 All right, folks Hello again. Thank you all or some of you. I guess we're being here about a hundred of you. That's pretty good So Yeah, so hope you all had fun learning about the joys of signatures and public and private keys and Maybe hopefully now our piazza board can go back to normal a little bit So it's not inundated with all these insane posts Yeah, so Okay, so let's do logistics first and then we'll go into assignment four and then the next assignment so Looking forward. So this is the goal here is to help you kind of plan Everything else going forward. So we have the tentative due dates for the next assignment. So assignment five will be released today And it'll be due on the sixth and then on the sixteenth. We'll have an in-class CTF, of course I guess during class is probably the more appropriate way to put it since we won't have it in class, but and we'll Get more into this as we get closer but the basic idea is you'll break up into teams and self-form into CTF teams and during the course time we will have a Number of capture the flag style challenges. So a number of security challenges that your team will be Fighting to solve during that time It will be all kinds of things that we've talked about in class. So It depends on where we are in class How big I'm not really sure I think I'm capping it at let's say five or six I think that's probably a good size if you have two big teams. You're not really learning anything If you have two small teams, you can't learn from each other as well. So We'll say probably around five or six people So those will be on the 16th and the 28th that we'll have those those should be pretty fun and The other thing is that me the TAs and the undergrad TAs will all be available during to kind of help everybody get set up and get everything all ready to go so We you know when you have questions during that and we're figuring out exactly how that coordination is going to go down virtually You know, obviously if we were still having class, you'll have your own teams So if we were in class we'd all be there in the classroom to kind of walk around and help you But we'll be figuring out ways to do that virtually. So that should be pretty fun And then we'll have towards the end of the semester will be the last assignment assignment six that will be due And that's kind of the course from here At least that those parts any questions on that cool All right, so let's go do assignment four. So assignment four was due yesterday Yeah, so I don't know anybody want to give their thoughts on it or If maybe so I will say first off there are some people who are still doing the assignment and haven't gotten all their signatures So if everyone would be so kind as to sign their keys so they could submit the assignment late that would be Very helpful to them Yeah, there's a lot of reactions and it's okay everyone Yeah, people are very very sneaky Supplies only polite. That's good. How fake everyone's name sounds. Oh, they're real names. Yeah, that's kind of funny Let's see the scammer tried to scan me to sign my adversarial key was possible So I was nice to people and they signed my adversarial. I didn't enjoy the assignment at all. Yeah, that's okay. These are all Yeah, so the you know the interesting thing Yeah, 30 keys is a lot, but it's roughly you know less than 10% of the class. So that's kind of why I think it's a little bit easier But yeah, so the basic idea and so there's a couple different ways, I don't know if anybody wants to share their expert level How they kind of trick people to sign their adversarial keys all what I'll definitely do is So I have to wait a few days in order to grade the assignment because I need all the late keys to come in And then what I do I get them all and usually what I do is I ask the person who was the best at scamming people and getting signatures on their adversarial key to To actually What's the word I'm looking for oh to talk to the class about what they did and how they did that So Yeah, so basically so there was one thing so somebody actually just mentioned here in the chat is Yeah, one of the techniques you can do is if people aren't very closely looking at the signature of the key What you can do is you can change your UID to be your name and Then on your adversarial key when you do that all signatures on your key are then lost So that's why normally you wouldn't do that because you'd lose the CSE 365 spring 20 key But what you can do is what I've seen people do and what I think some people are talking about in the chat is you can create a fake CSE 365 spring 20 key that obviously has a different fingerprint But you're likely banking on people not checking it that closely and what you can do is you can export to one Output two different keys. So you export your fake CSE 365 key and Your adversarial key that has your name on it now But is no longer signed by the real key and so when they import it they import both they check They see that it's signed by CSE 365 spring 20, but the fingerprints different. So they sign it and send it back. So that's a Kind of a classic way that people have done that Yeah, or other one, that's a really cool idea. So you can Because it's all these fingerprints are based on hashing you can actually just keep generating keys that have Very similar and you should be able to possibly create one that has a lot So somebody got five the first five characters of the hash match When I gave my real key, oh That's funny Yeah, so this is another thing. So this is the this actually happened a lot when people were Submitting their assignment so they would export their key and they would export their AS like use their email to export their key Which would end up exporting two keys Their real key and their adversarial key. So So the same thing happened here is if you send them both and tell them to only sign one But maybe tell them to sign your email key Yeah, that's pretty funny How did the discord go for people who are on there? It was good great for the first few days. Yeah, you think it was great until you figure out how many adversarial keys You signed people on there You kept the adversarial keys out. Yeah, that's funny So here's here's a funny story. I'll tell you that's happened in the past. So One time when I did this assignment one of the classes decided to create their own Basically like certificate authority So there were two people involved and they would both check