CISSP D4 Preview | IP addresses, MAC addresses, and Port Numbers – Part 1

In this lecture and the next couple of lectures, we’re going to be talking about IP addresses, MAC addresses and ports so we can ensure that what we send over the Internet actually reaches the right destination.
We have already talked about MAC addresses a little, how they are burned in addresses, they are supposed to be a unique identifier on the network and they’re really, really easy to spoof.
The original design was EUI or MAC-48, meaning it is a 48 bit hexadecimal address where the first half is the manufacturer ID and the last half is the device ID.
And here we ran into some of the same problems that we had with IP addresses.
No one had ever predicted the Internet would be as popular as it is.
So to make sure we did not run out of unique addresses for the last half of the MAC address, we added UI or MAC-64 addresses.
Here again, the same first 24 bits are manufacturer ID, the last 40 bits, other device, unique ID.
We have many more devices, so we need much more address space.
I also briefly mentioned that with IPv6, they can only use the 64 bit Mac addresses.
So if our networking card is a little older and it has a 48 bit address, what IPv6 does, is it adds FF:FE in the middle of the address.
That effectively makes it a 64 bit address and IPv6 can use that.
If you look over here on the right, you can see we have a unique identifier for the organization in a 48 bit address, 58, 8D, 09, then we have the unique ID for the device, A5, 54, BA.
To make it a 64 bit address, we add the FF:FE between the organization identifier and the device identifier, and this is only used on 48 bit addresses, any newer networking card will have a 64 bit address.
Now let’s look at something we haven’t talked so much about yet, IP addresses.
They were first deployed in production in the ARPANET in 1983.
Which is really not that long ago, but it is also very, very long ago.
And ARPANet is what later became the Internet.
The ARPANet was developed in the 1970s on a secure, closed network.
DARPA– Defense Advanced Research Projects Agency.
The key word here is defense.
It is military.
And since that network was closed and it was secured, security was not built into any of the protocols.
That is why many of the protocols we use now does not have security designed in, it is something that we add to, we bolt it on.
And with anything else where you add something later, it is inherently not as secure as if it was designed in.
Security should always be part of the design process and never something we add as an afterthought later.
But then again, the use case and how they were planning to use the network back then is completely different from what we do today.
So IPv4 for inherently is a connectionless protocol that is used for packet switching networks.
Since it is connectionless, it is just like UDP, but there is no delivery confirmation, there’s no guarantees.
So for that, we design the TCP protocol because the original IPv4 by itself, doesn’t guarantee delivery, it doesn’t ensure proper sequencing, it doesn’t prevent us from delivering the same data twice.
And because of all these flaws, we then added a bunch of protocols to make sure that we have reliable traffic and that we have secure traffic.
Up till a few years ago, IPv4 was still the most commonly used protocol on the Internet.
But because it has a very limited address space, we are moving much faster towards IPv6 and most of these changes are something that is happening on the back end.
You don’t really see it.
You may have heard 8, 10 years ago that we’re running out of IPv4 addresses and that is technically true.
But since so many devices now are ready for IPv6, we have really mostly avoided running out.
There has been a lot of shuffling on the back end, but for most consumers, they never know.
What we did was we moved any device that is capable on its own to run IPv6 to IPv6.
And we did that because IPv4 really only has four billion usable addresses and four billion does sound like a large number.
When the Internet was designed, they thought maybe in every large city there might be one computer.
If that’s the world you live in, more than four billion is an insane amount.
And I think last time I recorded this, there were about eight billion devices the Internet.
Now, we’re close to 30 billion and we expect there to be in 2025, about 75 billion devices.
So you can see with that explosive growth, there is a definite need for everything that we have that is IPv6 capable to move it to IPv6.
So just to take an example, any smartphone in the United States uses IPv6.
You don’t know.
You don’t care.
Your phone is IPv6 capable and that can save us a ton of IPv4 addresses.
