1
00:00:05,370 --> 00:00:13,230
OK so in packet tracer I'm gonna start simulation mode on my windows P.C. I'm gonna connect via HTTP to

2
00:00:13,230 --> 00:00:17,010
the server on the left which is 10 1 1 100.

3
00:00:17,070 --> 00:00:23,420
Notice nothing happens but when we go back here we can see that some packets have been created.

4
00:00:23,460 --> 00:00:31,140
First one is ARP now on ethernet devices communicate using what's called a MAC address and MAC addresses

5
00:00:31,140 --> 00:00:34,530
are burnt in address on a network interface code.

6
00:00:34,680 --> 00:00:38,270
So I'm connecting from this P.C. to the server.

7
00:00:38,550 --> 00:00:41,460
The P.C. doesn't know the MAC address of the server.

8
00:00:41,460 --> 00:00:50,120
This is the MAC address of the P.C. and we can see that by going to the config of the P.C. go to Fast

9
00:00:50,130 --> 00:00:50,920
Ethernet.

10
00:00:50,940 --> 00:00:54,050
Notice MAC address ends in 11 99.

11
00:00:54,220 --> 00:01:01,800
So this PC  is basically arping or requesting, ARP is a resolution protocol requesting the MAC address

12
00:01:01,920 --> 00:01:03,860
of the server.

13
00:01:03,990 --> 00:01:10,680
So it's basically saying who has this IP address so that gets sent to the switch.

14
00:01:10,700 --> 00:01:13,190
Now this is what's called a broadcast frame.

15
00:01:13,190 --> 00:01:15,430
Notice the destination is Fs.

16
00:01:15,560 --> 00:01:19,820
That's a broadcast basically saying who has this IP address.

17
00:01:21,500 --> 00:01:28,100
If we look at the PDU or protocol data unit what you'll notice is the target MAC address is blank

18
00:01:28,790 --> 00:01:31,370
target IP address is this.

19
00:01:31,380 --> 00:01:36,940
Now this is a broadcast and a layer 2 switch will flood the broadcast which basically says it sends

20
00:01:36,940 --> 00:01:44,120
it out of all ports so it gets sent to this server this server drops the message because it doesn't have

21
00:01:44,120 --> 00:01:46,960
the IP address requested by the P.C..

22
00:01:47,180 --> 00:01:53,930
This router will also drop the packet but this server will reply back.

23
00:01:53,930 --> 00:02:03,620
So the inbound PDU is from the P.C. to a broadcast address but the reply is now from the server

24
00:02:04,220 --> 00:02:09,250
ending in 0 0 8 6 as its MAC address to the P.C..

25
00:02:09,320 --> 00:02:13,250
Notice how Packet Tracer uses 7 layers here.

26
00:02:13,250 --> 00:02:16,130
At the moment it only shows Layer 1 and 2 here.

27
00:02:16,160 --> 00:02:23,360
If we look at the inbound PDU however at layer 2 we have Ethernet at layer 3 we have ARP and

28
00:02:23,360 --> 00:02:27,230
in the outbound PDU that's what we see something similar.

29
00:02:27,230 --> 00:02:34,940
Layer 2, Layer 3, ARP, target IP address is the P.C. source IP address is the server source MAC address

30
00:02:35,000 --> 00:02:42,970
is the server and we can see that by looking at the interface notice 0 0 86 is the MAC address.

31
00:02:43,220 --> 00:02:49,610
So what happens now is that gets sent back to the switch and gets sent to the P.C..

32
00:02:49,610 --> 00:02:57,020
So now the P.C. knows the MAC address of the server and can communicate directly to the server.

33
00:02:57,050 --> 00:03:05,990
notice this is a TCP packet, so in TCP before communication takes place they do what's called a three

34
00:03:05,990 --> 00:03:07,430
way handshake.

35
00:03:07,490 --> 00:03:15,320
They agree on certain parameters such as sequence numbers and how much data they can send and then an

36
00:03:15,350 --> 00:03:18,310
HTTP packet is sent into the network.

37
00:03:18,350 --> 00:03:23,020
So if we look at the actual HTTP and that's the one I want to concentrate on here.

38
00:03:23,270 --> 00:03:31,880
Let's look at the HTTP packet or HTTP message. Packet Tracer shows this very nicely gigabit 1 0 form

39
00:03:31,890 --> 00:03:34,230
the switch receives the frame.

40
00:03:34,230 --> 00:03:41,620
So this interface receives the frame from the P.C. we've got Layer 1 and layer 2 information here.

41
00:03:41,880 --> 00:03:47,700
It's gonna be forwarded out of gigabit 1 0 2 so forwarded to the server.

