 Alright, first off some folks have been wondering, your midterms are all graded and the Web of Trust assignment is being graded right now. I'm actually downloading all of your keys on my machine so I can grade that. And then later today we will send you an email of the current status of where you are in the class. So any questions on that? Anybody, I haven't gone through to see who was the best social engineer in the Web of Trust assignment. Does anybody want to reveal their secret methods? Yeah, so, what did you change? You changed the name of your adversary key? Did that get anybody to sign it? And there we go. So it didn't help, did anybody else try changing the name? Yeah, a bunch, what happened? We probably got rid of the signature. It gets rid of the signature, it gets rid of the CSC 365 signature. Did anybody else figure out a way around that? Add a UUID and then sign it with a bunch of BS signatures that you made. And then the second adversary UUID shows up lower in there. And so when people are quickly doing it, it's a little missed that there's a second signature and you just see the legitimate one at the top and think that everything in the middle is just people that they might have to do more. So you made a bunch of fake keys, signed your adversary key, did it work? Yeah. Do you know how much? More than one. More than one, I like it. Okay, cool, I know that. So what I did with that, because it got rid of the signature, was I created a fake CSC 365 signature and when I exported it, I exported the fake one into their key ring. So it shows. And then they would send me the real key and then I would sign it with my real key and then import my real key into their key ring after it was done. I see. So didn't anybody, so anybody able, how would you detect that? So does anybody understand what happened there? Yeah, you could check the fingerprint of the CSC key, because that fingerprint is going to be different than the official one. Right, exactly. So this is why the fingerprint is so incredibly important, right? Why? What is the fingerprint? Okay, do it. What is the fingerprint actually? Yeah, it's a hash of the key, right? So it's fundamentally unchangeable, let's say. So it uniquely identifies that specific key. So as you know, you created a key, right? You could create a key that has the same name, same email address, same everything as the CSC 365. But what can't you do? Yeah, you can't create something with the same fingerprint and you can't sign something as the original key, but you could. So, okay, so this is a good technique. Okay, so it seems like that's the great thing. Oh, there we go. See? Okay, cool. So you had your adversary key. It's some name, that's a random name. It's signed by the CSC 365 key. But then when you change this name to your name, this thing goes away, right? So then what did people do? They put their real name and then they created a fake CSC 365 key. But so if you just sent this public key to somebody to sign, what does it look like on their end? It'll say user ID not found because they don't have this fake CSC 365 key, right? All of you should have the original one because you've downloaded it into your key ring and so you have it locally. So what do you do to deal with that fact? Or what did people do to deal with that? I have read through some briefings, so I know people did some. What was that? You import it into their key? How do you import it into their key ring? You don't have control over their key ring. So when you export it into a GBG file, you can export multiple keys. So you export your key and the fake GBG key so that when they import it, they import more keys. Yeah, so this is again, so basically what you do when you're going to export your adversarial key, you append the adversarial key with your fake CSC 365 key. That way when they import it, they're importing two keys, your key, and it will show up as, you know, CSC 365. So people aren't vigilant by checking that fingerprint. They'll say that, hey, this is the same. It has the same name as the one I'm expecting, so that's all good. Anybody go any other routes? Talk about it? It's like a code of silence. The e-mail? I don't know. You guys tell me. I just used iSearch to search my adversarial key. That was a guy named out like that. I wrote an e-mail to him. And I said, can you play it the other way? If everyone is checking the fingerprint of my adversarial key to you, then this replied, yes, I am like that. And that worked? It worked. Okay, you got lucky then. Yeah, so I did check when generating, so I took the first name and last name distribution of people around your age, and that's what the first names were, and the last names were like the most common last names in the United States, along with I think some others thrown in. And I did check that at least nobody in the class had that name, but that is crazy. I named collision with another student, I have to think about that. I don't know if that's a great thing or not, but as long as you got their permission, I think it's fine. I mean, it's definitely fine in terms of the class, but going forward, I'm not sure if I, I probably feel like that. That's cool. Any other interesting stories? Yeah. I mean, I guess as far as like defending against adversarial keys, so the guide that you gave us had us make like a key length that was like 4,096 I think, but the keys that you were generating were 2,000, some of them, I forget, yeah, 2,028, so I just like stopped trusting anyone who had a shorter key length than what the guide provided. Interesting, okay, thanks. I missed out on people who actually signed smaller, shorter keys. I probably used the same size, but maybe I had to partner with it. I don't know, getting that sign up working was insane, software is terrible. Any other thoughts, yeah? So, have you decided the point distribution? It depends on how, it depends on, so like, it all depends on how many people got successfully signed adversarial keys, right, in terms of extra credit at negative points, so, I was in the middle of importing them. I had to resurrect some old code to download it and grade it, but yeah, that should take me not too long after class. Any other thoughts on defending? Anybody come up with any other interesting defensive techniques? Say it again? Don't say it. I guess the best defense is not to play. Yeah. Anybody else? Yeah. Nice. Okay, yeah, that has to do with, you can create keys for signing, which are different than your encryption keys, so you can keep those separate. So, yeah, that's a good point. So, trying to, how many adversarial keys did you have to look at? Did you just look at yours to figure that out? Cool, so trying to detect