Welcome back to the digital forensics concepts. Path, in this course. Network basics or on module 3, network protocols. We talk about the different protocols used on the network. A network protocol is simply a set of rules that dictate how data is transmitted between devices in the network. This is what allows their devices to communicate with each other regardless of their operating systems or how they're made up, their structure or design. So I can send messages or transfer data within my network. Even if I have say a Windows machine and a Mac, I can still share data. It doesn't matter the structure in my machine. Internet protocols. The first we're going to talk about is IP. IP is the method for sending data from one device to another solely based on their IP addresses in the packet header. It is the principal communication protocol in the internet protocol suite. For sending data across network boundaries, it is commonly referred to as TCP IP. Because the two protocols that are the foundation of this are the transmission protocol TCP and the internet protocol IP. We're going to talk about TCP very shortly. The TCP protocol is what allows us to send data over a network. We talked about that with the IP protocol commonly referred to as TCP IP. And this particular protocol is reliable. It is connection orientated. And we're going to talk about how it sets that connection up. The TCP handshake is what allows us to establish communication. If I want to send a message to another computer, I want to transfer some data. My computer would send that receiving computer or other device on the network. A SYN request. Once it gets that SYN, the other computer will send back a SYN along with their ACK and the acknowledgement. And then receiving computer will send back an ACK, acknowledging my SYN-ACK. So it's SYN, SYN-ACK, ACK. And we can see that, right, clearly in the diagram and this is called the TCP handshake once this is completed communication starts. So there's no question that these two computers or other devices on your network. No they're communicating. They've established communications with this handshake. Now when they're done sending the data and they've checked to make sure it's all there. They're going to terminate their communications and they do this with the computer that originally sent the sin to request in the first place is going to send over a thin or finish command. The receiving computer is going to send back a FIN-ACK a FIN stating that it knows is at the end and an acknowledgement acknowledging that they received the FIN command. The other computer will then send back an acknowledgement acknowledging the FIN ACK and transmission will end. Communication will stop. TCP is known as a connection oriented protocol. We saw that with handshake transferring the packets and then are cutting off of the transmission. It does break the messages into packets because if say one of my packets doesn't get there, I just have to resend that one packet. You don't have to resend the entire transmission again. So this is if an error is encountered during transmission, it saves time by only having to resend whatever packets were not received rather than the whole message. And once the receiving device gets the package they are reassembled on the other end, the destination. Now these packets can take different routes. They don't all have to go through the same routes to get from point A to point B. Some packets may take one route traffic may get congested on that route and then other packets may be rerouted around in a different path to get there faster. TCP is used to transmit data for several protocols such as ftp. The file transfer protocol secure shell or SSH, telnet email protocols such as a IMAP. POP post office protocol, simple mail transfer protocol. SMTP and the hypertext transfer protocol on one commonly used on the internet http. The slide shows commonly used ports with these protocols, as we can see, our file transfer protocol, will commonly use port 20 or 21. Whereas SSH secure shell we use 22. We can see telnet uses 23 email. SMTP is going to use 25 DNS, which we talked about earlier, which is how we translate those URL into IP addresses and IP addresses back to URLs, that uses Port 53. And we can see just going down the slide, we have http the hypertext transport and that would be the internet at 0.80. And we have a IMAP which is another intimate protocol but it goes commonly goes across port 143 and then https down at the bottom of the slide goes across port number 443 Now these are the common ports that you will see these protocols on that doesn't necessarily mean somebody can't have their network configured differently and use a different port. But commonly these are the ports used by these protocols. Now UDP or the user data gram protocol. Now UDP unlike TCP is connectionless, TCP we saw we established communication, we transferred our packets, we had error checking and then the communication was stopped with our FIN and our FIN ACK UDP is a fire and forget type of protocol. It's considered connection list. There's no handshake and there's no error checking. It would be like dropping a letter in the mail and, you don't know if it gets there. Where's UDP? Excuse me? Where's like TCP is more like a phone call. You pick up the phone somebody answers on the other end. You know, you've established connection, you have your conversation and then you say bye and you hang up with UDP. There is no handshake, no error checking. And again it is a fire and forget type protocol, Arc address resolution protocol. Now art is a protocol used to map IP addresses, two Mac addresses to their harbor addresses. And this protocol operates the data link layer, data link layer, which is OSI layer 2. And we're going to talk about the OSI model in our next module. But we have our IP address as you can see in our diagram up at the top that we have our art which converts it to the Mac address. Now this art keeps track, there's something called ARC table where your device will keep track of the IP addresses and the Mac addresses. And there's also something called R poisoning language. We're not going to talk about this particular course. But those addresses can be altered by a bad guy. And you'll think you're going to say Google and you're really going to the nefarious site. So art is the address resolution protocol, and it's what converts IP addresses into Mac addresses. And it uses the ARP table. In our next module, we're going to talk about the OSI model, which we've mentioned, different data layers throughout here. Different layers in the OSI model. We're going to talk about each of these layers and what they do and how they work.