Hello, I'm bored so I thought I would make a short basics guide out of my study

1. Hello, I'm bored so I thought I would make a short basics guide out of my study notes.
2.  
3. So lets first take a look at what networking is.
4.  
5. What is networking? -
6.  
7. 1. The connection of computers that can share resources.
8. 2. Networks power the internet
9. 3. Each machine on a network is commonly referred to as a node.
10.  
11. What is a packet? -
12.  
13. 1. A set size (most of the time) of data that is transferred over a physical medium (the physical wire that runs from the computer or wifi whatever the case might be) to another node on the network.
14. 2. The commonly known TCP/IP or UDP use this structure (the packet), but most other protocols you will use ontop of tcp and on top of udp are going to use a packet as well.
15.  
16. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
17. Network Medium - cables etc.
18.  
19. 1. Unshielded Twisted pair - UTP:
20. This is the most commonly used and what you will mostly run in to in a home environment or network closet.
21. What happens between Shielded and Unshielded? It is the wrapping around the wires itself to help avoid any disturbance in the wire itself.
22.  
23. 2. Shielded Twisted Pair - STP
24.  
25.  
26. 3. Coaxial Cable:
27. The coaxial cable is what youre probably most familiar with and what you see on a daily basis, where the modem is connected to the wall.
28.  
29. 4. Fiber Cable:
30. Fiber is made of light. There is multiple different types of connectors for fiber cables, there is different types of fibre cables, but just understand that it is commonly used as a backbone or a baseline of the network because it can go much longer distances. Also understand that for each cable, the different types of cable have different lengths, so you can only go so far on a shielded or unshielded twisted pair cable before the data needs some kind of repeater in the middle to boost the power again and have it send at full signal, fiber on the other hand can go much further than any of these other 3 which is important to understand from a networking perspective, as far as a redteamer is concerned, you might not have to deal with this unless youre getting into fiber taps, or any type of wire tap.
31. tapping fiber is easy. You can buy optical splitters that plug into the network like a cable and divert a small amount of the light to a separate receiver. A typical tap passes 90-95% of the light and diverts 5-10%, often enough to run a separate receiver, certainly at the transmitter end.
32.  
33. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
34. Network Topologies
35.  
36. Please google each one of these, so you can see what they look like.
37.  
38. There are many different types of network topologies:
39.  
40. 1. Bus - In a Bus Topology you can think of it like a bus, it looks like a bus and its got nodes on both side, and the line in the middle is the backbone or fiber, and every node connects into that wire whether its a server or a workstation it doesnt matter. It's commonly used on the backend and each node would probably be a router or a networking closet etc.
41.  
42. 2. Ring - A Ring, also known as a Token Ring, is where everything connects to the next one in line and eventually makes its circle, the problem with this is if one node drops, the node before it cant reach to the other side, there is limitations on each type of Topology.
43.  
44. 3. Star - Star is pretty similar all the nodes connect into one networking device, however if that network device fails all of them are offline and they cant connect to each other, this looks like a star.
45.  
46.  
47. 4. Mesh - Mesh is getting into more of what we're used to on a regular network, keep in mind the word mesh, mesh is like a few combinations of different ones so you can have a backbone but you also see a Star Topology in here as well, where things connect into a networking device, but you also see nodes that connect into to other networking devices which is not common in a Star Topology, so its kind of meshing them together, mesh is more commonly used.
48.  
49.  
50. 5. Hybrid - Hybrid is also what we use on a day to day basis, in this case everything connects to eachother, so there is always a path to it, between mesh and hybrid is what networks commonly are today in the backbone for example; going from site to site or the main lines on the streets and then connects off to the nodes (houses). Hybrid and Mesh are combined together.
51. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
52. What is the OSI Model?
53.  
54. 1. Open Systems Intercommunication Model
55. 2. Commonly used to understand the flow of communications between 2 devices.
56. 3. Also used for troubleshooting
57.  
58.  
59.  
60.  
61.  
62. The OSI Model, or Open System Intercommunication Model, is commonly used to understand the flow of communications between 2 devices. So this is everything from you going to google.com and hitting enter all the way down to where the data gets sent and back. This is Commonly used for troubleshooting, however some people refer to things as a layer 2 switch or a layer 3 switch (which we talk about), outside of that from a red teamers perspective its not as important of information to know, but you should understand and be aware of what it is and what it looks like and what the components are.
63. -------------------------------------------------------------------------------
64. The OSI Model
65.  