patterns between the adversarial keys and the normal keys? Yeah. I also started asking people for their adversarial keys, so I could see if other people, I guess it helped build the web trust. Great, okay, cool. How do you know they gave you real adversarial keys, not fake adversarial keys? Well, if it had the same fingerprint as the class. Nice. Anybody use key servers? I was kind of surprised you guys didn't discover the key servers. Anybody know what I'm talking about at all? So there's like GPG run key servers that store people's keys, that you could upload, so rather than, so how do you then sign each other's keys? Email. Email? The most secure of mediums? How to do? Discord. Discord? So, chatting? Google Drive. Google Drive? Nice. So how did that work? Worked well. Mechanically, how did it work? So, we had basically an alliance of everyone and we were like, we're not going to screw each other over. And that was enforced by, we know where everyone will be two days a week, and 19v1 is pretty favorable. And then everyone on the drive just made like a separate folder for themselves, uploaded their key, and then you just went through and downloaded, signed and re-uploaded. So mechanically tedious, but effective. So you created kind of your own little key repository in some sense, of a trusted key repository. Have anybody broken it? No, not at all. I do want to admit that they broke into that. So we'll see how the grades reflect. Yeah, yeah, yeah. That's always the interesting thing. You see an adversarial key on your thing, and you don't quite know where that came from. So yeah, this is interesting. Okay, so especially to contrast the class that I did last year with this class, they found the key servers. So there are key servers where you can just upload, build into GPG to upload your key to this key server, and that way other people can download your key based on a hash and sign it and re-upload the signed thing to the key server where you can just pull down the latest version. And then so people wrote helper scripts to do this. That would, they weren't malicious in the sense that it would do something really bad, but it would check that the key was legitimate, but hard coding a backdoor like fake CSE 365 key that they would say that it was good. We had people, oh, so another group tried to do a certificate authority kind of a thing where they had two people in charge of this where they would check both of the, the two people would check the person's ID before getting them on the list. And then they had a Google doc where it had like trusted names on there and one person in the class who I think got 40 signatures on his adversarial key. He got onto the list just like by social engineering his way on put his fake name on there and had everyone on that certificate authority sign his fake key in addition to other people. So, yeah, anyways, I like hearing stories about, what do you think about GPG in general? I know that was the question on the, I kind of realized maybe I should ask that question after you understand your grades and see how many times you were scammed. But what do you think about it before that? Yeah. Is there a bit of a learning curve? A bit? Yeah. I feel like that's putting it mildly, but yes. Why is there a bit of a learning curve? Well, it's pretty hard to actually verify someone's identity. Why? Because they can just say they're whoever. I'm Bob Dylan or whatever. Yeah, so, so you have to try to link it back to some kind of physical, there's all that good stuff on the mailing list of, on the yachts of like people posting pictures of their ASU ID and then somebody else posting that you shouldn't trust that because it's easy to Photoshop and then posted a Photoshop picture of a ASU ID. Yeah, so you have like interesting like facts and counter narratives that go on in the class of like how people can try to defend themselves. Maybe there aren't people with adversarial 4086 keys. I don't know. Maybe I randomly chose some or something. I don't know if that's true, but anyways, any other thoughts on the matter? Yeah. Yeah, I saw that, I can tell if it's an adversarial key if the name doesn't match the part of the email that identifies the key. Right, but some people had like Gmail addresses as their, because there's no limit on what the email actually was. It wasn't like you're checking that it was your ASU ID. Do you think it was fun? Was it fun? Yeah. Some people said they liked having to, being forced to talk to people in their class. You've been taking classes together for like three years now, so I thought that was an interesting comment. Cool. All right. That was fun. Now we are going to go on to our next topic. So we are going to look at network security. And I think I already know the answer. Oh, but before we do, a lot of people here today. On Thursday, we have a invited guest lecture by Andy Kirkland, who is in charge of security for Starbucks, Starbucks Corporation, including all the stores in the United States. He's super interesting person, has a lot of good experience. He's going to talk about how he got to where he is, what kind of like real world security is like, and then we're going to have a lot of time for a question and answer at the end. So that'll be on Thursday. Please come. I would not like him to come all the way here and speak to an empty room. Because he came all the way from Seattle. I'm sure he'll be here. But it will likely not be recorded because of Starbucks internal, well, lawyers basically. Policy? Yeah, their policy, their internal policy, and lawyers basically do not want the talk recorded and posted online. So you can only get it in person on Thursday. Any questions? Alright, so network security. So we've talked about a lot of kind of high level concepts when it comes to security so far. What kind of things have we talked about? No, we remembers. The midterms over your brains all white. Fresh new people. Like protecting company secrets? Okay, protecting secrets using what? What's called policy? Policies, what else? Cryptography. Cryptography, what else? Access control mechanisms. Access control mechanisms, authentication. We talked about policies and mechanisms. So now we're going to do a little bit of a deep dive. Has anyone, I assume you all have not taken a networking course? Has anybody taken a networking course? We have taken networking. Some of you. Okay, cool. Because we are going to, whenever I think about security and I think about, especially computer security, so why do we care about the security of our networks? It's typically you have multiple systems able to be compromised on a network. Yeah, so now, so if you just have one machine that's not