Ethical Hacking &

Penetration Testing Course

Chapter#3 – Network Fundamentals
Content

1. How the Internet Works? 9. SMB (Server Message Block) and Samba

2. IP Addresses 10. Tracerouting

3. MAC Addresses 11. Analyzing Network Traffic – Wireshark, Tcpdump.

4. DHCP, TCP, UDP, and the Three-Way Handshake 12. Proxies and Proxy Servers

5. Common Ports and Protocols 13. Introduction to TOR

6. The OSI Model 14. Introduction to VPN

7. Subnetting 15. Remote Login – SSH and telnet

8. SNMP (Simple Network Management Protocol) 16. HTTP and Web Technologies
1. How Internet Works?

The Internet is a global system of interconnected

computer networks that use the Internet protocol
suite (TCP/IP) to link several billion devices
worldwide. It is a network of networks that consists
of millions of private, public, academic, business,
and government networks of local to global scope,
linked by a broad array of electronic, wireless, and
optical networking technologies. The Internet
carries an extensive range of information resources
and services, such as the inter-linked hypertext
documents and applications of the World Wide
Web (WWW), electronic mail, telephony, and peer-
to-peer networks for file sharing.
— Wikipedia
 1. How Internet Works / DNS working
DNS (Domain Name System):
Imagine DNS as a phone book for the internet. When you
type a domain name (like "google.com") into your browser,
DNS helps find the corresponding IP address, so your
request reaches the right place.
DNS Server:
•DNS servers are like super-smart phone book managers.
They store records of domain names and their
corresponding IP addresses. When you search for a domain,
these servers provide the correct IP address.
DNS Query:
•When you type a domain into your browser, your device
sends a question (query) to a DNS server, asking, "What's
the IP address for this domain?“
Authoritative DNS Server:
•Think of this as the ultimate source. Authoritative DNS
servers hold the official records for specific domains. They
provide the final answer when your device asks, "What's the
IP for this domain?"
DNS Cache:
•Just like your browser stores recently visited websites, DNS
servers keep a cache of recent lookups. It helps speed up the
process, as the server might already know the answer
without asking others.

Execute Command : nslookup google.com

 2. IP Addresses

An IP (Internet Protocol) address is a

numerical label assigned to each device
connected to a computer network that
uses the Internet Protocol for
communication.

IP addresses serve two primary

purposes: host or network interface
identification and location addressing.
IPv6 (Internet Protocol version 6)

Types of IP Addresses:

IPv4 (Internet Protocol version 4):

IPv6 (Internet Protocol version 6):

2. IP Addresses

IPv4 IPv6
 2. IP Addresses
Classes of IP Addresses : IP addresses are generally put into three classes, and the ranges are:
​
•Class A: 0.0.0.0 - 127.255.255.255
•Class B: 128.0.0.0 - 191.255.255.255
•Class C: 192.0.0.0 - 223.255.255.255
​
​Public vs. Private IP Addresses
​
It's important to note that our IP address system has its limitations. The biggest limitation is that there are not enough IP addresses to cover all of
the devices that need to connect to the internet.
The IPv4 system that we are working with now has only 4.3 billion IP addresses.

​ s a result, a system was developed to reuse a group of IP addresses to be used within a LAN—and are not usable over the internet.
A
These addresses can be used over and over again within each local area network, but not over the internet, thereby conserving the number of IP
addresses necessary to keep the world going 'round.
​
These private addresses include:
​
•192.168.0.0 - 192.168.255.255
•10.0.0.0 - 10.255.255.255
•172.16.0.0 - 172.16.255.255
​
 3. MAC Addresses

A MAC (Media Access Control) address, sometimes referred

to as a hardware address or physical address, is a unique
identifier assigned to the network interface of a device for
communication on a network. This address is embedded in
the device's network interface card (NIC)

Uses of MAC Addresses:

1.Device Identification
2.Address Resolution Protocol (ARP)
3.Network Security
4.Network Management
5.Device Tracking
 4. DHCP

Dynamic Host Configuration Protocol (DHCP) assigns IP addresses

dynamically. This means that you do not have the same IP address
all of the time. Most of the time, these IP address assignments are
on a local area network.

Remember, on LANs we use private IP addresses. When each

device is connected to the LAN, it must request an IP address.
That device sends that request to the DHCP server that then
assigns an IP address to that system for a fixed length of time
known as a "lease."

