Networking Concepts: Difference between revisions

From HackOps
Jump to navigation Jump to search
Newer edit →
VisualWikitext
Created page with "== Networking Concepts == Networking is the backbone of all digital communication. Understanding how systems connect, route data, and expose services is foundational for both attackers and defenders. === Core Concepts === * OSI Model and TCP/IP Stack * IP Addressing (IPv4 vs IPv6), CIDR Notation, Subnets * MAC Addressing and ARP Protocol * DNS Resolution and record types (A Record, CNAME, MX, TXT) * NAT, PAT, and..."
 
No edit summary
Line 1: Line 1:
== Networking Concepts ==
== Networking Concepts ==


Networking is the backbone of all digital communication. Understanding how systems connect, route data, and expose services is foundational for both attackers and defenders.
Understanding network fundamentals is essential for reconnaissance, lateral movement, and post-exploitation. Knowing how IP addressing, protocols, routing, and ports function allows attackers to discover services, manipulate traffic, tunnel covertly, and evade detection.


=== Core Concepts ===
This section provides a structured overview of the core principles and tools used to analyze, interact with, and exploit networks in real-world offensive operations.
 
=== 1. Network Fundamentals ===
* [[OSI Model]] and [[TCP/IP Stack]]
* [[OSI Model]] and [[TCP/IP Stack]]
* [[IP Addressing]] (IPv4 vs IPv6), [[CIDR Notation]], [[Subnets]]
* [[IP Addressing]] (IPv4 vs IPv6), [[CIDR Notation]], [[Subnets]]
* [[MAC Addressing]] and [[ARP Protocol]]
* [[MAC Addressing]] and [[ARP Protocol]]
* [[DNS Resolution]] and record types ([[A Record]], [[CNAME]], [[MX]], [[TXT]])
* [[NAT]], [[PAT]], and [[Routing Basics]]
* [[NAT]], [[PAT]], and [[Routing Basics]]
* [[TCP Three-Way Handshake]] and connection teardown
* [[UDP Protocol]] communication and stateless behavior
* [[ICMP Protocol]] packets and common diagnostic tools ([[ping]], [[traceroute]])
* [[MTU]] and [[Packet Fragmentation]]
* [[MTU]] and [[Packet Fragmentation]]
* Common transport-layer attacks ([[SYN Flood]], [[RST Injection]])


=== Transport & Application Protocols ===
=== 2. Protocol Behavior ===
* [[TCP Protocol]] and [[TCP Three-Way Handshake]]
* [[UDP Protocol]] and stateless behavior
* [[ICMP Protocol]] – echo requests, TTL, and diagnostics
* [[DNS Resolution]] and record types ([[A Record]], [[CNAME]], [[MX]], [[TXT]])
 
=== 3. Transport & Application Protocols ===
* [[TCP vs UDP vs SCTP]] – flow control and reliability
* [[TCP vs UDP vs SCTP]] – flow control and reliability
* [[HTTP Protocols]]: HTTP/1.1, HTTP/2, [[HTTP/3 (QUIC)]]
* [[HTTP Protocols]]: HTTP/1.1, HTTP/2, [[HTTP/3 (QUIC)]]
* [[TLS 1.3]] handshake flow, cipher suites, and [[Forward Secrecy]]
* [[TLS 1.3]], cipher suites, and [[Forward Secrecy]]
* [[SMB Protocol]], [[LDAP]], [[Kerberos Authentication]]
* [[SMB Protocol]], [[LDAP]], [[Kerberos Authentication]]
* [[SIP Protocol]], [[RTP Protocol]] – VoIP signaling and media streams
* [[SIP Protocol]], [[RTP Protocol]] – VoIP signaling and media
* [[DNSSEC]], [[DNS over TLS (DoT)]], [[DNS over HTTPS (DoH)]]
* [[DNSSEC]], [[DoT]], [[DoH]]
 
=== IPv6 Considerations ===
* [[IPv6 Addressing]]: link-local vs global unicast
* [[Neighbor Discovery Protocol (NDP)]] and [[SLAAC]]
* [[IPv6 Extension Headers]] and their security impact
* [[Dual Stack Networking]] and [[IPv4 Tunneling]] (6in4, [[Teredo]])
* [[IPv6 Attack Surface]] – RA spoofing, fragmented headers


=== Port Overview ===
=== 4. Port Overview ===
Understanding ports and services is critical for network reconnaissance and service identification. Each service typically runs on a well-defined port.
Understanding ports and services is critical for network reconnaissance and service identification.