connected to any other machine, what do you have to worry about? Are you going to say something? Okay. So if you have one machine that's not connected to any other machines, what do you have to worry about in terms of security? Physical access to that machine. Physical access to that machine. Why physical access? Very few ways, but yes, you would be very concerned with physical access to that machine. You may have different user accounts on that machine. They may have different privileges. You may have different passwords, but fundamentally somebody has to be physically there at the machine to use it, right? Now, how does that contrast with the machine that is accessible by anyone on the internet? It is accessible by everyone on the internet. And how does that change the security of the system? What's the way we think about it? It's subject to more different types of attacks and they can be of different varying efforts. Yeah, so now, so let's think about what we talked about with authentication of passwords, right? So we have user accounts on the system. Do we have to be really worried about people guessing other people's passwords if they have to physically come and use the computer or the system? Hey, these are computer, it's probably a used combination of the two. Yeah, so we can think about maybe like, okay, we don't want something in the sense of somebody sitting there guessing admin, admin, right, on the system to be able to easily elevate to admin privileges. But at the same time, you think, well, the person is standing there and they're just logging in. How many passwords could they guess per second? Not a lot, I don't even know. Ten, I guess, I feel like that's a high bar, but I don't know, I guess it depends on the system. One password you're guessing and how fast you type. But now if you're exposing the system to the internet where anyone could potentially log in from anywhere, now you have to worry about people remotely guessing passwords. You have to deal with any user-facing software that has security vulnerabilities that could potentially get a foothold on the system. You need to think about a lot of different types of things. What we're going to do here, we're not going to do a super deep dive, but we are going to get pretty technical in terms of how modern computer networks work, such that we can talk about and discuss attacks against them and understand those attacks that are possible. So it's important to kind of get not just the high-level stuff we were talking about, but actually looking at it in concrete situations of how these things happen. And so actually I want to step back for a second and think about, we talked about that, yes, we do have these networks, but why are they important? What does a computer networking allow us to do? Only computers get information. Is there any information from other computers or do you need to exit remotely? You can have the station. Yeah, you just named like five different mind-blowing technologies if you were like living in the 60s, right? You're blown away by it now. Yeah, so I'm actually blown away that it all works. Kind of works. Yeah. But yeah, so once you have, so if you think about it at kind of base level, a network computer is all about, a networking is all about how do I send data from one machine to another? How do they talk to each other? And this enables, and you're basically, I mean essentially living in the age of networked computers, right? You have access to websites. You can SSH. You can pay for like four cents an hour. You can get a three gig server on Amazon's EC2 and get remote access to it. And then from that machine, I mean you can basically get access to all the machines around the world. All kinds of crazy stuff. And it's all based on a series of networking protocols called the IP, the internet protocol suite. And the basic idea and the way to think about these things are, and this is really what I believe, essentially what a computer science education is, is it should not be magic to any of you as to how data gets from one machine to another. In fact, when you graduate, there should be no magic left. I'm sorry if that. You're hoping there would be magic in computers. There's nothing magic. They're all made by humans. They're all protocols that we can understand and study. You take 340 and you learn about how a compiler translates your source code down to binary code. You take, I don't even know what the class is, but architecture class. So you can understand how a CPU actually executes those binary instructions. You take a networking class to learn about how computers talk to each other. All of this is all just protocols. It's nothing. There's no magic anywhere. And so really at the basic level, IP suite is just a series of protocols to solve practical problems of how we transmit bits of data from one machine to the next. It's based on, I mean the other name for it is TCP IP protocol suite. It's based on the concepts of abstraction and encapsulation. So what does abstraction mean? Yeah, maybe one way to think about would be simplifying a model so it's easier to understand. Anything else, any other abstraction thoughts? I was thinking of just like hiding details. So, which is essentially the same thing as building a more kind of abstract model. But hiding details. So we'll look at all these different layers. There is, I always like to think about this. You have my machine right here which is connected to a router. Can you see what the router is in this room? Usually, it's under the desk. Anyways, there's some router around here that my computer's connected to. All of your computers are connected to. So we know if we're talking on the internet there is some way for the bits to go from the Wi-Fi chip that's in my computer to the Wi-Fi router. The data has to be able to propagate and go from there. And so, we'll talk about that. But basically the way to think about TCP IP if you've taken a networking course then make a very big deal about the five or seven layers of the OSI model and blah, blah, blah, blah, blah. I'm not a big fan of thinking of it in those terms just because it's more important to understand what the layers do. There's blurring between layers. It's never so nice that this layer just does this one thing. But at the basic layer we have this physical problem which is kind of a physics problem in some sense of how do you transmit information from one point to the next? So this is the physical layer. So when you're on Wi-Fi, this is the 802.11 spec of whatever A, N, G, B. I actually don't even know what numbers or letters we're on now. But that governs, what was it? A, C? Is that the latest one? Two A numbers. Or letters. Even. So, the