Each time you connect to the LAN, you are likely to receive a
different (dynamic) IP address, but usually in the same range. For
instance, 192.168.0.0 - 192.168.255.255.
​
 4. NAT
Network Address Translation (NAT) is protocol whereby internal private IP
addresses are "translated" to an external public IP address that can be routed
through the internet to its destination.
Remember, private IP addresses of the systems inside the LAN cannot use their
IP addresses on the internet because they are not unique (every LAN uses
basically the same IP addresses inside their network).
​
The NAT device accepts requests to traverse the internet from an internal
machine. It then records that machine's IP address in a table and converts the
IP address to the external IP address of the router.

When the packet returns from its destination, the NAT device looks into its
saved table of the original request and forwards on the packet to the internal
IP address of the system that made the original request within the LAN. When
working properly, the individual systems and users don't even realize this
translation is taking place.
 4. The Three-Way Handshake

• Step 1 (SYN): In the first step, the client wants to establish

a connection with a server, so it sends a segment with
SYN(Synchronize Sequence Number) which informs the
server that the client is likely to start communication and
with what sequence number it starts segments with

• Step 2 (SYN + ACK): Server responds to the client request

with SYN-ACK signal bits set. Acknowledgement(ACK)
signifies the response of the segment it received and SYN
signifies with what sequence number it is likely to start
the segments with

• Step 3 (ACK): In the final part client acknowledges the

response of the server and they both establish a reliable
connection with which they will start the actual data
transfer
 4. TCP, UDP

TCP (Transmission Control Protocol) lies between the Application and Network Layers which are used in providing reliable
delivery services. It is a connection-oriented protocol for communications that helps in the exchange of messages
between different devices over a network. The Internet Protocol (IP), which establishes the technique for sending data
packets between computers, works with TCP.

Features of TCP
•TCP keeps track of the segments being transmitted or
received by assigning numbers to every single one of them.
•Flow control limits the rate at which a sender transfers data.
This is done to ensure reliable delivery.
•TCP implements an error control mechanism for reliable
data transfer.
•TCP takes into account the level of congestion in the
network.
4. TCP, UDP
User Datagram Protocol (UDP) is a Transport Layer protocol. UDP is a part of the Internet Protocol suite, referred to as the UDP/IP suite.
Unlike TCP, it is an unreliable and connectionless protocol. So, there is no need to establish a connection before data transfer. The UDP
helps to establish low-latency and loss-tolerating connections establish over the network. The UDP enables process-to-process
communication.

Features of UDP
• Used for simple request-response communication when the size of data is less and hence there is lesser concern about flow and error
control.
• It is a suitable protocol for multicasting as UDP supports packet switching.
• Normally used for real-time applications which can not tolerate uneven delays between sections of a received message.
 5. Common Ports and Protocols
A port is a logical form to identify system activities or various network services used to create local or network-based
communications.

Port number is a 16-bit numerical value that ranges from 0 to 65535. Well-known port (0-1023), registered port (1024-49151),
and dynamic port is three types of port number space. (49152-65535).

These ports can be opened and used by software applications and operating system services to send and receive data over
networks (LAN or WAN) that employ certain protocols (eg TCP, UDP).

For example, we use 80 for HTTP-web-based plain-text surfing and 443 for HTTPS-web-based encrypted websites in our daily
work.

TCP and UDP ports are in one of these three states:

Open — The port responds to connection requests.

Closed — The port is unreachable, indicating that there is no corresponding service running.
Filtered — The firewall is monitoring traffic and blocking certain connection requests to the port.
 5. Common Ports and Protocols
•Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server. • 15 Netstat • 445 SMB
• 20/21 FTP • 500
•Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network
• 22 SSH IPSec/ISAKMP
connections. • 23 Telnet • 520 RIP
• 25 SMTP • 546/547 DHCP
•Port 25: Historically, Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
• 50/51 IPSec • 636 SLDAP
•Port 53: Domain Name System DNS is an essential process for the modern Internet; • 53 DNS • 1512 WINS
• 67/68 BOOTP • 1701 L2TP
•Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web
• 69 TFTP • 1720 323
possible. • 79/49 TACACS+ • 1723 PPTP
• 80 HTTP • 1812/13 RADIUS
•Port 123: Network Time Protocol (NTP) NTP allows computer clocks to sync with each other, a process
• 88 Kerberos • 3389 RDP
that is essential for encryption. • 110 POP3 • 5004/5005 RTP
• 111 Port Map • 5060/5061 SIP
•Port 443: HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web
• 119 NNTP
traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also • 123 NTP
• 137-139
connect at this port. NetBIOS
•Port 587: Modern, secure SMTP that uses encryption. • 143 IMAP
• 161 SNMP
•Port 3389: Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop • 389 LDAP
computers from another device. • 443 SSL
 6. The OSI Model

•OSI stands for Open System Interconnection is a reference model

that describes how information from a software application in
one computer moves through a physical medium to the software
application in another computer.

