This article provides a comprehensive overview of fundamental networking concepts, essential for anyone delving into cybersecurity and IT infrastructure. It covers topics such as IP addressing, the OSI model, common networking tools, and protocols, offering practical insights and examples to solidify understanding. The article also provides the answers for TryHackMe Networking Concepts room.

Information Security 101 | Study Notes

E-learn Junior Penetration Tester (eJPTv2) Study Notes

OSI Model Explained

The OSI (Open Systems Interconnection) model, created by the International Organization for Standardization (ISO), is a conceptual framework outlining how communication occurs in computer networks. It provides a structured approach to understanding networking concepts, despite being theoretical. The OSI model consists of seven layers:

  1. Physical Layer
  2. Data Link Layer
  3. Network Layer
  4. Transport Layer
  5. Session Layer
  6. Presentation Layer
  7. Application Layer

The layers are numbered from bottom to top, with the physical layer as layer 1 and the application layer as layer 7. Mnemonics such as “Please Do Not Throw Spinach Pizza Away” can assist in remembering the sequence. Familiarity with these layers and their numbering is essential for understanding terms like “layer 3 switch” or “layer 7 firewall.”

Detailed Layer Functions:

Layer 1: Physical Layer

  • Focuses on the physical connection between devices.
  • Defines the medium for transmitting binary data (0s and 1s) via electrical, optical, or wireless signals.
  • Examples include Ethernet cables, optical fiber, and WiFi radio bands (e.g., 2.4 GHz, 5 GHz, 6 GHz).

Layer 2: Data Link Layer

  • Handles data transfer protocols between nodes on the same network segment.
  • Defines communication standards for devices sharing a medium, such as Ethernet (802.3) and WiFi (802.11).
  • Uses MAC addresses (Media Access Control) for node identification.

Layer 3: Network Layer

  • Manages data transfer between different networks using logical addressing and routing.
  • Ensures that data packets find a path across diverse networks.
  • Examples include IP, ICMP, and IPSec.

Layer 4: Transport Layer

  • Enables end-to-end communication between applications on different devices.
  • Provides flow control, segmentation, and error correction.
  • Key protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Layer 5: Session Layer

  • Establishes, maintains, and synchronizes communication sessions between applications.
  • Handles parameters for sessions and ensures data synchronization.
  • Examples include Network File System (NFS) and Remote Procedure Call (RPC).

Layer 6: Presentation Layer

  • Ensures data is in a format the application layer can process.
  • Manages data encoding, compression, and encryption.
  • Examples: Character encoding (ASCII, Unicode), MIME for email attachments, and image formats like JPEG, GIF, and PNG.

Layer 7: Application Layer

  • Provides network services directly to end-user applications.
  • Includes protocols for web browsing, email, file transfer, and more.
  • Examples: HTTP, FTP, DNS, POP3, SMTP, IMAP.

Summary Table

Layer NumberLayer NameMain FunctionExample Protocols and Standards
7Application LayerProvides services to applicationsHTTP, FTP, DNS, POP3, SMTP, IMAP
6Presentation LayerData encoding, encryption, and compressionUnicode, MIME, JPEG, PNG, MPEG
5Session LayerSynchronizing communication sessionsNFS, RPC
4Transport LayerEnd-to-end communication, data segmentationTCP, UDP
3Network LayerLogical addressing, routing between networksIP, ICMP, IPSec
2Data Link LayerReliable transfer between adjacent nodesEthernet (802.3), WiFi (802.11)
1Physical LayerPhysical data transmissionElectrical, optical, and wireless signals

Studying the OSI model may seem overwhelming initially, but understanding its layers simplifies learning networking protocols and concepts.

TCP/IP Model Explained

The TCP/IP model (Transmission Control Protocol/Internet Protocol) was created in the 1970s by the U.S. Department of Defense (DoD) to ensure robust communication in networks, even if parts of the network fail due to events such as military attacks. Its design, particularly the adaptability of routing protocols, allows the network to function despite changes in topology.

Unlike the ISO OSI model, which has seven layers, the TCP/IP model has four primary layers. When considering how the two models align, the TCP/IP layers consolidate or map the OSI layers as follows:

TCP/IP Model Layers (Top to Bottom):

  1. Application Layer
    • Combines the OSI application, presentation, and session layers (layers 7, 6, and 5).
    • Handles protocols such as HTTP, HTTPS, FTP, POP3, SMTP, IMAP, Telnet, and SSH.
  2. Transport Layer
    • Equivalent to the OSI transport layer (layer 4).
    • Responsible for data transfer between hosts, using protocols like TCP and UDP.
  3. Internet Layer
    • Corresponds to the OSI network layer (layer 3).
    • Handles logical addressing and routing, using protocols such as IP, ICMP, and IPSec.
  4. Link Layer
    • Maps to the OSI data link (layer 2) and physical layers (layer 1).
    • Includes technologies like Ethernet (802.3) and WiFi (802.11).