And the numbers you see here at the bottom, you can see a little over four billion IPv4 for addresses and then the next number is IPv6 addresses.
I’m not even going to try to pronounce that.
I saw someone who’s clearly good at math.
Break it down to every square foot or 30 by 30 centimeters on the entire planet earth, would by itself have 65,000 IP addresses.
That is how many IPv6 addresses there is in the total address space.
So I think for now, we’re probably OK with IPv6, regardless of how many billions of devices we put on the network.
Now, let’s talk a little more about IP addresses and port numbers.
To continue on the example from before, the IP address is the building, the port number is the apartment, and that really is how your computer tracks the 50 browser windows you have open, the two games, the music, the video or whatever else you are doing online.
Each of those windows or each of those applications has a unique port number.
We have 65,536 unique ports that we can use, port 0 to 1,023 are called the well-known ports and this is where most of our protocols live.
Each between 0 and 1,023 is assigned to a specific protocol.
It is only used for that one protocol.
So Port 80 is used for unencrypted web traffic.
Port 443 is for a HTTPS or secure web traffic.
The ports from 1,024 to 49,151 are most often assigned to specific vendor applications.
And then the ports form 49,152 to 65,535 can go by a few names, they will be called private, dynamic or ephemeral ports and they can be used by anyone for anything.
And the ephemeral ports are the ones that are used by your web browser.
You open up your Web browser, you go to Thorteaches.com, and the applications assign a random port in that range, then when Thorteaches.com sends that traffic back, they send that to the port that was chosen by the application.
For the exam, understand how ports and IP work, know the different ranges for well known ports, register ports and ephemeral ports.
And then I would know the specific ports that I’m covering in the next slide.
And as mentioned, I would know all these ports, the port number, what they do, if they’re TCP or UDP, and it’s not really a terribly long list.
There is some memorization here, but I think it is important to know both for your exam and for your job.
Port 20 and 21 are FTP ports, they use TCP, port 20 is used for the data transfer and port 21 is for the FTP control that sets up that sessions, make sure the data is delivered and all the practical stuff.
Port 22 is SSH or Secure Shell and it uses both TCP and UDP.
Port 23 is for Telnet and it uses TCP, Telnet is the predecessor to SSH, and it is something that we use to connect remote systems, but it is unencrypted.
Everything is sent in plain text, meaning anyone who can pick up that traffic can see whatever we are sending.
We should never, ever sent anything in plaintext.
Now I’m going to bundle some ports that we use for email.
Port 25 is SMTP.
It is a TCP port and it can also sometimes be used on port 2525.
Port 110 is for POP3 emails and if we don’t use POP3, we might use IMAP, which is port 143 also a TCP connection.
And most of these protocols are TCP because we want to guarantee the delivery.
So port 25, 110, 143 are coming email protocols.
That then brings us to Web ports.
Ports 80 and 443 are for web traffic, port 80 is HTTP, Hypertext Transfer Protocol.
It is regular unsecure web traffic.
You don’t really see a lot of that around anymore and it can sometimes also use port 8,008 and 8080.
Then we have the protocol that we most commonly used now for web browsing, HTTPs port 443.
And this is again, hypertext transfer protocol, but it is either over SSL or more commonly now TLS.
And yes, we will cover those more later.
Port 137 and 138 are for NetBIOS, 137 is for the naming server, username, registration, and resolution.
And then the actual data is sent on 138.
137 is UDP, 138 can be either UDP or TCP.
And then finally we have port 3389, and that is Microsoft Terminal Server or RDP connection where you can connect to servers using well RDP, Remote Desktop Protocol.
It uses both TCP and UDP and since the port number is above 1023, you know, it is a vendor protocol that means that port is assigned specifically to Microsoft, whereas all the other ports we have looked at here are below 1024, that means they’re non vendor specific protocols.
And with that we are done with this lecture.
I will see you in the next one where we continue on IP addresses and ports.