{| class="wikitable sortable"
{| class="wikitable sortable"
Line 46: Line 42:
| 53 || UDP/TCP || [[DNS]] || Domain Name System – resolves domain names to IP addresses
| 53 || UDP/TCP || [[DNS]] || Domain Name System – resolves domain names to IP addresses
|-
|-
| 67, 68 || UDP || [[DHCP]] || Dynamic Host Configuration Protocol – assigns IP addresses
| 67, 68 || UDP || [[DHCP]] || Assigns IP addresses automatically
|-
|-
| 80 || TCP || [[HTTP]] || HyperText Transfer Protocol – standard web traffic
| 80 || TCP || [[HTTP]] || Standard web traffic
|-
|-
| 110 || TCP || [[POP3]] || Post Office Protocol – retrieving emails
| 110 || TCP || [[POP3]] || Email retrieval
|-
|-
| 123 || UDP || [[NTP]] || Network Time Protocol – clock synchronization
| 123 || UDP || [[NTP]] || Clock synchronization
|-
|-
| 143 || TCP || [[IMAP]] || Internet Message Access Protocol – email retrieval
| 143 || TCP || [[IMAP]] || Internet Message Access Protocol – email
|-
|-
| 161, 162 || UDP || [[SNMP]] || Simple Network Management Protocol – device monitoring
| 161, 162 || UDP || [[SNMP]] || Device monitoring
|-
|-
| 443 || TCP || [[HTTPS]] || Encrypted HTTP using TLS
| 443 || TCP || [[HTTPS]] || Encrypted HTTP via TLS
|-
|-
| 445 || TCP || [[SMB]] || Server Message Block – file and printer sharing on Windows
| 445 || TCP || [[SMB]] || Windows file/printer sharing
|-
|-
| 3306 || TCP || [[MySQL]] || Database service for MySQL
| 3306 || TCP || [[MySQL]] || MySQL database service
|-
|-
| 3389 || TCP || [[RDP]] || Remote Desktop Protocol – Windows remote access
| 3389 || TCP || [[RDP]] || Windows remote access
|-
|-
| 8080 || TCP || [[HTTP-Alt]] || Often used for proxy or secondary web services
| 8080 || TCP || [[HTTP-Alt]] || Proxy or alternate web services
|}
|}


=== Diagnostic & Monitoring Tools ===
=== 5. IPv6 Considerations ===
* [[ping]] (test reachability using ICMP echo requests)
* [[IPv6 Addressing]]: link-local vs global
* [[traceroute]] / [[tracert]] (track packet route to target)
* [[Neighbor Discovery Protocol (NDP)]] and [[SLAAC]]
* [[netstat]] / [[ss]] (view open ports and active connections)
* [[IPv6 Extension Headers]] and their use in evasion
* [[ip]] / [[ifconfig]] (view and configure IP settings)
* [[Dual Stack Networking]] and [[Teredo]]
* [[dig]] / [[nslookup]] (query DNS records)
* [[IPv6 Attack Surface]] – RA spoofing, header chains
* [[tcpdump]] (capture and analyze network packets)
* [[Wireshark]] (GUI-based packet analysis)
* [[nmap]] / [[masscan]] (port and service scanners)
* [[nc]] / [[netcat]] (TCP/UDP data transfer and listening)
* [[hping3]] / [[scapy]] (craft custom packets for testing and evasion)


=== Packet Crafting & Manipulation ===
=== 6. Diagnostic & Monitoring Tools ===
* [[TCP/UDP Floods]] – custom packet generation
* [[ping]], [[traceroute]] / [[tracert]]
* [[Fragmentation Attacks]] to bypass simple filters
* [[netstat]] / [[ss]], [[ip]] / [[ifconfig]]
* [[Packet Replay]] for credential or session hijacking
* [[dig]] / [[nslookup]]
* [[TTL Analysis]] to map filtered paths
* [[tcpdump]], [[Wireshark]], [[nmap]], [[masscan]]
* [[nc]] / [[netcat]], [[hping3]], [[scapy]]
 
=== 7. Packet Crafting & Manipulation ===
* [[TCP/UDP Floods]], [[Fragmentation Attacks]]
* [[Packet Replay]], [[TTL Analysis]]
* Tools: [[scapy]], [[hping3]], [[nping]]
* Tools: [[scapy]], [[hping3]], [[nping]]