your actual ID to get onto a Google Doc list That they would put your name and so they would trust anybody with that name on the list And one of the people actually scammed their way onto that list and into the certificate authority by tricking both the people Getting him onto the Google Doc and then either he changed it. I can't remember the details But basically he tricked and got everyone that was part of the certificate authority who thought they all trusted each other to sign their keys Yeah, someone edited the list. So yeah, this You know when you're putting trust into into a group, you know All it takes is one person to come in and then they can get fake signatures from everyone in that group Let's see. What are some other clever ways? Oh one year people Created a Python script to do the key signing and they shared it with everyone and they would even validate the key signature like we were talking about But they had a They put basically a backdoor that had their own fake key in there. So if they sent you their fake key, it would sign it Yes, you'll find it. Yeah You'll have you'll figure out all send you the details about how many adversarial keys and everything So how many real keys you you signed how many adversarial keys everything like that? Yeah, so that was a pretty interesting way I'm sure and the other thing that's always really interesting is seeing how different communication mechanisms like If I'd asked you let's say two weeks ago about what are all the let's say How does the security model of piazza posts work? You probably wouldn't be able to tell me as well as now when you know exactly that other students can actually edit posts and And could make them private Yeah, it's piazza is a really weird program so Yeah, so yeah, piazza has these really weird things what they've done in the past and I think what you guys started to do as well was creating a post and saying like okay, they can't edit the post but they can edit they can act like nobody can edit comments So they would just say like in the the post it'd be like look at comments And then that's where they would yeah the follow-ups was where they would actually talk about things So yeah, there's no way to spoof the name and the class signature So if you were very very careful of every key you signed and check that the name was correct And that the class signature was on the key you should not have gotten scammed Or unless like somebody said you were checking, but they got the first five of The key fingerprint to match and that's all that you were looking for Yeah, they can yeah why Yeah, you know you got a You don't want to have to do an alternate email. That's I think So yeah, that's kind of the was the nature of that assignment Cool. So yeah, there is you know, so the kind of goal here was to understand that the how difficult it is to bootstrap This web of trust especially when you have this adversarial element Right, so it seems to be pretty easy just checking IDs Yeah, you can email me anything you want. I'm happy happy to receive any emails Yeah, and the other thing the Usability will I sign your key? Maybe if depends on if it's a real key or not The and the other idea is usability so part of the goal is to realize that these tools are not very usable at all They are really when you think about it kind of expert level tools, right with all these kind of Arcane invocations of signing and exporting and sending keys back and forth And so Yeah, that was kind of the other point of this assignment was to get experience with these tools that people try to and you can The other thing we didn't do with GPG keys, but you can use them for Sending encrypted messages to each other That one's not but there's you know a lot of other ones, especially if you have multiple Keys, how do you select which one to sign it with then you didn't talk about it here, but establishing trust so putting trust on it Checking fingerprints. Yeah. Yeah, so you can see there's like and you can even see this kind of like Narrative like Narratives and counter narratives of like oh you sent me a fake key. No, you sent me a fake key and like people pretending to be somebody else Yeah, it's it's pretty crazy. So Anyways, you'll get your grades on that. You'll also get Let's see going back here The midterm so the midterm will release the grades probably Monday or Tuesday, so it'll be very soon So you'll get to see that that should be you know very fun Let's see Let's see I often do fake keys get signed at real key signing parties. Yeah, I don't I don't know. That's a good question I think it just depends again on trust, right? So if somebody has an incentive to Trick you to sign their key then as you've seen even with I don't know maybe depending on your perspective. It's either a lot or very little Motivation here to trick somebody to signing it You can you know, it's pretty easy if people are not paying attention to trick them to sign things Yeah, and then the the time the exactly when you started the assignment was So starting early gives you a huge boost on this assignment. Cool. Alright, well, let's move on to assignment five So assignment five and we're now going to get into And this is another assignment where starting early is going to be very important The idea is you're going to learn about password cracking. So specifically password hashes So as we talked about when we talked about authentication, right? So typically the way that we know that passwords are done is rather than store the passwords in plain text A hash of the password is stored in plain text So there'll be a series you'll get a series of hashes And your goal is to basically reverse those hashes and figure that out There are a lot of tools to do this. So things like John the Ripper hash cat Or there's a whole list here of Wikipedia password cracking software that you can use And so what you do though on grade scope, there'll be an assignment called crack that pass hashes So what you do is just submit just like we did on the crypto one submit anything and it will give you your individual unique crashes Sorry, hashes, I keep saying crashes And so for part one is just MD five So it's worth 40 points. It's a standard MD five hash And one of the things that's really important when you're doing this is to make sure you're doing this correctly So you can check that Adam hashes to this hash and ASU hashes to this hash So if you're writing your own