Networking Fundamentals
~60 minutes covering OSI/TCP-IP models, IP addressing, subnetting, network devices and protocols — with interview Q&A, MCQs, and hands-on simulations.
Learning Outcomes
- Grasp the structure and function of computer networks (OSI & TCP/IP)
- Configure and interpret basic network settings including IP addressing and subnetting
- Analyse network traffic and identify anomalies
Topics Covered
| # | Topic | Time | Type |
|---|---|---|---|
| 1 | Core Concepts — OSI, TCP/IP, Devices, Protocols | 10 min | Reading |
| 2 | Interview Questions & Answers (20) | 20 min | Q&A |
| 3 | MCQ Quiz (25 questions) | 15 min | Quiz |
| 4 | OSI Layer Matcher | 4 min | Simulation |
| 5 | Subnet Calculator | 4 min | Simulation |
| 6 | Protocol Classifier | 4 min | Simulation |
| 7 | Network Device Identifier | 3 min | Simulation |
Networking Fundamentals
OSI 7-Layer Model
Mnemonic (top→bottom): Please Do Not Throw Sausage Pizza Away — Physical, Data Link, Network, Transport, Session, Presentation, Application
| # | Layer | Function | Examples |
|---|---|---|---|
| 7 | Application | User-facing services, network APIs | HTTP, FTP, DNS, SMTP, SSH |
| 6 | Presentation | Data translation, encryption, compression | TLS/SSL, JPEG, ASCII, MPEG |
| 5 | Session | Establishes/maintains/terminates sessions | NetBIOS, RPC, Sockets |
| 4 | Transport | End-to-end delivery, flow/error control | TCP, UDP, port numbers |
| 3 | Network | Logical addressing, routing | IP, ICMP, ARP (logically), routers |
| 2 | Data Link | MAC addressing, frame delivery | Ethernet, Wi-Fi (802.11), switches |
| 1 | Physical | Raw bit transmission over medium | Cables, hubs, radio signals |
TCP/IP 4-Layer Model vs OSI
| TCP/IP Layer | Equivalent OSI Layers | Key Protocols |
|---|---|---|
| Application | 7 + 6 + 5 | HTTP, FTP, DNS, SMTP, SSH, TLS |
| Transport | 4 | TCP, UDP |
| Internet | 3 | IP, ICMP, ARP |
| Network Access (Link) | 2 + 1 | Ethernet, Wi-Fi, MAC |
IPv4 Addressing & Subnetting
| Class | Range | Default Mask | Use |
|---|---|---|---|
| A | 1.0.0.0 – 126.255.255.255 | /8 (255.0.0.0) | Large enterprises |
| B | 128.0.0.0 – 191.255.255.255 | /16 (255.255.0.0) | Medium networks |
| C | 192.0.0.0 – 223.255.255.255 | /24 (255.255.255.0) | Small networks |
| D | 224.0.0.0 – 239.255.255.255 | N/A | Multicast |
Private ranges (RFC 1918): 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 — not routable on the internet.
Loopback: 127.0.0.1 — always refers to "this machine".
CIDR example: 192.168.1.0/24 → 256 addresses (254 usable), subnet mask 255.255.255.0.
Network Devices
| Device | OSI Layer | Function |
|---|---|---|
| Hub | 1 (Physical) | Broadcasts all traffic to every port — creates collision domains |
| Switch | 2 (Data Link) | Forwards frames by MAC address — breaks collision domains |
| Router | 3 (Network) | Routes packets between networks by IP address |
| Firewall | 3–7 | Filters traffic by rules; stateful/NGFW inspects deeply |
| IDS/IPS | 3–7 | Detects (IDS) or blocks (IPS) suspicious traffic |
| Load Balancer | 4–7 | Distributes traffic across multiple servers |
| Proxy | 7 (Application) | Intermediary — content filtering, anonymity, caching |
Interview Questions & Model Answers
Click any question to reveal the model answer.
- 7 — Application: User-facing protocols (HTTP, FTP, DNS, SMTP). Where the app interacts with the network.
- 6 — Presentation: Data translation, encryption (TLS), compression (JPEG). Makes data readable.
- 5 — Session: Manages sessions between applications — establishment, maintenance, termination.
- 4 — Transport: End-to-end delivery using TCP (reliable) or UDP (fast). Port numbers live here.
- 3 — Network: Logical addressing (IP) and routing between networks. Routers operate here.
- 2 — Data Link: MAC addressing, frame delivery within a LAN. Switches operate here.
- 1 — Physical: Raw bit transmission — cables, electrical signals, hubs, radio waves.
