on your key. So try to do a little bit more, so okay, now questions. So I think some of the questions, okay, so let's lay some ground rules. Okay, so when you sign, how do you tell if it's fake or valid? So the key difference is the valid key has that person's real name and this is the thing, so GPG public, so this real name is also here that's signed by the key. So this actually has, so like for me, the submission server will only sign a key that has the name Adam DuPay. So I've taken everyone's name from my ASU and done that on there. So you don't necessarily have to, so I'm not gonna tell you anything about what the adversarial keys look like, that's gonna be something that you're gonna have to find out as you do the assignment. And so, but I can guarantee you that the name is on there. So the goal is just like in real life, how do you verify somebody's identity, right? So you can, there's all kinds of options to do this and specifically I'm not going to give you my thoughts on this because one of the most interesting things about this assignment is what happens organically with the class. So you have Piazza to talk, you have even the Zoom chat here, you're totally so allowed to do whatever. No, you don't get to pick a name for the fake key. The fake key is automatically generated with a fake name for you. And okay, so ground rules, I'll have to add this to the website. I can't stress this enough, don't freak out about it. It's the entire, this assignment wouldn't work without people scamming you. So be nice about it. If you get scammed, try to don't, I don't know, don't be mean to people who are trying to scam people, they're trying to get extra credit. Oh yeah, that's a good point. Okay, yeah, this does seem to be faster. And two, basically no, so don't use any, no, don't break in anybody's computer, don't use any physical attacks, don't do any of that kind of stuff. Like that's completely out of bounds, abide by the computer use at ASU. I guess it'll be much harder to break into people's computers if you're quarantined or do physical attacks. But other than that, basically everything else goes. So I think these are kind of the only rules we have of just, is there any other rules that people think would might be useful or helpful to this assignment? Yeah, everything else, so to the questions, everything else is fair game. So beyond this, as long as you're, as long as you're not breaking into their computer, or I don't know if you had some, I don't know why you'd spend half a million dollars on an iOS zero day, but don't do something like that. Don't like physically steal somebody's phone or computer. But besides that, everything's fair game. So it's gonna be a little crazy. It'll be a couple of crazy week and a day as people do this assignment. Yeah, everything is allowed. So yeah, and so we'll monitor the situation. Yeah, Ethan, question. This is the course key, but it's actually not, yeah, it's more like the grade scope. Yeah, so you have to submit before, so there's a, let me, no, I can't pull up grade scope because it may show you your grades and that would be bad. But on grade scope at noon today, there'll be an assignment quote, quote on there called web of trust upload. So what you do there for that assignment, you upload a file called public underscore key dot GPG that you've generated. And then the grade scope will then check, make sure that it's actually your name, that it's valid, everything like that. And then if it is, it will sign it. So it will do the signing part and it will also generate you an adversarial key. So after you submit, you'll be able to download both of those things from the output of the submission system and you'll be able to use those to do the rest of the assignment. Does that make sense? Cool, any other questions? Yeah, it's gathered on adversarial keys. Yeah, so you have, right, so you have to sign like to get the most credit for this assignment, right? Yeah, that's why I don't, that's why the extra credit and stuff I don't say beforehand because there's a lot of ways this can go down. But yeah, the goal is you have to have 30 keys signed on your real key and you need to sign 30 keys with your real key. Does that make sense? Yeah, so this way everyone has the incentive to sign with their real keys. You need to, no, you need to do both. You need to have your key signed by 30 students and you need to sign at least 30 students' public keys with your real key, exactly. No, you have to sign real keys. That's actually a part of the assignment. Okay, so that's a good question. The signatures must be from a valid key in the class. So valid means non-adversarial. So this is, yes, starting late makes the assignment way harder and people are very panicked at the end and they just sign everything. So, yeah, once we sign them that they're, how do you know how many people signed it? So this is part of learning how to do this process. You will basically just like this, so you submit your public key to them, they take it, sign it and send it back to you and then you import that and now your GPG key has that signature added to it. So your GPG key accumulates signatures over time. As long as you sign 30 valid keys