hashing system or something or doing something custom You want to double check that this works Each of these parts has some kind of hint. So this says that it's a six character password So what you should be doing is looking at the tools understanding them figuring out how do you tell it what you think the format of this password should be Then part two is a so yes password brute forcing so you you need to find a input that hashes to that same hash that you get So it'd be somebody's password. So all you get is oh if you don't know a type of password the answer is yes collisions sure are valid too But I don't think you're ever gonna find that so I wouldn't bank on that I give to think is is it worth to search through this entire search space or is it easier to search through six character passwords to find the correct passwords Let's see what's the other question. Oh if we don't yeah, so in a real situation usually you can tell so you can see here that like md5 has a certain length Shaw 256 has a certain length B crypt has a certain format so it all depends on that Then part two is a Shaw 256 hash so you can check that it's a seven character password so a little bit longer But it's only composed of lowercase uppercase and digits so you can reduce the search space much larger here and part three is B crypt So the idea is so here now the important thing of of part three so B crypt includes a salt in it so the hashes will be the same So for instance Adam can hash to any number of things this or this as you can hash to any number of things this or this For this assignment there's incredibly unlikely chance that there'll be a hash collision like like I said it's it's less likely that you'll find a hash collision then you'll get the actual password So somebody just asked about passwords for this part the idea is that this is a commonly used password so As opposed to the other two where you're trying to brute force and find a pattern password that matches this pattern in part three It's a commonly used password so you should look in the in the dictionary for that or in password lists or whatever Okay now part four is so in all of these parts part one through three you can You can use these off the shelf software John the Ripper or hash cat for part four part four and it's only worth 10% so I don't know if you only want 90% you can totally ignore this but this is a custom hash function so it's not something that exists it's something that we created specifically for this assignment So the idea is you take the input to hash and you run it through MD five a hundred times so you take the MD five output like in this case if it's Adam You take Adam then you get this hash value and then you feed it back into MD five to get a new hash value and so on a hundred times And then you take that output a hundred times through Shaw 256 and then that result a hundred times through Shaw 512 So mathematical notation if you want to think about it it's kind of like this so you're stacking a hundred MD fives and then a hundred shopping to 256 and then a hundred Shaw 512 And there we go so you can then the important thing is definitely for this one because you're writing a custom hash function You want to double check that hey Adam hashes to this value as you hashes to this value and security hashes to this value And in this one you know the intelligence here you can see the search space is quite different so the user is very lazy and the password is five characters lower case So only five A through Z and then the custom so then part five is extra credit ten points extra credit is the same function from part four but it's more difficult And the more difficult is that no intelligence is available and none will be given and okay so yeah so then to submit for this all you need to see is Submit for this part of this assignment is a read me so submit a read me that has your name is you ID and a description of how you broke reverse the hash And include the password that you broke for auto grading right so just do it MD five colon space and then put the password part one Shaw 256 colon space password part two if you don't do one that's fine just remove it or leave it out that's totally good So Garrett's question are all character values used That's I'm not going to give any information that's not on this page right so this is a six character password this is a seven character password of lower case uppercase and digits So important thing this should go away Yeah if you write code submit it to that's good or talk about it in the read me that's fine any other questions It'll be released at noon so after this class Extra great if you break into my ASU account I guess I mean you can change your grade to be whatever you want so you can technically do that And it would also be against the give us your password hash No thanks Oh it's complete the assignment by using yeah you can use 100% all of the open source software Yeah so don't break into my account because I do not give you permission to do it if you did it I'm saying you could change my past your grades ASU would probably also likely find you and kick you out for academic integrity violations If they find you yeah that's always how crime works Yeah I'm not giving you permission this is me explicitly not giving you permission Correct I'm explicitly telling you no Cool yeah And we have a recording of this so you know I don't think that'll be any yeah we definitely have a recording Cool alright so this assignment will be out again I think the best way to do this is you know start on this early I think that's the really important part And yeah get started on this early If it's you know five hours to the deadline and you try to start it's going to take you 12 hours to brute force one of these passwords I won't have any You know not really any concerns there you know if you need to run this stuff overnight It's you know you got plenty of time so start on it now start playing with these tools get used to them Maybe try hashing you know try breaking some of these passwords first And that should be good yes grade scope will tell you right away and it'll tell you exactly how many points you get So grade scope will tell you that they were correct and yeah you can you're free to use general free to use every resource I would say How many people can help you're each going to have your own password so I'm not sure other people would help as much No just