66.  
67. The OSI Model - consists of 7 layers.
68.  
69. Starts with the highest number to the lowest, so first is Application Layer, then Presentation, etc.
70.  
71. 7. Application Layer -
72. Application Layer is closest to the end user and what you normally see, this is the software itself that the layer interacts with, lets say the browser wants to go to google.com, in that case it handles high level API's that its interacting with to be able to start the transfer of data.
73.  
74.  
75. 6. Presentation Layer -
76. The Presentation Layer is where the protocol starts to take over, where if it needs to be encoded in a specific way or it needs to be compressed or encrypted /decrypted, this is where all of that process happens. The reverse happens when you send the data across the network and it goes back up from layer 1 to layer 6 which is the presentation layer, its going to decode or uncompress or decrypt whatever that data was.
77.  
78.  
79.  
80. 5. Session Layer -
81. The Session Layer is starting to get more into the protocol on how the protocol itself, is being used, so it could be tcp/ip, could be TLS that sits ontop of that or SSL, it makes sure that all of the sessions between the two devices are in sync, so it knows what was sent, what wasnt, it also knows whether there is something active or not, so if the session hasnt been used before, it will kill it off. Makes sure all of the sessions are active that need to be and stops all non-active sessions.
82.  
83.  
84.  
85. 4. Transport Layer -
86. The Transport Layer handles the actual tranfering of data, the segmentation of packets making sure they are the right size, because a packet can only hold so much data so you want to segment that a little bit further in to 5 or 10 or 100 different packets that all get sent across. The ackknowledgement that we recieve the data also happens in the Transport Layer (ACK).
87.  
88.  
89. 3. Network Layer -
90. The Networking Layer manages the IP Addresses, the Routing, and the IP layer of the Packets, so the IP header. This is an important layer because this is how things get from one set to another.
91.  
92.  
93. 2. Data Link Layer -
94. The Data Link Layer handles the Data Frames, in most cases you're going to be looking at something called an ethernet frame, an ethernet frame is the top most level of a packet, or the type of frame, so for example wireless will have beacon frames, so the frame is what the physical medium (wires etc) is able to transmit it, the core circuitry understands what that frame looks like so that it can start tranfering the data. So ethernet frames can only travel over an ethernet based cable which is the twisted pair.
95. This layer also corrects any errors that happened during the transfer between 2 nodes, so if somethings out of sequence we haven't acknowledged something, any errors in transit occur here. This also defins the protocol used to transfer the data itself at the lowest level.
96.  
97. 1. Physical Layer -
98. The Physical Layer is where the wires sit, the radiowaves happen, the wireless signals etc, all of that sit at this layer. It is the lowest layer you can get to. This is where the signals themselves get sent across the network medium, what is important about this layer is that its the actual physical hardware sending raw data out.
99.  
100. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
101. TCP / IP
102.  
103. What is TCP / IP ?
104.  
105. TCP / IP can be broken down into 2 sub protocols:
106. Transmission Control Protocol
107. Internet Protocol
108.  
109. This is the main protocol used to interconnect networks between nodes on public (internet) or private networks, UDP is another one of the main protocols used, in most cases you're going to see TCP or UDP, when you start getting into telecommunications from mobile devices you get stuff like SS7, there are different protocols for different aspects but on a normal packet based network which is what youre going to run into 90% of the time is going to be either TCP/ IP or UDP.
110.  
111. What is important to understand is that TCP / IP uses a client server type model for its communications, so somebody initiates the connection - the client, and the other one responds - server, normally this is the case, for UDP it can go back and forth.
112.  
113.  
114. TCP -
115.  
116. TCP divides the data, the raw data of the request into packets, and then sends each packet over to the IP protocol so it can do its addition, the reason it breaks this into packets is because of windowing, windowing in a nutshell allows only so much data to be sent across at a time, because the other side is expecting only so much data, so if you send it to much it will reject it and ask it to be resent.
117. This is called segmentation when it is divided, and its because packets themselves can only hold so much data (65,535).
118. TCP also reassembles the data into its original form when it reaches the destination, the destinations machine will do that.
119. The type of data received depends on the data that's being sent, so if its a HTTP request it should be the same exact request when put back together after sequencing on the other end, and provide the same exact result.
120.  
121.  