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (3-way handshake) | Connectionless |
| Reliability | Guaranteed delivery, retransmission | No guarantee — fire and forget |
| Ordering | Sequence numbers ensure order | No ordering |
| Speed | Slower (overhead) | Faster (low overhead) |
| Use cases | HTTP, HTTPS, SSH, FTP, email | DNS, VoIP, video streaming, gaming |
- Hub (L1): Broadcasts all traffic to every port. No intelligence. Creates collisions. Rarely used today — replaced by switches. Security risk: any connected device sees all traffic (passive sniffing).
- Switch (L2): Maintains a MAC address table. Forwards frames only to the correct port. Reduces collisions. More secure than hubs but vulnerable to MAC flooding and ARP spoofing.
- Router (L3): Routes packets between different networks using IP addresses. Maintains routing tables. Connects a LAN to the internet (WAN). Can perform NAT, DHCP, basic ACLs.
Why it's used:
- Efficient IP use: Allocate only the address space needed.
- Improved performance: Reduces broadcast domain size.
- Security: Isolate network segments (HR vs Finance vs DMZ).
- Organisation: Logical grouping of devices.
Formula: Usable hosts = 2^(host bits) − 2 (subtract network and broadcast addresses).
- Static NAT: 1-to-1 mapping (private IP ↔ public IP).
- Dynamic NAT: Pool of public IPs shared among private hosts.
- PAT (Port Address Translation / NAT Overload): Many private IPs share one public IP using unique port numbers — most common home/office setup.
| Feature | IPv4 | IPv6 |
|---|---|---|
| Address size | 32-bit (~4.3 billion) | 128-bit (~340 undecillion) |
| Format | Dotted decimal: 192.168.1.1 | Hex colon: 2001:db8::1 |
| NAT required | Yes (address exhaustion) | No (enough addresses for every device) |
| Header | Variable length, complex | Fixed 40-byte, simpler |
| Security | IPSec optional | IPSec built-in (mandatory in design) |
| Auto-config | DHCP needed | SLAAC (stateless auto-configuration) |
Uses:
- Security: Isolate sensitive departments (HR, Finance, IoT devices).
- Performance: Reduce broadcast traffic.
- Flexibility: Group users by role regardless of physical location.
DNS resolution process:
- Browser checks local cache → OS cache → hosts file.
- If not found, query goes to the Recursive Resolver (usually ISP's DNS).
- Resolver queries the Root Name Server → gets referral to TLD server (e.g., .com).
- Resolver queries the TLD Name Server (.com) → gets referral to authoritative server.
- Resolver queries the Authoritative Name Server for google.com → gets the A record (IP).
- Resolver returns IP to client; result cached with TTL.
- HTTP (port 80): HyperText Transfer Protocol. Data transmitted in plaintext. Vulnerable to eavesdropping and MitM attacks.
- HTTPS (port 443): HTTP over TLS (Transport Layer Security). Encrypts data in transit. Provides: Confidentiality (encryption), Integrity (MAC), Authentication (certificates).
ARP Spoofing: ARP is stateless and trusts all replies. An attacker sends gratuitous ARP replies, claiming their MAC address maps to the gateway's IP — redirecting all traffic through the attacker (Man-in-the-Middle).
Mitigations: Dynamic ARP Inspection (DAI) on switches, static ARP entries, VLAN segmentation, detection tools (arpwatch, XArp).
- SYN: Client sends a SYN packet with a random sequence number (ISN) to the server.
- SYN-ACK: Server replies with SYN-ACK, acknowledging the client's ISN and sending its own ISN.
- ACK: Client acknowledges the server's ISN. Connection established.
| Feature | MAC Address | IP Address |
|---|---|---|
| Layer | Layer 2 (Data Link) | Layer 3 (Network) |
| Format | 48-bit hex: AA:BB:CC:DD:EE:FF | IPv4 32-bit dotted decimal |
| Assigned by | Hardware manufacturer (burned-in) | Network administrator or DHCP |
| Scope | Local network only (not routed) | Globally routable (public IPs) |
| Changeable | Can be spoofed in software | Yes (static or dynamic) |
DORA process:
- Discover: Client broadcasts a DHCP Discover message.
- Offer: DHCP server offers an IP address.
- Request: Client requests the offered IP.
- Acknowledge: Server confirms the lease.
- Stateless (Packet Filtering): Inspects each packet independently based on static rules (source/dest IP, port, protocol). Fast but cannot understand connection context. Vulnerable to IP spoofing and fragmentation attacks.
- Stateful Inspection: Tracks the state of active connections in a state table. Knows whether a packet is part of an established, legitimate connection. Blocks unsolicited inbound packets that aren't part of known sessions.
Security importance:
- Limits lateral movement — if an attacker compromises one segment, they cannot freely reach others.
- Reduces blast radius of an incident.