and get your key signed 30 times, yes. No, there's no chance that the name that's randomly generated is somebody in the course. I've taken care of that. Good question. Yes, you have to send it back after signing. So you can, so I can show you, this should be fine. So this is my local GPG key ring. So you can see this is me running list sigs on my email address. So this is my personal key you can find on my website. So is a sign, what if someone sends you back the wrong key then ask them for the right key? Is a sign, all the signatures on our public private keys both count towards the 30. You'll only get signatures on your public key. Please don't send people your private key. That would be a very bad thing. They will use that too. They could use that to then sign as many adversarial keys as they want. So yeah, you can see here, these are all the signatures from a bunch of other people that are on my key, some of which are previous key signing. This is our key signing server. So you can see that this is actually in scope for this class. But yeah, I want you to kind of explore how to use this. So that's how you can tell that you have those. So yeah, I don't know, any other questions? Let's, you know, we can talk about it now. And they'll be, again, we'll be doing, yeah. Quing, quang, question. You are muted if you're trying to talk. Oh, the rules, yeah. Yes, exactly, yeah. So only signatures on your real key count towards the 30. Yeah, exactly, yes. All right, so it should be fun. This should give us something to do. And you know, I guess the other thing I've been thinking about with this assignment, it may help you to actually talk to your fellow classmates while we're all in lockdown. So, you know, get to know your fellow classmates. And yeah, above all, have fun. I think it'll be pretty good. Cool, any more questions? And they'll be, again, we'll still do like recitations and other kinds of stuff office hours. So please come to us for that. As of now, so at noon today, as I said, the web of trust uploads assignment will be up. And then I'll create the final submission one where you'll submit your final signed key. So, you need to verify their identity just like in real life. So if I claim to be Adam DuPay and I want you to sign my key, you need to verify that it's actually me. No, verify by looking at the key. So you'd have to, so, A, the very first thing is everyone is all of keys that are in the game, let's say, are signed by the course key. So that's one of the things to always check. So it's a valid key if it's signed by the course key and then you know it's their real key if it's their actual real name. And that's what you'll have to check. What's the most, say it again, different. No, no, no, fake key is a random name. It's a randomly generated name. They will probably not be, yes, or I'll guarantee they'll not be. Josh, you can submit, Josh is asking exactly what your name is in the ASU system. If you submit and the name is off, it will tell you what it's expecting. So you'll be able to do that. Let's see, yes, I'm happy. You can figure out any piece of information you want from anything else. Let's see, the most, say it again. You'll only have one fake key. So you'll only have one fake key that's signed by the server, yeah. And again, that's how you know because it'll be signed, it'll also be signed by the course key. Let's see, the midterm we talked about at the beginning, but that'll be, oh wow, 200 people on this. It'll be, we've started grading it. It'll be ready when it's ready. So no hard deadlines. But as soon as it's ready, you'll know about it. Cool, all right. So we have fun assignment and now we will get to networking. Yeah, so kind of the email will be the same. The adversarial key will have the same email as the key that you submit, but a random name, yeah. And okay, so now we're gonna switch to network security. So kind of highly ironic that we are talking about networking while we're doing a class over using networks. So maybe hopefully this will be, give you some nice appreciation for kind of what's going on here in actual networking. So let's see, it's been, was it two whole weeks since we've even talked about this topic since we had the midterm last Thursday. So let's see, we've been talking about IP addresses. So we talked about the TCP IP stack and the different layers here. So we have the physical layer, link layer, internet layer, transport layer and application layer. So at the physical layer, you have things like if you're on wifi right now, how to talk to your router, like physically, how do that, the physics work? If you're on a wired network like I am, and I would, as a tip, if you're at home, want to, a really good way you can prevent kind of latency and lag while doing these classrooms and everything is do a wired ethernet connection to your router. That way with a lot of people at home, a lot of people will be using wifi. There'll be a little bit of congestion there. So that can help. So anyways, you have the physical layer, then you have the link layer of how does packets and data get from one machine to the other. Then you have at the internet layers, trying to answer the question of how does data get