Mapping the Models:

Layer NumberISO OSI ModelTCP/IP Model (RFC 1122)Protocols
7Application LayerApplication LayerHTTP, HTTPS, FTP, POP3, SMTP, IMAP, etc.
6Presentation Layer
5Session Layer
4Transport LayerTransport LayerTCP, UDP
3Network LayerInternet LayerIP, ICMP, IPSec
2Data Link LayerLink LayerEthernet (802.3), WiFi (802.11)
1Physical Layer

Five-Layer Representation:

Some modern textbooks, like Computer Networking: A Top-Down Approach, describe the TCP/IP model as having five layers by explicitly adding the physical layer. In this representation:

  1. Application Layer
    • Handles end-user applications and protocols (HTTP, FTP, etc.).
  2. Transport Layer
    • Ensures reliable or connectionless communication (TCP/UDP).
  3. Network Layer
    • Manages routing and logical addressing (IP, ICMP).
  4. Link Layer
    • Handles data transfer between nodes on the same network segment (Ethernet, WiFi).
  5. Physical Layer
    • Deals with the actual physical medium and signal transmission (cables, wireless).

This alternate model aligns more closely with physical implementations in modern networking. Studying both the conceptual ISO OSI model and the practical TCP/IP model provides a well-rounded understanding of network design and functionality.

Basics of IP Addresses & Subnets

An IP address is a unique identifier assigned to devices on a network, allowing them to communicate without confusion. For example, addresses like 192.168.0.1 or 172.16.159.243 are IPv4 (Internet Protocol version 4) addresses. IPv4 is the most commonly used IP version today, though IPv6 is also gaining traction.

What is an IP Address?

Think of an IP address as a digital equivalent of your home postal address. Just as your home address enables others to send mail to you without ambiguity, an IP address ensures that data sent over a network reaches the correct device.

Key Points About IPv4

  • IPv4 addresses are 32 bits long, providing approximately 2322^{32}232 (around 4 billion) unique addresses.
  • Some addresses are reserved:
    • Network address (e.g., 192.168.1.0) identifies the entire network.
    • Broadcast address (e.g., 192.168.1.255) is used to target all hosts within the network.

Public vs. Private IP Addresses

IP addresses are classified as either public or private:

  1. Public IP Addresses:
    • Used for devices directly accessible over the Internet.
    • Like your home address, they allow external communication.
  2. Private IP Addresses:
    • Defined by RFC 1918, private addresses are used within local networks and are not directly reachable from the Internet.
    • They require Network Address Translation (NAT) to communicate externally via a router.
    • Private IP Ranges:
      • 10.0.0.0 – 10.255.255.255 (10/8)
      • 172.16.0.0 – 172.31.255.255 (172.16/12)
      • 192.168.0.0 – 192.168.255.255 (192.168/16)
    • Analogy: A private IP address functions like an isolated city, where internal communication is possible, but external communication requires going through a “gatekeeper” (the router).

An IP address is a unique identifier assigned to devices on a network, allowing them to communicate without confusion. For example, addresses like 192.168.0.1 or 172.16.159.243 are IPv4 (Internet Protocol version 4) addresses. IPv4 is the most commonly used IP version today, though IPv6 is also gaining traction.

Finding Your IP Address

  • Windows: Use the ipconfig command in the command prompt.
  • Linux/Unix: Use ifconfig or ip address show (shorthand: ip a s).

Routing and Routers

A router acts like a post office, directing data packets toward their destination. When sending a parcel:

  • The local post office (router) checks the address and forwards it to the appropriate location.
  • If the destination is far away (e.g., another country), the parcel may pass through multiple central offices (routers) before arriving.

Technical Explanation:

  • A router operates at Layer 3 (Network Layer) of the OSI model.
  • It inspects the destination IP address in the data packet and determines the best route to forward it closer to its destination.
  • The process involves multiple routers cooperating to ensure the packet reaches its final address.

By understanding these concepts, you can better grasp the structure of networking and the importance of IP addressing in enabling communication across devices and networks.

UDP & TCP Protocols Explained

The IP protocol allows devices to communicate on a network by identifying hosts with their unique IP addresses. However, to enable communication between specific processes on these devices, transport layer protocols come into play. The two primary transport protocols are UDP and TCP, each serving different purposes.

