Editing
Networking Concepts
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Networking Concepts == Understanding network fundamentals is essential for reconnaissance, lateral movement, and post-exploitation. Knowing how IP addressing, protocols, routing, and ports function allows attackers to discover services, manipulate traffic, tunnel covertly, and evade detection. This section provides a structured overview of the core principles and tools used to analyze, interact with, and exploit networks in real-world offensive operations. {| class="wikitable sortable" ! Concept !! Description |- | [[OSI Model]] || Identifies where to inspect, disrupt, or manipulate traffic across layers. |- | [[TCP/IP Stack]] || Shows how real-world protocols interact and where tools operate. |- | [[UDP Protocol]] || Explains fast, connectionless traffic used in DNS, VoIP, and amplification attacks. |- | [[IP Addressing]] || Core to scanning, access targeting, and pivoting. |- | [[Subnetting]] || Defines internal boundaries useful for lateral movement. |- | [[CIDR Notation]] || Helps calculate scan ranges and filter scopes. |- | [[MAC Addressing]] || Used for impersonation and local device spoofing. |- | [[ARP Protocol]] || Enables redirection and interception on local networks. |- | [[Routing Basics]] || Explains packet paths across and between networks. |- | [[NAT]] || Masks internal systems; relevant for ingress and egress control. |- | [[LAN Topologies]] || Reveals traffic flow, bottlenecks, and broadcast domains. |} === Protocol Behavior === * [[TCP Protocol]] and [[TCP Three-Way Handshake]] * [[UDP Protocol]] and stateless behavior * [[ICMP Protocol]] β echo requests, TTL, and diagnostics * [[DNS Resolution]] and record types ([[A Record]], [[CNAME]], [[MX]], [[TXT]]) === Transport & Application Protocols === * [[TCP vs UDP vs SCTP]] β flow control and reliability * [[HTTP Protocols]]: HTTP/1.1, HTTP/2, [[HTTP/3 (QUIC)]] * [[Making HTTP Requests]] * [[TLS 1.3]], cipher suites, and [[Forward Secrecy]] * [[SMB Protocol]], [[LDAP]], [[Kerberos Authentication]] * [[SIP Protocol]], [[RTP Protocol]] β VoIP signaling and media * [[DNSSEC]], [[DoT]], [[DoH]] === Port Overview === Understanding ports and services is critical for network reconnaissance and service identification. {| class="wikitable sortable" ! Port !! Protocol !! Common Service !! Description |- | 20, 21 || TCP || [[FTP]] || File Transfer Protocol β used for transferring files |- | 22 || TCP || [[SSH]] || Secure Shell β remote access to systems |- | 23 || TCP || [[Telnet]] || Unencrypted remote login service |- | 25 || TCP || [[SMTP]] || Simple Mail Transfer Protocol β sending emails |- | 53 || UDP/TCP || [[DNS]] || Domain Name System β resolves domain names to IP addresses |- | 67, 68 || UDP || [[DHCP]] || Assigns IP addresses automatically |- | 69 || UDP || [[TFTP]] || Trivial File Transfer Protocol β lightweight file transfers |- | 80 || TCP || [[HTTP]] || Standard web traffic |- | 110 || TCP || [[POP3]] || Email retrieval |- | 123 || UDP || [[NTP]] || Clock synchronization |- | 135 || TCP || [[RPC]] || Microsoft Remote Procedure Call |- | 137β139 || UDP/TCP || [[NetBIOS]] || Windows NetBIOS services (name resolution, session services) |- | 143 || TCP || [[IMAP]] || Internet Message Access Protocol β email |- | 161, 162 || UDP || [[SNMP]] || Device monitoring |- | 389 || TCP/UDP || [[LDAP]] || Lightweight Directory Access Protocol |- | 443 || TCP || [[HTTPS]] || Encrypted HTTP via TLS |- | 445 || TCP || [[SMB]] || Windows file/printer sharing |- | 465 || TCP || [[SMTPS]] || Secure SMTP (over SSL) |- | 514 || UDP || [[Syslog]] || Logging