from one IP address on the internet to another IP address? So how does it move from hop to hop along multiple links? Above that, you have the transport layer. So you have TCP and UDP on the transport layer, different ways to talk to different applications. And finally, at the top layer, you have all of the different applications that are built on top of networking. So we have things like HTTP, SMTP, DNS, NFS. You could think of whatever we're using Zoom. I don't know exactly how Zoom works, but however it's doing this video streaming, that would be another maybe protocol that's running on top of the internet stack. So any questions on kind of the high level TCP IP stack? Yes, recording of the lectures will be saved and uploaded. So Zoom should be recording it. I'm also recording it as well, just in case. So just like normal classes, they'll be posted on YouTube afterwards. Okay, so now we get into, we're gonna start in at the IP level. So we talked a little bit about IP addresses. So this is the notion that machines on the network need to be able to know how to send data to each other. So in order to do that, we need to know its address, right? So, and we talked about how IP addresses are 32 bits. So, and this is grouped in terms of bytes. So each of these in this dotted decimal notation represents a byte. And that means each byte here is from zero to 255. And so something like if you had an IP address that was like 390, you'd know that this is an invalid IP address. And that would, so every octet here has to be from zero to 255. And we'll get over, we'll talk about routing later. Then we dug into what does an IP datagram actually look like. And there we go. IP datagram has a number of fields and this is the really interesting thing. These are, you can go look this up in RFC 791. We'll see what that looks like. There we go. So in the IP protocol, you can go look up all these tables, exactly everything that we talked about are kind of in these diagrams. Yeah, so you can hear this exact diagram is from here. So it has a number of different fields of how to parse this data. Some of the important things that we talked about are you need just like a, and the really important thing with networking is to think about the postal system. I think that's the best analogy we have for how things were like that. So we have the source IP address and the destination IP address. So we need to know if packets are going from one place to another on the internet. Where does that data go? And where is it supposed to go? And then specifically we need the destination IP to know how do we go back? So how do we come back? Let me see, I'm gonna get this out of the way. There we go. How do we come back from a, how does data come back from one side to the other? Other things we have in there, we have interesting things. We talked about a little bit the time to live field. So this is so that your packets don't spin forever in the network every hop along the way. The time to live is decremented by one and once it reaches zero, it's dropped forever. And so, and then now we'll start to look at the question of essentially how does data move from one place to another on the network in one hop? So that first hop. So kind of when you think about that stack that we were talking about, you have IP level and below that you have the link layer. So the way that this happens is essentially with encapsulation just like we have here. So we have the IP header and then that and the IP header with the IP data is encapsulated inside of a link layer. So we call that a frame. So we have the frame header and frame data. And so now this is essentially answering the question of how does a packet go from your machine to your router or your gateway right now? But to do that, we have to answer a question first. So let's go here. It's kind of nice using a big screen for this rather than the projector in class. Okay, moving you. There we go. Cool. So we have some machines, 11.10.20.121. And we have another machine, 111.10.20.14. And right now we'll just draw a little box. It's really ugly, not even a box. We'll draw like a switch. So we'll say this is a switch. They're connected right here. As far as to say they have some way to talk to each other here. And so the question though is, so we have these two machines and then we have google.com. So one of Google's addresses that they use for DNS is 8.8.8.8. I did, thank you very much. And so the question is we are, let's say host A. And here we have host B. It's just from the slide. So it's no specific example, but it's from the slides. But it will be important in a second. So the question is host A wants to send a packet so from 111.10.20.121 to 111.10.20.114. How does the host A know that that should be sent here? Whereas when it wants to send a packet to google.com or this isn't google.com but let's just say Google DNS. It uses 8.8.8.8. And how does it know that that's somewhere else so it needs to go maybe from here to the router or let's call this a gateway. I'll just call it GW for gateway. GW to then go to some nebulous kind of system. We'll call it something cloud-like. Finally to 8.8.8. So if host A wants to send a packet to 8.8, it needs to