Networking Concepts: Difference between revisions

Revision as of 02:33, 29 May 2025

Networking Concepts

Understanding network fundamentals is essential for reconnaissance, lateral movement, and post-exploitation. Knowing how IP addressing, protocols, routing, and ports function allows attackers to discover services, manipulate traffic, tunnel covertly, and evade detection.

This section provides a structured overview of the core principles and tools used to analyze, interact with, and exploit networks in real-world offensive operations.

Network Fundamentals

OSI Model and TCP/IP Stack
IP Addressing (IPv4 vs IPv6), CIDR Notation, Subnets
MAC Addressing and ARP Protocol
NAT, PAT, and Routing Basics
MTU and Packet Fragmentation

Protocol Behavior

TCP Protocol and TCP Three-Way Handshake
UDP Protocol and stateless behavior
ICMP Protocol – echo requests, TTL, and diagnostics
DNS Resolution and record types (A Record, CNAME, MX, TXT)

Transport & Application Protocols

TCP vs UDP vs SCTP – flow control and reliability
HTTP Protocols: HTTP/1.1, HTTP/2, HTTP/3 (QUIC)
TLS 1.3, cipher suites, and Forward Secrecy
SMB Protocol, LDAP, Kerberos Authentication
SIP Protocol, RTP Protocol – VoIP signaling and media
DNSSEC, DoT, DoH

Port Overview

Understanding ports and services is critical for network reconnaissance and service identification.

Port	Protocol	Common Service	Description
20, 21	TCP	FTP	File Transfer Protocol – used for transferring files
22	TCP	SSH	Secure Shell – remote access to systems
23	TCP	Telnet	Unencrypted remote login service
25	TCP	SMTP	Simple Mail Transfer Protocol – sending emails
53	UDP/TCP	DNS	Domain Name System – resolves domain names to IP addresses
67, 68	UDP	DHCP	Assigns IP addresses automatically
80	TCP	HTTP	Standard web traffic
110	TCP	POP3	Email retrieval
123	UDP	NTP	Clock synchronization
143	TCP	IMAP	Internet Message Access Protocol – email
161, 162	UDP	SNMP	Device monitoring
443	TCP	HTTPS	Encrypted HTTP via TLS
445	TCP	SMB	Windows file/printer sharing
3306	TCP	MySQL	MySQL database service
3389	TCP	RDP	Windows remote access
8080	TCP	HTTP-Alt	Proxy or alternate web services

IPv6 Considerations

IPv6 Addressing: link-local vs global
Neighbor Discovery Protocol (NDP) and SLAAC
IPv6 Extension Headers and their use in evasion
Dual Stack Networking and Teredo
IPv6 Attack Surface – RA spoofing, header chains

Diagnostic & Monitoring Tools

Packet Crafting & Manipulation

Tunneling & Encapsulation

SSH Tunneling (local/remote/SOCKS)
VPNs: IPsec, OpenVPN, WireGuard
DNS Tunneling, ICMP Tunneling, HTTP Tunneling
Overlay protocols: GRE, VXLAN, GENEVE
Tools: ssh, stunnel, iodine, chisel

Network Security Devices & Controls

Stateless vs Stateful Firewalls
IDS / IPS (Snort, Suricata)
WAFs and proxy filtering
VLAN Segmentation, Zero Trust
Load Balancers – L4 vs L7

@@ Line 5: / Line 5: @@
 This section provides a structured overview of the core principles and tools used to analyze, interact with, and exploit networks in real-world offensive operations.
-=== 1. Network Fundamentals ===
+=== Network Fundamentals ===
 * [[OSI Model]] and [[TCP/IP Stack]]
 * [[IP Addressing]] (IPv4 vs IPv6), [[CIDR Notation]], [[Subnets]]
@@ Line 12: / Line 12: @@
 * [[MTU]] and [[Packet Fragmentation]]
-=== 2. Protocol Behavior ===
+=== Protocol Behavior ===
 * [[TCP Protocol]] and [[TCP Three-Way Handshake]]
 * [[UDP Protocol]] and stateless behavior
@@ Line 18: / Line 18: @@
 * [[DNS Resolution]] and record types ([[A Record]], [[CNAME]], [[MX]], [[TXT]])
-=== 3. Transport & Application Protocols ===
+=== Transport & Application Protocols ===
 * [[TCP vs UDP vs SCTP]] – flow control and reliability
 * [[HTTP Protocols]]: HTTP/1.1, HTTP/2, [[HTTP/3 (QUIC)]]
@@ Line 26: / Line 26: @@
 * [[DNSSEC]], [[DoT]], [[DoH]]
-=== 4. Port Overview ===
+=== Port Overview ===
 Understanding ports and services is critical for network reconnaissance and service identification.
@@ Line 65: / Line 65: @@
 |}
-=== 5. IPv6 Considerations ===
+=== IPv6 Considerations ===
 * [[IPv6 Addressing]]: link-local vs global
 * [[Neighbor Discovery Protocol (NDP)]] and [[SLAAC]]
@@ Line 72: / Line 72: @@
 * [[IPv6 Attack Surface]] – RA spoofing, header chains
-=== 6. Diagnostic & Monitoring Tools ===
+=== Diagnostic & Monitoring Tools ===
 * [[ping]], [[traceroute]] / [[tracert]]
 * [[netstat]] / [[ss]], [[ip]] / [[ifconfig]]
@@ Line 79: / Line 79: @@
 * [[nc]] / [[netcat]], [[hping3]], [[scapy]]
-=== 7. Packet Crafting & Manipulation ===
+=== Packet Crafting & Manipulation ===
 * [[TCP/UDP Floods]], [[Fragmentation Attacks]]
 * [[Packet Replay]], [[TTL Analysis]]
 * Tools: [[scapy]], [[hping3]], [[nping]]
-=== 8. Tunneling & Encapsulation ===
+=== Tunneling & Encapsulation ===
 * [[SSH Tunneling]] (local/remote/SOCKS)
 * VPNs: [[IPsec]], [[OpenVPN]], [[WireGuard]]
-* [[DNS]], [[ICMP]], [[HTTP Tunneling]]
+* [[DNS Tunneling]], [[ICMP Tunneling]], [[HTTP Tunneling]]
 * Overlay protocols: [[GRE]], [[VXLAN]], [[GENEVE]]
 * Tools: [[ssh]], [[stunnel]], [[iodine]], [[chisel]]
-=== 9. Network Security Devices & Controls ===
+=== Network Security Devices & Controls ===
 * [[Stateless vs Stateful Firewalls]]
 * [[IDS]] / [[IPS]] (Snort, Suricata)
@@ Line 98: / Line 98: @@
 * [[Load Balancers]] – L4 vs L7
-=== 10. Packet Capture & Analysis ===
+=== Packet Capture & Analysis ===
 * [[tcpdump]], [[Wireshark]], [[pcap]] files
 * Common filters: `tcp.port == 80`, `ip.addr == 192.168.1.1`, `dns.qry.name`
-=== 11. Network Mapping & Visualization ===
+=== Network Mapping & Visualization ===
 * [[Nmap]], [[Netdiscover]], [[Zenmap]]
 * [[Traceroute]] topology graphs
-=== 12. Protocol References ===
+=== Protocol References ===
 * [https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Wikipedia: Port List]
 * [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml IANA Registry]
 * [https://speedguide.net/port.php SpeedGuide Reference]

Networking Concepts: Difference between revisions

Revision as of 02:33, 29 May 2025

Contents