Skip to main content
Ethical Hacking
CHAPTER 04

Networking Fundamentals for Ethical Hackers

Updated: May 15, 2026
25 min read

# CHAPTER 4

Networking Fundamentals for Ethical Hackers

1. Introduction

If you do not understand networking, you cannot be a cybersecurity professional. Period. Hacking is fundamentally the manipulation of network traffic. How does a web page get from a server in Tokyo to your screen in New York? How does a firewall decide which packets to drop? In this chapter, we will demystify the core protocols of the internet, understanding IP addresses, DNS, TCP/IP, and the concept of "Ports," building the foundation required to analyze and secure network traffic.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Differentiate between Private (LAN) and Public (WAN) IP addresses.
  • Understand the role of DNS (The Phonebook of the internet).
  • Describe the basic function of the TCP/IP protocol suite.
  • Identify common logical Ports and their associated services (e.g., Port 80/HTTP).
  • Understand the purpose of Firewalls and VPNs.

3. Beginner-Friendly Explanation

Imagine sending a physical letter through the postal service.
  • IP Address: Your home address (123 Main St). Every computer needs a unique address so data knows where to go.
  • DNS (Domain Name System): Your Contacts App. You don't memorize your friend's 10-digit phone number or home address; you just look up "Alice." DNS translates human-readable names (google.com) into computer-readable IP addresses (142.250.190.46).
  • Ports: The specific person in the house. If you send a letter to an apartment building (The IP Address), you must specify the Apartment Number (The Port). Apartment 80 handles web traffic. Apartment 22 handles secure remote logins.
  • TCP (Transmission Control Protocol): Certified Mail. The mailman delivers the letter, demands a signature confirming receipt, and if the letter is lost, they automatically resend it. It guarantees delivery.

4. IP Addresses: Public vs. Private

  • Public IP: Assigned by your Internet Service Provider (ISP). It is visible to the entire internet. Think of it as the street address of your office building.
  • Private IP: Assigned by your home router to your devices (e.g., 192.168.1.5). It is *only* visible inside your house (Local Area Network - LAN). Think of it as your internal office cubicle number. The internet cannot send data directly to a Private IP.

5. Ports and Protocols

A computer has 65,535 logical ports. Hackers spend a lot of time "Scanning Ports" to see which "doors" are open on a server. Crucial Ports to Memorize:
  • Port 21 (FTP): File Transfer Protocol. (Unencrypted, insecure).
  • Port 22 (SSH): Secure Shell. Used by admins to securely log into Linux servers.
  • Port 80 (HTTP): Unencrypted web traffic.
  • Port 443 (HTTPS): Encrypted web traffic.
  • Port 3389 (RDP): Remote Desktop Protocol. (A massive target for ransomware gangs).

6. Firewalls and VPNs

  • Firewall: A digital security guard sitting at the front door of a network. It reads a rulebook (Access Control List): "Allow traffic to Port 443. Block ALL traffic trying to reach Port 3389."
  • VPN (Virtual Private Network): An encrypted tunnel. If you are at a public coffee shop, anyone can intercept your traffic. A VPN creates a secure, encrypted tunnel from your laptop directly to a safe server. It also masks your real IP address, making it look like your traffic is originating from the VPN server.

7. Mini Project: Analyze Network Communication Safely

Let's use the Linux terminal to explore networking natively.

Step-by-Step Walkthrough: *(Run these in your Kali Terminal)*

  1. 1. Find your IP Address:

bash
1 
ip a

Look for eth0 or wlan0. You will see an inet address like 10.0.2.15 (VirtualBox default) or 192.168.x.x. This is your Private IP.

  1. 2. Ping a server: Check if a server is alive by sending a small packet. Press Ctrl+C to stop it.

bash
1 
ping google.com
  1. 3. Trace the route: See exactly how many routers (hops) your packet bounces through to get to Google.
bash
1 
traceroute google.com
  1. 4. Use DNS manually: Ask a DNS server to translate a domain name into an IP address.
bash
1 
nslookup example.com

8. Real-World Scenarios

A small business sets up a new database server. The administrator forgets to configure the Windows Firewall and leaves Port 3389 (Remote Desktop) open to the entire internet. A hacker in another country uses an automated scanner that continuously searches the internet for any IP address with Port 3389 open. The scanner finds the small business server, launches a brute-force password attack, logs in, and deploys ransomware. A simple firewall rule ("Block Port 3389 from outside IP addresses") would have completely prevented the attack.

9. Best Practices

  • Default Deny Policy: When configuring a firewall, the absolute best practice is "Default Deny." This means the firewall explicitly blocks *everything* by default. You then manually add rules to allow *only* the specific traffic that is strictly necessary for the business to function (e.g., Allow Inbound Port 443).

10. Common Mistakes

  • Confusing HTTP with HTTPS: HTTP sends all data (including passwords) in plain, readable text. If someone intercepts the traffic, they steal the password immediately. HTTPS (Port 443) wraps the HTTP traffic in a TLS encryption tunnel, making it look like gibberish to anyone trying to intercept it. Never log into an HTTP website.

11. Exercises

  1. 1. Define the role of DNS in web browsing. What would happen if global DNS servers crashed?
  1. 2. Explain the difference between a Public IP address and a Private IP address. Which device is responsible for translating between the two?

12. FAQs

Q: Do hackers use VPNs to hide? A: Yes. Black hats use VPNs and proxy chains (like the Tor network) to bounce their traffic through multiple countries, making it incredibly difficult for law enforcement to trace the origin of an attack back to their real Public IP address.

13. Interview Questions

  • Q: Differentiate between the TCP and UDP protocols. In what scenario would a developer choose to use UDP over TCP?
  • Q: A web server needs to be accessible to the public internet, but the database it relies on must be highly secure. Detail the firewall port configurations required to allow public web traffic while preventing public database access.

14. Summary

In Chapter 4, we unraveled the invisible threads of the internet. We learned how IP addresses identify devices, how DNS provides human-readable navigation, and how logical Ports separate different types of traffic on a single server. We differentiated between the reliable TCP protocol and the concepts of Firewalls acting as digital gatekeepers. Understanding normal network traffic is the prerequisite to identifying the abnormal network traffic caused by cyber attacks.

15. Next Chapter Recommendation

We understand the battlefield. Before a penetration tester attempts to find a vulnerability, they must gather as much information about the target as legally possible. Proceed to Chapter 5: Introduction to Reconnaissance and Information Gathering.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Linux Fundamentals for Security
Next Chapter Introduction to Reconnaissance and Information Gathering

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

Related Quizzes 5