Studied by 2 people
Studying networking terms & practical applications
Network
A connection of technological devices
The Internet
Network consisting of many smaller networks within itself
IP Address
Internet Protocol - a way of identifying a host on a network
Public IP Address
Used to identify a device on the internet
Private IP Address
Used to identify a device amongst other devices
ISP
Internet Service Provider
IPv4
2³² available addresses - number divided into four octets of (0-255)
IPv6
2^128 available addresses - number divided into 8 hexadecimal numbers
MAC Address
Media Access Control - physical network interface microchip on a device’s motherboard, 12 character hexadecimal number split into two’s and separated by a colon
ICMP
Internet Control Message Protocol - used by ping to send packets to determine the performance of a connection between devices
LAN
Local Area Network
Star Topology
Devices are individually connected via a central networking device such as a switch or a hub
Bus Topology
Relies upon a single connection known as a backbone cable
Ring Topology
Devices are connected directly to each other to form a loop
Switch
Dedicated devices within a network that are designed to aggregate multiple other devices using ethernet. These various devices plug into a switch’s port
Router
Router’s connect networks and pass data between them
Routing
Label given to the process of data traveling across networks. Involves creating a path between networks so this data can be successfully delivered.
Subnetting
Splitting up a network into smaller, miniature networks within itself. Achieved by splitting up the number of hosts that can fit within the network, represented by a number called a subnet mask
How do subnets use IP Addresses?
1: identify the network address
2: identify the host address
3: identify the default gateway
ARP Protocol
Address Resolution Protocol - allows a device to associate its MAC address with an IP Address on the network. Each device on a network will keep a log of the MAC address associated with other devices on it’s cache.
ARP Request
A message is broadcasted to every other device on a network asking if the device’s MAC address matches the requested IP address
ARP Reply
If the device doesn’t have the requested IP, the reply is returned to the initial device which will now remember this and store it in it’s cache
DHCP
Dynamic Host Configuration Protocol - When a device connects to a network, if it has not already been manually assigned an IP address, it sends out a request (DHCP Discover) to see if any DHCP servers are on the network. The DHCP server then replies back with an IP address the device could use (DHCP Offer). The device then sends a reply confirming it wants the offered IP Address (DHCP Request), and then lastly, the DHCP server sends a reply acknowledging this has been completed, and the device can start using the IP Address (DHCP ACK).
OSI Model
Open Systems Interconnection Model - provides a critical framework dictating how all networked devices will send, receive, and interpret data
Layer 7 - Application
The application layer is the layer in which protocols and rules are in place to determine how the user should interact with data sent or received
Layer 6 - Presentation
The presentation layer acts as a translator for data to and from the application layer. The receiving computer will also understand data sent to a computer in one format destined for another format.
Layer 5 - Session
The session layer synchronizes the two computers to ensure that they are on the same page before data is sent and received. Once these checks are in place, the session layer will begin to divide up the data sent into smaller packets of data and begin to send these packets one at a time
Layer 4 - Transport
The transport layer plays a vital part in transmitting data across a network using one of two different protocols, TCP or UDP
TCP
Transmission Control Protocol. TCP is designed with reliability and guarantee in mind. It reserves a constant connection between the two devices for the amount of time it takes for the data to be sent and received, and incorporates error checking into its design
UDP
User Datagram Protocol. Not nearly as advanced as TCP, or boast as many features as TCP. There is no synchronization between the two devices or guarantee the data is transmitted
Layer 3 - Network
The network layer is where the magic of routing & re-assembly of data takes place. Uses OSPF (Open Shortest Path First) and RIP (Routing Information Protocol) to determine the most optimal path
Routing
Determines the most optimal path in which chunks of data should be sent
Layer 2 - Data Link
The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer and adds in the physical MAC address of the receiving endpoint.
NIC
Network Interface Card - exists inside of every network-enabled computer and comes with a unique MAC address to identify it
Layer 1 - Physical
The physical layer references the physical components of the hardware used in networking and is the lowest layer you will find. Devices use electrical signals to transfer data between each other in a binary numbering system
Packets and Frames
Small pieces of data that when forming together make a larger piece of information or message. A frame exists at the data link layer of the OSI model, with no information such as an IP address. Packets are encapsulated and have IP address information.
Packet Efficiency
Packets are an efficient way of communicating data across network devices because it is exchanged in small pieces, and there is less of a chance of bottlenecking occurring across a network.
TCP Packets Headers
Time to Live - this field sets an expiry timer for the packet to not clog up your network if it never manages to reach a host or escape
Checksum - this field provides integrity checking for protocols such as TCP/IP. If any data is changed, this value will be different from what was expected and therefore corrupt
Source Address - The IP Address of the device that the packet is being sent from so that data knows where to return to
Destination Address - The device’s IP Address the packet is being sent to so that data knows where to travel next
TCP/IP Three-Way Handshake
SYN - a SYN message is the initial packet sent by a client during the handshake. This packet is used to indicate a connection and synchronize the two devices together.
