ks3cured

Beginner Networking
Concepts

Everything you need to understand how data actually moves across networks — from cables to applications.

By @ks3cured

Sections: 10

01 — foundations

What is Networking?

A network is two or more devices connected together so they can share data. That could be two computers in the same room, your phone talking to a web server across the world, or millions of devices all connected through the internet.

Networking is the foundation of everything in cybersecurity. You can't defend what you don't understand — and almost every attack involves the network in some way.

Key Concept

The internet is just a massive network of networks. Your home network connects to your ISP's network, which connects to other ISPs, which eventually reaches any server on the planet.

Types of Networks

LAN (Local Area Network) — A network within a small area like your home or office. Devices on the same LAN can talk to each other directly.

WAN (Wide Area Network) — A network that spans large distances. The internet is the largest WAN. Your ISP connects your LAN to the WAN.

WLAN (Wireless LAN) — A LAN that uses Wi-Fi instead of cables. Same idea, no wires.

02 — fundamentals

How the Internet Works

When you visit a website, a lot happens in milliseconds. Your device needs to find the server, establish a connection, request data, and receive it — all reliably and in the right order.

Data doesn't travel as one big chunk. It gets broken into small pieces called packets. Each packet is sent independently across the network and reassembled at the destination. This is why your download can keep going even if one path is congested — packets can take different routes.

Analogy

Think of sending a book in the mail. Instead of one massive package, you send each chapter separately. They might arrive out of order — but as long as you number them, you can reassemble the book on the other end.

03 — addressing

IPv4 vs IPv6

Every device on a network needs an address so data knows where to go. That's what an IP address is — an Internet Protocol address. There are two versions in use today.

IPv4 — The Original

32-bit address — written as 4 numbers separated by dots, each from 0–255.

Supports about 4.3 billion unique addresses. That sounds like a lot — but we ran out. Every device needs an IP, and there are way more than 4.3 billion devices now.

Still the most common version you'll see today.

192.168.1.1

IPv6 — The Future

128-bit address — written as 8 groups of 4 hex digits separated by colons.

Supports 340 undecillion addresses (that's 340 followed by 36 zeros). We won't run out.

Also has built-in improvements: better security, no need for NAT, auto-configuration.

2001:0db8:85a3:0000:0000:8a2e:0370:7334

Quick Note

192.168.x.x and 10.x.x.x are private IP ranges — they only exist inside a local network. Your router handles translating these to your public IP when traffic goes to the internet. This is called NAT (Network Address Translation).

04 — transport

TCP vs UDP

Both are Layer 4 (Transport Layer) protocols that define how data is sent between devices. They take very different approaches.

TCP

Transmission Control Protocol

Connection-oriented
Guarantees delivery
Data arrives in order
Has error checking
Slower — more overhead
Uses: HTTP, SSH, FTP, email

UDP

User Datagram Protocol

Connectionless
No delivery guarantee
Packets may arrive out of order
Minimal error checking
Faster — low overhead
Uses: DNS, video streaming, gaming

The TCP 3-Way Handshake

Before TCP can send any data, it establishes a connection through a 3-way handshake. This is one of the most important things to understand for security — it's where a lot of attacks happen.

SYN

Client → Server
"Hey, can we connect?"

→

SYN-ACK

Server → Client
"Yes, I acknowledge"

→

ACK

Client → Server
"Got it. Let's go."

SYN = Start a connection | ACK = Acknowledge data was received | FIN = Close the connection

UDP Packet Structure

UDP packets are intentionally simple — just 4 fields: Source Port, Destination Port, Length, and Checksum. That's it. No sequence numbers, no ACKs. Speed over reliability.

Security Note

Attackers can exploit TCP's handshake in several ways. A SYN Flood sends thousands of SYN packets with no ACK — overwhelming a server with half-open connections. An RST Flood sends reset packets to forcibly close connections. A FIN Scan uses FIN packets to stealthily probe for open ports without completing a handshake. You can spot forged TCP sessions in Wireshark by watching sequence/ACK numbers — attackers have to guess or spoof them.

05 — architecture

The OSI Model

The OSI Model (Open Systems Interconnection) is essentially a blueprint for how computers talk to each other over a network. It breaks the process into 7 layers, each with a specific job.

How to Remember the Layers

Top-down (Sending): All People Seem To Need Data Processing
Bottom-up (Receiving): Please Do Not Throw Sausage Pizza Away

When you send data it starts at Layer 7 (Application) and works down to Layer 1. When you receive data it starts at Layer 1 (Physical) and works up to Layer 7.

#	Layer	Simple Description	What it Does	Examples
7	ApplicationTOP	Where humans & software interact	Services like email, file transfers, web browsers	HTTP/HTTPSFTPDNSSMTP
6	PresentationTRANSLATOR	Translates data formats	Converts formats so both sides understand — handles encoding, encryption, compression	JPEGSSL/TLSASCII
5	SessionCONVERSATION MGR	Manages ongoing connections	Opens, maintains, and closes sessions ("conversations") between devices	Session tokensAPI Sessions
4	TransportDELIVERY CONTROL	Splits data & ensures it arrives	Segments data, controls flow, handles errors and retransmission	TCPUDPPorts
3	NetworkADDRESSING & ROUTING	Routes across different networks	Assigns IP addresses, finds the best path between networks	IPRoutersICMP
2	Data LinkLOCAL DELIVERY	Handles local delivery	Deals with delivery between devices on the same network using MAC addresses	EthernetMAC AddressSwitches
1	PhysicalHARDWARE	Transmits raw bits	Sends data as electrical signals, light, or radio waves (actual 1s and 0s)	CablesFiberRadio wavesNIC

06 — ports & protocols

Ports & Protocols

An IP address gets data to the right device — but a port number tells that device which application should handle it. Think of an IP address as a building address, and a port as the specific apartment number inside.

