Check out Practical Networking he has a entries series on this topic and it's as deep as it can be I would say
@faanrossАй бұрын
@@cedriczumsteg2371 i second this, i also got his practical TLS course on sale for $50, and it's INCREDIBLE
@TechnicalHeavenSM Жыл бұрын
This series is actually a gold mine
@goobertnelius Жыл бұрын
I was just wondering about this and then got a notification.
@MrDeltaRing Жыл бұрын
It's like he knows what we are thinking...like a hacker perhaps
@goobertnelius Жыл бұрын
@@MrDeltaRing yeah, maybe he is a social hacker/engineer too...
@zeusdabest Жыл бұрын
@@goobertnelius wasnt wondering and got a notifaciton
@psp.youtube Жыл бұрын
😮
@ttrss Жыл бұрын
Literally same wtff
@jayfraxtea Жыл бұрын
Great video! The most important part is your smiling face at 6:57 when you talk about the "beautiful way". The next time I'm struggling with incompatible IPSec-tunnels, I'll remember your face and all frustration will be gone. You oversimplified a bit: not all tunnels have their own interface. We all love good old SSH tunnelling, as we do with recent websocket tunnels.
@uslanyaramazov22 күн бұрын
BEST EXPLANATION EVER! I watched like 20 different video until this developer friendly video. Thanks for your effort!
@anonymousperson2640 Жыл бұрын
Great video content for those, who start learning networking. Even basic understanding how routing works will surely make VPNs much easier to grasp. Especially those, which use virtual interfaces. On the other hand, policy-based ipsec tunnels, which do not have nor their own routes, nor endpoint IPs, yet can somehow connect private networks just as fine as those tun/tap devices always amazed me. While I certainly can configure & use that, I never could understand how it works on a packet level, would be a nice if you could do some explanation video, thanks!
@QueRedFire Жыл бұрын
Great video! From a perspective of a graduated cyberdefence student and actual penetration tester, these questions "from the past" are 100% in point! Other thing that bothered me in the past is for example "How the email systems actually works?"
@ajko000 Жыл бұрын
As a network engineer, tunnels are by far the most deceptive concepts. At their simplest, you're just shoving IP within IP, at their most complex, you get complaints ;).
@creepr524 Жыл бұрын
Hmmm its more like IP within TCP or UDP
@codahighland Жыл бұрын
@@creepr524 Yes, but TCP and UDP are themselves inside of IP, so the statement is still correct.
@geevee9728 Жыл бұрын
@@creepr524 IPSEC has entered the chat
@SnoiperTV Жыл бұрын
Yeah, i Always hated vpn
@w花b Жыл бұрын
@@creepr524 huuuum actually 🤓 whoops, we're all nerds here, that was inappropriate.
@ArthurSchoppenweghauer Жыл бұрын
I would appreciate a video about OAuth & JWT, generally these authentication methods and how these tokens are created, sent and stored via HTTP and how they relate to user roles and permissions I find difficult to understand.
@vaisakh_km Жыл бұрын
yes different types of authentication are really confusing .... and i really struggled to make authentication when i was making my first java server... in python and node, it's much simpler...
@xxjblexx Жыл бұрын
Definitely... As well as Stateful vs. Stateless Authentication/Architecture, Cookies vs. Tokens and So On... The Whole Thing around
@coding3438 Жыл бұрын
You should watch okta devs video on ouath
@alastairtheduke11 ай бұрын
Thanks!
@alastairtheduke11 ай бұрын
This is such a good explanation. You are so good at explaining these topics and such a natural in front of the camera
@sanjeevKumar-eg6hp Жыл бұрын
Thank you so much for sharing the knowledge in such a simple manner
@VegaSlayer Жыл бұрын
I feel lucky that you still share the knowledge with us. literally gold channel
@DarkMonsterGFX Жыл бұрын
Amazing video! It would be awesome to do a second version, but diving deeper and complex! Again, thanks for your videos, they are very informative and easy to follow
@AshrafulAlim-gg4 ай бұрын
Really enjoying Deepdive videos. Please release more
@ThePowerRanger Жыл бұрын
Wow, this was complex but you explained it really well. Also thnx for including the python code.