122. Each TCP packet is numbered in a sequence that is unique to that transmission set, so when you send something, it doesn't get an ID of 1, it gets a unique sequence number that is unique to that TCP connection. Because of that, it knows whats in what order for that connection, so if you send like 5 packets across and the last two that you sent got there first for some reason because the packets took a different approach each time it will still know what order its in - sometimes they can take the same approach if its sent really quickly, but in some cases you might find that one packet takes one way and one packet takes a different way especially when you're going over the internet. So these sequencing numbers, allow the other end to rebuild the packet in its correct and intended way.
123.  
124. “A Time To Live” which is usually an IP based header, is that if TCP sees the time to live in the packet and its been received later than it should have, like its been too long since it was sent, it will consider it dead and then ask the sender to resend the same exact packet, this is also called a retransmission. This can happen for multiple reasons, it can happen because the time deliv was out, it could happen because there is too much traffic on the network so it couldn't send the packet out, or the packet was corrupted, whatever the case might be you'll see something called a retransmission.
125.  
126. Every packet must be acknowledged to guarantee that the data is sent, so if it sends 500 packets, it needs to receive 500 packets for the request itself to be considered complete.
127.  
128.  
129. IP - internet protocol
130.  
131. What is IP?
132.  
133. IP handles the addressing of the packet with an IP address, as well as the MAC address, IP keeps track of the source it came from, the destination it's going to, and the time to live and MAC address. Understand that IP handles the routing and where things are supposed to go, so when a switch looks at a packet they don't look at the TCP section of the data they look at the IP header which has all this information.
134.  
135.  
136. Port
137.  
138. What is a Port?
139.  
140. A Port can be thought of as a software docking point that external entities or nodes (machines/servers) can talk to a specific process on the machine, for example, a webserver is a process on a machine that has a port that wants to be able to be talked to from the outside and this is mostly on port 80, so when you connect to it on port 80, the computer that you're talking to will know that you're trying to talk to this specific service, and the service is designed to handle traffic from the outside, so the machine forwards your request to the service or the software.
141.  
142. The software can run on any port, you can run a web service on port 10,000 if you want to, however just understand that there is a common set of services that will run on specific ports, such as:
143. port 22 - SSH
144. port 80 - HTTP
145. port 443 - HTTPS
146.  
147. There is a common port list, you can just google “common portlist” and you'll find a large amount of them, webservers tend to be on port 80, so if you go to a web browser and type in google.com you're going to that over port 80 or port 443.
148.  
149.  
150.  
151. MAC Address
152.  
153. MAC - Media Acess Control, what is MAC ?
154.  
155.  
156. A MAC Address or Media Access Control Address is whats used underneath the IP, so when you have an IP the actual routing is done based on the MAC Address, there are some that route based on an IP, however its the MAC Address that's still taking into consideration where it needs to go, this specific Address is normally hardcoded into the hardware itself that you're using, whether that's a wireless card or an ethernet card, whatever the case it's on your physical machine. Now, VM's aren't physical, but they still have a MAC Address, so there is a way for software to tell the operating system what the MAC Address is.
157.  
158. You can spoof or fake a MAC Address, just like you can spoof an IP Address. On kali linux spoofmac is the application that allows you to change it, spoofing your MAC is good for trying to gain access to a WiFi that has MAC filtering enabled.
159.  
160. Example of what a MAC looks like: 1a:00:01:37:f3:40
161.  
162. You will see this Address when you do IPCONFIG or IFCONFIG on linux or windows, that is your physical MAC Address.
163.  
164.  
165.  
166.  
167. 3 Way Handshake
168.  
169. Every TCP / IP connection must start with a 3-way handshake, this is to allow the machine on the other end or the server, to know that a connection has been made and that it's going to be expecting some traffic or some data from this particular TCP / IP session. The way this works is the client sends a SYN or Synchronize packet to the end node to ask if a port is open and if there is an availability for a new connection, assuming the target node has the port open and it's willing to accept a new connection it will respond with a SYN/ACK or Synchronize Acknowledgement packet, letting the node know that it's ready to go, the client then sends back an ACK or Acknowledgement packet to the server and now has an active connection, there's keep alives and sequence numbers in this etc, and then any data passed using the same sequence numbers will be referred to in this particular TCP/IP session.
170.  
171. There are alot more things you can know about TCP/IP and I encourage you to google this stuff there is alot of documentation on it and alot more deeper advanced things that you can go into, but I hope this was of some help to some people on hackforums.
172.  
173.  
174.  
175. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
176.  
177. To be continued..