Understanding networking is fundamental to penetration testing and ethical hacking. This guide covers the essential networking concepts, protocols, and terminology you need to know before diving into security tools.
The OSI Model
The OSI (Open Systems Interconnection) model describes how data moves through a network in seven layers:
Layer 7 - Application HTTP, FTP, SSH, DNS, SMTP
Layer 6 - Presentation SSL/TLS, encryption, compression
Layer 5 - Session Session management, authentication
Layer 4 - Transport TCP, UDP, ports
Layer 3 - Network IP addresses, routing, ICMP
Layer 2 - Data Link MAC addresses, switches, ARP
Layer 1 - Physical Cables, hubs, electrical signalsFor practical purposes, focus on layers 2-4 and 7, as these are most relevant to penetration testing.
IP Addressing
IPv4 Addresses
IPv4 addresses are 32-bit numbers written as four octets (e.g., 192.168.1.100). Each octet ranges from 0 to 255.
Private IP Ranges
Class A: 10.0.0.0 - 10.255.255.255 (10.0.0.0/8)
Class B: 172.16.0.0 - 172.31.255.255 (172.16.0.0/12)
Class C: 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)Special Addresses
127.0.0.1 Localhost (loopback)
0.0.0.0 All interfaces / default route
255.255.255.255 Broadcast
169.254.x.x Link-local (APIPA)Subnet Masks and CIDR
/8 = 255.0.0.0 16,777,214 hosts
/16 = 255.255.0.0 65,534 hosts
/24 = 255.255.255.0 254 hosts
/25 = 255.255.255.128 126 hosts
/26 = 255.255.255.192 62 hosts
/27 = 255.255.255.224 30 hosts
/28 = 255.255.255.240 14 hosts
/29 = 255.255.255.248 6 hosts
/30 = 255.255.255.252 2 hosts
/32 = 255.255.255.255 1 hostTCP vs UDP
TCP (Transmission Control Protocol)
- Connection-oriented (requires handshake)
- Reliable delivery (acknowledgments, retransmission)
- Ordered packets
- Used by: HTTP, SSH, FTP, SMTP, Telnet
TCP Three-Way Handshake
Client → Server: SYN
Server → Client: SYN-ACK
Client → Server: ACK
Connection established!UDP (User Datagram Protocol)
- Connectionless (no handshake)
- Unreliable (no acknowledgments)
- Faster than TCP
- Used by: DNS, DHCP, SNMP, VoIP, gaming
Common Ports
Memorize these common ports for quick identification during scans:
Port Service Description
20,21 FTP File Transfer Protocol
22 SSH Secure Shell
23 Telnet Unencrypted remote access
25 SMTP Email sending
53 DNS Domain Name System (TCP/UDP)
80 HTTP Web traffic
110 POP3 Email retrieval
111 RPCbind RPC service
135 MSRPC Microsoft RPC
139 NetBIOS Windows file sharing
143 IMAP Email retrieval
389 LDAP Directory services
443 HTTPS Encrypted web traffic
445 SMB Windows file sharing
993 IMAPS Encrypted IMAP
995 POP3S Encrypted POP3
1433 MSSQL Microsoft SQL Server
1521 Oracle Oracle database
3306 MySQL MySQL database
3389 RDP Remote Desktop Protocol
5432 PostgreSQL PostgreSQL database
5900 VNC Virtual Network Computing
6379 Redis Redis database
8080 HTTP-Alt Alternative HTTP
8443 HTTPS-Alt Alternative HTTPS
27017 MongoDB MongoDB databaseDNS (Domain Name System)
DNS translates domain names to IP addresses.
DNS Record Types
A IPv4 address
AAAA IPv6 address
CNAME Canonical name (alias)
MX Mail exchange server
NS Name server
TXT Text records (SPF, DKIM)
PTR Reverse DNS lookup
SOA Start of authorityDNS Lookup Commands
# Basic lookup
nslookup example.com
dig example.com
# Specific record type
dig example.com MX
dig example.com TXT
dig example.com NS
# Reverse lookup
dig -x 8.8.8.8
# Zone transfer (if allowed)
dig axfr @ns1.example.com example.comARP (Address Resolution Protocol)
ARP maps IP addresses to MAC addresses on local networks.
# View ARP cache
arp -a
ip neigh
# ARP operates at Layer 2 and is vulnerable to spoofing attacksDHCP (Dynamic Host Configuration Protocol)
DHCP automatically assigns IP addresses to devices on a network.
DHCP Process (DORA):
1. Discover - Client broadcasts looking for DHCP server
2. Offer - Server offers an IP address
3. Request - Client requests the offered IP
4. Acknowledge - Server confirms the assignmentNAT (Network Address Translation)
NAT allows multiple devices to share a single public IP address. Types include:
- SNAT: Source NAT, modifies source IP
- DNAT: Destination NAT, port forwarding
- PAT: Port Address Translation, most common
HTTP/HTTPS
HTTP Methods
GET Retrieve resource
POST Submit data
PUT Update/replace resource
DELETE Remove resource
HEAD GET without body
OPTIONS Show allowed methods
PATCH Partial updateHTTP Status Codes
1xx - Informational
2xx - Success (200 OK, 201 Created)
3xx - Redirection (301 Moved, 302 Found, 304 Not Modified)
4xx - Client Error (400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found)
5xx - Server Error (500 Internal Error, 502 Bad Gateway, 503 Unavailable)Firewalls and Filtering
Firewalls filter traffic based on rules. Common types:
- Packet filter: Examines headers (IP, port)
- Stateful: Tracks connection state
- Application layer: Deep packet inspection
- Next-gen (NGFW): Combines multiple functions
Network Mapping Basics
# Discover live hosts
ping 192.168.1.1
arping 192.168.1.1
# Trace route to target
traceroute 8.8.8.8
tracepath 8.8.8.8
# Check listening ports locally
ss -tulpn
netstat -tulpnSummary
A solid understanding of networking fundamentals is essential for any penetration tester. These concepts will help you understand scan results, identify potential attack vectors, and communicate findings effectively. Practice with tools like Wireshark to see these protocols in action.