UDP (User Datagram Protocol)

  • Nature:
    • Connectionless protocol that operates at the transport layer (layer 4).
    • Does not establish a connection before sending data.
    • Does not confirm whether the packet is delivered successfully.
  • Port Numbers:
    • UDP uses port numbers to identify the sending and receiving processes on a host.
    • Port numbers range from 1 to 65535 (using 16 bits, i.e., 216−12^{16} – 1216−1); port 0 is reserved.
  • Analogy:
    • Similar to sending a parcel via standard mail with no delivery confirmation. It is cost-effective and fast but lacks reliability.
  • Use Cases:
    • Ideal for scenarios where speed is prioritized over reliability.
    • Examples: DNS (Domain Name System), video streaming, gaming, and VoIP (Voice over IP).

TCP (Transmission Control Protocol)

  • Nature:
    • Connection-oriented protocol that also operates at the transport layer (layer 4).
    • Ensures reliable data delivery by requiring a connection to be established before data transmission.
  • Reliability Features:
    • Each data octet is assigned a sequence number for tracking.
    • The receiver sends an acknowledgment number to confirm the receipt of data.
    • Identifies lost or duplicate packets and handles retransmission if needed.
  • Three-Way Handshake:
    • Establishes a connection between two devices using a process known as the three-way handshake:
      1. SYN Packet: The client sends a SYN (Synchronize) packet to initiate the connection. This packet includes the client’s initial sequence number.
      2. SYN-ACK Packet: The server responds with a SYN-ACK packet, containing its initial sequence number and acknowledging the client’s request.
      3. ACK Packet: The client completes the handshake by sending an ACK (Acknowledgment) packet to confirm receipt of the SYN-ACK.
  • Port Numbers:
    • Like UDP, TCP also uses port numbers (1 to 65535, with port 0 reserved) to identify specific processes.
  • Analogy:
    • Comparable to registered mail with delivery confirmation. It ensures the parcel is delivered successfully and is more reliable, albeit slower and more resource-intensive.
  • Use Cases:
    • Best for applications requiring reliable communication.
    • Examples: HTTP (web browsing), FTP (file transfer), and email protocols like SMTP, IMAP, and POP3.

Key Differences Between UDP and TCP

FeatureUDPTCP
ConnectionConnectionlessConnection-oriented (requires handshake)
ReliabilityNo delivery confirmationEnsures reliable data delivery
SpeedFasterSlower due to connection setup and tracking
Use CasesDNS, VoIP, gaming, video streamingWeb browsing, email, file transfers
Port Numbers1–65535 (0 reserved)1–65535 (0 reserved)

Understanding when to use UDP or TCP depends on the application’s requirements, such as speed versus reliability.

Encapsulation Explained

Encapsulation is the process by which each layer of a networking model (such as OSI or TCP/IP) adds a header (and sometimes a trailer) to the data received from the layer above it. This ensures that each layer performs its specific function without interference from other layers. Encapsulation is essential for structured data transmission and communication between devices.

Steps of Encapsulation

  1. Application Data:
    • The user interacts with an application (e.g., typing a search query, writing an email).
    • The application prepares the data according to the application protocol (e.g., HTTP, FTP) and passes it to the transport layer.
  2. Transport Layer (TCP/UDP):
    • The transport layer adds a TCP header (or UDP header) to the data, creating a TCP segment or UDP datagram.
    • This header includes information such as port numbers for the sender and receiver and other fields for reliability or speed.
    • The segment or datagram is passed to the network layer.
  3. Network Layer (IP):
    • The network layer adds an IP header to the received segment/datagram, creating an IP packet.
    • The header includes source and destination IP addresses, enabling routing across networks.
    • The packet is sent to the data link layer.
  4. Data Link Layer (Ethernet/WiFi):
    • The data link layer adds a link layer header and trailer to the IP packet, creating a frame.
    • The frame header contains information such as the MAC addresses of the source and destination.
    • The frame is then sent to the physical layer for transmission.

De-Encapsulation

On the receiving device, the encapsulation process is reversed:

  1. Data Link Layer: Strips the link layer header and trailer, sending the IP packet to the network layer.
  2. Network Layer: Removes the IP header, forwarding the TCP/UDP segment to the transport layer.
  3. Transport Layer: Removes the TCP/UDP header and passes the application data to the application layer.
  4. Application Layer: Processes the received data for the user.

Encapsulation in Networking

Encapsulation is the process by which each layer of a networking model (such as OSI or TCP/IP) adds a header (and sometimes a trailer) to the data received from the layer above it. This ensures that each layer performs its specific function without interference from other layers. Encapsulation is essential for structured data transmission and communication between devices.