- Isolates sensitive systems (payment, healthcare, industrial controls).
- Improves monitoring — traffic between segments passes through control points.
Security benefits:
- Content filtering: Block malicious or unauthorized sites.
- Anonymity: Hides internal IP addresses from external servers.
- Caching: Reduces bandwidth, speeds up repeated requests.
- SSL inspection: Decrypt and inspect HTTPS traffic for malware (SSL-breaking proxy).
- Logging: Full visibility into user web activity.
- Symmetric routing: Traffic flows through the same path in both directions (client→server and server→client pass through the same router/firewall). Stateful firewalls work correctly.
- Asymmetric routing: Return traffic takes a different path than outbound. Can break stateful firewalls that need to see both directions of a connection. Common in multi-homed networks, load balancers, and BGP setups.
Why important:
- BGP is the "glue of the internet" — every ISP uses it to exchange routing information.
- BGP route hijacking: an AS announces ownership of IP prefixes it doesn't control, redirecting traffic (used for espionage, traffic interception). Example: 2010 China Telecom BGP hijack affected 15% of internet routes.
- BGP is based on trust — limited authentication (BGPsec exists but rarely deployed).
- Header: Control information — source/destination IP, protocol, TTL, flags, checksum.
- Payload (Data): The actual application data being transmitted.
- Trailer (optional): Error detection — CRC checksum (at Layer 2, called a frame).
Application data → TCP segment (L4 header added) → IP packet (L3 header) → Ethernet frame (L2 header + trailer) → bits on wire (L1).
| Type | Destination | Example | Use |
|---|---|---|---|
| Unicast | One specific device | HTTP request to 93.184.216.34 | Normal point-to-point communication |
| Broadcast | All devices in subnet | ARP request to 255.255.255.255 | DHCP Discover, ARP — not routed beyond subnet |
| Multicast | A defined group of devices | 224.0.0.1 (all hosts) | Video streaming, OSPF, routing protocol updates |
Multiple Choice Questions
Select an answer then click Check. Explanations shown after each submission.
OSI Layer Matcher
Drag each scenario chip into the correct OSI layer zone.
Subnet Calculator
Enter an IPv4 address and CIDR prefix — the calculator shows all subnet details.
Protocol Classifier
Assign each protocol to its correct OSI layer using the dropdown.
Network Device Identifier
Read each description and select the correct network device.
Key Protocols Reference
Common protocols with port numbers, OSI layer, and security notes.
| Protocol | Port | Layer | Purpose | Security Note |
|---|---|---|---|---|
| HTTP | 80 | 7 | Web browsing (unencrypted) | Use HTTPS instead — plaintext |
| HTTPS | 443 | 7 | Encrypted web browsing (TLS) | Preferred — encrypts in transit |
| FTP | 20/21 | 7 | File transfer (unencrypted) | Use SFTP/FTPS — plaintext creds |
| SFTP | 22 | 7 | Secure file transfer (SSH) | Preferred for file transfers |
| SSH | 22 | 7 | Secure remote shell | Use key auth, disable password auth |
| Telnet | 23 | 7 | Remote terminal (unencrypted) | Never use — all traffic plaintext |
| SMTP | 25/587 | 7 | Send email | 587 uses STARTTLS; 25 often blocked |
| DNS | 53 | 7 | Name resolution | Use DNS over HTTPS/TLS; DNSSEC |
| DHCP | 67/68 | 7 | Dynamic IP assignment | Enable DHCP snooping on switches |
| POP3 | 110/995 | 7 | Retrieve email | 995 is POP3S (TLS) |
| IMAP | 143/993 | 7 | Retrieve/manage email | 993 is IMAPS (TLS) |
| HTTPS (TLS) | 443 | 6 | TLS encryption/decryption | TLS 1.3 preferred; disable TLS 1.0/1.1 |
| TCP | — | 4 | Reliable connection-oriented transport | SYN flood mitigation needed |
| UDP | — | 4 | Fast connectionless transport | Easy to spoof; DDoS amplification |
| IP (v4/v6) | — | 3 | Logical addressing and routing | IP spoofing possible without RPF |
| ICMP | — | 3 | Ping, traceroute, error messages | ICMP tunnelling; block unnecessary ICMP |
| ARP | — | 2 | IP-to-MAC resolution | ARP spoofing; use DAI |
| Ethernet | — | 2 | LAN frame delivery | MAC flooding; port security on switches |
| BGP | 179 | 3 | Inter-AS internet routing | BGP hijacking; deploy RPKI |
| OSPF | 89 | 3 | Interior routing protocol | Authenticate OSPF peers |
Module Complete!
You've completed Networking Fundamentals. Review any section via the sidebar.