Skip to main content

Network Fundamentals

Master the core concepts that underpin modern networking: the OSI and TCP/IP models, IP addressing schemes, and the protocols that power the Internet.

OSI Model (7 Layers)

The Open Systems Interconnection (OSI) model is a conceptual framework with seven abstraction layers.

OSI Model Diagram

LayerNameFunctionProtocols/Examples
7ApplicationUser services and applicationsHTTP, HTTPS, FTP, SMTP, DNS, SSH, Telnet
6PresentationData encryption, compression, formattingSSL/TLS, JPEG, GIF
5SessionDialog control, session managementSOCKS, RPC
4TransportReliable data transfer, flow controlTCP, UDP, SCTP
3NetworkRouting, logical addressingIP, ICMP, IGMP
2Data LinkMAC addressing, frame formatting, error detectionEthernet, PPP, Frame Relay
1PhysicalElectrical signals, physical mediaCopper, fiber, wireless

TCP/IP Model (5 Layers)

The TCP/IP model is simpler and more practical than the OSI model.

TCP/IP and OSI Mapping

Application Layer

  • Defines — TCP/IP application protocols and how host programs interface with transport services
  • Protocols — HTTP, HTTPS, FTP, SMTP, DNS, SSH, Telnet, POP3, IMAP
  • Responsibility — User applications and services

Transport Layer

  • Provides — Communication session management between nodes
  • Defines — Service level and connection states
  • Protocols — TCP, UDP, RTP, SCTP
  • Responsibility — End-to-end delivery, error handling

Internet Layer

  • Packages — Data into IP datagrams with source/destination addresses
  • Performs — Routing of IP datagrams
  • Protocols — IP (IPv4/IPv6), ICMP, ARP, RARP, IGMP
  • Responsibility — Logical addressing and routing
  • Specifies — Physical data transmission through networks
  • Handles — Electronic signaling by hardware devices
  • Protocols — Ethernet, Frame Relay, PPP, Wi-Fi (802.11)
  • Responsibility — Physical and data link operations

IP Addressing

IPv4 Addressing

Format and Structure

  • Uses 32-bit binary addresses
  • Expressed as four decimal numbers separated by dots (e.g., 192.168.1.1)
  • Each section is called an octet (8 bits)
  • Range: 0.0.0.0 to 255.255.255.255

IPv4 Address Classes (Classful)

ClassRangeDefault MaskUse
A1.0.0.0 to 126.255.255.255/8 (255.0.0.0)Large networks
B128.0.0.0 to 191.255.255.255/16 (255.255.0.0)Medium networks
C192.0.0.0 to 223.255.255.255/24 (255.255.255.0)Small networks
D224.0.0.0 to 239.255.255.255N/AMulticast
E240.0.0.0 to 255.255.255.255N/AReserved

Special IPv4 Addresses

AddressPurpose
0.0.0.0Default network, "this network"
255.255.255.255Network broadcast
127.0.0.1Loopback address (localhost)
169.254.0.1 to 169.254.255.254Automatic Private IP Addressing (APIPA)
10.0.0.0/8Private network (RFC 1918)
172.16.0.0/12Private network (RFC 1918)
192.168.0.0/16Private network (RFC 1918)

IPv6 Addressing

Format and Structure

  • Uses 128-bit binary addresses
  • Expressed as eight groups of hexadecimal numbers separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
  • Groups of consecutive zeros can be replaced with :: (only once per address)
  • Example: 2001:db8::8a2e:370:7334

IPv6 Benefits

  • Vastly larger address space (2^128 vs 2^32)
  • Simplified header format
  • Built-in quality of service (QoS) support
  • IPsec security included
  • No need for NAT

Subnetting and CIDR

CIDR Notation

Classless Inter-Domain Routing (CIDR) notation specifies the network prefix length:

  • 192.168.1.0/24 means 24 bits for the network, 8 bits for hosts
  • Slash notation replaces traditional subnet masks
  • Allows for more efficient IP allocation

Subnet Mask Examples

CIDRSubnet MaskUsable HostsUses
/24255.255.255.0254Small networks, home labs
/23255.255.254.0510Medium networks
/22255.255.252.01,022Departmental networks
/21255.255.248.02,046Large departments
/20255.255.240.04,094Campus networks

Subnetting Exercise

Problem: You have a network 192.168.1.0/24 and need to create 4 subnets.