•OSI consists of seven layers, and each layer performs a particular

network function.

•OSI model was developed by the International Organization for

Standardization (ISO) in 1984, and it is now considered as an
architectural model for the inter-computer communications.

•OSI model divides the whole task into seven smaller and manageable
tasks. Each layer is assigned a particular task.

•Each layer is self-contained, so that task assigned to each layer can be

performed independently.
 6. The OSI Model

7. Application Layer
The application layer is used by end-user software such as web browsers and email
clients. It provides protocols that allow software to send and receive information and
present meaningful data to users.

A few examples of application layer protocols are the Hypertext Transfer

Protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail
Transfer Protocol (SMTP),Domain Name System (DNS).

6. Presentation Layer
The presentation layer prepares data for the application layer.
It defines how two devices should encode, encrypt, and compress data so it is received
correctly on the other end. The presentation layer takes any data transmitted by the
application layer and prepares it for transmission over the session layer.

5. Session Layer
The session layer creates communication channels, called sessions, between devices.
It is responsible for opening sessions, ensuring they remain open and functional while
data is being transferred, and closing them when communication ends. The session
layer can also set checkpoints during a data transfer—if the session is interrupted,
devices can resume data transfer from the last checkpoint.
 6. The OSI Model
4. Transport Layer
The transport layer takes data transferred in the session layer and breaks it into “segments” on
the transmitting end. It is responsible for reassembling the segments on the receiving end,
turning it back into data that can be used by the session layer.
The transport layer carries out flow control, sending data at a rate that matches the connection
speed of the receiving device, and error control, checking if data was received incorrectly and if
not, requesting it again.

3. Network Layer
The network layer has two main functions. One is breaking up segments into network packets,
and reassembling the packets on the receiving end. The other is routing packets by discovering
the best path across a physical network.
The network layer uses network addresses (Internet Protocol addresses) to route packets to a
destination node.

2. Data Link Layer

The data link layer establishes and terminates a connection between two physically-connected
nodes on a network. It breaks up packets into frames and sends them from source to destination.
This layer is composed of two parts—Logical Link Control (LLC), which identifies network
protocols, performs error checking and synchronizes frames, and Media Access Control (MAC)
which uses MAC addresses to connect devices and define permissions to transmit and receive
data.

1. Physical Layer
The physical layer is responsible for the physical cable or wireless connection between network
nodes. It defines the connector, the electrical cable or wireless technology connecting the
devices, and is responsible for transmission of the raw data, which is simply a series of 0s and 1s,
while taking care of bit rate control.
 7. Subnetting

Subnet:
•In a large network, like a company's or an internet service provider's,
there are many devices (computers, printers, etc.).
• Subnetting is like dividing this vast network into smaller, more
manageable chunks. Each chunk, or subnet, can be treated as a mini-
network on its own.

•Why we need it: It enhances organization, security, and efficiency. Devices

within a subnet can communicate more easily, and administrators can
apply specific rules and permissions to each subnet independently.

Execute Command :
netsh interface ipv4 show config
 8. SNMP (Simple Network Management Protocol)
SNMP is a protocol used for managing and monitoring devices on a
computer network. It's like a language that network devices (routers,
switches, servers, etc.) use to communicate their status and
performance metrics.

Components of SNMP:

•SNMP Manager:
• This is the "manager" or the system that collects and
analyzes information from network devices. It could be a
software application or a dedicated device.
•SNMP Agents:
• These are programs or components embedded in
network devices that collect and store information about
the device. Agents respond to requests from the SNMP
manager and send alerts when predefined thresholds are
crossed.
8. SNMP (Simple Network Management Protocol)
How SNMP Works:

•GET Requests:
• The SNMP manager sends a GET request to an SNMP
agent, asking for specific information about a device. For
example, it might request the current CPU usage of a
server.

