Unit-5

5.1 Networking Concepts, Internet, and Network Types

What is Networking?

At its core, networking is the practice of connecting computers and other devices (like printers,
servers, and smartphones) together so they can communicate and share resources. For
example, in a company’s office, the computers might be connected to a file server, which
allows users to access documents and programs stored on that server.

For ethical hackers, understanding networking is essential because it helps identify how
information travels across networks and where vulnerabilities might exist. Network traffic can be
intercepted, redirected, or manipulated if security measures are weak.

The Internet:
The Internet is essentially the largest WAN (Wide Area Network) connecting millions of
private, public, academic, business, and government networks worldwide. When you browse a
website, send an email, or access a cloud service, you're interacting with the Internet.

Example: When you visit a website, your browser sends a request over the Internet, which is
routed through various networks before reaching the web server hosting the site. The server
processes the request and sends the web page data back to you, all happening in a matter of
seconds.

Types of Networks:

1. LAN (Local Area Network):

Scope: Small geographic area, like a home, office, or school.
Example: A typical home setup where your laptop, smartphone, printer, and router
are all connected via Wi-Fi.
Security Implications: In a LAN, devices trust each other because they are
physically close. However, an attacker who gains access to a device on the network
could potentially access other devices unless proper security measures like Wi-Fi
encryption and network segmentation are used.
2. WAN (Wide Area Network):
Scope: A large area, sometimes spanning entire countries or continents. The Internet
itself is a WAN.
 Example: A multinational company’s network connecting offices across various
countries. They may use VPNs (Virtual Private Networks) to securely connect
remote offices.
Security Implications: WANs can be susceptible to cyberattacks due to their vast
scope and the use of public communication lines. For example, hackers might try to
intercept data flowing over a WAN if it is not encrypted.
3. MAN (Metropolitan Area Network):
Scope: Covers a larger area than a LAN but smaller than a WAN, such as a city or
campus.
Example: A city’s fiber optic network connecting various public services,
businesses, and universities to high-speed internet.
Security Implications: Although MANs are generally more secure than WANs, they
can still be vulnerable if physical access to the network infrastructure is not controlled
properly.
4. PAN (Personal Area Network):
Scope: A very small network used to connect personal devices within a very short
range (usually up to 10 meters).
Example: Bluetooth connections between a smartphone and wireless
headphones, or a Wi-Fi connection between a laptop and a printer.
Security Implications: PANs can be easily intercepted if, for example, a Bluetooth
device is left open and unprotected.

5.2 OSI Model

The OSI (Open Systems Interconnection) model is a conceptual framework used to
understand and describe how different networking protocols interact with each other. Ethical
hackers use this model to identify potential vulnerabilities at each layer and to understand how
data moves through a network. The model has 7 layers, and each one serves a different
purpose in network communication.

Layer 7 - Application Layer:

This is the layer where users and applications interact directly with the network. It's the "front-
end" layer that communicates with end-users and provides services to them.

Examples:

Web Browsing: When you open a web browser (like Chrome or Firefox) and visit a
website, the browser communicates with the web server using protocols like HTTP/HTTPS
 at this layer.
Email: When you use an email client (e.g., Outlook, Gmail), it communicates with the
email server using SMTP or IMAP.

Scenario:

Vulnerabilities in this layer often come from weak application design or improper input
handling, which can lead to SQL injection, cross-site scripting (XSS), or cross-site
request forgery (CSRF) attacks. Ethical hackers often test web applications for these
vulnerabilities using tools like Burp Suite or OWASP ZAP.

Layer 6 - Presentation Layer:

This layer is responsible for translating the data from the application layer into a format that can
be understood by the receiving system. It also manages encryption and compression.

Examples:

Data Encryption: If you are visiting a website with HTTPS, the Presentation Layer
encrypts the data sent between your browser and the web server using SSL/TLS.
Data Compression: Sometimes data is compressed (e.g., ZIP files) to reduce the amount
of data being transmitted over the network.

Scenario:

Weak encryption protocols can expose sensitive data to attackers. Ethical hackers check if
outdated encryption algorithms like DES (Data Encryption Standard) are used and may
exploit this weakness. Tools like Wireshark or SSL Labs can be used to analyze the
encryption strength.

Layer 5 - Session Layer:

The session layer is responsible for establishing, managing, and terminating communication
sessions between applications. It maintains the communication state during an active session.

Examples:

Remote Desktop Protocol (RDP): When connecting to a computer remotely using RDP,
the session layer ensures the session remains open and active during the connection.
Video Conferencing: During a video call (e.g., Skype, Zoom), the session layer ensures
the session is maintained for the duration of the call.

Scenario:
 An attacker can hijack a session if the session management is not handled correctly, such
as through session fixation or session hijacking. Ethical hackers often test session
integrity using tools like Hideman or Burp Suite.

Layer 4 - Transport Layer:

The transport layer is responsible for the end-to-end communication between devices, breaking
down large messages into smaller packets and ensuring they are correctly delivered to the
destination.

Examples:

TCP (Transmission Control Protocol): TCP ensures reliable data transfer, such as when
you're sending an email or browsing a website. It establishes a connection between
devices before data is transferred and ensures packets are delivered in order.
UDP (User Datagram Protocol): Used for real-time communications like VoIP calls or
live streaming, where speed is more important than guaranteed delivery.