Solution:

  • Original: /24 (256 addresses)
  • Required: 4 subnets = 2^2 subnets
  • New mask: /26 (256/4 = 64 addresses per subnet)
  • Subnets:
    • 192.168.1.0/26 (hosts: .1 to .62)
    • 192.168.1.64/26 (hosts: .65 to .126)
    • 192.168.1.128/26 (hosts: .129 to .190)
    • 192.168.1.192/26 (hosts: .193 to .254)

DNS (Domain Name System)

How DNS Works

  1. User Application — initiates a DNS query
  2. Local Resolver — contacts recursive resolver
  3. Root Nameserver — directs to TLD nameserver
  4. TLD Nameserver — directs to authoritative nameserver
  5. Authoritative Nameserver — returns IP address
  6. Response Path — IP is returned to user

DNS Resolution Flow Diagram

DNS Record Types

Record TypePurposeExample
AIPv4 addressexample.com A 93.184.216.34
AAAAIPv6 addressexample.com AAAA 2606:2800:220:1:248:1893:25c8:1946
CNAMEAliaswww.example.com CNAME example.com
MXMail exchangeexample.com MX 10 mail.example.com
NSNameserverexample.com NS ns1.example.com
SOAStart of authorityContains zone info
TXTText recordSPF, DKIM, domain verification
SRVService record_service._proto.name.com

DNS Commands

# Query DNS server
nslookup example.com

# Dig query (detailed)
dig example.com

# Check specific record type
dig example.com MX

# Reverse DNS lookup
dig -x 93.184.216.34

# Query specific nameserver
dig @8.8.8.8 example.com

DHCP (Dynamic Host Configuration Protocol)

How DHCP Works (DORA Process)

  1. Discover — Client broadcasts DHCP DISCOVER message
  2. Offer — DHCP server responds with IP offer
  3. Request — Client requests the offered IP
  4. Acknowledge — Server acknowledges, assigns IP for lease duration

DHCP Lease

  • Lease Duration — Typically 1 day to 1 week
  • Renewal — Client attempts to renew at 50% of lease time
  • Rebind — Client accepts any offer at 87.5% of lease time
  • Expire — If no renewal, IP is reclaimed

DHCP Configuration Example

# View DHCP-assigned IP (Linux)
dhclient -v

# Release and renew lease
dhclient -r && dhclient

# View DHCP configuration
cat /var/lib/dhcp/dhclient.leases

ARP (Address Resolution Protocol)

Purpose

Maps IP addresses (Layer 3) to MAC addresses (Layer 2) on local networks.

ARP Process

  1. Host needs to communicate with IP address on same subnet
  2. Host broadcasts ARP Request: "Who has IP X?"
  3. Host with IP X responds: "I have IP X, my MAC is Y"
  4. Requester caches MAC-to-IP mapping
  5. Frames are sent using discovered MAC address

ARP Commands

# Display ARP table
arp -a

# Add static ARP entry
arp -s 192.168.1.50 aa:bb:cc:dd:ee:ff

# Delete ARP entry
arp -d 192.168.1.50

# Watch ARP activity
arp -a | grep -i "192.168"

ARP Spoofing

Risk: Attacker responds to ARP requests with their own MAC address, redirecting traffic.