@randlekonoble1011 Жыл бұрын
Really detailed video, I’ve been experimenting with tunnels recently & I think you explained the underlying concepts extremely well 🥳🥳.
@Ramsas154 Жыл бұрын
Talk about certificates, I'm using them, issuing them but don't *really* understand it. CA Authority, TLS, SSL.
@akenang1852 Жыл бұрын
UP!
@kevint.900 Жыл бұрын
Can it be a coincidence that a server on the IP you used in your video now hosts an nginx instance with some weird XSS-like payload in its TLS-certificate common name? ('"'>')
@patpattson Жыл бұрын
This was great! Have actually never completely understood how vpns work, great explaination!
@semitangent Жыл бұрын
One detail what I would have liked to see here is some detail on what the IPs "within" the tunnel really are. Are they just artifacts of packing a whole TCP/IP packet as data into another TCP/IP packet or do they have more meaning, e.g. in terms of routing?
@ajko000 Жыл бұрын
If it's a GRE tunnel, it's just IP within IP. The IP packet is encapsulated as data (the payload) in another IP packet. That IP packet is routed across the tunnel (often the public internet) and once it reaches its remote tunnel endpoint, that endpoint decapsulates it, revealing the "real" IP packet, which then gets routed/forwarded to it's destination "normally".
@semitangent Жыл бұрын
@@ajko000 I think that's exactly the point where I'm wondering why the tunnel IPs are needed. The two VPN endpoints exchanging encrypted payloads (the encapsulated 'local' IP packets) know each other's WAN/public IP, so why is there a need for a "tunnel" in the sense of a static route between virtual private IPs? If the two endpoints, each in their own respective part of the virtual private network, just acted as two proxies communicating using their counterpart's public IP the whole thing would still work in my mind and there would be no need for the virtual tunnel IPs.
@57d4 ай бұрын
Awesome video. Thank you for making these invaluable resources for free.
@alishabani9136 Жыл бұрын
If you mix these concepts with SSL that would be very interesting at least for me. Thank you for sharing knowledge
@RoiEXLab Жыл бұрын
If you imagine that SSL/TLS is just another layer on top of TCP (but below HTTP for example, even though this only applies to HTTP/1.X), it stays exactly the same, but instead of redirecting the HTTP traffic, it redirects the SSL/TLS/HTTPS traffic. For the VPN provider the only thing that changes is that without SSL/TLS it could read your traffic, whereas with encryption it can't
@alishabani9136 Жыл бұрын
@@RoiEXLab Thank you.
@gregorykhvatsky7668 Жыл бұрын
There is also stunnel, a tool that allows you to essentially wrap any traffic in TLS. With it you can, for example, do SSH-over-TLS (for whatever reason)
@CharleyWright-w1y Жыл бұрын
@@gregorykhvatsky7668 A more commonly used example is FTP over SSL, because it was never made with proper encryption in mind :)
@matte.309 Жыл бұрын
I'm really enjoying these explainer videos. I had this ah ha! moment half way and I finally get tunnels. That was way simpler than I could have imagined.
@codewizard58 Жыл бұрын
Using swIPE protocol I was part of a small team that implemented one of the first VPN tunnels over the internet with the tunnel running between two proxy based firewalls. I also implemented a DOS/Windows vpn client. This was around 1996. Later ipsec and TLS became available. Things have really changed now that encrypted comms is the norm : )
@0x7ddf1 Жыл бұрын
Wow, the networking world is amazing, thank you
@novarx-eg3dlimr Жыл бұрын
I really love your enthusiasm about the topics! 👍
@FreestyleTraceur8 ай бұрын
I'd love a deepdive on WireGuard protocol and how things like Tailscale work under the hood to get around CGNAT. Thanks for the awesome videos!
