Networking Refresher
Computer Networking concepts can be very confusing at first due to their abstract nature. For folks who are starting their career in Cyber Security and looking to gain basic understanding of networking, I have prepared a refresher article which will help you simplify your understanding as well as relate these concepts to practical use-cases.
Network — Connection of computing devices that communicate with one another. This connection can be wired or wireless.
How does it work: Networking components
- Applications to communicate — Red
- Common protocol (language) — Blue
- Network interface to connect to network — Green
- Transmission media — Line
Example:
Networking Architectures
Client-Server
Client initiates connection and Server waits for client/clients to connect. Server can accept/reject the connection attempt.
Peer-to-Peer (P2P)
No dedicated server as both sides can act as client/server
Hierarchical
Dumb terminals (Screen, Keyboard and Mouse) connected to a mainframe (Big CPU).
Network Models
A network model refers to a high-level overview of the network architecture. Alternate terms include network stack/protocol suite.
OSI Model
The Open Systems Interconnection model is an ISO standard used to visualize the network through it’s well defined 7 layers.
TCP/IP Model
While the OSI Model is a reference model, the TCP/IP model is a functional model and is the basis for the Internet.
Basic Networking Terminology
Hub
Used to connect more than 2 computers. Works at the physical layer in OSI Model.
Limitation — No network segmentation.
Switch
Segregates packets based on broadcast domain using VLANS — configurations inside a switch that uses MAC address tables. Works at the network layer in OSI Model.
Router
Used to ensure communication between 2 VLANS. Works at the network layer in OSI Model.
TCP
Transmission Control Protocol works at the transport layer in OSI Model and has the following features:
- Connection-Oriented protocol — Expects an acknowledgment.
- Used when reliability more important over performance.
- Session established by 3-way handshake: SYN — SYN/ACK — ACK.
- Session closed by 4-way handshake: FIN — ACK — FIN — ACK.
- Longer latency time, only ideal for point-to-point transmission where data integrity needs to be ensured.
UDP
User Datagram Protocol works at the transport layer in OSI Model and has the following features:
- Connectionless protocol — makes no attempt to ensure completeness of transmission.
- Used when performance more important over reliability.
- No handshake used.
- Faster and perfect for broadcasting.
IP
Internet Protocol is a network layer connection-less protocol in the OSI Model used to send data from one device to another on the internet.
An IP address is assigned to each internet connected device as an identifier.
IPv4 vs IPv6 — Key differences
- Most devices use the IPv4 address, which is a 32-bit numeric IP address with each octet separated by a period (.).
- Due to the shortage of IPv4 addresses, IPv6 address was created which is a 128-bit alphanumeric IP address with each octet separated by a colon (:).
- IPv6 addresses are compatible with mobile devices and are more advanced compared to IPv4.
2 types
Public IP: Paid IP visible to public. Used by big corporates and ISPs.
Private IP: Free IP assigned to each device not visible to public.
Note: Below is only applicable for IPv4 addresses.
5 classes
Class A: 1.0.0.0–127.255.255.255
Class B: 128.0.0.0–191.255.255.255
Class C: 192.0.0.0–223.255.255.255
Class D: 224.0.0.0–239.255.255.255 (Reserved for multicasting)
Class E: 240.0.0.0–255.255.255.255 (Reserved for research)
Hostnames and IP Addresses mapped using DNS.
Private Addresses
Class A: 10.0.0.0–10.255.255.255
Class B: 172.16.0.0–172.31.255.255
Class C: 192.168.0.0–192.168.255.255
2 or more IP Addresses can communicate if
Class A: 1st octet is same
Class B: 1st 2 octets are same
Class C: 1st 3 octets are same
Subnetting: A way to assign the same IP to different devices under same network
Default Subnet Masks
Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255.0
Example of subnetting
50.60.191.31/13–13 means there’s subnetting
13 also means that the subnet mask has 13 1’s
Default Subnet Class B: 255.255.0.0
In binary — 11111111.11111111.00000000.00000000
Actual subnet: 11111111.11111000.00000000.00000000
Or 255.248.0.0
255.248.0.0
N = number of networks H = number of hosts
= number of 1s in part = number of 0s in part — 2
= 2⁵ = 2¹⁹ — 2
= 32
You can also use a subnet calculator but manual method is good for understanding the concept.
ICMP
Internet Control Messaging Protocol is a network layer error-reporting protocol used by network devices to generate error messages and manage traffic flow. Ping and traceroute command-line utilities use this protocol.
IGMP
Internet Group Management Protocol is a network layer protocol that allows devices to join a multicasting group. Multicasting refers to directing of network traffic to a shared IP address so that a group of devices receive the traffic at once.
ARP
Address Resolution Protocol is a data-link layer protocol used to map MAC addresses to IP addresses.
Infrastructure Management Protocols (Layer 7)
DHCP
Dynamic Host Configuration Protocol is used to automate IP address assignment to devices on a network.
DNS
Domain Name System is a hierarchical decentralized naming system which translates a domain name to its IP address.
SNMP
Simple Network Management Protocol is used to monitor and manage devices on a network.
NTP
Network Time Protocol is used to deploy time synchronization service.
LDAP
Lightweight Directory Access Protocol is used to access and maintain data within directories. LDAPS is an encrypted version of this protocol.
SMTP
Simple Mail Transfer Protocol is an Internet standard for email transmission.
POP3
Post Office Protocol 3 is an older protocol used for retrieving emails from a server by 1 device at a time.
IMAP4
Internet Message Access Protocol is an advanced version of POP3 which allows accessing email on a remote server and allows syncing of any changes made in the mailbox across multiple devices.
Remote Control Protocols (Layer 7)
Telnet
Provides client with a command prompt on a remote device. Due to transfer of data in plaintext, this is only used by legacy systems nowadays.
SSH
Secure Shell is an encrypted replacement of telnet which is widely used to access and manage a device remotely.
RDP
Remote Desktop Protocol is used to interact with the desktop of a remote computer.
Streaming Media Protocol (Layer 7)
SIP
Session Initiation Protocol is used to establish, manage and tear-down VOIP calls and multimedia conferences.
Transfer Protocols (Layer 7)
SMB
Server Message Block is a Microsoft File and Print Sharing protocol.
NFS
Network File System is similar to SMB but more suited for linux-based environments.
FTP
File Transfer Protocol is used to send and receive files from one device to another. It lacks file-sharing capabilities but is faster compared to SMB. An encrypted version of FTP called SFTP makes FTP much more secure.
Web Traffic Protocols (Layer 7)
HTTP
Hyper Text Transfer Protocol is used to carry web traffic. An HTTP request contains the following:
- HTTP version type
- URL (format — protocol://hostname:port/path/filename)
- HTTP method (GET, POST, PUT, DELETE)
- request headers
- optional HTTP body
An HTTP response contains the following:
- HTTP status code
- 1xx — Info
- 2xx — Success
- 3xx — Redirection
- 4xx — Client errors
- 5xx — Server errors
- response headers
- optional HTTP body
HTTPS
A secure version of HTTP which uses Transport Layer Security (TLS) protocol for encryption.
There are a lot of subtopics and topics within networking, but I have covered everything that I found useful when I started as a Cyber Security professional.
