Skip to main content
HashnodeCybersecurity and CafecitoCybersecurity and Cafecito

Command Palette

Search for a command to run...

Networking Essentials for Cybersecurity Beginners: IP, Ports, TCP/IP & DNS Explained

Updated
12 min read
Networking Essentials for Cybersecurity Beginners: IP, Ports, TCP/IP & DNS Explained
J
José Toledo

¡Hola a todos! Welcome back, thanks for being here.

Have you ever stopped to think about the magic that happens when you type a website address and hit Enter? How does your computer find the right server halfway across the world and show you the page? And how do cybersecurity professionals protect this complex flow of information?

Understanding the basics of networking is like learning the grammar of the internet — it’s essential for clear communication and crucial for spotting when things go wrong. This guide will walk you through the core concepts: what a network is, the fundamental units of network communication, the key hardware involved, a look at how networking is conceptually layered, and the essential protocols like IP, Ports, TCP/UDP, and DNS, along with a few other foundational elements like MAC addresses, ARP, and ICMP. Let’s dive in!

As you read, you’ll notice that I’ve bolded the first mention of key technical terms. This is to help you identify and remember the core concepts we’re covering.

What is a Network? (And Where Do You Fit In?)

At its simplest, a network is just two or more computers connected together so they can share resources (like files or printers) and communicate.

You likely use a Local Area Network (LAN) right now. This is your private network at home or in an office, connecting your personal devices (computer, phone, smart TV) usually through Wi-Fi or cables. The Wide Area Network (WAN) connects different LANs together over large distances. The biggest WAN we all use? The Internet!

Understanding this distinction helps explain why some things work differently inside your home versus out on the public internet.

The Building Blocks: Protocols and Packets

Before we look at the hardware, let’s quickly define two fundamental ideas:

A protocol is simply a set of rules or standards that devices use to communicate with each other. Just like humans need to agree on a language to talk, computers need protocols to understand how to send, receive, and interpret data. We’ll explore several key protocols in this post.

When devices send data over a network, it’s not sent as one continuous stream. Instead, the data is broken down into smaller, manageable pieces called packets. Each packet contains a portion of the actual data being sent, along with control information (like the source and destination addresses) needed to route it correctly through the network and reassemble it at the destination.

Meet the Network Hardware (The Traffic Controllers)

Several physical devices work behind the scenes to make networks function by handling and directing these packets. Here are the main ones you’ll encounter:

  • Router: Think of this as the traffic director for your network. It connects your LAN to the WAN (Internet) and figures out the best path for packets to travel between networks. It’s also typically the device that handles translating your private IP addresses to your public one (more on that later).
  • Switch: This device connects multiple devices within the same LAN. It’s like a smart local mail sorter, learning which device is plugged into which port and sending packets directly only where they need to go within your local network.
  • Firewall: This is your network’s security guard. It monitors incoming and outgoing network traffic (packets!) and decides whether to allow or block specific traffic based on a defined set of security rules (often based on IP addresses and port numbers). Firewalls can be dedicated hardware or software on a router or computer. It’s worth noting that while we’ve described firewalls at a basic level here, modern firewalls (Next-Generation Firewalls or NGFWs) are incredibly sophisticated security tools. They go far beyond just checking IP addresses and port numbers, using much smarter ways to detect and block threats, often looking deep inside the packets themselves.

A Look Under the Hood: The OSI Model (The Layered Blueprint)

As you learn more about networking and security, you’ll likely hear about conceptual models that help organize how everything works. The most famous one is the OSI (Open Systems Interconnection) Model.

Think of it like a blueprint with seven floors (or layers). Each layer handles a specific set of tasks needed for network communication. When a device sends data, it starts at the top (Layer 7), and information is added at each layer as it moves down, creating the packets. When data is received, it travels up the layers, with information being peeled off at each step until the application receives the original data.

Here are the layers, just so you’ve seen them:

  • Layer 7: Application (User interaction, like your web browser)
  • Layer 6: Presentation (Data formatting, encryption)
  • Layer 5: Session (Managing the communication dialogue)
  • Layer 4: Transport (Reliable/unreliable data delivery — TCP/UDP, Ports)
  • Layer 3: Network (Logical addressing — IP addresses, Routing)
  • Layer 2: Data Link (Local network communication — MAC addresses, Switches)
  • Layer 1: Physical (The actual hardware — cables, Wi-Fi)

Why Mention This Now? We are not going deep into each layer in this “Essentials” post. However, understanding that networking is structured in these layers helps provide context for the protocols and concepts we’ll discuss next. Many security tools operate at specific layers. Think of this model as a mental map that helps you understand where different networking elements fit in the grand scheme. Now, let’s look at some of those essential components, starting with addresses.

Network Addresses and Identification

Just like you need an address to send mail, devices on a network need addresses to send and receive packets.

