LEVEL 2

Networking Fundamentals

Beginner

🎯 Learning Objectives

📍 IP Addresses

An IP address (Internet Protocol address) is a unique numerical identifier assigned to each device connected to a computer network. Think of it as your computer's home address.

IPv4 vs IPv6

IPv4

  • Format: 32-bit (4 octets)
  • Example: 192.168.1.1
  • Addresses: ~4.3 billion
  • Notation: Dotted decimal
# IPv4 Address Classes
Class A: 1.0.0.0 - 126.255.255.255
Class B: 128.0.0.0 - 191.255.255.255
Class C: 192.0.0.0 - 223.255.255.255
Class D: 224.0.0.0 - 239.255.255.255 (Multicast)
Class E: 240.0.0.0 - 255.255.255.255 (Reserved)

IPv6

  • Format: 128-bit (8 groups)
  • Example: 2001:0db8::1
  • Addresses: 340 undecillion
  • Notation: Hexadecimal
# IPv6 Address Types
Global Unicast: 2000::/3
Link-Local: fe80::/10
Unique Local: fc00::/7
Multicast: ff00::/8

Public vs Private IP Addresses

Private IP Ranges (RFC 1918)

10.0.0.0 - 10.255.255.255      (10.0.0.0/8)
172.16.0.0 - 172.31.255.255    (172.16.0.0/12)
192.168.0.0 - 192.168.255.255  (192.168.0.0/16)

🔍 DNS (Domain Name System)

DNS is like the phonebook of the Internet. It translates domain names (like google.com) into IP addresses that computers use to identify each other.

DNS Query Process:

1

Recursive Query

Your computer asks the local DNS resolver (usually provided by your ISP) to resolve the domain.

2

Root Server

The resolver contacts a root DNS server to find the TLD (.com, .org, etc.) server.

3

TLD Server

The resolver contacts the TLD server for the specific domain.

4

Authoritative Server

The resolver contacts the authoritative DNS server that has the actual IP address.

5

Response

The IP address is returned to your computer, which can now connect to the website.

Common DNS Record Types

Record Type Purpose Example
A IPv4 Address example.com → 93.184.216.34
AAAA IPv6 Address example.com → 2606:2800:220:1
CNAME Canonical Name (alias) www.example.com → example.com
MX Mail Exchange example.com → mail.example.com
TXT Text Record SPF, DKIM verification

🚪 Ports & Protocols

Ports are virtual endpoints for network communication. They allow a single device to run multiple network services simultaneously.

Common Ports

Port Service Description Security Note
20/21 FTP File Transfer ⚠️ Unencrypted, use SFTP
22 SSH Secure Shell ✅ Secure remote access
23 Telnet Unencrypted remote access ⚠️ Never use, use SSH
25 SMTP Email sending ⚠️ Use TLS/SSL
53 DNS Domain Name System Critical infrastructure
80 HTTP Web traffic ⚠️ Use HTTPS instead
443 HTTPS Secure Web traffic ✅ Encrypted
3306 MySQL Database ⚠️ Never expose to Internet
3389 RDP Remote Desktop ⚠️ VPN required

🔄 TCP vs UDP

TCP and UDP are the two main transport layer protocols used for transmitting data over networks.

🔒 TCP (Transmission Control Protocol)

  • Connection-oriented - Establishes connection before sending
  • Reliable - Guarantees delivery
  • Ordered - Data arrives in sequence
  • Flow Control - Prevents overwhelming receiver
  • Error Checking - Retransmits lost packets

Use Cases:

  • Web browsing (HTTP/HTTPS)
  • Email (SMTP, IMAP, POP3)
  • File transfers (FTP, SFTP)
  • SSH remote access

⚡ UDP (User Datagram Protocol)

  • Connectionless - No connection needed
  • Fast - No overhead
  • Unreliable - No delivery guarantee
  • No ordering - May arrive out of order
  • Small header - Less bandwidth

Use Cases:

  • Video streaming
  • Online gaming
  • VoIP (Voice over IP)
  • DNS queries

🔍 Three-Way Handshake (TCP)

Client                          Server
  |                               |
  |-------- SYN ---------------→  |
  |     "Want to connect"         |
  |                               |
  |←------- SYN-ACK -----------  |
  |     "OK, ready"              |
  |                               |
  |-------- ACK ---------------→ |
  |     "Let's go!"              |
  |                               |
  |===== Connection Established ===|

🔥 Firewalls

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Types of Firewalls

🛡️ Network Firewall

Hardware device that filters traffic between networks. Typically placed at network perimeter.

  • Packet filtering
  • Stateful inspection
  • Deep packet inspection

💻 Host Firewall

Software running on individual computers. Controls traffic to/from that specific device.

  • Windows Defender Firewall
  • iptables (Linux)
  • ufw (Ubuntu)

☁️ Cloud Firewall

Cloud-based firewall services that protect cloud infrastructure.