42
00:03:47,700 --> 00:03:53,760
But let's look at the inbound PDU and outbound PDU or protocol data unit in a lot of detail.

43
00:03:53,820 --> 00:03:58,150
Source MAC address is the P.C. destination MAC address is the server.

44
00:03:58,410 --> 00:04:00,020
We have a type field.

45
00:04:00,060 --> 00:04:05,530
How does one layer referred to the layer above it at layer 2 on Ethernet 

46
00:04:05,580 --> 00:04:14,590
It uses a type field this type 0 800 in hexadecimal 0x means hexadecimal indicates that the higher

47
00:04:14,610 --> 00:04:17,070
layer protocol is IP version 4.

48
00:04:17,070 --> 00:04:19,790
We could have other protocols here like IP version 6.

49
00:04:19,920 --> 00:04:24,960
So if I go back to a ARP packet and have a look at that.

50
00:04:25,020 --> 00:04:28,880
Notice the type field is different here.

51
00:04:28,920 --> 00:04:30,800
It's 0 8 0 6.

52
00:04:30,840 --> 00:04:32,440
That indicates ARP.

53
00:04:33,270 --> 00:04:40,410
So when a device receives a frame at layer 2 it needs to know which protocol to use.

54
00:04:40,410 --> 00:04:43,240
In other words which protocol stack to use.

55
00:04:43,350 --> 00:04:46,490
We can see that in Windows by going to control panel.

56
00:04:46,680 --> 00:04:54,660
And if we have a look at our adapter so this is the wireless adapter that I'm currently using and go

57
00:04:54,660 --> 00:04:56,190
to properties.

58
00:04:56,190 --> 00:05:05,550
What you'll notice is we have IP version 4 and IP version 6, 2 protocols at layer 3 have been enabled

59
00:05:05,580 --> 00:05:10,320
in this P.C. when the P.C. receives frames of the wire.

60
00:05:10,320 --> 00:05:16,230
So when that P.C. receives data how does it know which protocol stack to use.

61
00:05:16,290 --> 00:05:19,940
In other words is it an IP version 4 packet or is it an IP version 6 packet.

62
00:05:20,010 --> 00:05:22,860
It's based on the type field at layer 2.

63
00:05:23,030 --> 00:05:31,680
So this server on the left here when it receives this HTTP packet will know that it needs to use the IP

64
00:05:31,680 --> 00:05:33,930
version 4 protocol stack.

65
00:05:33,930 --> 00:05:39,690
If you send IP version 4 packets to IP version 6 it's not going to understand it in the same way that

66
00:05:39,690 --> 00:05:45,990
I have an English protocol stack and I have an Afrikaans protocol stack. I'm much better in English than

67
00:05:45,990 --> 00:05:51,250
I am at Afrikaans if I speak to you and say goeie more Hoe gaan dit

68
00:05:51,390 --> 00:05:55,360
If you don't understand Afrikaans you're not going to understand what I'm talking about.

69
00:05:55,410 --> 00:06:00,180
If I say good morning how are you and use the English protocol stack that's gonna make a lot of sense

70
00:06:00,840 --> 00:06:05,010
if you speak multiple languages and you hear different languages your mind will just switch to that

71
00:06:05,010 --> 00:06:06,300
language very easily.

72
00:06:06,390 --> 00:06:10,880
But on a P.C. it needs to know which protocol stack or which language to use.

73
00:06:11,870 --> 00:06:17,190
So in this example IP version 4 is the layer 3 protocol.

74
00:06:17,390 --> 00:06:24,150
And here we can see IP version 4 source and destination ip addresses now.

75
00:06:24,250 --> 00:06:25,410
Same thing again.

76
00:06:25,480 --> 00:06:32,980
How does it know which protocol is being used at layer 4. Ethernet is the layer 2 encapsulation IP version

77
00:06:32,980 --> 00:06:37,080
4 is the layer 3 protocol TCP is the layer 4 protocol.

78
00:06:37,210 --> 00:06:45,460
This number here indicates so it's a 6 in hexadecimal or 6 in decimal indicates that the protocol used

79
00:06:45,490 --> 00:06:48,520
at layer 4 is TCP.

80
00:06:48,520 --> 00:06:55,090
You can find protocol information easily by just searching for IP version 4 protocol numbers and then

81
00:06:55,090 --> 00:07:00,280
the IANA website gives you a list of protocol numbers.

82
00:07:00,280 --> 00:07:12,100
So as an example TCP is protocol number 6 17 if we scroll down is a UDP TCP or transmission control

83
00:07:12,100 --> 00:07:14,920
protocol is reliable.

84
00:07:14,980 --> 00:07:20,390
User datagram protocol or UDP is not reliable.