whole idea is the same thing with Ethernet. Has everyone used Ethernet? Okay, thank gosh. I was going to get really worried. So Ethernet, right? How do we transmit bits on a wire this coaxial, this Ethernet cable? You also have, what are other types of physical layers that you've heard about? Yeah. Fiberoptics. What's fiberoptics? It's like a little light, like sends light down a wire. Yeah, it's crazy. It's literally like a wire like this and they bounce light off of it and they're able to transmit information very quickly using a fiberoptic cable. What else? Dial-up? Ooh. Anybody use dial-up or have you used it? Oh, wow. Okay. That's a, when, where? Visiting grandparents. Visiting grandparents? Yeah. Thanks. He's got the AOLs you use. AOL? Yes. Sound? Definitely. So you think about it, so a modem is transmitting data across a phone line, right? Which is different than how you transmit data wirelessly and through ethernet cables and through fiberoptic cables. What are some other ones? Yeah? Coaxial cable. Coaxial cable, right? So you, even if you're using networking in your house, right, you get a box from the cable company. Usually if you have cable, that's a modem and it has to translate the information that you're sending over the coaxial cable. Actually, I have no idea how that works. I would say these is different like the frequency of the cable and the coaxial cable. Your modem can actually, like, use different frequency bands. Awesome. Cool. Yeah. Power line adapters? Power line adapters, yeah. Anybody actually use these? Some people? No? Nobody? These are actually routers that you can get that plug into the power plugs and use your home's power network for networking. So you can set up a, like, essentially a switch on one end and connect outlets that you can plug your computers into. This is usually if your Wi-Fi's too slow, people used to use this. I don't know if it's still used anymore. What else? Anything else? A hotspot? Yeah, connecting your phone. Which access moment do you have? Yeah, so you have your phone, which does either LTE or 4G or 3G or whatever to a cell tower. But it's also capable of making data transmissions. Anybody heard of microwave? So they can use microwaves to transmit information. I believe the problem there is you need to have a direct line of sight between the different endpoints. And I think I want to say the thing I remember is that it was used to try to shave off time in, like, trading, like, financial trading in the stock markets. Because they can transmit information faster over microwave links than they could over the coaxial or filer, yeah. Pactor or Wynmore? What was that? Pactor or Wynmore? Is there a packet radio? Oh, packet radio. Okay, interesting. What does that use? Mostly in, like, energy radio. Nice. Yeah, nice. Can you use high-frequency radio waves to, like, give you the audience so you can, like, balance it or not? Yeah, so you can do all kinds of crazy stuff. And so the question is, should your computer, if you want to talk to Google.com, should you care what medium the data is being translated over? Ideally, no. Think about if you had to deal with that, right, about every operating system it has to deal with and think about all these possible ways that data can be transmitted. And so this is why we get the nice thing about this layering. This physical layer only needs to worry about how do I get data from this point to this other point. And then I don't care what that data is that I'm transmitting. I don't care if it's a request to Google or if it's a ping. Oh, we didn't talk about satellites. So satellites, too, are another aspect. So then above that we have a link layer, which is kind of a common abstraction layer on top of the physical layer that is a way to essentially, in some sense, give us addresses to say, okay, I know I'm this machine with this address A and the router has address B. I can use this physical layer to actually transmit information, but I want some properties here and we'll talk about that in a second, yeah. Is that address resolution protocol? Yes, we'll talk about that in a second. So then above that, and so if you think about it the way I think about it is the link is kind of, you can think of as your first hop in the network. So how do you get data from one node to the next? The IP layer on top of that says, well, how do I get data between or how do I talk to different machines? So how do you send a letter? Does anybody send a letter? How do you do it? Have you ever thought about it before? Give it to the postman. Yeah, okay, you just give them a letter and they just take it from you? To a return address. So you need to do what? So you have your letter which is the data or the information that you want to send. What do you have to do with it? You can't just give, you try just giving a piece of paper that's printed as a letter out to a post person? You have to put an address and post it. So you have to put an address which is what? Destination. Yeah, the destination of where this data should go. You need to put postage to pay for it. What else do you need? Return address. Yeah. As opposed to public your own address so if it doesn't get to them you can get it back or send it back to you. Exactly, okay, for two purposes, right? You need a return address that shows, in case something happens, let's say the destination doesn't actually exist. The post office can send it back to you. But also, so once a person receives that message they know how to actually send a piece of mail back to you. Guess what else? Right, so if you think about it, so this is basically a network of postal addresses that we can send data. It is very slow comparatively. Although I guess it depends on, it does depend on what you're sending. If you're sending some people eight terabyte hard drives you can get pretty good throughput that way. But the important point to think about there is you need those same kind of concepts in a computer network as well. You need some way to talk about what is the destination? Where should this data be going? What's your address? Where should return messages go to you? So that's the internet of the IP, the internet protocol layer is. So every node on the internet has an IP address that is accessible and this is essentially the equivalent to an address in the physical kind of mailing system. We'll see, but basically an IP address defines in some sense like one machine or one computer. So we basically have all the layers here and we haven't talked about how they work at all. That's what we're going to kind of dig into as we continue on this topic. But we have all the information here for how to get some data from one machine