Networking 101 & Beyond
Building a home lab is something that I’ve wanted to do for some time now. I’ve decided to document some of my process of setting one up and what I learn along the way. Before I start though let’s talk about the basics of networking and common protocols used in networking (DNS, DHCP, SSH, HTTPS, TCP/IP).
In this post I’ll cover what networks are used for, what I mean when I say network, the different types of networks, network topologies and models, how addressing works, common protocols, performance metrics, and an intro to network security.
What is a Network?
If it isn’t obvious yet when I say network, I’m referring to a computer network. A computer network can be thought of as “a collection of interconnected devices”. A computer network will consist of three main parts, the nodes or devices (your phone, computer, smart lights), the links or connections between the nodes, and the protocols or rules for how everything talks to each other. If you want a physical analogy you can think of it as a postal system. The nodes are the houses and post offices, the links are the postal trucks and workers, and the protocols would be how you address packages and use stamps.
Types of Networks
There is more than one type of computer network though, network types differ in the size they cover and, because of that, what technology is used to send information. Different types of networks can talk to each other, that’s how the internet works!
Local Area Networks (LANs):
Everyone is likely familiar with a local area network or LAN. A LAN is a network with a limited area such as your home network, or the network at work or school. A LAN typically consists of Wi-Fi and/or Ethernet to connect the different nodes.
Wide Area Networks (WANs):
Wide Area Networks or WAN are likely just as known but you don’t realize that’s what it is! The internet is an example of a WAN, these networks cover large geographical areas and typically use fiber optics or more recently satellites to connect LANs.
Other Network Types:
There are a few other network types, if you are so inclined you can research them further but I’m only going to list them here as LANs and WANs are enough for our discussion.
Metropolitan Area Networks (MANs)
Personal Area Networks (PANs)
Data Center Networks
Cloud Networks
I mentioned the internet works by different types of networks talking. Your phone or computer is on your LAN and sends information to a WAN which routes traffic to another LAN to get the information.
Network Topologies
Each network, no matter the type, uses a topology for how it arranges the devices on the network. This can be either a physical or logical arrangement.
Common Topologies:
Bus Topology: Simple, but prone to a single point of failure.
Star Topology: Centralized, reliable, but dependent on the central node.
Ring Topology: Data flows in a circle, but failure in the ring can disrupt the network.
Mesh Topology: Highly reliable, but complex and expensive.
Hybrid Topologies: Combination of multiple topologies.
The Layered Network Model
There are two common network models used, the OSI Model and the TCP/IP model. Think of the OSI model as a conceptual framework for understanding how network communication happens. It's like a blueprint that breaks down the whole process into seven distinct layers, while the TCP/IP model is the fundamental model of how the internet works.
OSI Model:
Here's a quick rundown of the OSI model's seven layers, starting from the bottom:
Physical Layer: This is where the physical stuff happens—cables, Wi-Fi, the transmission of raw data as electrical or optical signals. It's all about the hardware.
Data Link Layer: This layer is responsible for getting data between two directly connected devices. Think of it as the layer that handles error detection and correction within a local network. Ethernet is a common example here.
Network Layer: This layer handles routing. It's where IP addresses come into play, determining the best path for data to travel across multiple networks. Routers operate at this layer.
Transport Layer: This layer ensures reliable data transfer. TCP and UDP operate here, managing things like flow control and error correction.
Session Layer: This layer is responsible for establishing, managing, and terminating connections between applications. It handles the "sessions" between different software processes.
Presentation Layer: This layer is all about data format. It ensures that data is in a format that both the sender and receiver can understand. Encryption and decryption can also happen here.
Application Layer: This is the layer closest to the user. It provides an interface for applications to access network services. HTTP, FTP, and SMTP are examples of protocols that operate at this layer.
TCP/IP Model:
The TCP/IP model is structured into four layers, each with a specific job:
Application Layer: This is where the apps you use live. Your web browser (HTTP), your email client (SMTP), and your file transfer app (FTP) all operate here. It's the layer closest to you, the user.