Ports 0–1023 are well-known ports reserved for specific protocols. Ports 1024–49151 are registered ports. Ports 49152–65535 are dynamic/ephemeral — used temporarily by clients.

Port	Protocol	Main Use	Side
20	FTP (Data)	Transfers file data	Server
21	FTP (Control)	FTP commands & login	Server
22	SSH	Secure remote login	Server
23	Telnet	Remote login (insecure — avoid)	Server
25	SMTP	Sending email	Server→Server
53	DNS	Domain Name System lookups	Both
67	DHCP	Assigns IP addresses	Server
68	DHCP	Requests IP addresses	Client
69	TFTP	Simple file transfer (no auth)	Server
80	HTTP	Web traffic (unencrypted)	Server
110	POP3	Receive/download email	Server
119	NNTP	Network news	Server
123	NTP	Time synchronization	Both
179	BGP	Routing between networks (internet backbone)	Both
443	HTTPS	Secure web traffic (TLS encrypted)	Server

Security Tip

In a pentest or security assessment, open ports are your entry points. Tools like nmap scan for open ports to map attack surface. If you see port 23 (Telnet) open in the wild — that's a red flag. Always look for services running on non-standard ports too.

07 — hardware

Router vs Modem

These two devices are constantly confused — and your ISP probably combined them into one box. Here's what each one actually does.

📡 Modem

Your link to the internet

Connects your home to your ISP
Converts ISP signal (coax, fiber, DSL)
Without it, no internet — period
Assigned one public IP by your ISP
Operates at Layer 1 & 2

🔀 Router

Your local network manager

Manages traffic between your devices
Assigns private IPs via DHCP
Handles NAT (one public IP → many devices)
Provides basic firewall functionality
Operates at Layer 3

Real Talk

Your home "router" from your ISP is almost always a modem + router combined into one box. They bundle them for simplicity. In enterprise networks they are always separate devices.

08 — name resolution

DNS — The Internet's Phone Book

Computers communicate using IP addresses. But humans can't remember 142.250.80.46 — we remember google.com. DNS (Domain Name System) is what translates between the two.

When you type a URL, your device sends a DNS query (on port 53) asking "what's the IP for this domain?" A DNS server responds with the IP, and then your browser connects.

Security Note

DNS is a major attack vector. DNS Spoofing / Cache Poisoning tricks a resolver into returning a fake IP, redirecting you to a malicious server. DNS tunneling uses DNS queries to smuggle data past firewalls. Always monitor DNS traffic in your environment.

09 — web protocol

HTTP & HTTPS — How the Web Talks

HTTP (HyperText Transfer Protocol) is the protocol your browser uses to request and receive web pages. Every time you visit a website, your browser sends an HTTP request and the server sends back a response.

HTTP runs on port 80. It is a simple request-response model — your browser asks for something, the server replies. Requests have a method that describes the action: GET (fetch data), POST (send data), PUT (update data), DELETE (remove data).

HTTPS is HTTP with TLS (Transport Layer Security) encryption wrapped around it. It runs on port 443. The content of the request is encrypted so nobody intercepting the traffic can read it — they can see you are talking to a server, but not what you are saying.

HTTP

Port 80 — Unencrypted

Data sent in plaintext
Anyone on the network can read it
No certificate required
Fast — no encryption overhead
Never use for sensitive data

HTTPS

Port 443 — TLS Encrypted

Data is encrypted end-to-end
Requires an SSL/TLS certificate
Protects against interception
Standard for all modern websites
Look for the padlock in your browser

Security Note

If a site is still running plain HTTP, that is a red flag. Tools like Wireshark can capture HTTP traffic and read usernames, passwords, and session cookies in plaintext. TLS is not optional — it is the baseline.

10 — security context

Why This Matters for Security

Every concept in this guide directly maps to real-world attacks and defenses. Networking isn't just background knowledge — it is security.

SYN FLOODExploit TCP handshake — flood server with SYN packets, never send ACK. Server runs out of resources waiting for connections that never complete.
PORT SCANUse tools like nmap to discover open ports and services. FIN scans are stealthy — send FIN without a handshake to probe silently.
ARP SPOOFINGAt Layer 2, poison ARP tables to associate your MAC with someone else's IP. Classic man-in-the-middle on local networks.
DNS HIJACKIntercept or poison DNS responses to redirect traffic to malicious servers. Works at Layer 7 but the impact is system-wide.
ROGUE DHCPStand up a fake DHCP server faster than the legit one. Hand out attacker-controlled gateway and DNS — all traffic routes through you.
PACKET SNIFFOn unencrypted protocols (HTTP, Telnet, FTP) — capture and read traffic in plaintext. Why HTTPS, SSH, and SFTP exist.

What to Learn Next

You're now ready to dig into: subnetting & CIDR notation, Wireshark packet analysis, firewall rules & ACLs, VLANs, and VPNs. Follow @ks3cured for more.