@akenang1852 Жыл бұрын
I love the mini videos with you encapsulating packets hahah
@İsmailFarukKaya10 ай бұрын
Hey you did a great job with this deep dive series I must say. I was wondering if you could do another about "storage" in detail; i.e. differences between block storage, file storage and their usages with examples ? Thanks!
@LiveOverflow10 ай бұрын
Slightly related, checkout my Linux Driver video. It’s a different style but might answer some questions
@electricimpulsetoprogramming Жыл бұрын
your videos teaching things are awesome
@backinyourcommentsectionag3191 Жыл бұрын
Absolutely loved this video!
@tylerb6981 Жыл бұрын
I would absolutely KILL for a video discussing how Kerberos works. Or, if possible, every step that happens from plugging a smart card into a windows machine during Interactive Sign On to Kerb to successfully getting into you computer.
@alpagutsencer Жыл бұрын
Perfect video man! Keep it coming ^^
@pflasterstrips7254 Жыл бұрын
I like the LiveOverflow university
@brianhayes1105 Жыл бұрын
Brilliant. Thank you so very much.
@louise87 Жыл бұрын
I love your content. Please, please, please, create a video comparing and exploring the differences between the source code of Linux and FreeBSD
@SupremeGrace-xx4ys Жыл бұрын
Really awesome and deep explanation thank you
@mineeeeee Жыл бұрын
Love your videos ^^
@maxdobrei5117 Жыл бұрын
So from my understanding, in the example with your version of "OpenVPN", you can route your packets to the virtual network interface card, and that's really a program like a VPN client. After the program does what it needs to do (ie putting on new headers, encrypting the data), does the program then hand off this new encapsulated packet back to the real network interface card so that it can reach the VPN server? I guess I'm a little confused as to what the next steps would be after the packet goes to the vNIC
@codahighland Жыл бұрын
The vNIC sends the packet to another server over the physical network. That server then unpacks the packet on a vNIC on its end, and then it handles the packet the same way as a router handles packets that come in on one NIC and need to be sent along through another NIC.
@maxdobrei5117 Жыл бұрын
@@codahighland Thank you for the clarification
@codahighland Жыл бұрын
@@maxdobrei5117 Any time!
@ShaharBarsheshet8 ай бұрын
Very nice explanation! Thank you. One question, you said "you can tell the operating system please route ALMOST all traffic..." Why almost? What data isn't routed?
@BenKadel Жыл бұрын
Absolutely excellent video super helpful thank you!
@paknbagn9917 Жыл бұрын
really good explaining
@Bluepaccao Жыл бұрын
Great video, thank you!
@prateeksaraswat1 Жыл бұрын
What a great video! ❤
@fuwe Жыл бұрын
Geoint @12:39 52.412690, 13.314948 Coordinates within 1m
@uinisefaustinafoochong7743 Жыл бұрын
I felt like you were on the same page as I was for a second
@mehmetavci8270 Жыл бұрын
Hello is it possible to make a video about certificates (deepdive)? Ty
@truepakistani9604 Жыл бұрын
Can you make a video on relay its types and when/why we need it and how they work and are they different from routing and just everything about relays. Especially out of the context of TOR so we can understand relay and ultimately the TOR.
@Louisrael10 ай бұрын
Generally, proxies offer quicker connection speeds compared to VPNs. This is because proxies selectively route specific traffic, while VPNs encrypt all internet activity, potentially slowing down speeds. Zeus Proxy offers a rotating residential proxy ideal for tasks like e-commerce multi-account registrations, data crawling, airdrops, and gaming.
@flyviawall4053 Жыл бұрын
Please do a IPSec version of this. It's not TUN/TAP(despite VTI) but something rather old fashion. I think many people get confused when dealing with both kinds. Also I think it's worth to talk about the routing table magic when using TUN/TAP tunnel, like why I route everything into it but it doesn't loop?
@thecatleo6 ай бұрын
@4:47 the comment says decrypt but the arrow says encryption. its confusing to me.