Transport Layer: This layer is all about making sure your data gets where it needs to go, reliably. We're talking TCP (which is like sending a registered letter) and UDP (which is more like sending a postcard). More on those in a bit.
Internet Layer: This layer handles addressing and routing. IP (Internet Protocol) is the star here. It's responsible for getting your data from point A to point B.
Link Layer: This is the physical stuff—Ethernet cables, Wi-Fi signals, etc. It's how the data gets transmitted.
You'll notice that the OSI model is more detailed than the TCP/IP model. In fact, the TCP/IP model can be mapped to the OSI model:
The OSI Application, Presentation, and Session layers are often combined into the Application layer in TCP/IP.
The OSI Transport layer corresponds to the TCP/IP Transport layer.
The OSI Network layer is the same as the TCP/IP Internet layer.
The OSI Data Link and Physical layers are combined into the Link layer in TCP/IP.
While TCP/IP is the model used in the actual implementation of the internet, the OSI model is useful for understanding the different functions of network communication; It helps to break down the complexity of networking into smaller, more manageable chunks.
Why Layering?
Layering is fundamental to how networks operate, providing key advantages like modularity, abstraction, and standardization. By breaking down complex processes into layers, we gain the ability to troubleshoot issues more effectively and design systems that allow different technologies to work together seamlessly. The journey of a web page from a server to your computer involves encapsulation, where data is wrapped in headers and trailers at each layer of the TCP/IP stack. This structured approach simplifies network design and management, enabling us to update or modify one layer without disrupting others.
Layered architecture is crucial for the internet's functionality. The TCP/IP model illustrates this, data moves from the Application Layer, where it's formatted for the user, down through the Transport Layer, where it's divided into packets for efficient transfer. The Internet Layer then handles addressing and routing, ensuring packets reach the correct destination. Finally, the Link Layer manages the physical transmission. At the receiving end, this process is reversed, decapsulation, to reassemble the data. This layering ensures reliable communication, allowing for scalability and adaptability in ever-evolving network environments.
Addressing in Networks
Every device in the network needs a way to be identified for communication to happen. In networks, we primarily use two types of addresses: MAC addresses and IP addresses.
MAC Addresses:
Every network device made has a unique hardware address called a Media access control (MAC) address. The address enables proper routing of data on the local network, when devices communicate within the LAN they use the MAC address, not the IP address. This way they can communicate directly and not go through the router. To do this, devices use a protocol called ARP. We won’t get into that here but it’s important to know it exists.
A MAC address consists of a 48-bit identifier (or six pairs of hexadecimals, like 2C:54:91:88:C9:E3. The MAC address is permanently assigned to the network interface card during manufacturing, and unlike IP addresses, the MAC address is set for the life of the network card.
IP Addresses:
If we can think of networks like the postal system then there must be an equivalent to our street address, right? That’s where IP addresses come in, they serve as the address for the different nodes in the network. An IP address is the logical address for a device on the network, in IPv4 the address consists of a 32-bit number. I’m not going to get into bits and bytes here, just know that they are a thing. The IPv4 address is written in dotted-decimal format (Ex. 192.168.1.100) and is made up of the network address and the host address. The network address is left most bits (or the left numbers), and the host address is the right, depending on the network the number of bits for each can change, the subnet mask (which I’ll touch on more below) masks the bits of the network address. On most home networks the network address from our sample IP would be 192.168.1.x while the host address is 100.
When IPv4 was first implemented addresses were split into classes (A, B, C, etc.) depending on the size of the network, while these aren’t really used anymore you may still see references to them. You might also hear about public IP addresses and private IP addresses. A public IP is what would act as your street address in our postal system comparison, it is how your device or LAN is visible on the broader WAN. A private IP address then is local to your LAN and is not accessible from the WAN, there are a few dedicated local IP ranges 192.168.x.x (192.168.0.0/16), 10.x.x.x (10.0.0.0/8), and 172.16.x.x (172.16.0.0/12). There are also dedicated addresses that have special functions within a LAN, the loopback address (127.0.0.1) which is how your computer can talk to itself, and the broadcast address, for a device to send a message to all nodes on the network, are two such addresses.