The Internet’s Address System: IP Addresses

Every device connected to a network needs a unique address so data can find its way across the internet. That’s basically what an IP Address (Internet Protocol Address) is: a unique numerical label assigned to each device on a network. IP addresses operate at Layer 3 of the OSI model.

  • IPv4 is the original format (e.g., 8.8.8.8 or 192.168.1.10). It uses a 32-bit number, which provides about 4.3 billion unique addresses. We started running out of these as more and more devices came online!
  • IPv6 is the newer, longer format (e.g., 2001:0db8::8a2e:0370:7334). It uses a 128-bit number, providing a vastly larger number of addresses: about 340 undecillion (that's 340 followed by 36 zeros!).

To grasp just how many more addresses IPv6 offers compared to IPv4, consider this analogy: If the total number of IPv4 addresses were represented by the number of drops of water in a standard swimming pool, the total number of IPv6 addresses would be the number of drops of water in all the oceans on Earth. That’s the scale of difference and why IPv6 is essential for the future of the internet.

You’ll also encounter Public IPs (your unique address on the global internet, assigned by your ISP) and Private IPs (addresses used within your private LAN, like 192.168.1.x, 10.x.x.x). Your router uses Network Address Translation (NAT) to let devices using private IPs share the single public IP. Often, your router also acts as a DHCP server, automatically assigning these private IP addresses to devices when they connect to your network.

  • Why IP Addresses Matter for Security: They identify devices in communications, allowing firewalls to filter traffic based on source or destination. Knowing an attacker’s public IP helps block them (sort of, more on this in the Pyramid of Pain), while understanding private IPs helps secure your internal network. IP addresses can also give a rough geographical location.

The Hardware Address: MAC Addresses

Operating at Layer 2 (Data Link) of the OSI model, the MAC Address (Media Access Control Address) is a unique physical address burned into the network interface card (NIC) of a device by the manufacturer (e.g., A1:B2:C3:D4:E5:F6). Unlike IP addresses which can change (especially private ones), the MAC address is generally permanent for the hardware itself. Within a local network (LAN), devices like switches use MAC addresses to deliver packets directly to the correct device on that segment.

  • Why MAC Addresses Matter for Security: MAC addresses are used for access control on local networks (e.g., only allowing specific MACs to connect to Wi-Fi). Techniques like MAC spoofing involve changing a device’s MAC address, sometimes for malicious purposes like bypassing access controls or hiding identity.

Connecting Layers: ARP

How does a device on a LAN know the MAC address of another device on the same LAN when it only has its IP address? That’s where ARP (Address Resolution Protocol) comes in. ARP is a protocol that works between Layer 2 and Layer 3. A device broadcasts an ARP request (“Who has this IP address? Tell me your MAC address!”), and the device with that IP responds with its MAC address.

A Wireshark snapshot of an ARP communication

  • Why ARP Matters for Security: ARP poisoning (also known as ARP spoofing) is a common type of attack on local networks where an attacker sends fake ARP messages, associating their MAC address with the IP address of another device (like the router or another computer). This can allow the attacker to intercept, modify, or drop traffic meant for that other device.

Essential Network Communication Protocols

Now let’s look at some more key protocols that handle how data is transported and named.

Checking the Status: ICMP

ICMP (Internet Control Message Protocol) is another Layer 3 protocol, primarily used for sending error messages and operational information about network conditions. The common ping command, used to test if a host is reachable and how long it takes for packets to travel to it, uses ICMP. Traceroute also relies on ICMP messages.

  • Why ICMP Matters for Security: While often harmlessly used for diagnostics, ICMP can be used in certain denial-of-service (DoS) attacks (like Smurf attacks) or for network scanning to discover active hosts. Firewalls often have specific rules for allowing or denying ICMP traffic.

Finding the Right Door: Port Numbers

The IP address gets data to the right computer, but Port Numbers tell the computer which application or service the data is for (like the web server software vs. email software). Think of them as the apartment number or office suite at the IP address street address. Port numbers operate at Layer 4 (Transport) of the OSI model.

You’ll often see specific numbers associated with services:

  • Port 80: Standard web traffic (HTTP)
  • Port 443: Secure web traffic (HTTPS — the one with the padlock!)
  • Port 53: DNS (we’ll get to this!)
  • Port 22: SSH (Secure Shell — for secure remote connections)

Knowing these common ports helps identify the type of traffic flowing.

  • Why Port Numbers Matter for Security: Firewalls block or allow specific ports, controlling which services are accessible from outside the network. Attackers scan for open ports to find potential vulnerabilities. Closing unused ports is a crucial security step.

The Delivery Service: TCP vs. UDP

These two main protocols operate at Layer 4 (Transport) and determine how data is sent between devices.