SYN/ACK - This packet is sent by the receiving device (server) to acknowledge the synchronization attempt from the client
ACK - The acknowledgement packet can be used by either the client or server to acknowledge that a series of messages/packets have been successfully received
DATA - Once a connection has been established, data (such as bytes of a file) is sent via the “DATA” message
FIN - This packet is used to cleanly close the connection after it has been complete
RST - This packet abruptly ends all communication. This is the last resort and indicates there was a problem during the process.
ISN
Initial Number Sequence. Any sent data is given a random number sequence and is reconstructed using this numbers sequence and incrementing by 1
Ports
An essential point in which data can be exchanged. These ports enforce what can park and where, as well as enforce strict rules when communicating with one another. Ports contain a numerical value between 0 and 65535
Important Protocol Ports
File Transfer Protocol (FTP) - Port 21
Secure Shell (SSH) - Port 22
HyperText Transfer Protocol (HTTP) - Port 80
HyperText Transfer Protocol Secure (HTTPS) - Port 443
Server Message Block (SMB) - Port 445
Remote Desktop Protocol (RDP) - Port 3389
Port Forwarding
An essential component in connecting applications and services to the internet. Without port forwarding, applications and services such as web servers are only available to devices within the same direct network.
Firewall
A device within a network responsible for determining what traffic is allowed to enter and exit. Can be configured by an admin to permit or deny traffic from entering or exiting through packet inspection
Stateful Firewall
This type of firewall uses the entire information from a connection; rather than inspecting an individual packet, this firewall determines the behavior of a device based upon the entire connection. Consumes many resources as the decision making is dynamic.
Stateless Firewall
This firewall type uses a static set of rules to determine whether ornate individual packets are acceptable or not. Whilst these firewalls use much fewer resources, they are not as smart.
VPN
Virtual Private Network. A technology that allows devices on separate networks to communicate securely by creating a dedicated path (tunnel) between each other over the internet. Devices connected within this tunnel form their own private network.
VPN Technology
PPP - used by PPTP to allow for authentication and provide encryption of data. VPN’s work by using a private key and public certificate. A private key and certificate must match for you to connect.
PPTP - Point to Point Tunneling Protocol is the technology that allows data from PPP to travel and leave a network.
IPSec - Internet Protocol Security encrypts data using the existing IP framework.
VLAN
Virtual Local Area Network allows specific devices within a network to be virtually split up. This split allows them to all benefit from things such as Internet connection but are treated separately.
DNS
Domain Name System provides a simple way for us to communicate with devices on the Internet without remembering complex numbers. Rather than remembering IP addresses, we can remember a DNS. instead.
TLD
Top-Level Domain is the most righthand part of a domain name.
gTLD
Generic Top Level - meant to tell the user the domain’s name purpose.
.com - commercial purposes
.org - organisation
.edu - education
.gov - government
etc
ccTLD
Country Code Top Level Domain - used for geographical purposes
.ca - Canadian based sites
.co.uk - UK based sites
etc
Second Level Domain
The middle part of the domain name. When registering a domain name, the second-level domain is limited to 63 characters + the TLD, and can only use a-z, 0-9, and hyphens (cannot start/end/have consecutive hyphens)
Subdomain
A subdomain sits on the left-hand side of the domain name using a period to separate it from the second-level domain. Has the same restrictions as the second-level domain.
ex) in admin.tryhackme.com —→ admin is the subdomain
A Record
These records resolve to IPv4 addresses
ex) 104.26.10.229
AAAA Record
These records resolve to IPv6 addresses
ex) 2606:4700:20::681a:be5
CNAME Record
These records resolve to another domain name
ex) store.tryhackme.com —→ returns a CNMA record shops.shopify.com
MX Record
These records resolve to the address of the servers that handle the email for the domain you are querying. They also come with a priority flag that tells the client in which order to try the servers
TXT Record
Free text fields where any text-based data can be stored. TXT records have multiple uses, but some common ones can be to list servers that have the authority to send an email on behalf of the domain, and verify ownership of the domain name when signing up for third party services
DNS Request Step 1
When you request a domain name, your computer first checks its local cache to see if you’ve previously looked up the address recently, if not move to your recursive DNS server
DNS Request Step 2
A recursive DNS server searches locally for domain names. If the request cannot be found locally, move to the internet’s root DNS server
DNS Request Step 3
The root servers act as the DNS backbone of the internet, their job is to redirect you to the correct TLD server, depending on your request.
ex) tryhackme.com —> the root server recognizes .com and refers you to the TLD server that deals with .com addresses
DNS Request Step 4
The TLD server holds records for where to find the authoritative server to answer the DNS request.
