Domain 4.1
Definitions
There are multiple types of networks, Lan (Local area network) or Wan (wide area network - not necessarily the internet just multiple locations).
In networking we also have multiple devices:
- Hubs - Connect devices to a network but blindly broadcast incoming traffic to all connected devices, unlike switches.
- Firewalls - Monitor, manage, and filter network traffic according to security rules to protect devices and networks.
- Switches - Forward traffic to the appropriate device by using the MAC addresses of connected devices, reducing unnecessary network traffic.
- Servers - Provide services and resources to other devices, such as web servers, email servers, database servers, file servers, and print servers.
- Routers - Connect different networks and determine the best path for traffic between them. They can provide wired or wireless connectivity.
- Endpoints - Devices that send or receive data on a network, such as computers, smartphones, tablets, printers, and IoT devices.
- Ethernet - A widely used networking technology that defines how devices communicate over wired networks and how data is transmitted in frames.
- MAC Address - A unique hardware address assigned to a network interface, used by switches to identify devices and deliver data within a local network.
- IP Address - A logical address assigned to a device, used by routers to identify devices and route data between different networks.
- WAP (Wireless Access Point) - A device that allows wireless devices to connect to a wired network using Wi-Fi. Often built into home routers, which is why they are commonly confused.
Normal flow would be:
Internet
↓
Modem / ISP handoff
↓
Router
↓
Firewall
↓
Switch (optional, for more ports)
├── Servers / PCs / printers (wired)
└── Wireless Access Point (WAP) → Wi-Fi devices
On a home network the Modem, Router, Firewall, Switch and WAP would often be combined into one device
The networking models
A network model is a structured framework used to describe how data moves through a network by dividing communication into layers, where each layer has a specific role.
The simplest model has at least 2 layers:
- Application layer (Upper layers) - what the user actually interacts with. Data is created, processed, and displayed. It includes application protocols like HTTP, DNS, and SMTP.
- Network/Transport layer (lower layers) - handles the delivery of data. Data is broken into packets, addressed, transmitted across networks, and reassembled at the destination. It includes routing (IP), delivery (TCP/UDP), and physical transmission (Ethernet/Wi-Fi).
The OSI model
The OSI model is a conceptual framework used to understand how network communication works by dividing it into 7 layers, from user-facing software down to physical transmission.
Upper layers: 7 to 5 Lower layers: 4 to 1
7 - Application - The interface for user applications and network services (e.g., web browsers, email clients). This is where users interact with networked data.
6 - Presentation - Handles data formatting, encryption, and translation (e.g., converting data into JPEG/PNG, encryption like TLS, compression).
5 - Session - Manages and controls communication sessions between devices (e.g., establishing, maintaining, and closing connections).
4 - Transport - Provides end-to-end communication control using TCP/UDP, including reliability, ordering, and flow control.
3 - Network - Handles logical addressing and routing between networks (e.g., IP, routers forwarding packets).
2 - Data Link - Handles local network delivery using MAC addresses (e.g., Ethernet, switches, Wi-Fi/WAPs operating at this level).
1 - Physical - The actual transmission of raw bits over cables, fiber, or radio signals.
Through the OSI model there is a concept called encapsulattion which refers to the process where data moves down the OSI layers and each layer adds its own information (usually headers, sometimes trailers). This builds the data into a packet that can be transmitted across a network.
Decapsulation is the reverse process at the destination, where each OSI layer removes its corresponding header as the data moves up the stack, until the original data reaches the application.
TCP/IP
The OSI model is not the first attempt to structure network communication. The most widely used today is the TCP/IP model, which is the basis of the Internet.
TCP/IP simplifies OSI by combining multiple layers:
- OSI layers 5–7 → Application layer
- OSI layers 1–2 → Network Access (Link) layer
The TCP/IP model consists of 4 layers:
- Application layer - Includes protocols like HTTP/HTTPS, FTP, DNS, SMTP, SSH, SNMP, and others. This is where user-facing network services operate.
- Transport layer - Provides end-to-end communication using TCP (reliable) and UDP (faster, connectionless).
- Internet layer - Handles logical addressing and routing using IP, along with supporting protocols like ICMP and IGMP.
- Network Access (Link) layer - Handles local network communication and physical transmission. Includes technologies like Ethernet and Wi-Fi (modern replacement for older ones like Token Ring or FDDI).
Ports and Protocols
There are physical ports (hardware interfaces like Ethernet or USB) and logical ports, which are numerical identifiers used in networking to direct traffic to the correct application or service on a device.
Logical ports allow a single IP address to handle multiple simultaneous connections by distinguishing services using different port numbers.
Ports are commonly associated with protocols. For example:
- Well-Known Ports (0–1023) – reserved for standard, widely used services:
- 80 → HTTP
- 443 → HTTPS
- 22 → SSH
- 53 → DNS
- Registered Ports (1024–49151) – used by software applications and services registered with IANA, often proprietary or vendor-specific:
- 1433 → Microsoft SQL Server
- 2375/2376 → Docker API (unencrypted / TLS)
- 3306 → MySQL
- Dynamic / Private Ports (49152–65535) – temporarily assigned by the operating system for client-side connections (ephemeral ports), such as when your browser connects to a web server.
