Classroom Public page

Week 11: Networking Basics

1,218 words

The internet is not a cloud. It is a collection of physical machines, connected by wires and radio, running protocols that specify exactly how to route a packet from your laptop to a server in another country and back. This week you see the path.

Theme

When you open a browser and type virtuscyberacademy.org, your laptop sends a UDP packet asking for the IP address, receives one back (52.87.x.x or similar), opens a TCP connection to port 443 on that address, performs a TLS handshake, and sends an HTTP GET request. None of that is magic; each step follows a published protocol with a precise byte format. This week you learn enough to see the path and to use ping, traceroute, and curl to observe it.

This is FND-101 level: conceptual understanding + practical command-line tools. NET-101 goes deeper into protocols and packet capture. SEC-101 goes deeper into what can go wrong.

Reading list (~1 hour)

  1. Julia Evans, "How DNS Works" (zine, free summary at https://jvns.ca/blog/2022/01/11/how-to-find-ip-addresses/): plain English on IP addresses and DNS lookups
  2. Wikipedia, "IP address" (the introduction through "Versions"): what an IP address is and the difference between IPv4 and IPv6
  3. Wikipedia, "Port (computer networking)": what a port number is and why they exist
  4. Optional: Julia Evans, "Networking! ACK!" zine preview (free sample pages at https://jvns.ca/)

Lecture outline (~2 hours)

Section 1: IP addresses and routing

  • Every device on the internet has an IP address: a number that identifies it
  • IPv4: 32 bits, written as four decimal octets separated by dots (e.g., 192.168.1.100). About 4 billion possible addresses.
  • IPv6: 128 bits, written as eight groups of four hex digits (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334). Essentially unlimited addresses.
  • Private vs public: 192.168.x.x, 10.x.x.x, 172.16-31.x.x are private address ranges (not routable on the public internet; used inside home networks and office LANs)
  • Routing: a packet travels from your machine to a default gateway (your router), which sends it to your ISP's network, which sends it across the internet toward the destination, hop by hop
  • Each hop is a router that reads the destination IP, consults a routing table, and forwards the packet to the next router

Section 2: DNS

  • DNS (Domain Name System): translates domain names (virtuscyberacademy.org) to IP addresses
  • Your laptop has a configured DNS resolver (often your router, which forwards to 8.8.8.8 or 1.1.1.1)
  • A DNS query is a UDP packet sent to port 53 of the resolver, asking "what is the IP for this name?"
  • The resolver may cache the answer (for efficiency) or may query the DNS hierarchy (root servers, TLD servers, authoritative nameserver) to find the answer
  • dig virtuscyberacademy.org or nslookup virtuscyberacademy.org: look up a domain from the command line

Section 3: Ports and protocols

  • A port number identifies a specific service on a machine. An IP address gets you to the machine; the port number gets you to the right program running on it.
  • Range: 0-65535 (16 bits). Well-known ports 0-1023 are reserved for standard services.
  • Common ports: 22 (SSH), 80 (HTTP), 443 (HTTPS), 25 (SMTP email), 53 (DNS), 3306 (MySQL)
  • TCP vs UDP:
    • TCP (Transmission Control Protocol): connection-oriented, reliable, ordered, with error detection and retransmission. Used by HTTP, HTTPS, SSH, SMTP.
    • UDP (User Datagram Protocol): connectionless, best-effort, no guaranteed delivery or ordering. Faster; used by DNS, video streaming, VoIP.

Section 4: The HTTP/HTTPS request cycle

  1. Your browser resolves virtuscyberacademy.org via DNS to an IP address
  2. It opens a TCP connection to port 443 on that IP
  3. TLS handshake: the server sends its certificate; the browser verifies it; both sides agree on an encryption key
  4. Browser sends an HTTP GET request: GET / HTTP/1.1\r\nHost: virtuscyberacademy.org\r\n\r\n
  5. Server sends an HTTP response: status code (200 OK), headers, and the HTML body
  6. Browser renders the HTML

Each of these steps is a byte-level protocol. NET-101 and ADV-101 go deep into the byte formats. FND-101 students need to know the steps and recognize them in curl output.

Section 5: Command-line network tools

Command What it does
ping hostname Send ICMP echo requests; measures round-trip time and packet loss
traceroute hostname Show each router hop on the path; measures per-hop latency
curl -v url Fetch a URL, showing the full request and response headers
curl -I url Fetch only the response headers (HEAD request)
dig domain Query DNS for a domain name
nslookup domain Alternative DNS lookup (works on Windows/macOS/Linux)
ss -tlnp Show listening TCP sockets and which program owns them (Linux)
netstat -an Show all open connections (works on most OSes)

Section 6: What the internet actually is

  • The internet is a network of networks: your home network connects to your ISP; ISPs connect to each other via peering agreements and Internet Exchange Points
  • There is no single owner, no central router. BGP (Border Gateway Protocol) is how routers tell each other which IP ranges they can reach.
  • Physical substrate: fiber optic cables across continents and ocean floors; copper in the last mile; radio (Wi-Fi, LTE, 5G) at the edge
  • The "cloud" is just someone else's computers, connected to the internet with a very fast link

Labs (~90 minutes)

Lab 11.1: Traceroute + curl (labs/lab-11-1-traceroute.md)

  • Run traceroute (or tracert on Windows) to 3 different hosts; annotate the hop pattern
  • Use curl -v to fetch https://virtuscyberacademy.org and identify: the TLS handshake line, the HTTP status code, the Content-Type header
  • Use dig to resolve 2 domain names; note the TTL (time-to-live) on the answer
  • Artifact: annotated transcript committed to Git

Independent practice (~4 hours)

  1. Use ss -tlnp (Linux) or netstat -an (any OS) to find what services are listening on your machine. Identify at least 3 ports by number and protocol.
  2. Use curl to fetch https://httpbin.org/get and read the JSON response. What information does httpbin report about your request?
  3. Look up the IP address of a major website using dig. Then run traceroute to that IP. Count the hops. Is there a pattern in the last few hops?
  4. Run ping 8.8.8.8 (Google DNS) and ping 1.1.1.1 (Cloudflare DNS). Which is faster from your location? Note the round-trip time.
  5. Read the Wikipedia article "Border Gateway Protocol." In one paragraph, explain why BGP is both powerful and a potential security concern.

Reflection prompts (~30 minutes)

  1. Traceroute shows each hop on the path. How many hops did your packet take to reach a major website? Did any hop have significantly higher latency than the others? What might cause that?
  2. DNS translates names to addresses. What would break if DNS stopped working, even if the IP addresses themselves were still reachable?
  3. TCP guarantees delivery and order; UDP does not. Why would any application deliberately choose UDP?
  4. You can observe HTTP headers with curl -v. These headers include cookies, content types, security policies, and server versions. From a security perspective, what information might an attacker extract from these headers?
  5. The internet has no single owner or controller. How does BGP prevent one router from advertising a false route for an IP range it does not own? (Research BGP hijacking briefly before answering.)

What comes next

Week 12 is the capstone week. You select a small binary file, decode its byte structure by hand against the format's public specification, and write up your analysis in a decoding report committed to a Git repository. The week also includes a closing lecture mapping every FND-101 topic to the downstream courses that build on it.