@Syphdias Жыл бұрын
I always take issue when "transparent" is used when describing technology. I think most of the time people actually mean "opaque". Let's say you have a loadbalancer to some API and it forwards incoming traffic to multiple backend servers (e.g. round robin). You could describe this as transparent since the request goes _through_ the loadbalancer, like through a glass window and still reaches the server. But I would argue this loadbalancer is opaque to the API client. The client has no idea that different servers are targeted, only the API endpoint is relevant for it to function (ignore header shenanigans, etc.). The loadbalancer takes care if a backend server is unreachable. On the other hand, if you use multiple DNS Records ("DNS Loadbalancing" or "poor man's load balancing") and show that there are multiple servers answering requests, you need to take care to retry if one of those servers looses connection. (You should always build in retries though!) In the case of a VPN (or tunnel) the client (curl, nc, browser, etc.) is not aware that it is using a VPN (you can of course detect it, if you want, but this is not the point). The client just does its thing, it does not care if there is something extra. If you want to be more technical you could say you hand this problem down to your network stack then then chooses the right interface (which would be a tap, tun, or wg interface etc.). I think "transparent" is so widely used for opaque technology, because it sounds more positive and because the request/operation reaches its target "through" something. In practice, I find it confusing to talk about actual transparent technologies, for example that implement transparent caching or failover; here the client has to do actual work. Sorry for the rant! I actually quite enjoyed the video!
@passerby184 Жыл бұрын
I'd say it uses word transparent as invisible by clients
@Syphdias Жыл бұрын
@@passerby184 What would you call transparent caching then? Or something like etags?
@passerby184 Жыл бұрын
@@Syphdias transparent cache is still transparent: (actually it needs cache to be a transparent proxy):
@noobishgamer995 Жыл бұрын
i deff subscribed for your minecraft content. its great
@zFake Жыл бұрын
Our favorite hacker is back. Let's go!
@kaihatkeinenaccount Жыл бұрын
tbh I like the ad at the end
@사이보그-i6p Жыл бұрын
Nice animation of the osi layers
@hadizorkot28894 ай бұрын
I have a question about the encryption. The data is encrypted when it is sent between us and the "VPN" server, where it is then decrypted and sent to the target server. But why is it okay to send raw decrypted data from the "VPN" server to the target? Do we expect that an attacker will be sniffing on only our network therefore if the requests sent through there are encrypted then we are safe? What if an attacker is sniffing the connection between the "VPN" sever and the target? Sorry if you already covered this somewhere here and I missed it. Thank you for the great videos!
@section9999 Жыл бұрын
yay deepdives!
@marcelocabral389 Жыл бұрын
you could do a video about containerization, i don't exactly know the name, but you know, explain concepts used in docker or in virtualbox
@Wallee580 Жыл бұрын
Can't wait for a video on Union routing. c:
@aonoloki Жыл бұрын
computerphile did a nice one on the subject, but guess he might do better
@ninjajoe9 Жыл бұрын
How about a deep dive on building/making software? There are a number of tools that expedite build processes, but how all the dependencies and sub-modules work together would be useful.
@tjgdddfcn Жыл бұрын
If traffic from a computer goes into a VPN and then to a server on the internet, how does the server know to respond to the VPN, not the computer (since the ip source header would contain the computer’s ip address if the same exact packet that the computer sent would be released into the VPN) and if yes how does the vpn know how to send the server’s response back to the computer since the server had no idea that it was talking to a vpn
@niter43 Жыл бұрын
If by "server" you mean machine other that on which VPN server is run (e.g. accesing third-party site through VPN), then it should be like your wifi router (acting as NAT) -- your local device initiates TCP connection, router opens outbound port for it and remembers with which local device that port is associated with, forwards following incoming traffic for that port accordingly.
@Shocker99 Жыл бұрын
I'd like to see a deepdive into a file structure. A file is made up of a header data and the content data. How can we inspect the header data and where is the meta data stored - in the header? Are there common flags that indicate where the content data starts and ends? etc.
@KFLawless1412 Жыл бұрын
Can you do a video about hardware based root of trust in embedded systems? Using secure storage for keys etc. And public key cryptography
@velho6298 Жыл бұрын
Great video!