  • TCP (Transmission Control Protocol): This is like making a phone call. It establishes a reliable connection, ensures data arrives in the correct order, re-sends lost packets, and gets confirmation that the data was received correctly. It’s used for web Browse (HTTP/HTTPS), email, and file transfers where accuracy is crucial.
  • UDP (User Datagram Protocol): This is like sending a postcard. It’s faster and has less overhead because it just sends the packets without establishing a connection or confirming delivery. Packets might get lost or arrive out of order, and the sender doesn’t know if they arrived at all. UDP is used for streaming video/audio, online gaming, and DNS lookups where speed often matters more than perfect reliability.

There’s a classic networking joke that perfectly captures UDP’s nature: “I wanted to tell you a UDP joke, but you probably wouldn’t get it.”

  • Why TCP/UDP Matter for Security: Network scanning techniques often use specific TCP or UDP methods to identify open ports. “Stateful” firewalls track TCP connections for better security. Certain types of attacks (like UDP floods) might exploit UDP’s connectionless nature to overwhelm a target.

The Internet’s Phonebook: DNS (Domain Name System)

Remembering IP addresses like 142.250.190.132 is hard! DNS translates human-friendly domain names (like www.google.com) into computer-friendly IP addresses. Think of it as the internet's phonebook or GPS. DNS typically uses UDP port 53 for standard queries.

  • Why DNS Matters for Security: Phishing attacks rely on tricking users with deceptive domain names that might look legitimate but resolve (via DNS) to malicious IP addresses. DNS filtering is a security technique that blocks requests for known malicious domains. DNS itself can also be attacked through methods like hijacking or cache poisoning.

How It All Works Together (A Quick Example)

Let’s say you type www.example.com into your browser:

  1. Your browser needs the IP address. It asks a DNS server for the IP associated with www.example.com (usually using UDP port 53).
  2. The DNS server responds with the correct IP address.
  3. Your computer uses ARP to find the MAC address of your default gateway (router) on the LAN so it can send the packet there.
  4. Your browser initiates a reliable TCP connection setup (a “handshake”) with that web server’s IP address, typically targeting Port 443 for secure HTTPS traffic (Layer 4).
  5. Once the TCP connection is ready, your browser sends an HTTP request asking for the webpage content (Layer 7). This request is broken down into small digital packets.
  6. Each packet contains the necessary addressing information (like source/destination IPs — Layer 3, and source/destination Ports — Layer 4).
  7. These packets travel through your local network (switch — using MAC addresses at Layer 2), get directed by your router (Layer 3, which performs NAT), traverse the internet, and reach the web server.
  8. The web server processes the request and sends the webpage data back (also as packets) along the reverse path using the established TCP connection, where your computer reassembles them.
  9. Throughout this, firewalls along the path are inspecting these packets, checking the IP addresses, Port numbers, and protocol types (TCP/UDP) in their headers against security rules. Some advanced firewalls can even inspect the content at higher layers (Layer 7).

Why This All Matters for Security

Understanding these networking building blocks — LAN/WAN, routers/switches/firewalls, packets, protocols, IP addresses, MAC addresses, ARP, ICMP, ports, TCP/UDP, and DNS — is crucial:

  • Firewalls: You understand what they are blocking/allowing (IPs, Ports, Protocols) and how routers/firewalls are involved in directing traffic and performing NAT.
  • Network Monitoring: You know what kind of traffic exists (TCP vs UDP, common ports, ICMP) and what constitutes normal vs. potentially suspicious connections (e.g., connections to known bad IPs, unusual portactivity, strange ICMP traffic). You understand data flows as packets.
  • Understanding Attacks: You grasp how attacks work functionally — port scanning looks for open services, phishing relies on DNS tricks, ARP poisoning targets local network communication, MAC spoofing bypasses local controls, ICMP can be used for reconnaissance or DoS, and malware might communicate over specific ports using TCP or UDP packets.
  • Context for Tools: Security tools directly use and report on this information (IPs, MACs, ports, protocols, sometimes even packet details).
  • Troubleshooting: You have a better framework for diagnosing connection issues by checking IP configs, testing connectivity with ping (ICMP), understanding port blocking, etc.

Conclusion

Networking is the invisible foundation of our connected world and the battlefield for cybersecurity. While it might seem daunting, grasping these essentials — networks, key devices, the fundamental concepts of protocols and packets, addresses (IPs, MACs), address resolution (ARP), network messaging (ICMP), service identification (Ports), data delivery methods (TCP/ UDP), and naming (DNS) — provides incredible insight. Knowing that conceptual layers (like in the OSI model) exist helps provide structure for deeper learning later on. This knowledge empowers you to understand how digital communication works, how security tools protect it, and how attackers try to break it. Keep learning, stay curious, and thanks for making it this far!

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

Cybersecurity and Cafecito

47 posts