•SET Requests:
• The manager can also send SET requests to agents,
instructing them to change certain settings on a device.
For instance, adjusting the temperature threshold on a
network switch.

•TRAPs (Alerts):
• SNMP agents can independently send TRAPs to the SNMP
manager. These are alerts triggered by predefined events
like a sudden increase in network traffic or a device
reaching its storage capacity.
 9. SMB (Server Message Block) and Samba
SMB is a network protocol that enables shared access to files,
printers, and other resources between computers on a network. It's
a common protocol used in Windows environments.

Key Features:

•File and Printer Sharing:

• SMB allows users to share files and printers across a
network. For example, it facilitates access to documents
stored on one computer from another computer within the
same network.
•Communication:
• Computers using SMB can communicate and request
services from file servers, print servers, and other network
resources. It operates as a client-server protocol.

•Authentication:
• SMB provides a mechanism for user authentication,
ensuring that only authorized users can access shared
resources. This helps in maintaining the security and
privacy of files and data.
 9.1 SMB (Server Message Block)

Use Cases:

•File Sharing:
• In an office network, employees can use SMB to share
documents and collaborate on projects. It simplifies the
process of accessing shared files on a centralized server.
•Printer Sharing:
• SMB allows multiple users to print documents on a
shared printer. This is common in office environments
where several users need access to a single printer.
•Access to Network Resources:
• SMB enables users to access not only files and printers
but also other network resources, fostering efficient
communication and collaboration.
 9.2 SAMBA
Samba is an open-source implementation of the SMB protocol. It
allows non-Windows operating systems, like Linux and Unix, to
communicate seamlessly with Windows-based systems using SMB.

Key Features:

•Cross-Platform Compatibility:
• Samba enables interoperability between different operating
systems, making it possible for non-Windows systems to
share files and resources with Windows systems.

•File and Print Services:

• Like SMB, Samba provides file and print services. It allows a
Linux server, for example, to act as a file server for Windows
clients, and vice versa.

•Authentication:
• Samba includes its own authentication system, allowing non-
Windows systems to participate in a network where user
authentication is required.
9.4 SAMBA

Why Samba is Needed:

•Cross-Platform Integration:
• Samba bridges the gap between Windows and non-Windows systems. It is crucial for
organizations or networks where both Windows and non-Windows systems coexist, providing
seamless communication.

•Cost-Efficiency:
• As an open-source solution, Samba is cost-effective and provides a way for organizations to
integrate different systems without the need for expensive proprietary solutions.

•Flexible Deployment:
• Samba allows for the deployment of file and print services on a variety of platforms, offering
flexibility in choosing the underlying operating system for servers.
 10. Tracerouting
A traceroute provides a map of how data on the internet travels from its source to its
destination. When you connect with a website, the data you get must travel across
multiple devices and networks along the way, particularly routers.

How Tracerouting Works:

•Packet Hopping:
• Traceroute works by sending a series of packets toward the target destination with each packet carrying a
Time-to-Live (TTL) value. The TTL value is decremented at each hop, and when it reaches zero, the packet is
discarded.

•ICMP Echo Requests:

• Traceroute primarily uses ICMP (Internet Control Message Protocol) Echo Requests. The packets are sent to
the target, and as they traverse the network, routers along the path respond with ICMP Time Exceeded
messages when the TTL expires.

•Round-Trip Time (RTT):

• Traceroute measures the round-trip time for each packet to reach the target and come back. This helps in
determining the latency or delay at each hop.
 10. Tracerouting
Why Tracerouting is Needed:

•Network Troubleshooting:
• Traceroute is an essential tool for troubleshooting network issues. By showing the path a packet takes, network
administrators can identify where problems, such as delays or outages, might be occurring.

•Performance Analysis:
• It helps in analyzing the performance of a network by providing information on the time it takes for data to travel
between different points. This is crucial for optimizing network efficiency.

•Path Verification:
• Traceroute verifies the actual route that data takes, which may not always be the most direct path. This information is
valuable for understanding the topology of a network and ensuring that data is flowing as intended.

•Security Analysis:
• Tracerouting can be used to analyze the security of a network. It helps identify potential points of vulnerability or
unauthorized diversions in the data path.

Use case :
•Imagine you're sending an email from your computer to a server across the globe. Traceroute would show you each
intermediate step (or hop) the email takes, including routers, switches, and servers. If there's a delay or if the email isn't
reaching its destination, traceroute would highlight where the issue might be occurring.