The IPv4 address structure has a limit on the number of unique addresses, and with the number of connected devices exploding we are nearing that limit. To address this problem IPv6 was introduced as a next generation of IP addresses. IPv6 is 128-bit (remember IPv4 is 32-bit) and therefore able to handle more devices. An IPv6 address looks something like 2001:0db8:85a3:0000:0000:8a2e:0370:7334 but functionally serves the same purpose!
Basic Networking Protocols
We’ve covered what a network is, common network topologies, network models, and even how different devices on the network are addressed. How do we communicate across the network using all those pieces though? There are several different protocols, or sets of rules, to ensure that each node of the network speaks the same language. The most common of these protocols, the ones that make sure you can browse the internet, check your mail, and remote into a server, are covered in this post, anything more … well maybe another post.
IP: The workhorse of the internet.
IP Addresses are covered above. IP addresses are just a part of the IP protocol that forms the basis for the modern internet. IP, or Internet protocol, is the set of rules that allow nodes of the internet to communicate. The IP is responsible for delivering the packets or letters if we use our post office analogy, from source to destination. An IP packet is a unit of data that consists of headers and data or a payload. The IP payload may consist of more headers based on additional protocols in use. From a networking standpoint we won’t go any more into how the IP works, instead focusing on IP Addressing, Subnetting, and Routing.
Subnetting
Subnetting divides large networks into smaller, more manageable subnetworks, improving organization, efficiency, and security, like dividing an office building into departments. The process relies on subnet masks, which filter IP addresses to distinguish between network and host portions, helping your computer determine if devices share the same network. While calculating subnets and hosts requires some binary mathematics, various online calculators simplify this process of determining potential subnet quantities and device capacities per subnet.
Classless Inter-Domain Routing (CIDR) offers a streamlined method for representing IP addresses and subnet masks, replacing traditional notation like 255.255.255.0 with a more concise format using a slash followed by the number of network bits (e.g., /24). This shorthand notation, along with the organizational benefits of properly implemented subnetting, makes network management more efficient while maintaining appropriate security boundaries between network segments.
Routing
Once you understand IP addresses and network segmentation, routing becomes the next critical concept. Routing is the process of forwarding packets between networks, with routers acting as traffic directors that maintain routing tables (essentially network maps) to make intelligent decisions about the optimal path for your data.
Your default gateway serves as your network's exit point, while routing protocols like BGP, OSPF, and RIP enable routers to communicate with each other, exchanging topology information to automatically adjust to changing conditions. This creates a resilient, decentralized system that can reroute traffic around failures or congestion, ensuring your data reaches its destination efficiently regardless of network changes.
TCP: Reliable, connection-oriented protocol.
The Transmission Control Protocol (TCP) works in conjunction with IP as the main protocol responsible for reliable data transmission over the internet. TCP requires a two-way handshake to ensure all data sent is received. This process involves a series of messages exchanged between devices before any actual data transfer occurs, allowing TCP to track data segments and request retransmission if needed. Beyond just establishing a connection, TCP is also used to manage how data is broken down into packets, transmitted, and reassembled at the destination. It handles flow control to prevent overwhelming the receiver and congestion control to optimize network efficiency. TCP's comprehensive approach makes it essential for applications requiring reliable data delivery, such as web browsing, email, and file transfer.
UDP: Unreliable, connectionless protocol.
User Datagram Protocol (UDP) stands as TCP's lightweight counterpart in the Internet Protocol suite, offering a streamlined approach to data transmission that prioritizes speed over reliability. Unlike TCP's connection-oriented design, UDP implements a connectionless model that transmits data without establishing sessions, acknowledgments, or delivery guarantees. This approach reduces overhead and latency by eliminating handshakes and connection management, making UDP ideal for time-sensitive applications where occasional packet loss is preferable to delayed delivery. UDP powers many of the internet's most demanding real-time applications, from video conferencing and online gaming to Voice over IP and live streaming platforms. The protocol's stateless design allows it to handle high-throughput situations where establishing and maintaining thousands of individual connections would create unacceptable overhead.
