Networking

Studying networking terms & practical applications

Network

A connection of technological devices

The Internet

Network consisting of many smaller networks within itself

IP Address

Internet Protocol - a way of identifying a host on a network

Public IP Address

Used to identify a device on the internet

Private IP Address

Used to identify a device amongst other devices

ISP

Internet Service Provider

IPv4

2³² available addresses - number divided into four octets of (0-255)

IPv6

2^128 available addresses - number divided into 8 hexadecimal numbers

MAC Address

Media Access Control - physical network interface microchip on a device’s motherboard, 12 character hexadecimal number split into two’s and separated by a colon

ICMP

Internet Control Message Protocol - used by ping to send packets to determine the performance of a connection between devices

LAN

Local Area Network

Star Topology

Devices are individually connected via a central networking device such as a switch or a hub

Bus Topology

Relies upon a single connection known as a backbone cable

Ring Topology

Devices are connected directly to each other to form a loop

Switch

Dedicated devices within a network that are designed to aggregate multiple other devices using ethernet. These various devices plug into a switch’s port

Router

Router’s connect networks and pass data between them

Routing

Label given to the process of data traveling across networks. Involves creating a path between networks so this data can be successfully delivered.

Subnetting

Splitting up a network into smaller, miniature networks within itself. Achieved by splitting up the number of hosts that can fit within the network, represented by a number called a subnet mask

How do subnets use IP Addresses?

1: identify the network address

2: identify the host address

3: identify the default gateway

ARP Protocol

Address Resolution Protocol - allows a device to associate its MAC address with an IP Address on the network. Each device on a network will keep a log of the MAC address associated with other devices on it’s cache.

ARP Request

A message is broadcasted to every other device on a network asking if the device’s MAC address matches the requested IP address

ARP Reply

If the device doesn’t have the requested IP, the reply is returned to the initial device which will now remember this and store it in it’s cache

DHCP

Dynamic Host Configuration Protocol - When a device connects to a network, if it has not already been manually assigned an IP address, it sends out a request (DHCP Discover) to see if any DHCP servers are on the network. The DHCP server then replies back with an IP address the device could use (DHCP Offer). The device then sends a reply confirming it wants the offered IP Address (DHCP Request), and then lastly, the DHCP server sends a reply acknowledging this has been completed, and the device can start using the IP Address (DHCP ACK).

OSI Model

Open Systems Interconnection Model - provides a critical framework dictating how all networked devices will send, receive, and interpret data

Layer 7 - Application

The application layer is the layer in which protocols and rules are in place to determine how the user should interact with data sent or received

Layer 6 - Presentation

The presentation layer acts as a translator for data to and from the application layer. The receiving computer will also understand data sent to a computer in one format destined for another format.

Layer 5 - Session

The session layer synchronizes the two computers to ensure that they are on the same page before data is sent and received. Once these checks are in place, the session layer will begin to divide up the data sent into smaller packets of data and begin to send these packets one at a time

Layer 4 - Transport

The transport layer plays a vital part in transmitting data across a network using one of two different protocols, TCP or UDP

TCP

Transmission Control Protocol. TCP is designed with reliability and guarantee in mind. It reserves a constant connection between the two devices for the amount of time it takes for the data to be sent and received, and incorporates error checking into its design

UDP

User Datagram Protocol. Not nearly as advanced as TCP, or boast as many features as TCP. There is no synchronization between the two devices or guarantee the data is transmitted

Layer 3 - Network

The network layer is where the magic of routing & re-assembly of data takes place. Uses OSPF (Open Shortest Path First) and RIP (Routing Information Protocol) to determine the most optimal path

Routing

Determines the most optimal path in which chunks of data should be sent

Layer 2 - Data Link

The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer and adds in the physical MAC address of the receiving endpoint.

NIC

Network Interface Card - exists inside of every network-enabled computer and comes with a unique MAC address to identify it

Layer 1 - Physical

The physical layer references the physical components of the hardware used in networking and is the lowest layer you will find. Devices use electrical signals to transfer data between each other in a binary numbering system

Packets and Frames

Small pieces of data that when forming together make a larger piece of information or message. A frame exists at the data link layer of the OSI model, with no information such as an IP address. Packets are encapsulated and have IP address information.

Packet Efficiency

Packets are an efficient way of communicating data across network devices because it is exchanged in small pieces, and there is less of a chance of bottlenecking occurring across a network.

TCP Packets Headers

Time to Live - this field sets an expiry timer for the packet to not clog up your network if it never manages to reach a host or escape

Checksum - this field provides integrity checking for protocols such as TCP/IP. If any data is changed, this value will be different from what was expected and therefore corrupt

Source Address - The IP Address of the device that the packet is being sent from so that data knows where to return to

Destination Address - The device’s IP Address the packet is being sent to so that data knows where to travel next

TCP/IP Three-Way Handshake

SYN - a SYN message is the initial packet sent by a client during the handshake. This packet is used to indicate a connection and synchronize the two devices together.