like most assignments this is on your own so you're free to use any resource or program to help you solve this challenge except like directly for each other Cool alright let's go back to networking VM's not terrible because depending on how it's done it may use your system directly so it should be fine cool Alright on to TCP Okay just a second let me get my windows arranged Alright cool okay so now we are talking about TCP so So now and very different from Very different from UDP right so we looked at UDP and UDP was essentially a very thin layer on top of TCP or on top of the IP protocol Right so UDP didn't give any guarantees of delivery didn't give any guarantees of order or anything like that we basically got no guarantees from UDP And so as we'll see that TCP actually provides a lot of these things so TCP is able to provide a connection oriented So the idea is we'll be able to set up a connection between two IP addresses on the internet to be able to send data back and forth So this is different so then how does a let's say something connection oriented how does that differ from something that's just packet or datagram based like UDP Yeah it's a little bit different right so the connection the idea of a connection is like I can send some data you get it you can send some data back And we can maybe I can stream data towards you but it's different from just sending like here's a packet of data to you so we'll see kind of exactly what that looks like in a bit We also get now some features that we actually want yeah we do get bidirectional which is nice We get some really good features of reliability so we actually get reliability so that means that we can one way to phrase this would be no loss Another would say maybe we can detect when there is loss so there's no loss there's no duplication of packets there's no transmission errors and everything comes in the correct order So the application so what's nice is if we establish between two machines on the internet a TCP connection I can send you So like I can send you some data I can send first foo and then I can send bar and I know that you will receive it in that order So you will receive first foo and then bar even if these are sent in as we'll see different TCP packets This is very different from UDP if I sent you two packets one after the other foo then bar there's absolutely no guarantee that you'll get it in the same order with UDP So TCP adds this really nice feature It also provides the same port abstraction as UDP so we have 16 bit ports so again this is why when we looked at ETC services we saw that there were ports for UDP and TCP And the really important thing is something will come up over and over again It allows us to establish kind of a virtual circuit so I'll just draw like host A and host B so we have a connection between A and B And A can send data to B, B can send data to A and it's identified by this foo tuple that will be very critical when we talk about this So source IP so if we think about it like this source IP destination I'll do it shorter source IP destination IP source port destination port So this defines a connection between two machines and what this allows is as long as one of these values is different A and B can have multiple concurrent TCP connections and different virtual circuits with each other And they'll know that they're different because they'll have either like a different source port or a different destination port So this is an incredibly useful feature And this virtual circuit so what this means foo duplex is that data A can send data to B and B can send data back to A So it's a bi-directional stream where they can both send data to each other This tuple of IP address and port is often called a socket Especially when you think of when you're creating socket programming this is what people are talking about So let's look first at the packet and then we'll build up and we'll think about how this can actually be made to work So we need just like UDP we need source port and destination port and then we'll see we'll need so this is if you think about it remember UDP basically just had source port and destination port on top of IP But TCP in order to deliver this kind of awesome capabilities of using this virtual socket we need additional information and we're going to ignore for right now exactly what that looks like But again kind of thinking about how these things in the let's say the Shrek model of networking right so we have the TCP information fit inside the IP data layer within IP header and then that inside the frame layer for everything So now how can we even get that to work so let's think conceptually here so we have A and we have B and they want to establish a connection from one machine to the other So they have IP addresses right so we have IP A so the things that we know right let's think about it that way So IP A, IP B and so A knows its IP address it knows B's IP address and it wants to create a TCP connection to a specific service running on B So then what does it need to know about that service in order to talk to that service in B Yeah the port number great so we need to know the port number so we'll call it right now destination port So for right now let's keep it so port 80 is HTTP so yeah A needs to know not just who to talk to which is IP address but it needs to know precisely which of these 65,000 whatever ports is it trying to talk to Now if we think about this so if we think about this A knows its IP address it knows B's IP address and it knows the port it wants to talk to And so what A needs to do is somehow start the conversation so another way to think about this is you know you can also think about this in terms of clients and servers Is that even spelled right? Whatever So B has some service running on port 80 that A wants to access so A is going to be the one to initiate communication so A is going to have to send a packet a TCP packet and we'll get into the details of what that packet looks like But we can think of it and we can actually even think about what kind of information so we know the source IP and the destination IP is IPA, the destination IP is IPB And then if we think about what we know at the at this layer we know at the TCP layer we know destination port because that's port 80 but what about for source port Yeah we can choose any we can pick any source port we want as long as we don't already have a service running