HTTP: Protocol for the World Wide Web.
Hypertext Transfer Protocol (HTTP) serves as the foundation of data communication on the World Wide Web, implementing a request-response model that powers virtually all web-based interactions. When you click a link or type a URL, your browser sends an HTTP request to the target server, which processes the request and returns the requested resources. HTTP's stateless design, where each request-response cycle operates independently, allows it to scale efficiently across millions of simultaneous connections while maintaining the web's decentralized architecture. HTTP consists of nine different methods, the most common of which is GET. The GET method is used to retrieved data from a specified resource, like getting a webpage.
HTTPS: Now Encrypted
HTTPS (HTTP Secure) extends HTTP with encryption and authentication layers by incorporating Transport Layer Security (TLS) protocols, creating a protected channel for sensitive data transmission. You've likely noticed the lock icon in your browser's address bar, this signals HTTPS in action. While the standard HTTP protocol transmits data as plain text, visible to anyone monitoring network traffic, HTTPS implements encryption that protects your information from prying eyes.
The Importance of HTTPS
This encryption is essential for web traffic because of all the sensitive information you send over the internet: passwords, credit card numbers, personal messages. You want that data to be encrypted! HTTPS delivers three critical security benefits through its implementation of TLS (Transport Layer Security): confidentiality that shields your data from unauthorized access, integrity protection that prevents manipulation during transmission, and authentication that verifies you're connecting to legitimate websites rather than imposters.
SSL/TLS Certificates
HTTPS uses SSL/TLS certificates to encrypt communication. A certificate is a digital document that verifies a website's identity and contains the keys needed for encryption. Certificate Authorities, or CAs, are trusted organizations that issue these certificates. There are different types of certificates. Self-signed certificates are created by the website owner, they're free but they're not trusted by browsers by default, so you'll often get a warning. CA-signed certificates are issued by a CA. They're trusted by browsers, so you won't get any warnings. Your browser checks a chain of certificates to make sure the certificate is valid and issued by a trusted CA.
DNS: The internet's phonebook.
Domain Name System (DNS) functions as the internet's global directory service, translating human-readable domain names like example.com into machine-readable IP addresses that computers use to identify each other on networks.
How DNS Works
DNS implements a hierarchical structure that organizes the internet's vast addressing system. At the top is the root domain (.), then top-level domains, like .com, .org, and .net, then second-level domains, like google.com, and so on. Your computer uses a DNS resolver to query name servers, which are like librarians that store the IP addresses for domain names.
When you enter a website address, your device initiates either recursive or iterative DNS queries to navigate this hierarchy and locate the correct IP address. Recursive queries represent the most common approach, where your DNS resolver (typically provided by your ISP [Internet Service Provider] or services like Cloudflare's 1.1.1.1) takes full responsibility for finding the answer, communicating with multiple nameservers until it obtains the requested IP address. In an iterative query, your computer asks a server, and that server might point you to another server, so your computer does more of the work.
Networking professionals can analyze these resolution paths using tools like dig and nslookup to diagnose connectivity issues and optimize domain configurations. You can also use DNS to find the domain name associated with an IP address. This referred to as a reverse DNS lookup.
DNS Records
DNS servers store information in records. Here are the most common ones.
The A record maps a domain name to an IPv4 address, and it's the most basic type of DNS record.
The AAAA record is the IPv6 version of the A record. It maps a domain name to an IPv6 address.
The CNAME record creates an alias for a domain name. For example, www.google.com might be an alias for google.com.
The MX record specifies the mail server for a domain, telling your email program where to send email.
The TXT record can store any text and is often used for verification purposes.
The NS record delegates a domain to a specific name server.
DNS records are stored in zone files on DNS servers. Time to Live, or TTL, tells your computer how long to cache a DNS record. A shorter TTL means more frequent updates, while a longer TTL means less traffic.
DHCP: The Postmaster General
The Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to devices on your LAN. The DHCP ensures that each device has a unique IP address and there is no overlapping, so no device has the same IP as another on the network.