DNS Request Step 5
Depending on the record type, the DNS record is then sent back to the Recursive DNS Server, where a local copy will be cached for future requests and then relayed back to the original client that made the request.
Authoritative DNS Server
This type of server is responsible for storing the DNS records for a particular domain name and where any updates to your domain name DNS records would be made.
DNS TTL
DNS records all come with a TTL (Time To Live) value. This value is a number represented in seconds that the response should be saved for locally until you have to look it up again.
HTTP
HyperText Transfer Protocol - the set of rules used for communicating with web servers for the transmitting of webpage data, whether that is HTML, images, videos, etc
HTTPS
the secure version of HTTP. It is data encrypted, so it not only stops people from seeing the data you are receiving and sending, but it also gives you assurances that you’re talking to the correct web server.
URL
Uniform Resource Locator - an instruction on how to access a resource on the internet. Made up of a scheme, user, host/domain, port, path, query string, and fragment
URL Scheme
This instructs on what protocol to use for accessing the resource
URL User
Some services require authentication to log in, you can put a username and password into the URL to do so
URL Host
The domain name or IP address of the server you wish to access
URL Port
The port you are going to connect to, usually 80 for HTTP or 443 for HTTPS
URL Path
The file name or location of the resource you are trying to access
Query String
Extra bits of information that can be sent to the requested path
URL Fragment
This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it
GET Request
This is used for getting information from a web server
POST Request
This is used for submitting data to the web server and potentially creating new records
PUT Request
This is used for submitting data to a web server to update information
DELETE Request
This is used for deleting information/records from a web server
Common HTTP Status Codes
200 = OK - The request was completed successfully
201 = Created - A resource has been created
301 = Moved Permanently - This redirects the client’s browser to a new webpage or tells search engines that the page has moved somewhere else
302 = Found - Similar to the above permanent redirect, but only a temporary change
400 = Bad Request - Tells the browser that something was either wrong or missing in their request
401 = Not Authorized - You are not currently allowed to view this resource until you have authorized with the web application (usually with username/password)
403 = Forbidden - You do not have permission to view this resource whether you are logged in or not
404 = Page Not Found - The page/resource you requested does not exist
405 = Method Not Allowed - The resource does not allow this method request
500 = Internal Service Error - The server has encountered some kind of error with your request that it doesn't know how to handle properly
503 = Service Unavailable - This server cannot handle your request as it’s either overloaded or down for maintenance
Headers
Additional bits of data you can send to the web server when making requests
Common Request Headers
Host - Some web servers host multiple websites, this specifies which one you require
User-Agent: This is your browser software and version number, helping software format the website properly for your browser
Content-Length: Tells the web server how much data to expect in the web request
Accept-Encoding: Tells the server what types of compression methods the browser supports
Cookie: Data sent to the web server to help remember your information
Common Response Headers
Set-Cookie - Information to store which gets sent back to the web server on each request
Cache-Control - How long to store the content of the response in the browser’s cache before it requests it again
Content-Type - Tells the client what type of data is being returned
Content-Encoding: - What method has been used to compress the data to make it smaller when sending it over the Internet
Cookies
Small piece of data that is stored on your computer. Can be used to remind the web server who you are, some personal settings for the website or whether you’ve been to the site before. Usually stored in a token
HTML
HyperText Markup Language - the language websites are written in. Elements (also known as tags) are the building blocks of HTML pages and tells the browser how to display content.
<html> Element
The root element of the HTML page, all other elements come after this element
<head> Element
Contains information about the page
<body> Element
Defines the HTML document’s body, only content inside of the body is shown in the browser
<h1> Element
Defines a large heading
<p> Element
Defines a paragraph
JavaScript
Used to control the functionality of the webpages and make them interactive. Dynamically updates the page in real-time.
HTML Injection
A vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitize user input, an attacker can inject HTML code into a vulnerable website.
Load Balancers
Provide the ability to ensure high traffic websites can handle the load and provide a failover if a server becomes unresponsive. Uses different algorithms to decide which server is best suited to deal with a request.
Health Check
Periodic checks preformed by load balancers to ensure servers are running correctly
CDN
Content Delivery Networks - allows one to host static files from a website, and host them across thousands of servers all over the world
Databases
Web servers can communicate with databases to store and recall data from them.
WAF
Web Application Firewall - sits between your web requests and the web server; its primary purpose is to protect the web server from hacking or DDOS attacks.
Rate Limiting
Allowing only a certain amount of requests from an IP per second