Mitigation:

  • Use static ARP entries for critical servers
  • Implement ARP inspection on switches
  • Monitor for suspicious ARP activity

MAC Addresses

Format

  • 48-bit address expressed in hexadecimal
  • Format: AA:BB:CC:DD:EE:FF or AA-BB-CC-DD-EE-FF
  • First 24 bits: Organizationally Unique Identifier (OUI)
  • Last 24 bits: Device-specific address

Special MAC Addresses

MACPurpose
FF:FF:FF:FF:FF:FFBroadcast on local segment
01:00:5E:00:00:00/24Multicast range
00:00:00:00:00:00Null address

Ports and Port Numbers

Port Ranges

RangeTypeUsage
0-1023Well-knownSystem/reserved services
1024-49151RegisteredRegistered for specific services
49152-65535Dynamic/PrivateTemporary/client ports

Common Ports

PortProtocolService
21TCPFTP (File Transfer)
22TCPSSH (Secure Shell)
25TCPSMTP (Email)
53TCP/UDPDNS
80TCPHTTP (Web)
110TCPPOP3 (Email)
143TCPIMAP (Email)
443TCPHTTPS (Secure Web)
3306TCPMySQL Database
5432TCPPostgreSQL Database
6379TCPRedis Cache
8080TCPHTTP Alternate

Core Transport Protocols

TCP (Transmission Control Protocol)

Characteristics

  • Connection-oriented (3-way handshake)
  • Reliable delivery with acknowledgments
  • Ordered delivery guaranteed
  • Flow control and congestion control
  • Slower but more reliable than UDP

3-Way Handshake

  1. SYN — Client sends synchronization packet
  2. SYN-ACK — Server acknowledges and sends own SYN
  3. ACK — Client acknowledges server's SYN

Connection Termination (4-Way Handshake)

  1. Client sends FIN
  2. Server acknowledges with ACK
  3. Server sends FIN
  4. Client acknowledges with ACK

UDP (User Datagram Protocol)

Characteristics

  • Connectionless (no handshake)
  • Unreliable delivery (no acknowledgments)
  • Lower overhead, faster
  • No ordering guarantee
  • Used when speed matters more than reliability

Applications

  • DNS queries
  • Video/audio streaming
  • Online gaming
  • VoIP

ICMP (Internet Control Message Protocol)

Purpose — Error reporting and diagnostic functions

Common ICMP Types

TypeNamePurpose
0Echo ReplyResponse to ping
3Destination UnreachableNetwork/host/port unreachable
8Echo RequestPing request
11Time ExceededTTL expired
13TimestampMeasure round-trip time

Commands

# Ping (ICMP Echo Request)
ping -c 4 example.com

# Traceroute (sends ICMP with increasing TTL)
traceroute example.com

# Show ICMP statistics
netstat -s | grep ICMP

Exercises

Exercise 1: IP Address Calculation

Q: Given 10.1.2.0/25, what are the network and broadcast addresses?

A:

  • Network: 10.1.2.0
  • Broadcast: 10.1.2.127 (25 bits = 128 addresses)
  • Usable hosts: .1 to .126 (126 hosts)

Exercise 2: Subnet Mask Conversion

Q: Convert subnet mask 255.255.240.0 to CIDR notation.

A:

  • Count binary 1s: 11111111.11111111.11110000.00000000
  • CIDR: /20

Exercise 3: DNS Resolution

Q: What steps occur when you type example.com in your browser?

A:

  1. Browser checks its cache
  2. Browser sends recursive query to resolver
  3. Resolver queries root nameserver
  4. Root directs to .com TLD nameserver
  5. TLD directs to example.com authoritative nameserver
  6. Authoritative server returns IP 93.184.216.34
  7. Browser establishes TCP connection to that IP

Exercise 4: ICMP and Connectivity

Q: Why does ping 192.168.1.1 fail even though ARP discovers the MAC address?

A: Possible reasons:

  • ICMP is blocked by firewall rule
  • Host is configured to not respond to ICMP
  • Routing issue (host unreachable)
  • Wrong IP address

Summary

Network fundamentals provide the foundation for understanding all higher-level networking concepts. Master:

  • How data moves through the OSI/TCP/IP layers
  • IP addressing and subnetting for efficient network design
  • DNS and DHCP for automatic configuration
  • ARP, MAC addresses, and local network discovery
  • Ports and protocols for application communication
  • TCP, UDP, and ICMP for different reliability needs