🌱 Beginner

Network Security Fundamentals

You cannot hack a network you do not understand. This guide covers the absolute essentials of networking that every security professional must master. From the packets on the wire to the logical addressing schemes.

Why This Matters

Every exploit, every payload, every C2 callback travels over a network. Understanding how data flows—from Layer 1 to Layer 7—is the difference between a script kiddie and a professional.

What You'll Learn

  • OSI and TCP/IP model mastery
  • IP addressing and subnetting
  • Protocol analysis and packet inspection
  • Common ports and services identification
  • Network defense mechanisms
  • Modern protocol security (QUIC, gRPC)
  • Traffic capture and analysis
  • Attack surface mapping by layer

OSI Attack Surface Map

OSI Model - Click layers to explore
7 LAYERS
7
Application
HTTP • HTTPS • SSH • FTP • DNS • SMTP
6
Presentation
SSL/TLS • JPEG • ASCII • MIME
5
Session
NetBIOS • RPC • SMB • SOCKS
4
Transport
TCP • UDP • SCTP
3
Network
IP • ICMP • IPSec • IGMP
2
Data Link
Ethernet • ARP • Wi-Fi • PPP
1
Physical
Cables • Hubs • Repeaters • Radio

The Two Models You Must Know

OSI Model (7 Layers)

The theoretical framework. Used for discussing attacks.

7ApplicationHTTP, SSH
6PresentationSSL/TLS
5SessionNetBIOS
4TransportTCP, UDP
3NetworkIP, ICMP
2Data LinkEthernet, ARP
1PhysicalCables, Hubs

TCP/IP Model (4 Layers)

The practical implementation. What actually runs.

4ApplicationHTTP, DNS, FTP
3TransportTCP, UDP
2InternetIP, ICMP, ARP
1Network AccessEthernet, Wi-Fi

Mnemonic: "All Traffic Is Not Perfect" (Application, Transport, Internet, Network Access)

Attack Surface by Layer

Every layer presents unique attack opportunities. Knowing where an attack occurs helps you understand how to execute and defend against it.

Layer Attack Type Example Techniques MITRE ATT&CK
L7 - Application Web/App Exploits SQL Injection, XSS, API Abuse, RCE T1190
L6 - Presentation Encryption Attacks SSL Stripping, Padding Oracle, Downgrade Attacks T1557
L5 - Session Session Hijacking Cookie Theft, Session Fixation, Token Replay T1563
L4 - Transport Connection Attacks SYN Flood, Port Scanning, TCP Sequence Prediction T1046
L3 - Network Routing Attacks IP Spoofing, ICMP Redirect, BGP Hijacking T1599
L2 - Data Link LAN Attacks ARP Spoofing, MAC Flooding, VLAN Hopping T1557.002
L1 - Physical Hardware Attacks Cable Tapping, Rogue Devices, Jamming T1200

Deep Dive Available

For detailed exploitation techniques per layer, see the Internal Pentest Guide which covers LLMNR poisoning, relay attacks, and more.

Quick Reference: Critical Ports

These are the ports you will encounter on almost every engagement. Color-coded by risk: high, medium, secure, auth-critical.

Remote Access & File Transfer

21 | FTP
22 | SSH
23 | Telnet
3389 | RDP
5900 | VNC
5985 | WinRM

Web Services

80 | HTTP
443 | HTTPS
8080 | HTTP-Alt
8443 | HTTPS-Alt

Authentication & Directory

53 | DNS
88 | Kerberos
389 | LDAP
636 | LDAPS

Windows / Linux File Sharing

135 | MS-RPC
139 | NetBIOS
445 | SMB
111 | RPCbind
2049 | NFS

Databases

1433 | MSSQL
1521 | Oracle
3306 | MySQL
5432 | PostgreSQL
6379 | Redis
27017 | MongoDB

Management & Email

25 | SMTP
110 | POP3
143 | IMAP
161 | SNMP
162 | SNMP-Trap
514 | Syslog

Learning Modules

🌐
01

Networking Basics

The foundation: OSI Model, IP Addressing, and MAC Addresses.

Start
🔌
02

Protocols & Ports

Understanding TCP/UDP, the 3-Way Handshake, and common services.

Start
🔢
03

Subnetting

Mastering IP division, CIDR notation, and network segmentation.

Start
🛡️
04

Firewalls & Defense

Understanding network defenses: firewalls, IDS/IPS, and segmentation.

Start
📦
05

Packet Analysis

Deep-dive into packet structure, headers, and traffic forensics.

Start
📊
06

Network Traffic

Capturing, analyzing, and interpreting network communications.

Start
07

Modern Protocols

QUIC, HTTP/3, gRPC, WebSockets, and encrypted DNS (DoH/DoT).

Start

Essential Recon Commands

Copy-paste these into your terminal to start exploring any network.

Discover Live Hosts (Ping Sweep)

ping-sweep.sh
bash 
nmap -sn 192.168.1.0/24
nmap -sn 192.168.1.0/24

Quick Port Scan (Top 1000)

quick-scan.sh
bash 
nmap -sT -T4 <target_ip>
nmap -sT -T4 <target_ip>

View Your Network Interfaces

interfaces.sh
bash 
ip addr show          # Linux
ipconfig /all         # Windows
ifconfig              # macOS
ip addr show          # Linux
ipconfig /all         # Windows
ifconfig              # macOS

Check ARP Table (Local Neighbors)

arp-table.sh
bash 
arp -a                # All platforms
ip neigh show         # Linux modern
arp -a                # All platforms
ip neigh show         # Linux modern

Trace the Route to a Target

traceroute.sh
bash 
traceroute <target>   # Linux/macOS
tracert <target>      # Windows
traceroute <target>   # Linux/macOS
tracert <target>      # Windows

Full Service Scan with Scripts

full-scan.sh
bash 
nmap -sC -sV -O -p- <target_ip>
nmap -sC -sV -O -p- <target_ip>

Related Tools

🧮

Subnet Calculator

Calculate network ranges, broadcast addresses, and host counts.

 🚪

Port Reference

Comprehensive list of common and uncommon service ports.

 🛡️

Nmap Command Builder

Interactively build Nmap commands for your scans.

 🦈

Wireshark Cheatsheet

Filter expressions and analysis tips for packet capture.

Related Topics

Internal Network Pentest

Apply networking knowledge to real assessments.

Cheatsheets

Quick reference for scanning and enumeration tools.

Wireless Pentesting

WiFi protocols and wireless network attacks.

Lab Setup

Build practice networks for safe learning.