=== Tunneling & Encapsulation ===
=== 8. Tunneling & Encapsulation ===
* [[SSH Tunneling]] (local, remote, dynamic SOCKS)
* [[SSH Tunneling]] (local/remote/SOCKS)
* VPN protocols: [[IPsec]], [[OpenVPN]], [[WireGuard]]
* VPNs: [[IPsec]], [[OpenVPN]], [[WireGuard]]
* [[DNS Tunneling]], [[ICMP Tunneling]], [[HTTP Tunneling]]
* [[DNS]], [[ICMP]], [[HTTP Tunneling]]
* [[GRE]], [[VXLAN]], and [[GENEVE]] overlays
* Overlay protocols: [[GRE]], [[VXLAN]], [[GENEVE]]
* Tools: [[ssh]], [[stunnel]], [[iodine]], [[chisel]]
* Tools: [[ssh]], [[stunnel]], [[iodine]], [[chisel]]


=== Network Security Devices & Controls ===
=== 9. Network Security Devices & Controls ===
* [[Stateless vs Stateful Firewalls]]
* [[Stateless vs Stateful Firewalls]]
* [[IDS]] / [[IPS]] (Snort, Suricata)
* [[IDS]] / [[IPS]] (Snort, Suricata)
* [[Web Application Firewall (WAF)]]
* [[WAFs]] and proxy filtering
* [[Proxy Servers]]: forward, reverse, transparent
* [[VLAN Segmentation]], [[Zero Trust]]
* [[VLAN Segmentation]] and [[Zero Trust Networking]]
* [[Load Balancers]] – L4 vs L7
* [[Load Balancers]] – L4 vs L7


=== Protocol References ===
=== 10. Packet Capture & Analysis ===
* [https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Full list of TCP/UDP port numbers (Wikipedia)]
* [[tcpdump]], [[Wireshark]], [[pcap]] files
* [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml IANA Port Number Registry]
* Common filters: `tcp.port == 80`, `ip.addr == 192.168.1.1`, `dns.qry.name`
* [https://speedguide.net/port.php SpeedGuide Port Reference]


=== Packet Capture & Analysis ===
=== 11. Network Mapping & Visualization ===
* [[tcpdump]] (command-line packet sniffer)
* [[Nmap]], [[Netdiscover]], [[Zenmap]]
* [[Wireshark]] (detailed packet-level inspection)
* [[Traceroute]] topology graphs
* [[pcap]] files and offline analysis
* Common filters: `tcp.port == 80`, `ip.addr == 192.168.1.1`, `dns.qry.name`


=== Network Mapping & Visualization ===
=== 12. Protocol References ===
* [[Nmap]] for topology and host discovery
* [https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Wikipedia: Port List]
* [[Netdiscover]] for ARP-based LAN host identification
* [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml IANA Registry]
* [[Traceroute]] graphs
* [https://speedguide.net/port.php SpeedGuide Reference]
* [[Zenmap]] GUI for network scans

Revision as of 02:32, 29 May 2025

Networking Concepts

Understanding network fundamentals is essential for reconnaissance, lateral movement, and post-exploitation. Knowing how IP addressing, protocols, routing, and ports function allows attackers to discover services, manipulate traffic, tunnel covertly, and evade detection.

This section provides a structured overview of the core principles and tools used to analyze, interact with, and exploit networks in real-world offensive operations.

1. Network Fundamentals

2. Protocol Behavior

3. Transport & Application Protocols

4. Port Overview

Understanding ports and services is critical for network reconnaissance and service identification.

Port Protocol Common Service Description
20, 21 TCP FTP File Transfer Protocol – used for transferring files
22 TCP SSH Secure Shell – remote access to systems
23 TCP Telnet Unencrypted remote login service
25 TCP SMTP Simple Mail Transfer Protocol – sending emails
53 UDP/TCP DNS Domain Name System – resolves domain names to IP addresses
67, 68 UDP DHCP Assigns IP addresses automatically
80 TCP HTTP Standard web traffic
110 TCP POP3 Email retrieval
123 UDP NTP Clock synchronization
143 TCP IMAP Internet Message Access Protocol – email
161, 162 UDP SNMP Device monitoring
443 TCP HTTPS Encrypted HTTP via TLS
445 TCP SMB Windows file/printer sharing
3306 TCP MySQL MySQL database service
3389 TCP RDP Windows remote access
8080 TCP HTTP-Alt Proxy or alternate web services

5. IPv6 Considerations

6. Diagnostic & Monitoring Tools

7. Packet Crafting & Manipulation

8. Tunneling & Encapsulation

9. Network Security Devices & Controls

10. Packet Capture & Analysis

  • tcpdump, Wireshark, pcap files
  • Common filters: `tcp.port == 80`, `ip.addr == 192.168.1.1`, `dns.qry.name`

11. Network Mapping & Visualization

12. Protocol References

Retrieved from "https://hackops.wiki/index.php?title=Networking_Concepts&oldid=143"