Steps of Encapsulation

  1. Application Data:
    • The user interacts with an application (e.g., typing a search query, writing an email).
    • The application prepares the data according to the application protocol (e.g., HTTP, FTP) and passes it to the transport layer.
  2. Transport Layer (TCP/UDP):
    • The transport layer adds a TCP header (or UDP header) to the data, creating a TCP segment or UDP datagram.
    • This header includes information such as port numbers for the sender and receiver and other fields for reliability or speed.
    • The segment or datagram is passed to the network layer.
  3. Network Layer (IP):
    • The network layer adds an IP header to the received segment/datagram, creating an IP packet.
    • The header includes source and destination IP addresses, enabling routing across networks.
    • The packet is sent to the data link layer.
  4. Data Link Layer (Ethernet/WiFi):
    • The data link layer adds a link layer header and trailer to the IP packet, creating a frame.
    • The frame header contains information such as the MAC addresses of the source and destination.
    • The frame is then sent to the physical layer for transmission.

De-Encapsulation

On the receiving device, the encapsulation process is reversed:

  1. Data Link Layer: Strips the link layer header and trailer, sending the IP packet to the network layer.
  2. Network Layer: Removes the IP header, forwarding the TCP/UDP segment to the transport layer.
  3. Transport Layer: Removes the TCP/UDP header and passes the application data to the application layer.
  4. Application Layer: Processes the received data for the user.

The Life of a Packet: Example (Searching for a Room on TryHackMe)

  1. User Input:
    • You enter a search query in the TryHackMe search bar and press “Enter.”
    • The web browser prepares an HTTP request (application layer) using the HTTPS protocol and sends it to the transport layer.
  2. Transport Layer:
    • The browser’s TCP layer initiates a three-way handshake with the TryHackMe server to establish a connection.
    • Once established, the HTTP request is divided into segments, each with a TCP header, and passed to the network layer.
  3. Network Layer:
    • The IP layer adds source (your device’s IP) and destination (TryHackMe server’s IP) addresses to create IP packets.
    • These packets are forwarded to the link layer.
  4. Data Link Layer:
    • The Ethernet/WiFi layer adds link layer headers and trailers to form frames and sends them to the router.
  5. Routers:
    • Each router removes the link layer headers/trailers to inspect the IP packet.
    • It determines the next hop for the packet based on the destination IP address and forwards it to the appropriate link.
    • This process continues until the packet reaches TryHackMe’s router.
  6. Server Reception:
    • TryHackMe’s router forwards the packet to the server.
    • The server de-encapsulates the data through its layers, finally delivering the HTTP request to the application layer for processing.
    • The server processes the search query and sends a response back, following the same encapsulation and routing process in reverse.

TryHackMe Networking Concepts | Room Answers

Which layer is responsible for connecting one application to another?

4

Which layer is responsible for routing packets to the proper network?
3

In the OSI model, which layer is responsible for encoding the application data?

6

Which layer is responsible for transferring data between hosts on the same network segment?

2

To which layer does HTTP belong in the TCP/IP model?

Application Layer

How many layers of the OSI model does the application layer in the TCP/IP model cover?

3

Which of the following IP addresses is not a private IP address?

192.168.250.125
10.20.141.132
49.69.147.197
172.23.182.251


Ans:49.69.147.197

Which of the following IP addresses is not a valid IP address?

192.168.250.15
192.168.254.17
192.168.305.19
192.168.199.13


Ans:192.168.305.19

Which protocol requires a three-way handshake?

Ans:TCP

What is the approximate number of port numbers (in thousands)?

Ans:65

On a WiFi, within what will an IP packet be encapsulated?

Frame

What do you call the UDP data unit that encapsulates the application data?

Datagram

What do you call the data unit that encapsulates the application data sent over TCP?

Segment

Use telnet to connect to the web server on MACHINE_IP. What is the name and version of the HTTP server?

lighttpd/1.4.63

What flag did you get when you viewed the page?

THM{TELNET_MASTER}

Watch Also:

Conclusion

Understanding the basics of computer networking is crucial for cybersecurity and IT professionals. This article delves into key concepts like IP addressing, distinguishing between IPv4 and IPv6, and the significance of MAC addresses. It explains the OSI model’s seven layers, from the Physical to the Application layer, and introduces essential networking tools like ping, traceroute, and netstat. Additionally, it covers the TCP/IP model and common protocols such as HTTP, DNS, TCP, and UDP. Practical exercises, including IP addressing, subnetting, and packet inspection using tools like Wireshark, are discussed to reinforce learning. The article also emphasizes the importance of understanding ports and services, highlighting tools like Nmap for network scanning. By grasping these foundational topics, readers can effectively troubleshoot and secure network environments.

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles