Hi, folks. Ed here. And in this video, what I want to do is actually kind of challenging. I want to just give you an overview of TCP/IP. Now look, in a few minute video, it's almost crazy to suggest that I could give you an understanding of TCP/IP. That's not going to be the case here, but I want to highlight some aspects that you can use as you're listening to me. To get an understanding of whether you get this or not, if you don't then you have some work to do. This is something you need to understand. Look outside the context of cyber security. If you want to do computing, if you want to be a computer scientist, you want to do software engineering, software development or just technology management, this is something you have to understand. It would be like saying you're interested in a career in chemical engineering or chemistry or biochemistry or something and deciding that you had no interest in the periodic table. That would be akin to being ignorant of how TCP/IP works. So let me give you a few just basics, just to get the rhythm here and as you're watching, test yourself and see if what I'm saying makes sense. So first off, there's this classic concept in TCP/IP where it is five-tuple. There's five pieces of information that, in a sense, characterize a TCP/IP flow or session. And what we're going to do is we're going to assume then when Alice is sending something to Bob, say a packet, we'll call that a flow. You okay with that? So, Alice to Bob that's a TCP/IP flow. And when Alice and Bob are involved in back and forth, we can call that a conversation or a session, okay with that? So as you would expect, a flow goes from this direction to that direction, another flow goes from this direction to that direction. If it's Alice and Bob carrying on a conversation in a computing sense, we call that a session, okay? So that's the nomenclature that I'll be using in all subsequent videos, just so we're consistent. Sometimes people use other terms but I think that's reasonably standard. Now, the five pieces of information that characterize a flow we call a TCP/IP five-tuple, and here's the information. First, here is Alice. Alice is going to have an address, an IP address, probably issued to her by either an ISP, an Internet Service Provider, say at home. If you're on broadband then your ISP is providing that Internet Protocol address for you, or maybe an work network administrator might be issuing that sort of thing but it's not something you do yourself. It's something that is provided to you in the context of where your internet access is. And correspondingly, Bob will also have a destination IP address. So, source IP address, destination IP address and in a conversation, they'd flip for the other flow, but we'll just talk in terms of one direction. Source IP, destination IP, in both cases, issued by the ISP or network administrator. Now in addition, there are going to be computer programs that are running on these machines that are communicating. Like if you're doing a browser session, you're going to have a browser over, and over here, a website, okay? So those programs, by convention, are given a number. That's just how we do it. That's how administrators set it up on computers. So, your local operating system, let's assume it's a browser, is going to go get one of these numbers which we call a port number, and there's all whole scheme for how these port numbers are assigned. It's actually complicated, hard to remember but I'd give you the idea. There's a block of numbers that are greater than, just to remember this, greater than 1023 that go up to about 65 K, but for the most part are ones that we're going to use for clients. Now, there's a block in the middle that are used for certain types of programs. For now, we're just going to make things simple and say that when a client is grabbing a port in order to initiate a session, that's going to grab a number greater than 1023. Now on the server side, you're probably running something that we would refer to as a well-known service, okay? It's one that everybody understands and uses, HTTP being a perfectly good example, and the numbers less than 1023, for example, for HTTP, it would be Port 80, become the destination port, and those are assigned by whoever is doing administration on that computer. Do you follow? The programs that are running a client port, but sometimes you hear the word ephemeral, meaning temporary, because they're going to be using this port to do web browsing or whatever. When they turn the web browser off, the port goes away, that source port goes away. But destination ports are non-ephemeral. They stay with a service. Port 80 is going to be Port 80 is going to be Port 80. Now, if you wanted to be weird, you could probably put an HTTP server on some other port. But the internet works by these conventions where we all agree to follow the same rules and you can see how that could have security implications. The fifth piece of that five-tuple is kind of obvious in this context. It dictates the protocol that's being used, and that's TCP on top of the Internet Protocol. There are other options. There's a lighter protocol called UDP that's often used for multimedia. Some aspects, some of the robustness aspects of the TCP protocol are not in UDP. We will spend a lot of time on UDP but for the most part, I think you should understand what I just talked about in terms of the five-tuple. Now, here's second thing you need to understand, and this is again, specific to TCP/IP. The way the handshake works to establish a TCP session or connection is that Alice first throws a packet over to Bob, and it's called a SYN packet because in the TCP header, you are going to have all these different bits called flags, and like Christmas tree lights, they become zeros and ones depending on what the packet is. So, your protocol stack the implementation software that implements TCP/IP, is setting those little zeros and ones very carefully depending on what the packet is doing. So the first one is a SYN packet and SYN bit set to one. Now, it turns out there's another very special bit in there called ACK that we're going to get to in a subsequent video because really important for security. But for now, just the SYN packet. It also generates a random sequence number and whips it over to Bob. Bob then says, "Oh, okay, I see the sequence number." It sends a response to SYN-ACK packets, SYN set, ACK set. And that SYN-ACK packet basically says, "Yea, I see your sequence number. And here's another sequence number that I'm going to generate randomly." And then, Alice takes a look at that and goes, "Okay." And sends an ACK back to Bob saying, "Okay, I saw your second sequence number." Now, Alice and Bob know each other's IP addresses. They know the source port and destination port for the conversation that's going to take place and they can exchange data. Isn't that kind of cool? That's how it works. Now, there's so much more complexity around that. Like, a typical TCP/IP book is that fat, right? So, you can study and there's all kinds of protocols that go around that, how you manage it, how you set it up, how routers work. It's really quite satisfying and just sort of as an additional consideration here, as you ponder this video and think about it, I want you to think through, why, in your mind, you think it would be important for a security engineer to understand all those different steps? Pretty profound implications if you do not understand. I want you to think through why. Get that clear in your mind. So we'll see you in the next video.