first send it to the gateway where it'll go on its first hop, then it will send it somewhere else. It will go through several hops, finally making it there. So one of the key parts of IP addresses and with networking is we need to know how does a machine know what's on its local network? In this case, and by local we mean we can send a packet direct, an IP packet directly to that machine or on its remote network or not on its local network. So something remote that needs to go somewhere else. So this gets into this notion of a sub-network or netmask or there's actually a couple different names for this which makes it kind of annoying. So there's several ways that we can write this, deleting this for room. So we can think of in this example, we have host A has 111.10.20.121 and a sub-network of 111.10.20. Another way of writing this would be host A, 111.10.20.20.121 slash 24. Let's see, yet another way of writing this would be, I can't go there, netmask of 255.255.255. Okay, these are all slightly different, a little bit complicated ways of deciding how do I tell if two IP addresses are on the same network? So there's a couple different ways to take these. So for the sub-net, and these all are the same thing. So for a sub-net, you would say anything that starts with 111.10.20 is on the same network as you. So that's why host A can say, is 111.10.20.14 on the same network as me? Well, let me check my sub-net, it's 111.10.20. This has a prefix of 111.10.20, which means yes, it's on the same network. Similarly with the netmask, although this is kind of cool, it allows more freedom, you can think of the netmask as take IP address, binary and it with the netmask. So what's the binary for this netmask? What would this look like? Oh yeah, I gotta call on people now. Oh, I have all of your names here, I can just call on people, this is amazing. As everybody frantically types in the chat so they don't get called on, great. Yes, so all ones, no, that one's wrong, but all ones, right? So the netmask here would be, yes, good question, Nate, let me get back to that. So here we have all ones, so 111, 111, or eight ones, eight ones, eight ones, and that with the IP address, which is a number, and that would tell you if it's on the same network or not. So it has to have all of those. And the other way to think about this is, sorry, just trying to clarify for people in the chat, I'm not trying to be mean. It's okay to be wrong, that's how we learn. And okay, so this other way of doing it is, 111, 101, 121, slash 24. So the slash 24 says what bit do you put the netmask at? So a slash eight would put it here because this represents the first eight bits, and this would be a slash 16. That would represent the first 16 bits, and the slash 24 puts it essentially here. So with this, you have much finer control because now going back to Nate's great question. So the question is then with the netmask of, let's see, 255, 255, 255, or another way to think about it with a slash 24 network, how many local hosts can you have on this network? Yeah, so, and let's walk through some examples so we can think about it, right? So host A knows its IP address. So then we can ask the question is 111.10.20.0. Is that in the same subnet? Yep, and .2, .1, .2, .3, .4, .5, .6, right? All the way up to, is 255 on the same subnet? Yep, and also can, what about 270? No, because that's an invalid IP address, right? 10, and 21, what about this, 21.10? Good, okay, perfect. Yeah, question, Chris or Christopher. Chris, you're muted, we can't hear you. Yes, the slash number thing is the ending bit of the host number, so the slash means, slash 24 means the first 24 bits are the host, or sorry, are the network and the rest is the host. Yeah, so it exactly specifies what the netmask is. Okay, so yeah, we didn't talk about it. So 256 is a good one, so is 256 a host in that network? 256 is out of range, yeah, it's invalid, great question. Cool, okay, yes, and like people said, some of these are reserved for specific things, zero and 255, but for now we can ignore that because it's not really pertinent to our discussion of understanding what happens here. So, but fundamentally, and so now for this network, so we can see that we essentially have, we think about 256 hosts, right? Because we have essentially zero to 255 that we can use if we think about the reserved, not worry about the reserved ones, then we can think about that, but this just gives us a size of the network. So then how does that, but obviously, so if you think of somebody like ASU, how many machines does ASU's network have? Normally, yeah, more than zero, like a lot, way more than 256, great, I like these. And yeah, so the question is how do you do that? Well, you just change the net mask, right? You tell the network, so you can do, like if the net mask was now a slash 16, right? Which now would change the net mask to be 255.255 and the sub network to be 111.10. Now, what's the size of this network? How many hosts could you have on there? Right, 65,000, so that's pretty good. And then what about a slash eight, be two to the 24th? Yeah, like six million hosts, right? All internal in your local network. Cool, so yeah, this is, wait, so