protocol for network devices |- | 587 || TCP || [[SMTP Submission]] || Mail submission with STARTTLS |- | 636 || TCP || [[LDAPS]] || Secure LDAP (over SSL) |- | 993 || TCP || [[IMAPS]] || Secure IMAP (over SSL) |- | 995 || TCP || [[POP3S]] || Secure POP3 (over SSL) |- | 1433 || TCP || [[MSSQL]] || Microsoft SQL Server |- | 1521 || TCP || [[Oracle DB]] || Oracle Database listener |- | 1723 || TCP || [[PPTP]] || Point-to-Point Tunneling Protocol (VPN) |- | 1883 || TCP || [[MQTT]] || Lightweight messaging protocol for IoT |- | 2049 || TCP/UDP || [[NFS]] || Network File System |- | 3128 || TCP || [[Squid Proxy]] || Default Squid proxy port |- | 3306 || TCP || [[MySQL]] || MySQL database service |- | 3389 || TCP || [[RDP]] || Windows remote access |- | 3690 || TCP || [[SVN]] || Subversion version control |- | 4444 || TCP || [[Metasploit]] || Common port for reverse shells and Metasploit handlers |- | 5060 || UDP/TCP || [[SIP]] || Session Initiation Protocol β VoIP signaling |- | 5900 || TCP || [[VNC]] || Virtual Network Computing remote desktop |- | 5985, 5986 || TCP || [[WinRM]] || Windows Remote Management β HTTP/HTTPS |- | 6379 || TCP || [[Redis]] || In-memory key-value data store |- | 8000 || TCP || [[HTTP-Alt]] || Alternate HTTP services |- | 8080 || TCP || [[HTTP-Alt]] || Proxy or alternate web services |- | 8443 || TCP || [[HTTPS-Alt]] || Alternate HTTPS with TLS |- | 9000 || TCP || [[PHP-FPM]] || FastCGI Process Manager for PHP |- | 9200 || TCP || [[Elasticsearch]] || REST API for Elasticsearch nodes |- | 11211 || TCP || [[Memcached]] || High-performance caching system |- | 27017 || TCP || [[MongoDB]] || NoSQL database used in many web apps |} === IPv6 Considerations === * [[IPv6 Addressing]]: link-local vs global * [[Neighbor Discovery Protocol (NDP)]] and [[SLAAC]] * [[IPv6 Extension Headers]] and their use in evasion * [[Dual Stack Networking]] and [[Teredo]] * [[IPv6 Attack Surface]] β RA spoofing, header chains === Diagnostic & Monitoring Tools === * [[ping]], [[traceroute]] / [[tracert]] * [[netstat]] / [[ss]], [[ip]] / [[ifconfig]] * [[dig]] / [[nslookup]] * [[tcpdump]], [[Wireshark]], [[nmap]], [[masscan]] * [[nc]] / [[netcat]], [[hping3]], [[scapy]] === Packet Crafting & Manipulation === * [[TCP/UDP Floods]], [[Fragmentation Attacks]] * [[Packet Replay]], [[TTL Analysis]] * Tools: [[scapy]], [[hping3]], [[nping]] === Tunneling & Encapsulation === * [[SSH Tunneling]] (local/remote/SOCKS) * VPNs: [[IPsec]], [[OpenVPN]], [[WireGuard]] * [[DNS Tunneling]], [[ICMP Tunneling]], [[HTTP Tunneling]] * Overlay protocols: [[GRE]], [[VXLAN]], [[GENEVE]] * Tools: [[ssh]], [[stunnel]], [[iodine]], [[chisel]] === Network Security Devices & Controls === * [[Stateless vs Stateful Firewalls]] * [[IDS]] / [[IPS]] (Snort, Suricata) * [[WAFs]] and proxy filtering * [[VLAN Segmentation]], [[Zero Trust]] * [[Load Balancers]] β L4 vs L7 === Packet Capture & Analysis === * [[tcpdump]], [[Wireshark]], [[pcap]] files * Common filters: `tcp.port == 80`, `ip.addr == 192.168.1.1`, `dns.qry.name` === Network Mapping & Visualization === * [[Nmap]], [[Netdiscover]], [[Zenmap]] * [[Traceroute]] topology graphs === Protocol References === * [https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Wikipedia: Port List] * [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml IANA Registry] * [https://speedguide.net/port.php SpeedGuide Reference]
Summary:
Please note that all contributions to HackOps may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
HackOps:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Tools
What links here
Related changes
Special pages
Page information