on there somebody listening on there But we'll do one two three four five. Is that right? Yeah So it needs to be something that it's not strictly any it's any port that's a does not already have open so if you think it needs to have this tuple of source port source IP destination IP source port destination port So A will use this for information in order to think about it so in order to identify this communication so it knows when it gets a packet back from B to A to port one two three four five source port 80 that Let's say so also how about this we'll say late assignments don't get adversarial keys how about that okay so basically A will have to send some packet from A to B that establishes this communication Right and if you think about it this is kind of a packet that says hey I want to start talking with you so be received this packet be received this packet and it needs to so it says okay I look at the destination port I see do I have somebody running on port 80 if I do then I will continue that communication And let's see so now B will need to respond so B will respond with so it has to send a packet back so we know the source let's say let's say source IP what's the source IP here B destination IP IPA and then what's the destination port perfect and the source port cool okay so now B sends this back right so but we're at actually a bit of an impasse here because right now these packets look identical Right so this packet from A to B is a requesting to be hey I would like to start communicating with you Whereas how's that different from the second packet no conceptually we haven't even talked about that so yeah it's a reply right it's a reply to that original that initial packet right so and if you look at These packets in isolation they look exactly the same right be what if B wanted to start a communication with a Right so B wanted to start communicating with a well these packets look the same so how would a be able to tell oh this is a reply to my packet and not a new trying to establish a new connection So we need some way of doing that so luckily we have this nice we have these nice flags in this in the header that we can set so the flags are super important The difference between clients and servers just a matter of perspective so so for right now be maybe the server but that doesn't mean that a isn't running things that are listening for incoming connections So what we need is we can use these flag to set different flags right so this flag a sin flag says hey and only a sin flag says hey I want to establish a communication with you And then we need some way to reply and we can say oh okay great I got your reply I got your initial request No not much I can do about that now Let me see maybe there's what if I just kick all of you out of the zoom So I'm also not using zooms recording I'm recording locally so you'll get all of my good audio here on the recording that we post But okay so yeah I will repeat that don't worry Okay so what we need is we need to start sending this connection and we need to identify be able to identify different packets and how they what they are So in this case the sin flag here says hey I would like to establish a new connection with you from A to B And if B approves of that they can send back a SINAC packet so they can say hey I'm acknowledging that I got your SIN packet I would like to establish a communication with you Now so synchronization and acknowledgement I believe let me see it's in this yes yeah And so now at this point so at this point the question to ask yourself is can A and B start communicating now Right it seems like yes because they've already established a communication right but the question is why rather than what's going on But the question is why can't they actually establish and the really important thing that will help when thinking about networking Is you always have to think about it from just one person's perspective so in this case where's my so in this case from A's perspective right A said to packet to A said to packet out said hey I would like to start a communication right by setting this SIN flag So this is saying hey I would like to talk to you right and how does it know that B is even up right So before it establishes a communication it needs to know a couple things is B up does B want to talk to me right Is there even anything listening on port 80 if there's not anything listening then I can't have a communication with them So for A doesn't know and A may need to maybe the other thing we need to think about is did this packet if even if B is up Did this packet go away get dropped in the communication because remember we're using the IP layer which has absolutely no guarantees that this packet will ever make it to its destination So A sends the packet out great and then it gets this response from B So at this point it knows when it receives the SINAC packet when A receives this packet it knows oh great B is up It wants to talk to me specified by the SINAC and so then I can continue the communication that's so that sounds great But if we think about it from B's perspective right what did B get well B first got this initial SIN packet from A That says hey I would like to establish a communication with you B says hey that sounds great I would love to chat and sends this SINAC packet back But at this point B has no idea that A ever gets this SINAC packet it has no idea that it's actually up and receiving all of this communication So like maybe A went down so if it tried to talk to A what's the point if it never received that or what if it B starts trying to talk to A But A said hey I never received your SINAC packet so I thought you were down and we didn't talk at all So synchronization so the yeah so the idea here is we need to have a third packet right Because everybody needs to get a response back from the other side in order to know that this actually happens So to complete this cycle Yeah so now A needs to send a packet back Right back source IP, IPA, destination IP, IPB, destination port AD and source port 1, 2, 3, 4, 5 And this will be just an ACK packet to acknowledge So remember at this point A knows that B is up and wants to talk so this packet is really about B knowing that A agrees to this communication And so as people have mentioned we have actually a very nice three-way handshake that establishes this communication And so this is one of the critical things about