to answer the questions, let me see, is 254. Okay, so let's look at this. Could you have a net mask like this? No, because it needs to be all ones and it's basically based on kind of a hierarchy. So you look the separation here is, so in this a slash eight, this would be the network and this would be the host. So this tells you if it's local or external. And 254, so it needs to be in that hierarchical way. So you need to have like, the net mask is all leading ones basically. Yeah, why is it two to the 24? So it's two to the 24 on a slash eight because you have eight bits for the host, which are sorry, we're for the network and you have 24 bits for the hosts, which means it's two to the 24 here. Does that make sense? Cool. Okay, so now we have a great, nice, easy way to distinguish. So every host, so now the question is, what do you need for a host on your network? Every host needs to know not just its IP address, but also the net mask, right? So every host needs that, but once they have that, now they can know and we can answer the question of if slash eight is two to the 24, 60 million, a slash 24, a slash 24 is these bits are one, so it's eight bits for the host, so it's two to the eight. Yeah, you can think of, I mean, the formula is you do 32 minus this to the two, right? Cool, got this, cool. So now every host knows, so every host is configured not just, and this is now we get more and more complicated and more and more into real life. So every host needs to know its own IP address, also its net mask as well. And from there, it can know is a packet on its local network or for a remote machine. Then if it's for a local machine, then it needs to use the next layer, the link layer, to send the packet from, in this case, host A to host B. So we have an example, I guess I haven't tried full screen this. Can you see the screen? What do you guys actually see here? Is it the slides? Do you see the presenter view or? Okay, cool, the slides. Oh, presenter view, nice. Okay, thank you for that, got it. Okay, then we won't use that, I don't think it's, I think this is probably pretty good for at least size of seeing the slides. Plus like I can draw and do this. So slides loaded, but really low, yeah. Okay, so we have, now we need machines to communicate and we need, because of kind of due to the nature of encapsulation at the various levels of networking, we had the IP address layer and we need the other layer below that, the link layer, we need to be able to send data from one link to another in this local network. And so we actually need a whole another addressing scheme for that. So to do that, we use MAC addresses here. So this is, you've probably seen this if you've looked at your networking. And so just at a high level, essentially what happens is host A here, 111, 10, 21, 21, has a ethernet, has a ethernet address, a link layer address of 945FA072223. And so it, when it wants to send that packet from 121 to dot 14, it has to then encapsulate that IP packet. So the red here is the IP packet inside of a link layer packet and send that out. And what does that look like? Cool. Okay, so an ethernet frame is much simpler and here we're looking at it in terms of bytes. So this is a destination is six bytes and a source is six bytes. How does that compare with an IP address? So what size in bytes is an IP address? Yeah, so four bytes or 32 bits, right? So, and then so what's this six times eight? Yeah, 48 bits. So ethernet addresses are 48 bits, which is kind of interesting that they're larger than IP addresses. And that's why we display them in that different type of, so we can see here in this different format. So here, each of these one, two, three, four, five, six, each of these represents a byte and by convention, we represent these in hex values. Do you need to memorize all these formats? Yeah, I mean, it's important to be, to know if you're looking at something, is it a IP address or is it a MAC address? I mean, these are things that are gonna come up kind of throughout your career. So I wouldn't really think necessarily in too much. It's something that happens that you get used to it. So I don't know, difficult to answer, we can come back to that. But essentially the way an ethernet frame is, it encapsulates up to 1,500 bytes of the IP datagram to send that out. So looking a little bit, we don't need to go into all the details, but this is the, oh, the RFC standards. No, you don't need to memorize the packet layouts or anything. Yeah, we'll get into that. So widely used, okay, yeah. So ethernet is used a lot. The addresses have 48 bits, which is very interesting, different types as we'll see in a second. And one of the key things we need is, as we talked about here, so, and remember we've been talking about this in the context of IP. So here we have a case where host A wants to send a packet to host B. So it knows 111.10.20.114 and a MAC address identifies a machine on the local network. So we're gonna get into what that exactly means, but that's how data actually travels from one machine to the other on your local network. So let's say host A wants to send a packet from 111.10.21.21 to 111.10.20.14. And the interesting thing, and the