@Verrisin Жыл бұрын
if the IP and TCP packets are left unchanged and just released on the private network ... how does the other side know how to send data back through the VPN Server program ?
@jaeheekanghan Жыл бұрын
Please please please can you make a video about application layer or more specifically DNS and its hierarchy and types? Or routing explanation in a nonconfusing way? Sorry if I asked maybe something unrelated to what you wanted to do
@emvdl Жыл бұрын
Thanks, well explained 👍 Just wonder, how do you make these animated images?
@andrew5407 Жыл бұрын
Nice video! Could you make a video on files, sockets and streams :D
@nicholascurran1734 Жыл бұрын
So the tun/tap, which is not a network card, is treated like one, in a similar way that usb drives can be treated as keyboards, even if they're not?
@thatcrockpot1530 Жыл бұрын
Great content :)
@mrpi230 Жыл бұрын
Thank You😊
@AUATUWVSH Жыл бұрын
are you still doing the Minecraft series? i think you should go over most of the third party "schematic" file formats (as most of them are just NBT, though some are text based and/or custom binary encodings)
@vishesh0512 Жыл бұрын
I didn't understand why you'd want to use the VPN protocol which has these added steps to preserve your IP header? Wasn't the proxy setup simpler, and possibly more performant?
@zekicay Жыл бұрын
VPN works with all protocols - if it is a Layer2 VPN, it can even work with non-ip packets (for example IPX/SPX, NetBIOS etc). Proxy works only with some application protocols (HTTP(S) proxy) or only with TCP and UDP (Socks proxy). TCP Proxy is also always a server that only clients can use. A VPN can be ad-hoc (see wireguard point-to-point) or even mesh (see tailscale). Also, why would it be more performant? You have two TCP stacks in a proxy (complex), versus two UDP or even raw IP stacks (simpler) in a VPN endpoint.
@niter43 Жыл бұрын
7:00 note the emphasis on "private network", VPNs allow to bridge remote networks into one without revealing any of them to the public internet (e.g. your home network may have 10s of devices, but they all sit behind one public-facing IP of your router -- so for example you wouldn't be able to connect to your phone from outside; VPN allows to connect to your home network remotely and speak to devices within network as if you were connected to it locally). Also his proxy setup is overly simplistic for demo purposes: 1) Always proxied traffic to same remote machine (ipinfo io) -- there's no way to specify to which remote IP/port data should be forwarded; To do so you'd have to wrap payload data in your own layer/data protocol, where you can put this info in some headers. 2) After you made your own proxy protocol you have issue of any third-party software not being aware of how your protocol works and thus not sending data correctly. So you can only use it with software you build/modified yourself -- VPS are transparent to software.
@0xAAA Жыл бұрын
Amazing vid
@09sahilchaudhary94 Жыл бұрын
You should make more of these videos explaining concepts. Why did you stoped?
@psp.youtube Жыл бұрын
Thanks Fabien
@plippero7870 Жыл бұрын
Can you do "What is a registry" next? I have heard about the windows registry or docker registry etc... But i have no clue what it actually is (not completely i know you can store something, but looking at it in a more technical way) 🤔
@codahighland Жыл бұрын
A registry is just a database with a well known location. That's literally all it is. The DNS registry is a database of domain names and IP addresses that you can find at a location given to you by your ISP. The Windows registry is a database of configuration settings that any program can access using a standard API. A Docker registry is a database of Docker images and you share the address with the hosts that you want to have access to it.
@plippero7870 Жыл бұрын
ty :)
@Z3rgatul Жыл бұрын
You mentioned it in passing, but through VPN you can work with any protocol on top of IP. UDP works on top of IP, for example DNS. ICMP works on top of IP, for example ping.
@pitust Жыл бұрын
ICMP works over IP not UDP. Well, in the normal scenario anyway; i'm sure one can cobble together some unholy monstrosity that routes ICMP over UDP.