understanding TCP how it works and why it works because at this point Now once B receives this ACK packet they both agree that they're up they want to talk and that they can send data to each other And so really important to understand this gets asked almost if you get into any kind of interview or anything and they're asking you anything about networking SIN, SINAC, ACK, these are kind of you should deeply ingrain these into your mind and understanding of networking But it's important to not just understand kind of by rote what the three phases are what's more important is understanding why Why do we have these important things here So SIN, SINAC, ACK is the three-way TCP three-way handshake Awesome Okay so now that we've established a communication so we've done the three-way handshake and we can establish now some communication How do we send data? Sorry and again kind of the interesting thing here is to keep you know putting yourself in the minds of these designers These people who created these network Why can't A send SINAC immediately because it hasn't received the reply from B So it doesn't know if B is up so it can't send anything yet Right because both sides need to have received a packet and sent a packet or sent a packet and received a response So for instance here A sent this SIN got a SINAC back B sent a SINAC and needs an ACK back in order to each know So SIN, SINAC, ACK that's the three steps Now we want to send some data right so let's think about this so okay now A wants to send some data So this is let's see port 80 get slash HTTP one I always forget how this one goes So let's say A wants to send this data in some TCP packet So A wants to send this to B Right so we actually know exactly how we can get this to happen We do source IP IP A Destination IP IP B And I'm gonna have to redo that that's fine destination port 80 Source port 345 We'll delete that We'll get to it I'm deliberately not putting anything in there for now Right so A needs to send this over to B So we have a couple of and then let's say so at this point B gets this Right but we if we go back to the guarantees that we have here Right a reliable stream delivery service So what this means is how does we'll be getting into that there's a reason why you'll see it in a second We need to get there it's a specific it's this very specific step to packet is why okay So let's go here Let's think okay, so we send this but how do I get reliable so A sends this packet How does it know that B received it or how does it know that this packet got lost maybe it needs to send the same packet again Yeah, so we can kind of use the same type of idea and The other side can say Right and this is kind of the fundamental part here of networking is we need something back from that other side that tells us they actually received what we sent Because until that point we have to consider this packet lost because we have no idea How it got there or if anybody came back Port 80 and we'll call us an act because we want to acknowledge that we received something so I can send this back now So okay, so this could work and then we could send maybe more data to To be and then get an acknowledgement back The question is What if I sent two packets so it's a stream right so a stream means I can send I can send as many packets as I want so I can send Should be able to send a packet like this So I should be able to send these two packets Right a should be able to send this one then this one But now B Let's say this first one is dropped so this first one never happens Sorry, it says my connection is unstable. How's the audio? Okay Cool, let me know if it's not Now How can be say hey Well you sent me two packets or maybe I don't even know like what do I acknowledge that was the last thing I've seen from you Right so in this case if we just had our simple scheme this packet would get dropped And now they have two different views of how data is flowing on this on this network, right A thinks hey, I've sent I've sent this and this so if we if we think about it from the data perspective Right a would think I sent this get slash host example calm And B thinks that they just sent host example calm right so we need Yeah, we need some kind of like indicators or something that says hey This is how this is how the data that I'm I'm sending to you so we need actually more information and we need to kind of So essentially what happens What the best way to do this is so this is where if we get back to our Segment here We have two really important parts of the packet the sequence number and the acknowledgement number will think about just the sequence number for now So what I would do is Okay, so what I'm going to do is now every packet that gets sent that Says as part of its sequence number Where is this if you think about it in this the flow of packets that I'm going to send So this first one will have sequence number zero And This next one will have zero plus the size of the packet This next one will have zero plus the size of the data that we've sent So this would say sequence number would be in this case So let's see it be one zero one two three four five six seven eight ten eleven twelve thirteen fourteen and fifteen for a new line So this tells the other side where in the packet stream of data that I'm trying to send where does this data fit Right so this would says at zero put get slash HTTP one point one And this would say Sequence number fifteen so the cool thing is What would happen is Now when I acknowledge I'm not just going to acknowledge I'm gonna use the acknowledgement number to say what I've seen in your In your other side So we'll talk about when we're done sending that's involves tearing down the connection. It's a pretty easy process And we'll talk about overflow in one second, but it won't matter which is cool So we send let's see so we send these two packets And now let's say this packet gets lost So when we receive this first packet we will send an acknowledgement And acknowledgement number to say hey we've seen Fifteen bytes so I'm expecting the next bytes that you send me are starting at fifteen And the acknowledgement flag will be set so that's why we'll set the act on there Now When a gets this packet back so a at least thinks at the start well hey I sent all this data Right but be actually received only half of it But be actually received only half of it But when a gets this packet back it now knows