problem we have here, and this is kind of why I really like talking about this, is the TCP IP layering here. So you have an IP address at this layer, but in order to actually send that to that machine that's on your local network, it needs to go across the link layer, which means you need to know the MAC address, the hardware address that exists for that machine at the link layer. But all you have is the IP address. So we need some way, and this is where ARP comes in. It's this notion of, it's called this address resolution protocol. It's kind of like, we haven't got into it a ton, but it's kind of the DNS of ARP of IP and MAC address. So it's translating from IP addresses at the IP layer to hardware addresses at the link layer. Yeah, so ARP is the address resolution protocol. Thanks for that. And the idea is a host only should know the IP address that they need to talk to. And in order for that packet to move one hop, it needs to know what is the MAC address associated with host B. And so we need a protocol in order to do that. And the reason why we're going into that is because it's really important to understand this from thinking about a, there's actually security vulnerabilities that come up here. And the other reason why it's very different. So again, we're thinking back to that hierarchy, right? IP exists so you can send data from one machine like here, 111, 10, 20, 121, all the way to Google at 8.8.8.8.8. But the cool thing is because of that encapsulation, I don't care what Google's MAC address is because I'm never sending data directly to Google. I'm only sending it one hop in my local network first and then it goes on from there. So the other way to think about it are MAC addresses and hardware addresses exist only within your local network, right? Which is again, identified by the net mask, the subnet and the, yeah, the subnet and the net mask. And so MAC addresses only make sense inside your local network and they never leak out, which is kind of interesting. So how does ARP happen? So we need some way of doing that. And so we can look and let's see if I'll try slideshow. Let's see. I know there's a button for this. I'm gonna play it without presenter mode. Nope. Oh, you know what? I think there's a way inside there. Or not. Ah, there we go. Swap displays. How about now? Can you just see the slides? Perfect. Okay. So now we have a situation where we have host A and host B, host A's IP addresses 192.168.1.100 and host B is 192.168.1.10 both with different MAC addresses. And one of the cool things. So if you're running a MAC or a Linux machine, you can actually inspect your ARP cache. So actually this could be an interesting thing to do of run this locally if you can. I know there's a way to do this on Windows. I don't know how to do it off the top of my head but you can run the ARP command. So ARP-A allows you to list all your current machines known ARP cache. So this allows you to say, hey, I'm on host A. What are all of the mappings that you know about between IP addresses and MAC addresses? So for host A to ping host B, so a ping is an ICMP echo request but just you can essentially think about it right now as just sending a packet from 192.168.1.100 to 192.168.1.10. And so before it can do that because its ARP cache is empty, it needs to have a way of, host A only knows its IP address, its net mask and its MAC address. It doesn't know about anybody else's. So it needs a mechanism to find that in the network. So essentially what happens is, so we need, there's actually a link layer protocol that broadcasts this request out to everyone on the local network. Why does ARP-A, I don't know, I'd have to look at it. Is it Dropbox? There's something weird maybe? I don't know, we can look into that later. That's interesting. So we need a way because again, this is kind of interesting. We wanna send a message out on the link layer to the entire local network saying, well somebody Google that IP address, I'm sure it'll pop up and you can know exactly what that's for. And let's see, where was I, oh yeah. So we need to ask every single host on this network because we don't know is it host A, host B, host C. We don't even know if this IP address is up or not or connected to our network. And so we need a broadcast request to every machine on this network. And the way that's done is by setting the MAC address to all ones. So if you send a packet and you can see here, so host A is at, and this is TCP dump output. It is, so it's saying that here's an ARP request at the link layer from 80460704A3 and then to all Fs. So this all F, remember all Fs is one, one, one, one, one, one, one, one, one, one, one. Right, so all ones. And that means the local network will blast that out to every machine on there. And we can see it's decoded this packet, so it's an ARP request. And so this is a request saying to the network, who has 192.168.1.10, whoever has that tell 192.168.1.100. So host A blast this out on the network, Which hosts get this packet? Yeah, all of them, so great. So both host A, host C, and host B. So what does host C do with it? C does nothing, right? And how does it know to do nothing? Yeah, it checks this ARP request and says, do am I 