How DHCP Works
DHCP runs on a DHCP server that manages a pool of IP addresses. When a new DHCP client (or network device) joins the network, it requests an address from the DHCP server. There is a back-and-forth exchange that I won’t get into here but at the end your computer has a “lease” on one of the IP addresses from the pool. This lease can be set to never expire but will usually expire after a set amount of time, when it expires the device must renew the lease. DHCP can also provide new devices with information about the network, such as the address for the DNS server, and the default internet gateway.
SSH: The Digital Doorman
SSH, or Secure Shell, establishes encrypted connections for remote system administration, creating secure channels for command execution across untrusted networks. It's widely used by network administrators to manage servers and other infrastructure remotely, execute commands, and transfer files securely. It lets you control a remote computer as if you were sitting right in front of it, but with the added benefit of strong encryption.
Key features of SSH include:
Encryption: SSH encrypts all traffic, including passwords, commands, and data, to prevent eavesdropping.
Authentication: SSH supports several authentication methods, including password-based and public-key authentication, to verify the identity of the client and server.
Remote Command Execution: You can execute commands on the remote server as if you were directly logged in.
Secure File Transfer: SSH can be used to securely transfer files using protocols like SFTP (SSH File Transfer Protocol) and SCP (Secure Copy Protocol).
Port Forwarding (Tunneling): SSH can create secure tunnels for other protocols, allowing you to secure otherwise insecure traffic.
SSH is the cornerstone of secure remote administration, providing a safe and versatile way to manage systems and data across networks.
Single Sign-On (SSO): The Master Key
Single Sign-On (SSO) lets users access multiple applications with just one set of login credentials, streamlining the user experience and boosting productivity. This works by establishing a trust relationship between an identity provider and various service providers. When a user logs into the identity provider, it issues a digital token that can be shared with the service providers, granting access without requiring the user to re-enter their credentials. This approach optimizes system access while maintaining a focus on clear and efficient processes.
PORTS
IP, TCP, and UDP are transport and network layer protocols while HTTP, HTTPS, DNS, DHCP, and SSH are application-level protocols. As application-level protocols they each have a typical port they use to communicate.
HTTP: Port 80
HTTPS: Port 443
SSH: Port 22
DHCP: Port 67 and 68 (server/client)
DNS: Port 53
When covering routing we didn’t cover ports. When a data packet is sent it includes a destination address and port. To go back to our postal system analogy the IP address is the address for an apartment building. Using the destination address the mail (or data packet) can get to the right street address, but then it needs an apartment number to get to the right people, that’s the port number. Every network application listens on a specific port.
Network Performance Metrics
When analyzing network performance, it comes down to four metrics. For most people, the network speed is really the only thing they care about or notice. The network speed is typically a function of bandwidth. Bandwidth is the data transfer capacity of the network. The other common metric, especially when it comes to gaming or video quality, is latency. Latency is the time delay for the data transmission. This is the delay between the time when the packet is sent and the time when the packet is received.
The other two metrics used in measuring network performance are Packet Loss and Jitter. Packet Loss is the percentage of packets that fail to reach their destination. It doesn’t take a lot of packet loss to impact quality. The final metric is one that most internet users are not going to notice. Jitter is the variation in latency over time, this metric helps measure how smooth the connection is, with high jitter you might notice videos stuttering.
Network Security
Computer networks form the backbone of our digital lives. Every email sent, video streamed, or remote work session depends on these interconnected systems. With networks becoming increasingly vital, securing them has never been more critical. Network security builds layers of protection across your entire network infrastructure, from devices to data transmission to access points. This comprehensive approach ensures your systems remain operational, private, and protected against evolving threats.
Why is Network Security Important?
There are many reasons for Network Security. If you don’t have good network security every time you make an online purchase your credit card information is out there for others to see. Network Security prevents criminals and hackers from accessing that sensitive data and stealing other data from your network. Without network security measures hackers can cause problems such as identity theft, stolen data, reputational harm, or even bring down your network. Network security is important enough that several organizations’ primary reason for existing is to focus on instituting and sharing strategies on how to adapt to modern threats.