Exactly how much of what it sent be got So it can say oh it's got up to fifteen So that means it's got all of this first data So what it can actually do is resend that data because it knows that that data didn't make it to be So be will say okay you've got up to here well let me great let me send this packet again to you So it will create the same packet and send that on over Now one really interesting thing and this is what we talked about a little bit is Yeah so the interesting thing is okay so let's go over the second question Yeah so what happens if the second packet is dropped So but at least let's let's go through this example really quickly so we can go this happens Right we send a packet back but now we're acknowledging 16 17 18 27 oh no 27 It's a little bit difficult to do this 33 This now when B sends this back Now at this point a knows that they both receive the exact same information So now in this way we've been able to acknowledge to say hey I've seen all up to 33 bytes That you've sent me okay this example makes sense cool So now now we can take the example of what happens if this first packet gets dropped right like in our previous example So when this first packet gets dropped so This is great so we get this packet now I guess in some sense right B has a question do I acknowledge 33 Because I see 15 here and I say okay this starts at 15 I've seen this much I have all acknowledged 33 But how does it know how does B know that it lost this initial packet Yeah so it needs to we actually need to go back further to the to this part We need to actually establish what's going to be our acknowledgement and sequence numbers as part of this process So what happens is we don't just send a sin packet and as we'll see it actually gets into security We don't start at zero but well I messed it up by starting at zero but that's fine So what we do is when we start here this tells B hey I'm going to start talking at essentially at zero We'll get to it don't worry But at least here now when we acknowledge when we send a sin act so We say so the cool thing is B will choose its own random sequence number let's call it 90 90 And we'll acknowledge one which is not what we'd expect And then let me just finish this up and we'll talk about why these things are the way they are Okay so this is actually what happens as part of the initial TCP handshake A creates its own sequence number so again this actually gets back into we talked about why we have sin, sin act and act Is here there's no acknowledgement number here there's an acknowledgement number and here there's also an acknowledgement number So anytime you have an acknowledgement number you also include the act flag but okay So a a generates a so let's take this step by step right a generates a random starting sequence number And sends a sin packet to be B acknowledges that by sending back the sin number plus the the sequence number of a plus one So super interesting thought why do they do plus one here because as we've seen further on right This sequence numbers move when we send data but we're not actually sending any data here So why would it do this it seems kind of crazy and it seems kind of silly when you look at it So it actually has to go if we look at this So if we look at here yeah so in some sense it needs to acknowledge that it received the packet But the interesting thing is so the case the acknowledgement number is a 32 bit number The question comes into so it would be very easy to take that acknowledgement number That or that sorry the sequence number that you got and put it as your acknowledgement number right But as we've seen what we need to be able to do is increment that number to say I've got this much data Now how much do you remember about Indian this everything nothing everything cool The question is we have a 32 bit right these are just 32 bits So we can represent that as let's say I don't know 0 1 0 2 0 3 0 4 Right if we think about the hex values here right of this number so 0 through 8 bits are here 0 1 8 through 16 is here 16 through 24 is here and 24 through 32 is here Right but this may be how they're laid out in on the raw packet but ending this I don't The problem is how do you interpret this as a number right the question is and specifically where is the most significant bit Is it a view programmer right is it if we think about this hex 0 1 0 2 0 3 0 4 So here the and to be perfectly honest I can't remember all the difference I think this is little Indian if the biggest bite is in the least spot But this would be the number this would be roughly what is this 16 million But in the other Indian this right in big Indian 0 4 is actually the most significant bite And then the second most significant bite so when you interpret this as a number it's actually 0 4 0 3 0 2 0 1 Which is 67 million so that's little Indian yeah okay this makes sense So this is little Indian with this being as the most significant and these as the least significant The so the interesting thing is computers internally do this differently so different CPUs as long as it's the same As memory as data is stored in memory can have different different machines can have different Indian this But here we're sending a number along a network from one machine to the other so we want to it's actually a debugging feature of doing this plus one The idea is can the other side add one to this number does it actually interpret the end in this of these numbers correctly Because I remember I think the acknowledgement number in network order I think is big Indian But most systems like x86 and x86 64 are little Indian systems So anyways this is just a super interesting technical detail of why you have something that looks silly of adding one to a number But it's to prove to the other side hey we can both actually talk to each other because we speak the same language And it's a nice way to do that here before you've established a communication and everything starts breaking down So it happens here anyways I thought it's really cool the other cool thing is on the SIN Act to act side the same thing happens So the sequence number of B and the acknowledgement number And so this is how this is actually then one of the important parts of the TCP handshake is setting up the sequence numbers of both sides of the communication So that everyone knows what to expect If this check fails they would just tell you to reset and go away Yeah it