192.168.1.10? Nope, and I don't care, so I'm gonna drop it. So Ethan, the reason is because the, so this is the link layer source and here's the destination. So a destination of all ones goes to every machine on the network. And so that's why every host gets it. Host A is the one who sends it, but every host, including host C, host B, all of them get it. And so yeah, so let's see, who has, yeah. So host C drops it, host B gets this packet, says, okay, this is an ARP request for 192.168.1.10, oh great, I'm that person. So it replies back, and so this ARP request goes to all the machines on the network. That ARP reply from host B then goes back. So now, and if you think about it, it's kind of interesting. So host B has all the information to send this packet. So rather than broadcast this reply to everyone and waste kind of the physical bandwidth here, host B sends this out just to host A because it has here the, so it has the source inside of that packet. So it is able to send it, oh, hello. Oh, okay, I guess we're looking at all of it. No, there we are. Sends that ARP reply back to host A from 0131D98B8, that is host B's MAC address, and 28.0.46.7.4.A3. And with an ARP reply saying, hey, I'm 192.168.1.10, and I'm at this MAC address, 0131D98B8, and then you'll see a bunch of IP packets. So these next ones are IP packets. And then the interesting thing is you can run ARP-A on both host A and host B, and you'll see that now it has entries for those in the local machine's ARP cache. Wouldn't the physical bandwidth usage for the apply be the same? No, because it has to go to each of the machines. So on a broadcast, every machine gets that request. So a broadcast has to go out to every single machine, whereas a reply will only go to the machine that needs it, typically. I mean, this again depends on the details of the networking, which we won't really get into. But you can think of it at least here, right? This ARP request had to go to host C and host B, whereas the ARP reply only has to go to host A. Yeah, so A, exactly. So the ARP reply from B to A, ah, yes, yes, yes. Yeah, great point. So this is the other interesting thing here. So because of this exchange, right, they both know each other's MAC address because host A knows about host B at that MAC address, but also because host B, based on this request, who has this, is able to update its own cache of what host A is at in case it needs to talk to it. Yeah, so that happens here as well. Questions on ARP requests for right now? Does host C, host C does not have an ARP reply because it does not have that IP address. So host C checks this, the request's IP address. So it says, host C checks, I'm not 129.168.1.10, so I'm not going to reply. So only host B will reply and only host A should get the ARP reply. Although let's hold those questions for two more slides because we'll talk about that about exactly what happens. So this is just, this is the kind of crash course, the basics of how data moves from one machine to another on your local network. So again, the important concepts are checking with the net mask to see, is this IP address on the local network? If it is, then use ARP in order to map that IP address to the MAC address and then you can send that packet to that machine locally. And this actually gives rise to a number of really interesting local area network attacks. So even with this little bit of networking that we've learned, we're actually able to launch some interesting network attacks. And so some of the things we want to accomplish with these local area network attacks, we may want to impersonate a host or machine on the network. We may want to cause a denial of service to knock somebody off the network. We may want to access information that's being sent across between two machines in our local network. And so what would, let's talk about what are some, let's talk about what are some cases and scenarios where this could be true that what would be a way that you could want to impersonate a host or access information. Don't be shy, unmute yourself, jump in. Voice chat, I like voice chat, especially for something like this would be good because I would like us to chat about it. It's like what would be a scenario where you could maybe impersonate a host or access information or tamper with some kind of information on a local network? Yeah, Robert. Yeah, so when would you want to do that? So more high level, right? So like why would you want to do it? Let's go with that. Yeah, maybe we're all on a network like at Starbucks or something and there's open Wi-Fi, we're all on a local network. And maybe I want to be able to, maybe I want to kick you off the network. So a denial of service. Maybe I want to access your information that you're using. Maybe I want to pretend to be Google. Other scenarios would be maybe you, so the question is kind of like what are kind of scenarios around local networks where these types of attacks actually make sense, right? So one would be maybe a coffee shop. Another could be a, so you've broken into a web server on a company's network and their web servers on the same local network as their database server. So you want to intercept all the database