Common Threats
Internet networks face some common threats; to adequately secure a network it is necessary to understand these threats so we can implement the correct security controls.
Malware
Many network attacks can fall under the category of malware. Malware consists of viruses, worms, ransomware, or any malicious software that can be used to compromise systems. Attackers will use malware in a variety of ways to attempt to impact computer networks and are constantly evolving techniques and software that require dynamic defense mechanisms.
Denial-of-Service
Denial-of-Service attacks or DoS and Distributed Denial-of-service (DDoS) are attempts to overwhelm network resources to degrade or disrupt service causing complete outages. These attacks target the “availability” pillar of security.
Social Engineering
Phishing is a form of social engineering geared toward exploiting human vulnerabilities in the system rather than technical vulnerabilities to gain unauthorized access to a network.
Vulnerability Exploitation
Attackers may also attempt to directly hack the network through known vulnerabilities or zero-day exploits. This is what makes patching so important, patches often have fixes for known security vulnerabilities.
MAC Address Spoofing
As I mentioned earlier, a MAC address does not change for the life of a network card, however it is possible to spoof your MAC address. This technique allows attackers to impersonate legitimate devices, facilitating man-in-the-middle attacks and bypassing access controls based on hardware identification.
Security Measures
Implementing layered security measures across the network boundaries provides comprehensive protection against these common threats. There are a series of common security measures used in corporate networks, some of these are found in home networks as well.
Firewalls
Firewalls build the first line of defense for a network. Both home and corporate networks use firewalls, and they are a common feature in many routers today. Firewalls establish clear boundaries between the internal network and untrusted external networks. There are also host-based firewalls that can protect devices within a network from each other. A firewall works by limiting network traffic from or to specified IP addresses/address range or on specific ports.
Intrusion Detection Systems (IDS)
Intrusion detection systems are often a passive security measure, while a firewall will actively block traffic from known sources an IDS monitors network traffic patterns in real-time looking for patterns that are associated with known malware or attack activity. An IDS implemented at network boundaries will provide alerts to potential threats allowing for early detection and remediation of potential attacks. An Intrusion Protection System is an IDS that actively takes counter measures.
Encryption
Without encryption sensitive data is there for the taking if you know where to look. Encryption obfuscates the data into an unreadable format unless you have the decryption key. There are many different encryption protocols, some stronger than others and current discussion is around quantum encryption. Encryption ensures that information is protected and should be used to keep information safe even in the event of a data breach.
Strong Passwords
A strong password is the foundation to your network security. Passwords are a form of authentication to verify who a person, or resource, is. A weak password can allow attackers easy access to your network and make encryption useless. Strong passwords, with multifactor authentication, ensure that your front door is locked.
Regular Software Updates
Malware is constantly evolving and finding new vulnerabilities in software. Regular software updates ensure that you stay up to date with the closing of vulnerabilities. Outdated software creates exploitable vulnerabilities for attackers to target. A proactive approach to updating software closes security gaps before they can be exploited.
User Awareness
Social engineering targets human vulnerabilities; to protect against these vulnerabilities it’s important to educate users on potential weaknesses. Even the most well thought out security is vulnerable to a mistake or error.
Identity Access Management (IAM)
IAM controls access to different resources and focuses on Authentication, Authorization, and accounting. Authentication is who someone is while authorization is when a verified identity has access to a resource. Accounting provides a log of user activity. IAM is more common when there are multiple user/resource identities.
Conclusion
We’ve covered the core essentials of modern networking from what a network is, to common protocols and security. Networks are the backbone of our digital world, connecting people and devices. Understanding these fundamentals will assist in building and optimizing a home lab or just understanding how your devices work. The layered approach of the OSI and TCP/IP models provide a framework for breaking down network topologies. Network security is a critical component that protects data and infrastructure from evolving threats.
This is just an introduction to the world of networking, and a much longer one than planned. I will dive more into Network Security and Identity Access Management (IAM), including the RADIUS protocol in a future post.
Author's Note
This blog post was written with the assistance of Google Gemini. Gemini helped to generate the outline and make some research easier, as well as structure the content and improve clarity. The article itself was written by me.