would send a packet that says with a flag that says hey go away I can't talk to you Like I don't understand what you said Cool so now through this process now we have the initial acknowledgement the initial sequence number of both sides And that is how it was to change these slightly So here we have 1516 116 And here we'll have 34 So now if we go back to this scenario So A sends its first packet with sequence number one The second packet with sequence number 16 The first one fails And so now B knows so you think about both A and B right once they're done it basically says It says oh B is at 90, 90, 91 And B thinks oh A is at one that's what I'm expecting So what they're acknowledging is If they get something that's out of order they acknowledge what they've seen up till now So in this case instead of acknowledging 34 it'll say hey I'm looking for whatever's at byte one That's what I'm looking for And then when When A gets this it says oh B's only acknowledged my very first byte which means it hasn't acknowledged anything So I actually need to resend this packet So it'll say great okay let's send this packet out This is that sequence number one it'll basically resend this whole packet That will go to B B will then acknowledge up to what do we say 16 And then At this point Now A knows that they've both seen up to this part of what they've sent And then now B can finally send the remaining packet Or sorry A can finally send this remaining part Over to B B will get that and acknowledge That they've seen that It will send it back And at this point now A knows Oh great we've both seen everything we need to see Let's see okay We'll talk about this in scanning later don't worry about that So even though B got the second one Yes so A will need to send it again So B will typically not store that It may or may not it kind of depends Yet so every layer checks every checksum So there's no UDP layer here because TCP So we have IP and the TCP layer So every layer actually has a checksum so there's a checksum at the TCP layer So if any of the checksums fail then it will throw the packet away and not use it So it's just the same as it never appearing there And cool okay so yeah this is Literally how everything starts So if the oh good question so if the packet from B is lost so let's say Let's go this packet never arrives A has a timeout basically Where it sends packets it waits for an acknowledgement If it doesn't get an acknowledgement in that time it will resend the packets Because it knows that this doesn't work isn't going to have duplication Because B will only store one copy because of the sequence number Right so this is exactly you can think of where does this data fit in my stream Cool okay So It's a good example Let's see if there's a okay other flags that are So we talked about Starting things are turning things off so Finn is a request to say hey we're finished so A reset basically says I have no idea what you're doing Something has gone horribly wrong so I'm killing this connection Push is trying to say whoops push is trying to say Hey send this data up to the client but it's really more of a request than anything else Sorry sorry sorry we get there okay good we went over that Initial sequence number we'll talk about that in a second So yeah here's an example that we can walk through of the three-way handshake So we have a client sending a SIN packet to the server so we can see the SIN flag is set so we know this is starting a communication With its own sequence number Port 22 would be I believe SSH The server will reply back with a SIN packet with a This acknowledgement number of the sequence number increased by one and the sequence number a new sequence number And the client will acknowledge that and now we have this three-way handshake And cool okay so we can talk about data being sent so here you can see an example of One side sending 25 bytes from one side to the other And this is the very cool thing about the Either side can talk to each other so the server can reply back to us Acknowledging what we sent and sending data So it's saying hey so it's acknowledging if you look at the sequence number here It's acknowledging that it got those 25 bytes and by the way here's 30 bytes that should be at sequence 7612 And then the client will acknowledge hey great I sent you up to 6600 And I acknowledge that I've read up to 7642 So yes because it's a so to answer Micah's question because it's a Two-way communication the either side can send a fin packet to just close one way of the communication And the other side can still send data So shutting it down Basically you send a fin flag you acknowledge it And B will shut down when it thinks it's ready so we can continue this with the shutdown So here the client says hey I'm going to send a fin packet to say that I'm done and I'm not going to send any more data to you The server can the other side can still respond so this is the full duplex like either side can send data So the server can send more data the and then finally can send a fin packet and the client will acknowledge that I guess the other important thing is the the client will acknowledge any of these the data that it gets from the server But it's never going to send additional data Yeah cool okay so great questions we will stop here No if there's no limit of three flags per packet the flags are a series of bits and each one being set doesn't matter Yeah so exactly so Steven asked a great question we're going to get into that very soon of what this implication means And specifically what does it mean if you can guess the sequence or acknowledgement number how does that impact the security of this communication So we'll definitely be talking about that we'll talk about port scanning all that fun stuff So yeah we covered a lot today but you got the basics and there's I'll say there's a ton more complexity and interesting parts to TCP that we're not going to touch Like how do you deal with bandwidth and fairness issues and all kinds of stuff losing packets all these kinds of things so But the basics are here and this is all we need to know to in order to understand this and analyze it from a security perspective So assignment five will be out in 15 minutes good luck start those hashing and yeah please help people out for signing their keys that would be very nice of you to do that And yeah I will see you all on Tuesday it's still on Oh now it's still recording