to the other. The question is in some sense who is that data for? So why are we doing networking? Why are we making these awesomely complicated networks? To send and receive data for what? For people? For different computers just like a computer itself? Who's going to respond to that data? Yes, so we need some application, right? There needs to be some program you can think of it running on that remote system that is expecting messages from us and can respond to them appropriately, right? It'd be like sending a message to a house where nobody lives, right? You're never going to get a reply back from that. So now, can you run more than one program on a computer? It wasn't a resounding yes. It wasn't a trick question. Yes, right? This is the magic of... I don't want to say multi-threaded. What's the word I'm looking for? It's something about computer architectures. Parallelism conferencing? Yeah, let's go with that. It's not right, but... Not that it's wrong. It's not the word I was looking for is what it meant. Multi-user operating systems, maybe? I don't know. Anyway, it doesn't matter. So we need some way. So I think of this like an IP address as the equivalent of a building address. So anybody live in an apartment complex? Yep. When you get letters, do you just get letters to the building? Because you don't live in the building. You live in a specific place. You live in a specific unit inside that building. So we need some way to differentiate all the people that live at that same address so that they can route the mail appropriately. So that's essentially what you can think of as the next layer provides along with some other stuff, which we'll get into. The transport layer defines this notion and the terminology here, so you have an IP address defines the address of a machine and then the port number, which is defined here, basically defines where should this data go. This is why, and you need some kind of standardization here, because if I say, wow, I really want to make an HTTP request to this machine, what port should I talk on? 80, because it's a standard port for the HTTP protocol. So there's a whole standardization body that's kind of standardized all these different protocols. Because the other way to always think about it is, usually you have basically clients and server applications, so you have some server that's willing to accept requests from some clients. It needs to know what port to run on and all the clients need to know where to find it. So on top of this, and really when you boil it down, I mean this is kind of, so if you're able to, and the physical layer, actually to be honest, I don't really care about because this is more like a, in my mind, more of a hardware thing of how things actually happen. But these layers, the link, the internet, the transport layer, understanding all these layers, you will understand exactly how data is transmitted between nodes on the internet, which is a very powerful skill. The application layers, these are applications that use basically these, this whole stack. So the nice thing is, because of this abstraction, like I mentioned, if you're writing, let's say, an HTTP server and HTTP client, you don't have to care in some sense about all of these layers of, what is this machine connected to? Is it talking over a satellite link or a microwave link? You can just write with certain abstractions. So everybody should most of you be aware of HTTP, the web protocol, hypertext transport protocol, SMTP, yeah, mail, so this is sending email, basically SMTP, DNS, yeah, domain name system, so it translates domain names to IP addresses, which we'll talk about in a bit, and NFS, network file system, so this is basically sharing files on a, usually a local network is how you want to do that. Any questions on the high level design here? What's a link to game? So link is, we'll get into it, basically when, the way I think of it is physical addresses, which are needed for machines to talk to each other at the link level. And then, so in this way you can basically talk to machines local to you, more or less. You need the other layers to kind of go more broadly, but I think that's probably a bad way to describe that, but it'll become much more clear when we look at examples of how these kind of all work in concert. Another important thing of why, at least studying networking is important as anyone interviewed for internships or jobs? Do they ask you anything about networking? What do they ask? Yeah, so there's, I've heard that, any other ones? Yeah. Uh, domain name server and addresses and so on. Nice, okay, so how DNS works? Yeah. Oh, nice. How would you implement Monopoly and get sued for copyright infringement? Yeah, the other, the question I think that I like the most is basically in your browser, let's say you type Google.com into the into the search bar you hit enter and then name everything that happens from that point on. And I think there's really good tutorial crazy. I mean you can go to the application, to the sys call and there's Chrome's doing some caching and finally then you have to do what we talked about of DNS to resolve the IP address and then you need to start a TCP connection with that machine which need to use all of these levels like you can get crazy in depth in that. There's a good, I don't remember it off the top of my head, there's a good vlog post that was floating around that kind of walked through even at a high level of what was after that, but anyways it's one of the interview questions I've heard that I thought is the best. And it's not the important thing that I remember is that it's not like a, just a memory or memorization thing because I've seen this before where people just like can memorize like like definitions of things but not how these systems actually work together and how they work is the most important part of the like how a TCP connection is started is a very important point how these things like are actually impacts that works into here not just what the definition is. Cool. Okay, so we will start we're going to kind of basically a little bit backwards like we have this beautiful hierarchy just kind of study up and then everything will make sense we're going to kind of go all over the place, we're basically going to take it I think of as a hop at a time so we're going to look at basically how a machine or how machines on a network can communicate with each other without going to any external networks and then we'll broaden out from there this is actually a fairly simple procedure but if you're able to get the one hop concept multiple hops are not crazy Any questions before we continue? Yeah. Data from one machine to another we'll say right now. So I think about I like Ethernet because to me it makes more physical sense so their local one hop connection would be basically so you have multiple machines let's say you have three machines connected to a switch over Ethernet it would be one machine talking to another machine on that network and then going out of that would be how does that let's say you now have a router that can go to the internet how does the information get from you to Google and back general location I think that's just like an individual system don't individual systems also have IP addresses can you have like IP addresses like the kind of like the I don't know it's like more nested so it it definitely can be let's see what's the best way to describe this I mean this is the problem when you don't have physics involved things can get more complicated right so I think it's still so the way I think of it is IP address corresponds in a broad sense to one machine and that machine can have multiple applications running in it where this gets complicated is when you have well you have something like Google right so Google.com is a well there are a series of IP addresses that correspond to Google.com and their domain names will give you different IP addresses that are geo located close to your area so you don't have to travel far for them but you go to them and then once your request goes in Google can get basically any number of systems to actually respond to that request so it's all again kind of a matter of abstraction on the abstract level you don't care and this is kind of the beauty you don't care what Google does as long as you can talk to a specific IP address on a specific port make an HTTP get request and they will send you an HTTP response as long as it happens you don't care and that's the other beauty of the internet when we talk about all these different protocols you don't care if your data went over ethernet or coaxial or fiber optics or up to a satellite and back carrier pigeon whatever like as long as you get a reply that's appropriate if everything works so yeah then it gets even more complicated if you're running virtual machines and your private networks and all this stuff so yes it can get as complicated as you want but it all boils down to these principles so it's not anything crazy so nobody I think a lot of students get there's a lot of things going on here and they kind of over overestimate I think the complexity here and get kind of put off by this networking stuff but just take it step by step and put yourself I mean your computer scientist you're learning kind of in some sense how to think like a computer so you just think like okay how does this thing work it sees this piece of information what does it do with it oh yeah that makes sense and then go from there cool okay so IP addresses and this is where we're already getting slightly more complicated but that's okay each host so do you need an IP address to talk to machines on the network or on the internet yes although you can't communicate you need some way to talk about each other right so you need at least one IP address in some sense especially if you want other people on the network to be able to talk to you which is essentially a server how can I talk to you if I don't know what address to use if you can't just say throw a bottle in the air or into the ocean and I'll definitely get it at some point that is not a successful networking strategy so each machine needs to have at least one it could have more IP addresses that's actually not that important yeah sure how does listening work listening is basically the equivalent of you renting an apartment in a specific port at a specific building so this is in the specific context of computer networking in that you want to send messages from one place to another so yeah you can't just well there are broadcast type things but they're in local networks you can't send a message to everyone on the internet that's you can try though I mean and actually there are tools there's a tool called Zmap that you can play with that can scan the IPv6 address space to the 32 addresses and I think it's like 15 minutes or 30 minutes it's very very fast so anyways yeah good questions so the whole idea and when we need to think about these things we need to think okay it has some address but do our computers good with like do we want postal codes and cities and states like when you have a physical piece of mail you specify the address by what city state zip is that it street house number I heard you used to be able to in like a small town you could like describe the house and the mail would get there because the post person would know which house it was like the house with the tree and the red door and they'd be able to figure it out but I think nowadays that's highly unlikely to happen so we need some kind of address but are computers good with those kinds of things what do computers deal with yeah it's kind of a trick question but binaries right ones and zeros but we have tracked that into numbers right computers care about numbers so essentially what we're going to do is represent addresses as numbers and we'll use 32 bits so this means we have how many IPv4 addresses 32 bits to represent IPv4 address 256 2 to the 32 which is how much 4 billion yeah roughly 4 billion is that enough oh that's not what I want yeah so we have 2 to the 32 which you can do some kind of calculation is it like 4.7 billion or something 4.3 ish 4.3 ish that's good enough what's a half a billion so there's 4.3 billion addresses now this seems like it would be definitely enough addresses but the problem comes up in that what's the relation between two different numbers in an eye like it's actually more of a conceptual question that's what I always like to think about when I'm studying these protocols and everything it's like why did they design it this way right so let's say I have the IP address right it's just a number let's say I have the IP address 1 and the IP address 2 should they be related to each other maybe or think about this as an organization you're a company how do you want your IP addresses so I guess one question to think about is who gives out IP addresses your company do you want let's say addresses 20 through 50 or do you want like 20 10 14 all the way up to like 30 non-contiguous numbers yeah it'd be nice to have like a block yeah it'd be kind of nice to have a block and so they came up with this concept of so the first idea is rather than do the numbers as just a 32 bit integer which you actually can do if you've ever wondered you can turn so most IP addresses you've seen are probably this dotted decimal notation is that true yeah but you can easily convert these numbers to two decimal so how do we interpret this number was it yeah so how many bits in each yeah so we have 8 bits 8 bits 8 bits 8 bits so we have two that so this combination here represents so if you take we have our 32 bit number up into 8 chunks you turn each of them into decimal you have your your dotted decimal notation and you can represent every number from 0 well here it would be 0.0.0.0 what's the largest number going to be 255 255 255 255 and so once they had this then they had this idea of basically why don't we separate out sets of addresses into different classes so that looks terrible but so initially they had this idea to separate up and basically separate all the networks up and split that 32 bit integer which was the IP address into different boundaries where some boundaries were the net ID so basically this is you have a 32 bit number so 7 bits would define the network and this left over what's this 24 bits for the hosts and so you have 2 to the 24 hosts in one organization class B addresses had 16 bits so these were so 16 million hosts 1000 hosts or 256 hosts so you can think of these as predefined ranges that you could get from a central authority that would say okay great here's your number which of these would you like to have A why most hosts you can get an IP address for all your hosts like every machine in your network but if you start giving this out are you going to use all 16 million hosts so think about ASU which of these cutoffs you can have 256 hosts 65,000 hosts or 16 million hosts which one fits ASU B how many students do we have yeah 90,000 that's not even enough for IP address for every student not to mention staff, machines, servers all that so what and well maybe even students of other years now thinking about that so we need a class A but do we need 16 million of those no I don't even think we can fill that for a long time right so this is kind of more of a historical perspective where they have these fixed class sizes and so what's the key problem here there's no in between there's no way to say well I don't need 16 million but I definitely need more than 65,000 and so this actually led to a lot of unused IP address IPv6 space which is why even though we have 4.7 million theoretic IPv6 addresses we've actually I think run out of IP like free IPv6 addresses on the internet or sorry B6 B4 32 bit so they had to come up with a new way of thinking about this idea of representing this split and the key concept here is rather than splitting which was the network and which was the hosts on these fixed boundaries you can essentially represent you can say which bit so the whole idea 10.0.0.0 slash so you can put it on the 24th bit which would be here which leaves how many bits for hosts 8 bits so you have 2 to the 8 so you have what is this 256 256 hosts or you could put it on 0.00 slash we'll be in the middle you could do slash 10 so you have what is that 23 2 to the 23 bits so you have a lot of flexibility in how to define these things so as a little preview IPv6 as I kept mentioning has 128 bit addresses so there are something outrageous like enough IPv6 addresses for grains of sand on the earth or something absurd the number is really really really big so we hopefully will not run out of this but who knows maybe that's not enough for the galaxy so we can think of this defining what machines and the way to think about this is what machines are on our local network versus not on our local network so a common thing we've seen so what are some common IP addresses you know of 0.00 what else 888 888 Google's DNS service 1111 cloud players one what is it 10 000 oh god what else 127 001 yeah so there's a lot of numbers that are reserved or special the 127 I think it may be a slash 8 but it may be a slash 16 it's a slash 16 so this is reserved for your local machine so nobody will route packets to 127 001 or they shouldn't because that address does not exist on the internet other special addresses this 10 000 slash 8 this whole network is a local internal network this means you'll never find an external IP address that's within this 10 000 range so this is basically used for companies or organizations internally when they don't want or need their local network to be accessible externally yeah I know it's an alternate notation for using the subnet mask yes it's equivalent these are not special addresses 192168 I actually don't know the it's a slash 16 it's a slash 24 another one there's another internal 172 yeah I can't remember that's like the 172 isn't it anyways there's an RFC that actually specifies these things but anyways the whole point is that let's take 19216800 slash 16 so so you can think of this as any other IP address where the first 16 bits matches this number is within that network and is one hop away so going back to the hop thing we were talking about everything else is different and we don't know how to talk to it yet so if I give you an IP address of 192168 dot 10 dot 10 is that a local address or an external address local how could you tell bits which in this are these two octets these actually are bit operations so if you had something weird like a 15 you would need to translate each octet to the bits and then match the bits up to be able to tell appropriately if we had an address that was 193.168 dot 10 dot 10 what type of address is this external so the way to think about it is every machine on the network needs to know a series of piece of information it needs to know its IP address and it needs to know its network which there's a number of ways to do that I like this cider mask because to me it's really simple because you can actually combine both of them so let's say your IP address is 192.168 dot 0.10 and your network is a slash 16 so this means if you want to talk to a machine 192.168 dot 1.1 and on your local network local what if we change this now to a slash 24 local address no external it's it's this form of cider notation yeah so this defines the split between the network bits and the host bits well we'll get to that like I said they're equivalent so this is cider notation that you can easily so it says which of these bits do I use to say what and the way I think about it is from the perspective of a machine on the network I'm a machine my IP address is 192.168.0.10 how do I figure out what other machines are on my network or not and this slash 24 says use the first 24 bits and if those match any other address then you're good and you can talk on the same local network any questions on this okay so we need to start there because we need to talk about these concepts of machines so we need to talk about addresses we need to