@anonymousperson2640 Жыл бұрын
A bunch of corrections to your message. 1. Whether you can actually run a protocol over VPN depends heavily on implementation - for example if you use OpenVPN tun device, you are limited to using protocols from OSI layer 3+. You can't use VLANs, CDP, LLDP and many other useful protocols over a tun device. Actually most of VPN types won't allow you to use Layer 2 protocols, with a notable exception of OpenVPN tap device in bridging mode. 2. modern DNS should prefer running over TCP as best practice (see rfc9210). 3. ICMP works on top of IPv4, it is a separate protocol, just as TCP or UDP, so it does not need anything besides IPv4. Most important it does not need the devices to know about each other to function properly
@Z3rgatul Жыл бұрын
@@pitust heh, right, I knew that just made mistake xD
@Z3rgatul Жыл бұрын
@@anonymousperson2640 1. I didn't know you can run OSI layer 2 over openvpn. Should it be better called something like virtual router, and not virtual private network? 2. that's true, but there are other protocols over UDP, and we will have QUIC. DNS was just for an example. And using old DNS over UDP inside local networks is still fine (am i right?) 3. this was my mistake, i knew that
@anonymousperson2640 Жыл бұрын
@@Z3rgatul yes, openvpn tap device allows raw ethernet frames, so you can even use something like IPX instead of IP inside. Downside would be pretty high traffic usage, since every frame from each connected client will be distributed to all other clients (aka star network). DNS should answer on both UDP & TCP, since UDP-only version has some problems with DNSSEC not fitting into 512 byte limit (you wouldn't want to run a modern dns-server without enforced dnssec verification, would you? :))
@justcurious1940Ай бұрын
Does the VPN client takes over the layers below the Network layer or the OS will still do it ?.
@joanelietheiligerruiz3144 Жыл бұрын
Muy bueno !!!!
@ibrahimalnafisi432 Жыл бұрын
Great Video! Something about TLS?
@nosenseofhumor1 Жыл бұрын
do you think you could teach chatgpt to buffer overflow its own text prediction's return variable?
@sohil20000 Жыл бұрын
Hi ,pls talk about how to keep our phones secure and anonymous, im talking about ads loclisation ,...Or that there is no escaping from this in return for obtaining Google services !!
@metiu1973 Жыл бұрын
Greater video thank you! Could you maybe make a video about reverse proxy to?
@WrenchIO Жыл бұрын
learned a lot
@enrique-zarate45944 ай бұрын
I was totally expecting a VPN add at the end 😢😂
@bikashdahal7986 Жыл бұрын
Is there any security issue / government tracking problem if we create our won vpn? Need sugesstions thankyou❤️
@varungupta2045 Жыл бұрын
What about the server response? The terminal server is gonna send the response packet destined for your actual computer and the not the vpn server. Can't your isp just look these incoming packets and use the source to figure out what websites you're actually talking to? I'd reckon at the very least the vpn server would modify the ip header of the actual packet and make itself the source so that it can receive the response from the terminal server.
@yazzindev Жыл бұрын
How do programs utilize drivers? Why do anticheats use them?
@perschistence2651 Жыл бұрын
Great video but the image quality was kind of low. Maybe you should consider to upload in 4K in the future.
@사이보그-i6p Жыл бұрын
I think there is also potential for a BIOS/UEFI/bootloader/boot etc. Video but that could be rather short
@MadDawg010 Жыл бұрын
Can we get a video about TCP meltdown?
@jakobha3768 Жыл бұрын
Do they actually use TCP packets? I thought that they use UDP to avoid a TCP Meltdown?
@agustotara11 ай бұрын
Unlike VPNs, Zeus Proxy ensures that proxies exclusively change the IP address for the specific browser in which they are installed.
@Kopeksi Жыл бұрын
I read pixies. Pixy based security would be awesome
@kenniemo35762 ай бұрын
That's great
@logmeindog Жыл бұрын
thanks
@tracetv8115 Жыл бұрын
I am often struggling with proxy and reverse proxy. Isn’t it like that every reverse proxy is a proxy, it just depends on which side the client is? Maybe someone has a good explanation for me^^