 Here we have three nodes set up in a virtual network these three Linux nodes have been created using a topology number five Where nodes one and two are on one subnet two and three are on a separate subnet node two is the router This is a topology we have here and what we're going to do is Send some data from one to three and back and we're going to use a very simple program called net cat Which allows us to create a simple either TCP or UDP connection To send packets So we'll demonstrate how net cat works and use that to Do some analysis of how UDP and TCP workers transport protocols. We'll start with UDP first so Conceptually what we're going to do is we're going to have node three act as our server So we'll say this is our server This is our router node two and We have our client node one So net cat allows is some software that allows us to run either a server or a client so what we'll do is we'll run net cat as a server and not node three and net cat as a client on node one and We'll send some packets between the client and server and on the router node two will capture those packets with TCP done So let's first start TCP done on node two You need to be sudo to run TCP done sudo TCP done I'm going to capture on the first interface interface one. I don't want to convert Addresses to names and minus n option is used here all the packets captured I'm going to write minus w to some file. Let's call it net cat UDP one dot p cap NC short for net cap. We'll see in a moment We'll use UDP as the transport protocol for this first example So we start capturing or enter in our password network and now the router is recording everything being sent So on node three Which is going to act as our server. We need to start a server application This is not a web server. It's not a secure shell server or file server It's our own special server, which we create using net cat and NC is short for net cat With a server we normally need to start the server and that's listens on a particular port number For example a web server listens on port 80 a secure shell server listens on port 22 In our special server, we need to choose the server that the port number it will listen on so we use Minus L to say listen on a port number and we basically need to choose a port number which is above a thousand and 24 And it's not used I'm just going to choose one two three four five needs to be less than sixty five thousand because port numbers are 16 bits long you can choose another number and net cat can operate in both TCP mode or UDP mode I'm going to start it using UDP mode So I will specify minus you as the option saying let's listen on port one two three four five for UDP packets and Let's start the server. It just sits there and waits for someone to contact it. So we'll do nothing until we start the client So let's go to the client node one And we want to start net cat and client mode and the way that we do that net cat in client mode Well, let's just don't forget minus you we want to use UDP both the client and server both need to use UDP if If we want a TCP we could just omit the minus you option. We'll do that later and The client is started by specifying which server we want to connect to We specify the IP address of the server node three was dot two dot twenty one and The port number of the server one two three four five So note with a server we start we use the minus L option with the client. We specify the Server IP and port number and we start the client and now we can send data So the basic idea with net cat in this mode is whatever we type should be sent Hello node three So I typed it in on node one Data was sent to node three containing the string hello node three Maybe we'll want to send a Secret like a password so they can then encrypt so my secret is Sent from node one to node three and hopefully only node three sees that and then we just say goodbye So net cat just allows us to send data, which is whatever we type And I just created some dummy data for this example Let's close the client and server. So control C on the client stop it and we'll also close the Server we need to close it separately because With UDP there's no concept of a connection. We'll see it's different with TCP shortly So they've stopped now the idea is that on No, two we were capturing what we're going to do now and stop that capture and it says that six packets we received and captured and What we'll do is open that capture. Let's just see it's there the the p-cap files there will open that in y shark and Let's go to do that. We'll use file Zilla connect to node two and we can download the capture file and then Open that capture file and why shark so in our captured packets We know that there are some UDP packets and some ARP packets We know ARP is used for address resolution. Let's hide those details I just want to focus on the UDP packets and one of the very powerful things of why shark is that we can filter out packets All right in this case. We're going to have six. It's easy to see the four UDP packets But when you have thousands or millions of packets listed It's important to use filters to display the packets of interest to you and One filter we can do is we at the top. We simply type in UDP meaning show all the packets which are UDP and that shows us just these four packets and Let's look so at different times zero fifteen seconds twenty three thirty three seconds These four packets have been sent from node one address 192 168 1.11 to No two one nine two one six eight two dot twenty one and So we have the four packets What is the structure of these packets? We look at the first packet. It's a frame 54 bytes it contains an ethernet header. We're sending From node one to the router. So the source will be node one the destination ethernet will be No to the router The ethernet frame contains an IP datagram and Source is node one destination node three. So when the router receives it it needs to forward on to node three Inside that IP datagram the transport protocol is UDP the user datagram protocol In the IP header The protocol field tells us what the transport protocol is. So here it says it's UDP and In the UDP header, there's a source port The source port is assigned to the client application. So when we started netcat on the node one The operating system assigned a port to that application and it's usually done from a range of Port numbers in this case it got thirty nine thousand nine hundred and seventy nine if you do it You'll probably get a different one if I do it again. I may get a different source port or client port But the destination port was what we specified the client should connect to on the server is one two three four five the length of the UDP at the length of the packet 20 bytes and There's also a check sum UDP is very simple essentially Allows you just to send packets with no checking of our errors. There's no retransmissions. There's no flow or congestion control Which TCP has it just sends packets and hopes they get there. What is the data? Well, very simple the data this hexadecimal values well in ASCII It's the message that we typed in Hello space node three and the last character is the the end of line character when I pressed enter So that was the first message from when I typed in the first line Then in the next message Again from client to server node one to node three that Essentially the same same destination port number same client port number the source port the data is the second string or characters that I typed in and the third message and The fourth message and now the old the UDP packets when I close the connection I had to do it separately on the client and server. There's no concept of UDP Maintaining connections It's connectionless Note that the idea in these messages is that I sent some super secret message from node one to node three We see from a security perspective It's very easy for a node in the middle of those two in this case the router on node two To intercept and to view the contents of those messages So that highlights the key point if you want to communicate between endpoints in the internet If you don't use encryption then assume that any intermediate device routers modems Network switches can potentially capture those packets and easily see the contents So that leads to the one of the main reasons we use encryption in network communications to stop intermediate devices from Viewing the contents of those messages Let's illustrate what happens very simply we have node one sending to node three but via node two There were just four UDP messages So I simply This was a UDP message and The contents I'll just write data one Which was the hello node three string and Then the second one and the four messages were sent via the router to the server Data two data three and data four So that's a quick summary of the exchange of messages in this case What we see is that UDP is a very simple protocol When you create data to send it is sent in a UDP data grant or packet There's no Acknowledgements coming back. There's no setting up of a connection There's no retransmissions if there's an error We'll see next when we look at TCP that TCP provides those services that UDP does not to finish on UDP to start the Server we use netcat and The minus you option tells us to use UDP as the transport protocol Minus L option says start netcat as a server and listen on a particular port start the server first then To start the client again the minus you option to specify use UDP as a transport protocol and Specify the IP address of the server and the port number of the server Then we can send data and it will be received