be able to determine if our communications are internal or external so now we're going to go into a little bit more to how the IP layer actually does this and you can think of the IP protocol as being able to get data not just in a local network but also between multiple networks really comes down to so what's the so the way we've been talking about networks so if we have our little local network we have let's say a switch here and we have some machines connected to it and we'll say A, B, C, D so this is our local network is this the internet yes four nodes on the internet there's a fully competent final answer what was that? internet yeah it's just an internal network or a network right so this is an important concept of getting like I know it's not the style guide to capitalize I anymore but I think that's dumb because there's only one internet to me it's a proper a proper noun so what's the difference between our internet and our intranet do you have a gateway to access hopefully the external internet yeah so it's essentially the way to kind of think of it is it's a series of networks that all share this basically this IP space right so it kind of answers the question of how does A talk to G which is in some completely other network right and that's basically IP kind of does all of that so you're designing this really important protocol you don't know it at the time because this is like mid 70s late 70s I think so you're designing it eventually will become the glue of the internet as we know it today multiple billions of dollars businesses will rely on it every single person will use the internet almost daily in their lives what types of things would you want from a protocol that gets information from one point to another was it so you want some way so you want the data to be reliable in what sense so the data can't be reliable but what do you want about the data to be reliable that the data that you sent is the same data that they receive what else do you want you want to be fast yeah robust robust in what sense in like great areas of all what happens with this if these two events happen this should be so robust in the sense of what happens if the data gets lost with your letter what happens if your letter gets lost yeah so what's the difference between at a fundamental level an envelope and a postcard a postcard everybody's seen a postcard understand the concept of a postcard piece of paper you write the address put the postage on one side and on the other side you write the message that means that once you hand it into the mailbox anyone who sees that can easily read the data that's there whereas an envelope they would have to open up the envelope in order to see what's inside what else what are the types of things would you want yeah so compatibility so device compatibility that's a good one stable reliable so reliable in what sense so if you send a message what do you want to know so think about it from that perspective that they received it and then they received the same thing that you sent IP does none of these things very few of those things actually none so it provides so connection lists which means you just shoot off some data you don't establish any connection it's unreliable in the sense that there's no it gives you no guarantee that the message will ever be delivered that the message will be exactly the same as the one you sent if you send this is one thing we didn't talk about if you send a message A and then a message B what order did those arrive in do they arrive A then B or B then A the network makes no guarantees of that non duplication you may send one letter A they may get five letters A and bandwidth is not guaranteed so there's actually no guarantee that there's even any bandwidth available for you to for your message to get there or for their message to get back to you there's no guarantee which is actually very different than the way the phone network works where traditionally essentially it's a circuit switch network where every switch guarantees you some bandwidth for your phone call and it can't be used by other people just shake your faith in the networks it should in some sense so why don't they do that because these are all things that you clearly want you talked about wanting them you just are looking at these problems it's not like the people designing this for idiots it's too late now it looks like it already no but good it is too late now you cannot replace the IP layer that's I think a good statement of fact well if the IP propose like the clue don't you want it to be like basic scripting in any sense yeah so thinking about going back to our layers right we have the IP layer does every single application need to need all data to go in the same order and to be exactly the same what are some what about email yes do you want to send an email and have it come out garbled no what applications right so out of order dropped packets right if you're on a Skype call or a strict like a voice call you may not care if I mean it's a real time communication you don't care if that packet a tiny glitch gets dropped what other cases of streaming at getting some pieces yeah bit points a little trickier though because you want to make sure you get the same file at the end that you started with and so you need to rely I mean you need to have something but again you could do that on top and not necessarily in the network itself yeah streaming is actually the main the main way of thinking about this so and so do you put these restrictions in the core part of the internet that restrict these types of applications that may not care about these properties that we just talked about so it actually is a a thoughtful design principle to say hey and watching see we get some of these in higher levels at the transport layer but it's crazy to think about this that you don't get any of this yeah so was this a thoughtful some of the things so there's two ways to think about it right this thing about it what's the perspective back then and then what could I change now if I had a magic wand for me I think the big thing I would try to change here is integrity so kind of putting integrity into this layer because I think for basically every application when you're sending data you want to be dang sure that they actually received the data that you've sent and it wasn't manipulated or changed along the way but that's not very easy it's not super easy and at the time I mean they even have mechanisms for that but it uses CRC 32 which is not a cryptographically secure hash function basically so that would be nice oh shoot we're over time okay alright we'll come back to this next Tuesday come on Thursday for Andy's talk