Some ports are associated with insecure or legacy protocols, and in modern networks these should be replaced with secure alternatives to prevent eavesdropping, credential theft, or man-in-the-middle attacks.
When possible, encrypted versions of protocols should always be used:
- FTP (21) → use SFTP (22) or FTPS (990/explicit TLS)
- Telnet (23) → use SSH (22)
- SMTP (25) → use SMTPS (465) or SMTP with STARTTLS (587)
- Time (37) → use NTP (123) (modern standard for time synchronization)
- DNS (53) → use DoT (853) or DoH (HTTPS-based DNS over 443)
- HTTP (80) → use HTTPS (443)
- IMAP (143) → use IMAPS (993) (IMAP over TLS)
- SMB (445) → use SMB over encryption (SMB3 encryption) rather than replacing with NFS
- LDAP (389) → use LDAPS (636) or LDAP with StartTLS
Intenet Protocol (IP)
IP (Internet Protocol) is a core protocol used worldwide to identify devices and route data between networks. It has two main versions: IPv4 (32-bit addresses) and IPv6 (128-bit addresses).
- IPv4 addresses are written as four decimal numbers (octets) separated by dots, e.g. 192.168.1.1.
- Each octet represents 8 bits, so values range from 0 to 255.
- Usually 0 is reserved for the network address and 255 for the broadcast but this can depend on subnetting
- An IP address is split into: Network part → identifies the network; Host part → identifies the device/interface inside that network
- The division between network and host is not fixed globally. It depends on the subnet mask (or CIDR prefix).
Subnetting
Networks are divided into smaller parts called subnets for better management and efficiency. A subnet mask defines where the network portion ends and the host portion begins.
Example:
IP: 192.168.1.1
Mask: 255.255.255.0 (/24)
Network: 192.168.1.0
Hosts: 192.168.1.1 → 192.168.1.254
Broadcast: 192.168.1.255
Ever increasing number of computers
IPv4 has a limited number of available addresses (~4.3 billion), which is not enough for every device worldwide. To deal with this shortage, IPv4 introduced the use of public and private address ranges.
Public IP addresses are globally unique and routable on the Internet. Private IP addresses are reserved for internal networks and can be reused in different places (homes, offices, schools, etc.). They are not directly reachable from the Internet without NAT (Network Address Translation).
Private networks commonly use addresses like 192.168.x.x, but also other ranges.
| Range | Description |
|---|---|
| 10.0.0.0 – 10.255.255.255 | Large private network range (Class A) |
| 172.16.0.0 – 172.31.255.255 | Medium private network range (Class B subset) |
| 192.168.0.0 – 192.168.255.255 | Small private networks (home/office routers) |
Also, the 127.0.0.0/8 range is reserved for the loopback address, used by a computer to communicate with itself. The most common example is 127.0.0.1.
IPv6
IPv6 is the successor to IPv4, designed to solve address exhaustion and improve network design.
- IPv4 uses 32-bit addresses, written as 4 decimal numbers (octets), each representing 8 bits (4 × 8 = 32 bits total)
- IPv6 uses 128-bit addresses, written as 8 groups of 4 hexadecimal digits (hextets), where each group represents 16 bits (8 × 16 = 128 bits total).
Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Hexadecimal is used because it is more compact and easier to represent large binary numbers.
- Massive address space, eliminates the need for widespread NAT in most cases
- Simplified header structure, more efficient processing in routers compared to IPv4
- No broadcast, replaced by multicast and anycast communication
- Auto-configuration, devices can automatically generate IP addresses (SLAAC)
- Built-in security support (IPsec), IPsec is a framework for encrypting and authenticating IP traffic.
- It is mandatory to support in IPv6 implementations, meaning all IPv6-capable systems must be able to use it. However, it is not automatically enabled or always used.
- In IPv4, IPsec is optional but widely supported as an add-on.
Thanks to its legacy usage and simplicity, IPv4 is still dominant, while IPv6 is widely used by large providers like Google and in mobile networks, with many environments operating in dual-stack mode using both protocols.
TCP / UDP
UDP (User Datagram Protocol) is a lightweight network protocol that sends data without establishing a connection or guaranteeing delivery, ordering, or error checking, making it faster but less reliable than TCP.
TCP (Transmission Control Protocol) is a network protocol that ensures reliable, ordered, and error-checked delivery of data between applications over the internet. But how does TCP ensure all of this?
TCP hanshake (SYN, SYN-ACK, ACK Handshake)
Before data can be exchanged, TCP establishes a connection between a client and a server using a three-way handshake:
SYN – The client sends a synchronization (SYN) packet to the server, requesting a connection. SYN-ACK – The server responds with a synchronization and acknowledgement (SYN-ACK) packet. ACK – The client sends an acknowledgement (ACK) packet back to the server.
After this exchange, both parties have confirmed that they can communicate with each other, and the TCP connection is established. Data can then be transmitted reliably over the connection.
Client Server
| ------ SYN -----------> |
| <---- SYN-ACK --------- |
| ------ ACK -----------> |
| |
| <==== Data Transfer ===>|