SYN/ACK - This packet is sent by the receiving device (server) to acknowledge the synchronization attempt from the client

ACK - The acknowledgement packet can be used by either the client or server to acknowledge that a series of messages/packets have been successfully received

DATA - Once a connection has been established, data (such as bytes of a file) is sent via the “DATA” message

FIN - This packet is used to cleanly close the connection after it has been complete

RST - This packet abruptly ends all communication. This is the last resort and indicates there was a problem during the process.

ISN

Initial Number Sequence. Any sent data is given a random number sequence and is reconstructed using this numbers sequence and incrementing by 1

Ports

An essential point in which data can be exchanged. These ports enforce what can park and where, as well as enforce strict rules when communicating with one another. Ports contain a numerical value between 0 and 65535

Important Protocol Ports

File Transfer Protocol (FTP) - Port 21

Secure Shell (SSH) - Port 22

HyperText Transfer Protocol (HTTP) - Port 80

HyperText Transfer Protocol Secure (HTTPS) - Port 443

Server Message Block (SMB) - Port 445

Remote Desktop Protocol (RDP) - Port 3389

Port Forwarding

An essential component in connecting applications and services to the internet. Without port forwarding, applications and services such as web servers are only available to devices within the same direct network.

Firewall

A device within a network responsible for determining what traffic is allowed to enter and exit. Can be configured by an admin to permit or deny traffic from entering or exiting through packet inspection

Stateful Firewall

This type of firewall uses the entire information from a connection; rather than inspecting an individual packet, this firewall determines the behavior of a device based upon the entire connection. Consumes many resources as the decision making is dynamic.

Stateless Firewall

This firewall type uses a static set of rules to determine whether ornate individual packets are acceptable or not. Whilst these firewalls use much fewer resources, they are not as smart.

VPN

Virtual Private Network. A technology that allows devices on separate networks to communicate securely by creating a dedicated path (tunnel) between each other over the internet. Devices connected within this tunnel form their own private network.

VPN Technology

PPP - used by PPTP to allow for authentication and provide encryption of data. VPN’s work by using a private key and public certificate. A private key and certificate must match for you to connect.

PPTP - Point to Point Tunneling Protocol is the technology that allows data from PPP to travel and leave a network.

IPSec - Internet Protocol Security encrypts data using the existing IP framework.

VLAN

Virtual Local Area Network allows specific devices within a network to be virtually split up. This split allows them to all benefit from things such as Internet connection but are treated separately.

DNS

Domain Name System provides a simple way for us to communicate with devices on the Internet without remembering complex numbers. Rather than remembering IP addresses, we can remember a DNS. instead.

TLD

Top-Level Domain is the most righthand part of a domain name.

gTLD

Generic Top Level - meant to tell the user the domain’s name purpose.

.com - commercial purposes

.org - organisation

.edu - education

.gov - government

etc

ccTLD

Country Code Top Level Domain - used for geographical purposes

.ca - Canadian based sites

.co.uk - UK based sites

etc

Second Level Domain

The middle part of the domain name. When registering a domain name, the second-level domain is limited to 63 characters + the TLD, and can only use a-z, 0-9, and hyphens (cannot start/end/have consecutive hyphens)

Subdomain

A subdomain sits on the left-hand side of the domain name using a period to separate it from the second-level domain. Has the same restrictions as the second-level domain.

ex) in admin.tryhackme.com —→ admin is the subdomain

A Record

These records resolve to IPv4 addresses

ex) 104.26.10.229

AAAA Record

These records resolve to IPv6 addresses

ex) 2606:4700:20::681a:be5

CNAME Record

These records resolve to another domain name

ex) store.tryhackme.com —→ returns a CNMA record shops.shopify.com

MX Record

These records resolve to the address of the servers that handle the email for the domain you are querying. They also come with a priority flag that tells the client in which order to try the servers

TXT Record

Free text fields where any text-based data can be stored. TXT records have multiple uses, but some common ones can be to list servers that have the authority to send an email on behalf of the domain, and verify ownership of the domain name when signing up for third party services

DNS Request Step 1

When you request a domain name, your computer first checks its local cache to see if you’ve previously looked up the address recently, if not move to your recursive DNS server

DNS Request Step 2

A recursive DNS server searches locally for domain names. If the request cannot be found locally, move to the internet’s root DNS server

DNS Request Step 3

The root servers act as the DNS backbone of the internet, their job is to redirect you to the correct TLD server, depending on your request.

ex) tryhackme.com —> the root server recognizes .com and refers you to the TLD server that deals with .com addresses

DNS Request Step 4

The TLD server holds records for where to find the authoritative server to answer the DNS request.