communications. Maybe you've gotten malware on an employee's computer inside of a network and you want to pivot from there to a developer's machine and they're on the same local network as a developer, right? These are all different types of scenarios and attacks that you actually want to be able to do this. So yeah, act as a company to steal login info is a good one. Yeah, so and kind of we'll think about, and throughout network security when we look at these things, we'll be thinking about sniffing. So you can actually get just a lot of information just by listening to traffic. And yes, this is something you use Wireshark or TCP dump floor to sniff and monitor the traffic that's on your network. Spoofing, so spoofing is a, is basically when you're impersonating somebody else on the network, so you're pretending to be them. So maybe you're on a network where a specific IP address is given, a specific IP address is given a lot of trust in the network, maybe you can log in to a server without authentication. And so that can help there. Does a Combride device on a local network have elevated risk to other devices on the network? Yes, yeah, for sure. And that's what we're gonna get into there. And we'll talk about all these things, but and so hijacking is you wanna hijack the communication between either two machines on the local network or a remote machine on the network. And so one of the interesting things that we were gonna talk about briefly is the difference between a hub and a switch in terms of networking. So anybody know what, do you all know what a switch looks like? Yeah, some of you. Okay, we'll look at something like this. So this is kind of the most craziest version. Oh, why can't it go bigger? Here we have a pretty insane, what's this? 96 Ethernet port switch. And yeah, let's see, is there any other good ones? You're probably, let's see, more familiar with, that's the same image while it's funny. You're probably more familiar with something maybe like a home router, maybe something smaller that has maybe just a few ports on the back, maybe eight ports, four ports, right? Oh yeah, here's a good one, cool. Yeah, a hub does look similar. We're gonna talk about that in a second. So, okay. So, how do you build one of these things, right? And how do you build the thing that you plug in, you know, an Ethernet cord in and data comes in and it needs to come out in different ways, right? So one of the easiest ways that you can do this is you have, we'll draw this whole thing as a switch or maybe we can, let's see how good my mouse based. So here we have like P one. So you talk about these in terms of ports, so port one, two, three, four. And so you have a machine plugged into this port, a machine plugged into this port, just like our previous example, right? We had A, C and B. So one thing I could do, and to just do this simply, is anytime I get traffic from A or on any port, I just send it out to every port. Would that make sure that the packets get to where they need to go? Yeah, because you're sending them literally to everyone, right? So and everyone A, B and C each have their own hardware MAC address. So they know to only listen to packets that they're on. And so one of the downsides, which some of you are pointing out, which is definitely true is if A and B are streaming maybe a high bandwidth movie or something and C is also trying to use the network, C is getting all of those packets and it's wasting a lot of bandwidth. So this is kind of a, the hub model is basically just, I'm not even sure if you can buy them anymore, but hubs basically send data everywhere, right? To all the things. And so network switches actually are much smarter. So the difference between a hub and a switch is a switch keeps track internally based on what MAC addresses are on what ports. So it keeps a mapping between MAC address of A is on port one and when a packet comes in from B to A, it looks it up and only sends it out on port one because it knows that it's the only one that's on there. So C never gets that traffic. So the idea is, and we won't go into the details, but basically broadcast traffic is sent to all connected hosts on, so broadcast traffic, right? We talked about all ones get sent to everyone, whereas other things only get directed traffic and this gets into when we talk about sniffing and looking at data on the network, this has a significant impact. So yes, the hub is the equivalent of connecting all the cables directly to each other, exactly. Yeah, cool. So yeah, we made it pretty far. I don't know, how'd we do? Pretty good. Do you miss being in class? More time? You want more time, huh? Don't worry, we'll have more time. We have a whole rest of a semester like this, so. Tested the annotation. Yeah, I've disabled the annotation so you guys don't mess it up, no offense. Cool, yeah. All right, cool. So yeah, Kyle, what's up? Yes, yes, so I'll have my office hours later today. I will post a link on Piazza, so you can come hang out and we'll do office hours. Yep. All right, good luck everyone. I guess, I don't know if I should, well. Stay safe, have fun, and learn stuff. And trust each other, be nice. Don't trust each other, but be safe and be nice.