Networking Handbook — Beginner to Intermediate

01

What is a Network?

Nodes, links, and why networks exist

A computer network is two or more devices connected so they can exchange data. That's it. Everything else — TCP, DNS, firewalls, Wi-Fi — is infrastructure built on top of that simple idea.

🖥️ Node

Any device on the network — laptop, phone, server, printer, smart bulb. Identified by its address.

🔗 Link

The medium connecting nodes — Ethernet cable, fiber optic, Wi-Fi radio waves, or even a satellite link.

📦 Packet

Data is split into small chunks called packets. Each travels the network independently and is reassembled at the destination.

Network Types by Scale

Type	Full Name	Scale	Example
PAN	Personal Area Network	~1 m	Bluetooth headphones ↔ phone
LAN	Local Area Network	Room → Building	Home Wi-Fi, office network
MAN	Metropolitan Area Network	City	University campus network
WAN	Wide Area Network	Country → Global	The Internet

Key Concept

The Internet is simply a global network of networks — thousands of ISPs, data centers, and corporate networks interconnected using agreed-upon protocols (mainly TCP/IP).

How Data Actually Moves

Data doesn't travel as a single blob. It's broken into packets, each labeled with a source and destination address. Packets may take different paths and arrive out of order — the receiving device reassembles them. This is called packet switching, and it's what makes the internet resilient.

Packet Switching Example Your Browser ──────────────────────────────────────────> Web Server │ │ "GET /index.html" split into 3 packets │ Packet 1 ──> Router A ──> Router C ──────────────────────> Server Packet 2 ──> Router A ──> Router B ──> Router D ──────> Server Packet 3 ──> Router A ──> Router C ──────────────────────> Server All 3 packets arrive and are reassembled in order by TCP

02

OSI & TCP/IP Models

The layered frameworks that make networking modular

Networking is complex. To manage that complexity, engineers divide functionality into layers. Each layer only communicates with the one directly above or below it. This means you can change Wi-Fi hardware without rewriting your web browser.

The OSI Model — 7 Layers

OSI (Open Systems Interconnection) is a conceptual reference model. You'll see it referenced constantly in documentation, exams, and job interviews.

7
Application
User-facing protocols — what your app uses directly
HTTP, DNS, FTP, SMTP, SSH
6
Presentation
Data format, encryption, compression
TLS/SSL, JPEG, ASCII
5
Session
Establishes, manages, and ends sessions
NetBIOS, RPC, PPTP
4
Transport
End-to-end delivery, ports, reliability
TCP, UDP
3
Network
Logical addressing, routing between networks
IP, ICMP, BGP, OSPF
2
Data Link
Framing, MAC addressing, error detection within a link
Ethernet, Wi-Fi (802.11), ARP
1
Physical
Bits on the wire — voltages, signals, cables, radio
Cat6, Fiber, USB, DSL

Memory Aid

Top-down: All People Seem To Need Data Processing (Application → Physical)
Bottom-up: Please Do Not Throw Sausage Pizza Away (Physical → Application)

TCP/IP Model — 4 Layers

TCP/IP is the actual model the internet uses. It maps roughly to OSI but collapses some layers:

TCP/IP Layer	OSI Equivalent	Key Protocols
Application	Layers 7, 6, 5	HTTP, HTTPS, DNS, FTP, SMTP, SSH
Transport	Layer 4	TCP, UDP
Internet	Layer 3	IP (IPv4/IPv6), ICMP, ARP
Link	Layers 2, 1	Ethernet, Wi-Fi, PPP

Encapsulation — How Layers Work Together

When you send data, each layer wraps it in its own header (and sometimes trailer). This is encapsulation. The receiver peels off layers in reverse.

Encapsulation — sending "Hello" over the network Application │ "Hello" Transport │ [TCP hdr] + "Hello" ← adds port, seq number Network │ [IP hdr] + [TCP hdr] + "Hello" ← adds IP addresses Data Link │ [Eth hdr] + [IP hdr] + [TCP hdr] + "Hello" + [FCS] ← adds MAC, checksum Physical │ 10110001 01001101 ... (bits on the wire)

03

Network Hardware

The physical and logical devices that form a network

🔀 Switch (Layer 2)

Connects devices within a LAN. Forwards frames based on MAC addresses. Learns which MAC is on which port. Smarter than a hub — only sends data to the intended recipient, not everyone.