  • AWS Security Groups
  • Azure Firewall
  • Cloudflare WAF

Basic iptables Rules (Linux)

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP (port 80)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Allow HTTPS (port 443)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Drop everything else
iptables -A INPUT -j DROP

# List rules
iptables -L -v -n

🔐 Network Security Concepts

Network Segmentation

Dividing a network into smaller segments to isolate sensitive systems and limitattack spread.

# Example VLAN Configuration
!
interface GigabitEthernet0/1
 description Guest Network
 switchport mode access
 switchport access vlan 20
!
interface GigabitEthernet0/2
 description Corporate Network
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/3
 description Server Farm
 switchport mode access
 switchport access vlan 30

VPN (Virtual Private Network)

Creates an encrypted tunnel for secure communication over public networks.

  • Remote Access VPN - Individual users connecting remotely
  • Site-to-Site VPN - Connecting entire networks
  • SSL VPN - Browser-based secure access
  • WireGuard - Modern, fast VPN protocol

💻 Practical Examples

Python - Port Scanner

import socket
from concurrent.futures import ThreadPoolExecutor

def scan_port(host: str, port: int, timeout: float = 1.0) -> dict:
    """Scan a single port."""
    result = {
        'host': host,
        'port': port,
        'status': 'closed',
        'service': None
    }
    
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(timeout)
        
        connection = sock.connect_ex((host, port))
        
        if connection == 0:
            result['status'] = 'open'
            # Try to get service name
            try:
                result['service'] = socket.getservbyport(port)
            except:
                result['service'] = 'unknown'
        
        sock.close()
        
    except socket.error:
        result['status'] = 'error'
    
    return result

def scan_common_ports(host: str) -> list:
    """Scan most common ports."""
    common_ports = [21, 22, 23, 25, 53, 80, 110, 143, 443, 445, 
                   3306, 3389, 5432, 8080, 8443]
    
    results = []
    with ThreadPoolExecutor(max_workers=10) as executor:
        futures = [executor.submit(scan_port, host, port) for port in common_ports]
        for future in futures:
            results.append(future.result())
    
    return sorted(results, key=lambda x: x['port'])

# Example usage
host = "example.com"
print(f"Scanning {host}...")
results = scan_common_ports(host)

for r in results:
    if r['status'] == 'open':
        print(f"Port {r['port']}: OPEN ({r.get('service', 'N/A')})")

🎯 Mini Project: Network Analysis Tool

Build a Python script that performs basic network diagnostics:

import socket
import subprocess
import platform

def network_diagnostics(target: str):
    """Perform basic network diagnostics on a target."""
    
    results = {
        'target': target,
        'ip_address': None,
        'ping_result': None,
        'dns_resolution': None,
        'open_ports': []
    }
    
    # 1. Resolve hostname
    try:
        results['ip_address'] = socket.gethostbyname(target)
        results['dns_resolution'] = 'Success'
    except socket.gaierror:
        results['dns_resolution'] = 'Failed'
        return results
    
    # 2. Ping the target
    param = '-n' if platform.system().lower() == 'windows' else '-c'
    command = ['ping', param, '4', target]
    
    try:
        ping_output = subprocess.check_output(command, stderr=subprocess.STDOUT, universal_newlines=True)
        results['ping_result'] = 'Reachable'
    except subprocess.CalledProcessError:
        results['ping_result'] = 'Unreachable'
    
    return results

# Test
if __name__ == "__main__":
    result = network_diagnostics("google.com")
    print(f"Target: {result['target']}")
    print(f"IP: {result['ip_address']}")
    print(f"DNS: {result['dns_resolution']}")
    print(f"Ping: {result['ping_result']}")

Requirements:

  • Resolve hostname to IP address
  • Perform ping test
  • Check DNS resolution
  • Scan for common open ports
  • Display results in a readable format

🏋️ Practice Challenge

Challenge: Design a Secure Network

Design a small business network with the following requirements:

  1. Separate networks for: Guest WiFi, Employee Computers, Servers
  2. Implement a firewall with appropriate rules
  3. Configure VPN for remote employee access
  4. Add intrusion detection capabilities

Bonus Challenge:

Write iptables rules that implement your firewall design.

📝 Summary

Key Takeaways:

  • IP Addresses uniquely identify devices; IPv4 is 32-bit, IPv6 is 128-bit
  • DNS translates domain names to IP addresses through a hierarchical system
  • Ports enable multiple services on one device; well-known ports (0-1023) are reserved
  • TCP is reliable and ordered; UDP is fast but unreliable
  • Firewalls filter network traffic based on security rules
  • Network segmentation and VPNs enhance security

Vocabulary:

  • IP - Internet Protocol, addressing system for network devices
  • DNS - Domain Name System, translates domains to IPs
  • TCP - Reliable, connection-oriented transport protocol
  • UDP - Fast, connectionless transport protocol
  • Firewall - Network security device that filters traffic