Network Fundamentals
5 guided sections and curated resources to get you contest-ready.
Lesson Playbook
5 sectionsThe OSI Model
Networks are organized in layers. Understanding this helps you attack and defend at each level:
Layer 7 - Application: HTTP, DNS, FTP (what users see) Layer 6 - Presentation: Encryption, compression Layer 5 - Session: Establishing connections Layer 4 - Transport: TCP/UDP (ports, reliability) Layer 3 - Network: IP addresses, routing Layer 2 - Data Link: MAC addresses, switches Layer 1 - Physical: Cables, signals
For CTFs, you'll mostly work with layers 3-7. Remember: "Please Do Not Throw Sausage Pizza Away" (Physical → Application)
IP Addresses and Ports
Every device on a network has an IP address. Services listen on ports.
# Common port numbers (memorize these!)
20-21 FTP (file transfer)
22 SSH (secure shell)
23 Telnet (insecure remote access)
25 SMTP (email sending)
53 DNS (domain names)
80 HTTP (web)
443 HTTPS (secure web)
445 SMB (Windows file sharing)
3306 MySQL
3389 RDP (Windows remote desktop)
8080 HTTP alternative/proxy
# View open ports on your machine
netstat -tlnp # Linux
ss -tlnp # Modern Linux
# Scan ports on a target (with permission!)
nmap 192.168.1.1
nmap -p 1-1000 target.com
nmap -sV target.com # Version detectionPro tip: Port numbers 0-1023 are 'well-known ports' requiring root. 1024-65535 are available to users.
DNS - Domain Name System
DNS translates human-readable domains to IP addresses. It's often a goldmine for reconnaissance:
# Basic lookup
nslookup google.com
dig google.com
# Different record types
dig example.com A # IPv4 address
dig example.com AAAA # IPv6 address
dig example.com MX # Mail servers
dig example.com TXT # Text records (often has secrets!)
dig example.com NS # Name servers
dig example.com ANY # All records
# Zone transfer (if misconfigured)
dig axfr @ns1.example.com example.com
# Reverse lookup (IP to domain)
dig -x 8.8.8.8
# Subdomain enumeration
# Tools: subfinder, amass, sublist3rPro tip: Always check TXT records - they often contain verification codes, SPF records, or accidentally leaked information!
TCP vs UDP
TCP (Transmission Control Protocol)
- Connection-oriented (handshake)
- Reliable - guarantees delivery
- Ordered - packets arrive in sequence
- Used for: HTTP, SSH, FTP, email
UDP (User Datagram Protocol)
- Connectionless
- No guarantee of delivery
- Faster, less overhead
- Used for: DNS, streaming, gaming
TCP Three-Way Handshake:
- Client → SYN → Server
- Client ← SYN-ACK ← Server
- Client → ACK → Server Connection established!
# Capture network traffic
sudo tcpdump -i eth0
sudo tcpdump -i eth0 port 80
sudo tcpdump -i eth0 -w capture.pcap
# Analyze with Wireshark
wireshark capture.pcap
# Common Wireshark filters
http
tcp.port == 80
ip.addr == 192.168.1.1
http.request.method == "POST"
tcp.flags.syn == 1Network Tools for CTF
Master these tools for network challenges:
# Netcat - the "Swiss Army knife"
nc -l -p 1234 # Listen on port 1234
nc target.com 80 # Connect to target
nc -l -p 1234 > file.txt # Receive file
nc target.com 1234 < file.txt # Send file
# Simple HTTP request with netcat
echo -e "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n" | nc example.com 80
# Curl for HTTP
curl http://target.com
curl -v http://target.com # Verbose
curl -X POST -d "data=test" url # POST request
curl -H "Cookie: session=abc" url # Custom header
# Wget - download files
wget http://target.com/file.zip
wget -r http://target.com/ # Recursive downloadPro tip: Netcat (nc) is incredibly versatile. You can use it to test connections, transfer files, create backdoors, and even chat!