DNS Request Step 5

Depending on the record type, the DNS record is then sent back to the Recursive DNS Server, where a local copy will be cached for future requests and then relayed back to the original client that made the request.

Authoritative DNS Server

This type of server is responsible for storing the DNS records for a particular domain name and where any updates to your domain name DNS records would be made.

DNS TTL

DNS records all come with a TTL (Time To Live) value. This value is a number represented in seconds that the response should be saved for locally until you have to look it up again.

HTTP

HyperText Transfer Protocol - the set of rules used for communicating with web servers for the transmitting of webpage data, whether that is HTML, images, videos, etc

HTTPS

the secure version of HTTP. It is data encrypted, so it not only stops people from seeing the data you are receiving and sending, but it also gives you assurances that you’re talking to the correct web server.

URL

Uniform Resource Locator - an instruction on how to access a resource on the internet. Made up of a scheme, user, host/domain, port, path, query string, and fragment

URL Scheme

This instructs on what protocol to use for accessing the resource

URL User

Some services require authentication to log in, you can put a username and password into the URL to do so

URL Host

The domain name or IP address of the server you wish to access

URL Port

The port you are going to connect to, usually 80 for HTTP or 443 for HTTPS

URL Path

The file name or location of the resource you are trying to access

Query String

Extra bits of information that can be sent to the requested path

URL Fragment

This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it

GET Request

This is used for getting information from a web server

POST Request

This is used for submitting data to the web server and potentially creating new records

PUT Request

This is used for submitting data to a web server to update information

DELETE Request

This is used for deleting information/records from a web server

Common HTTP Status Codes

200 = OK - The request was completed successfully

201 = Created - A resource has been created

301 = Moved Permanently - This redirects the client’s browser to a new webpage or tells search engines that the page has moved somewhere else

302 = Found - Similar to the above permanent redirect, but only a temporary change

400 = Bad Request - Tells the browser that something was either wrong or missing in their request

401 = Not Authorized - You are not currently allowed to view this resource until you have authorized with the web application (usually with username/password)

403 = Forbidden - You do not have permission to view this resource whether you are logged in or not

404 = Page Not Found - The page/resource you requested does not exist

405 = Method Not Allowed - The resource does not allow this method request

500 = Internal Service Error - The server has encountered some kind of error with your request that it doesn't know how to handle properly

503 = Service Unavailable - This server cannot handle your request as it’s either overloaded or down for maintenance

Headers

Additional bits of data you can send to the web server when making requests

Common Request Headers

Host - Some web servers host multiple websites, this specifies which one you require

User-Agent: This is your browser software and version number, helping software format the website properly for your browser

Content-Length: Tells the web server how much data to expect in the web request

Accept-Encoding: Tells the server what types of compression methods the browser supports

Cookie: Data sent to the web server to help remember your information

Common Response Headers

Set-Cookie - Information to store which gets sent back to the web server on each request

Cache-Control - How long to store the content of the response in the browser’s cache before it requests it again

Content-Type - Tells the client what type of data is being returned

Content-Encoding: - What method has been used to compress the data to make it smaller when sending it over the Internet

Cookies

Small piece of data that is stored on your computer. Can be used to remind the web server who you are, some personal settings for the website or whether you’ve been to the site before. Usually stored in a token

HTML

HyperText Markup Language - the language websites are written in. Elements (also known as tags) are the building blocks of HTML pages and tells the browser how to display content.

<html> Element

The root element of the HTML page, all other elements come after this element

<head> Element

Contains information about the page

<body> Element

Defines the HTML document’s body, only content inside of the body is shown in the browser

<h1> Element

Defines a large heading

<p> Element

Defines a paragraph

JavaScript

Used to control the functionality of the webpages and make them interactive. Dynamically updates the page in real-time.

HTML Injection

A vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitize user input, an attacker can inject HTML code into a vulnerable website.

Load Balancers

Provide the ability to ensure high traffic websites can handle the load and provide a failover if a server becomes unresponsive. Uses different algorithms to decide which server is best suited to deal with a request.

Health Check

Periodic checks preformed by load balancers to ensure servers are running correctly

CDN

Content Delivery Networks - allows one to host static files from a website, and host them across thousands of servers all over the world

Databases

Web servers can communicate with databases to store and recall data from them.

WAF

Web Application Firewall - sits between your web requests and the web server; its primary purpose is to protect the web server from hacking or DDOS attacks.

Rate Limiting

Allowing only a certain amount of requests from an IP per second