WEBVTT 00:00.260 --> 00:03.500 Hey everyone, and welcome to the Knowledge Portal Video series. 00:03.500 --> 00:10.280 So in the earlier lecture we had understood the basics about what a protocols are, and today we'll 00:10.280 --> 00:13.670 understand protocols as well as the cryptography is concerned. 00:13.670 --> 00:15.620 So there are two types of protocols. 00:15.620 --> 00:18.590 One is plain text and second is encrypted text. 00:18.590 --> 00:21.080 So let's go ahead and understand more about it. 00:22.010 --> 00:28.340 So this is one of the slides which we discussed in the earlier lectures where there are various types 00:28.340 --> 00:30.080 of protocols which are available. 00:30.080 --> 00:35.360 You have FTP, DNS, TCP, Sftp, FTP, IP and many more. 00:35.690 --> 00:40.790 Now each of these protocols, some of these protocols will natively send data in plain text. 00:40.790 --> 00:46.100 However, some of the protocols will natively send data in an encrypted format. 00:47.600 --> 00:54.290 So one classic example that we will be discussing today in practical is the file transfer protocol, 00:54.380 --> 00:57.800 FTP and the secure file transfer protocol Sftp. 00:58.040 --> 01:02.460 So FTP will send the data natively in plain text. 01:02.460 --> 01:10.380 So an attacker who is sniffing the network will be able to look into everything in plain text format. 01:10.410 --> 01:14.520 However, when we use Sftp, everything will be in an encrypted format. 01:14.520 --> 01:21.180 So even if an attacker is sniffing the traffic, he'll not be able to understand how or what exactly 01:21.180 --> 01:22.350 the data is being sent. 01:22.350 --> 01:23.610 So let's do one thing. 01:23.610 --> 01:30.510 Let's go to our practical session and understand about these two protocols in practical scenario. 01:32.640 --> 01:36.240 So we have a favorite CentOS machine up and running. 01:37.080 --> 01:41.610 Let me just maximize the screen so it will become visible. 01:41.730 --> 01:49.140 So what I'll do is I'll log in to root and let's open up the wireshark. 01:51.400 --> 01:57.220 So while shark is a great tool to sniff the network traffic. 01:58.090 --> 01:58.840 Perfect. 01:58.840 --> 02:00.490 So let's do one thing. 02:00.490 --> 02:06.250 Let's verify if I have my FTP related package installed. 02:06.280 --> 02:06.850 Perfect. 02:06.850 --> 02:20.320 So I have my vsftpd package installed and some and we will look into this specific aspect with both 02:20.440 --> 02:22.120 FTP and Sftp protocol. 02:22.330 --> 02:23.230 Perfect. 02:23.530 --> 02:28.020 So let's do one thing in my wireshark. 02:28.030 --> 02:29.350 I'll select the interface. 02:29.350 --> 02:36.970 So just if you want to try it out, I have my main interface which is Gns3 three. 02:37.240 --> 02:41.980 I have also a loopback interface and I have my third interface as well. 02:41.980 --> 02:50.690 So since I have my vsftpd package up and running, let's verify and let's do a quick netstat. 02:54.990 --> 03:01.010 I'll do a netstat and you see I have vsftpd running on port 21. 03:01.020 --> 03:05.790 So for the time being so that we don't receive unnecessary traffic. 03:05.850 --> 03:11.280 I'll select Loopback as the primary interface and I'll click on start. 03:12.900 --> 03:17.660 So now you see I don't really have any packets which are flowing here. 03:17.670 --> 03:19.470 So let's do one thing. 03:19.470 --> 03:27.680 Let's connect to FTP on 1270.0.1 and now it is asking me for the username. 03:27.690 --> 03:29.580 The username will be Z. 03:32.700 --> 03:32.960 Water. 03:33.180 --> 03:36.300 So this will be the username which is present in the machine. 03:36.300 --> 03:37.860 Let me just verify. 03:38.700 --> 03:39.090 Okay. 03:39.140 --> 03:39.760 Zalora. 03:41.310 --> 03:43.260 It is asking me for a password. 03:43.260 --> 03:44.520 I'll put in the password. 03:44.520 --> 03:47.100 And now you see it is saying login successful. 03:47.100 --> 03:50.610 So I was able to successfully able to login to FTP. 03:51.090 --> 03:54.810 Now we have discussed that the FTP is a plain text protocol. 03:54.810 --> 04:01.050 So if you see there is a lot of packets which have been captured. 04:02.820 --> 04:11.610 So let's do one thing, I'll maximize the screen and we since we had logged in via FTP, FTP is a plain 04:11.610 --> 04:19.020 text protocol and now if you see within the protocol type, which is FTP, it is saying that the request 04:19.020 --> 04:20.670 username was Zora. 04:20.910 --> 04:25.590 So you will be actually be able to find this under the FTP protocol. 04:25.590 --> 04:34.900 So the username is Zora and we had also entered the password so in my case the password was string password. 04:34.900 --> 04:38.260 So it is actually showing me the password in plain text. 04:38.830 --> 04:42.190 So this is what an attacker can actually do. 04:42.220 --> 04:48.790 If is sniffing into your traffic, he can get both your username and password in plain text and he can 04:48.970 --> 04:52.120 get all the responses if you see login successful. 04:52.270 --> 04:57.750 So this is one of the challenges with plain text protocol. 04:57.760 --> 04:59.080 Let's do one thing. 05:00.760 --> 05:07.990 I'll close this terminal and this time we will be using an encrypted text protocol which would be Sftp. 05:08.890 --> 05:10.750 So I'll restart the session. 05:11.830 --> 05:12.550 Perfect. 05:12.700 --> 05:14.590 So I'll use sftp. 05:16.060 --> 05:20.860 Vohra added 127.0.0.1. 05:22.600 --> 05:24.370 It is asking me for password. 05:24.370 --> 05:28.300 I'll feed in the password and now I'm connected via sftp. 05:28.930 --> 05:32.980 So now I close this session. 05:34.270 --> 05:40.780 Let me maximize the screen and here if you see the initial there is a key exchange. 05:40.780 --> 05:48.250 So key exchange is basically used to exchange the secret key which will be used to encrypt the data. 05:48.400 --> 05:54.670 And once the key has been received, all the data, which you will see, all the data is in form of 05:54.670 --> 05:56.050 encrypted packets. 05:56.050 --> 06:00.430 So even if you open up the strings, you will not be able to. 06:01.630 --> 06:03.240 Find the plaintext data. 06:03.440 --> 06:05.160 It seems someone is calling me. 06:05.170 --> 06:06.940 I'll pick up later. 06:07.480 --> 06:13.990 So this is all the packets which are part of sftp are in encrypted format. 06:13.990 --> 06:19.150 So in this case, even if a user or even if an attacker is. 06:21.060 --> 06:23.880 Watching your traffic or sniffing your traffic. 06:23.880 --> 06:28.560 All he'll get is he'll get the packets in encrypted format. 06:28.800 --> 06:36.450 So you will see this is the encrypted packet and he'll not be able to make out or he'll not be able 06:36.450 --> 06:40.920 to decrypt the packet unless and until he has the secret key. 06:41.340 --> 06:49.800 So this is the reason why having the encrypted protocols to be used is extremely important and this 06:49.800 --> 06:57.060 is the reason why specifically in the login forms, you will find that websites are using Https, which 06:57.060 --> 07:01.560 basically encrypts all the communication so that your login cannot be found. 07:01.650 --> 07:02.790 So this is it. 07:02.790 --> 07:03.780 About this lecture. 07:03.780 --> 07:07.110 I hope this has been informative for you and I look forward to see you in the next lecture.