Scenario:

Ethical hackers often perform DoS (Denial of Service) attacks, like SYN flood attacks, at
this layer to overload a system. They also test the resilience of services that rely on UDP
to check if an attacker could disrupt them.

Layer 3 - Network Layer:

The network layer is responsible for routing and forwarding data packets between different
networks. It deals with logical addressing (such as IP addresses) and routing, ensuring that
data gets from one device to another, possibly over different networks.

Examples:

IP (Internet Protocol): Every device on the Internet has a unique IP address. When you
send an email or access a website, the network layer ensures that the data reaches the
correct destination by routing it through intermediate devices like routers.
ICMP (Internet Control Message Protocol): Used by utilities like ping to test network
connectivity between devices.

Scenario:

IP spoofing is a common attack where an attacker falsifies the source IP address to

impersonate another device. Ethical hackers test for IP fragmentation attacks and
routing attacks to ensure the network’s integrity.
Layer 2 - Data Link Layer:
This layer is responsible for the physical addressing of data and the management of access to
the physical transmission medium. It handles how data is transferred between devices within
the same network or subnet.

Examples:

MAC Addresses: Devices within the same network communicate with each other using
MAC (Media Access Control) addresses. For instance, when two devices communicate
over Ethernet, the data link layer ensures the data is sent to the correct device.
Ethernet: Ethernet is a widely used technology at this layer, allowing devices to
communicate over a wired network.

Scenario:

MAC Spoofing is an attack where an attacker changes the MAC address of their device
to impersonate another device. ARP poisoning (Address Resolution Protocol) can also be
used by hackers to intercept or alter traffic on a local network.

Layer 1 - Physical Layer:

The physical layer deals with the physical transmission of data over cables or wireless signals.
It defines the hardware devices involved in network communication, such as cables, switches,
routers, and wireless access points.

Examples:

Ethernet Cables: These cables physically transmit data between devices within a local
area network.
Wi-Fi: Wireless networks use radio waves to transmit data between devices.

Scenario:

While physical layer attacks are more difficult to execute, cable tapping or intercepting
wireless signals (Wi-Fi hacking) can provide attackers with access to network traffic.
Tools like or Wireshark can be used for wireless network analysis.

5.3 Important Protocols and Ports

Key Network Protocols:

1. TCP (Transmission Control Protocol):
Purpose: Provides reliable, error-free transmission of data between devices. TCP
breaks large data into smaller packets and ensures they are received in the correct
order.
Example: When you load a website, the browser uses TCP to request and receive
data from the server. If any packets are lost during transmission, TCP will request
them again.
2. UDP (User Datagram Protocol):
Purpose: A faster, connectionless protocol used when speed is more important than
reliability. Unlike TCP, UDP does not guarantee packet delivery.
Example: Streaming services like Netflix or online gaming use UDP because they
require real-time data transmission where occasional packet loss doesn't significantly
affect the experience.
3. HTTP (Hypertext Transfer Protocol):
Purpose: A protocol for transferring web pages and resources over the web. HTTP
operates on Port 80.
Example: When you visit a website without encryption, HTTP is used to request and
transfer the webpage data.
4. HTTPS (Hypertext Transfer Protocol Secure):
Purpose: A secure version of HTTP that uses SSL/TLS encryption to protect the
data being transferred between your browser and the web server.
Example: When you visit online banking websites, HTTPS ensures that your login
credentials and financial data are encrypted and safe from interception.
5. FTP (File Transfer Protocol):
Purpose: A standard network protocol used for transferring files between a client and
a server.
Example: Website administrators often use FTP to upload website files to their
server.
Ports: FTP typically uses Port 21 for control commands and Port 20 for data
transfer.
6. SSH (Secure Shell):
Purpose: A secure remote administration protocol that allows users to access a
remote device, typically for command-line access.
Example: Ethical hackers often use SSH to connect to remote servers to perform
penetration testing and other administrative tasks securely.
Port: Port 22.
7. SMTP (Simple Mail Transfer Protocol):
Purpose: A protocol used for sending emails across the Internet.
 Example: When you send an email from your email client, SMTP is used to route the
email to the destination server.
Port: Port 25 (usually used for unencrypted email transmission).
8. DNS (Domain Name System):
Purpose: A protocol that translates human-readable domain names (like
www.example.com) into IP addresses that computers can use to communicate.
Example: When you type a website's domain name in your browser, DNS resolves it
into the corresponding IP address, allowing your computer to connect to the server.

Common Ports and Their Functions:

1. Port 80 (HTTP):
Used for unencrypted web traffic. Websites that don’t use HTTPS will generally use
this port.
2. Port 443 (HTTPS):
Used for secure web traffic. Websites that use encryption (SSL/TLS) will generally
use this port to ensure that the data transferred between client and server is secure.
3. Port 21 (FTP):
Used for transferring files over FTP. It’s crucial to secure this port with proper
authentication.
4. Port 22 (SSH):
Used for secure remote access to servers and devices via SSH. Ethical hackers use
this port for conducting penetration tests on remote systems.
5. Port 25 (SMTP):
Used for sending emails via SMTP. However, this port is often blocked by Internet
Service Providers to prevent spam.
6. Port 53 (DNS):
Used for DNS queries and responses. It translates domain names to IP addresses.
7. Port 110 (POP3):
Used for retrieving emails from a server. While POP3 is less commonly used now due
to more secure alternatives like IMAP, it still exists in some email systems.