🌐 Router (Layer 3)

Connects different networks. Forwards packets based on IP addresses. Your home router connects your LAN to your ISP's network. Makes routing decisions using routing tables.

📡 Access Point (AP)

Extends the network wirelessly. Bridges Wi-Fi clients to the wired LAN. Your home "router" is usually a router + switch + AP combined in one box.

🔌 NIC

Network Interface Card — the hardware in your device that connects it to the network. Every NIC has a unique MAC address burned in at the factory.

📶 Modem

Modulates/demodulates signals to connect to your ISP over cable, DSL, or fiber. Translates the ISP's signal format into standard Ethernet for your router.

🔥 Firewall

Filters traffic based on rules — blocks or allows packets based on IP, port, protocol. Can be hardware (a physical device) or software (Windows Firewall).

Common Confusion

Hub vs Switch: A hub broadcasts every packet to every connected device — noisy and slow. A switch is intelligent and only sends packets to the correct destination. Hubs are essentially obsolete.

04

IP Addresses

IPv4, IPv6, public vs private, and address classes

An IP address is the logical address of a device on a network. Like a home address, it tells the network where to deliver packets.

IPv4

IPv4 addresses are 32-bit numbers written as four decimal octets separated by dots:

IPv4

192.168.1.100

In binary:  11000000 . 10101000 . 00000001 . 01100100
             ↑192       ↑168       ↑1         ↑100

Range per octet: 0–255
Total addresses: 2³² = ~4.3 billion

IPv4 is exhausted — all public addresses are allocated.
That's why NAT (private addresses) and IPv6 exist.

Public vs Private Addresses

Private addresses are reserved for use inside LANs — they're not routable on the public internet. Your home network almost certainly uses 192.168.x.x.

Range	Type	Typical Use
`10.0.0.0/8`	Private	Large enterprise networks (16M hosts)
`172.16.0.0/12`	Private	Medium networks (1M hosts)
`192.168.0.0/16`	Private	Home and small office (65K hosts)
`127.0.0.0/8`	Loopback	`127.0.0.1` always refers to "this device"
`169.254.0.0/16`	Link-local (APIPA)	Auto-assigned when DHCP fails
Everything else	Public	Routable on the internet

IPv6 — The Solution to IPv4 Exhaustion

IPv6 uses 128-bit addresses, providing 2¹²⁸ ≈ 340 undecillion addresses — effectively unlimited.

IPv6

2001:0db8:85a3:0000:0000:8a2e:0370:7334

Shorthand rules:
  1. Leading zeros in each group can be omitted:
     2001:db8:85a3:0:0:8a2e:370:7334

  2. One run of consecutive all-zero groups can be ::
     2001:db8:85a3::8a2e:370:7334

Special addresses:
  ::1          loopback  (like 127.0.0.1 in IPv4)
  fe80::/10    link-local
  ::/0         default route

05

Subnetting

Dividing networks into smaller, manageable pieces

A subnet is a logical subdivision of an IP network. Subnetting lets you split a large network into smaller, isolated segments — improving security, performance, and organization.

CIDR Notation

CIDR (Classless Inter-Domain Routing) notation writes an address followed by a slash and the prefix length — the number of bits used for the network portion.

CIDR

192.168.1.0/24

The /24 means the first 24 bits are the NETWORK, last 8 are HOSTS:

11000000.10101000.00000001.00000000
├─────────── Network (24 bits) ──────────┤├── Host (8 bits) ─┤

Network address:    192.168.1.0   (all host bits = 0)
Broadcast address:  192.168.1.255 (all host bits = 1)
Usable hosts:       192.168.1.1 – 192.168.1.254  (254 hosts)

Common Subnet Masks

CIDR	Subnet Mask	Hosts	Common Use
`/8`	`255.0.0.0`	16,777,214	Large enterprise (Class A)
`/16`	`255.255.0.0`	65,534	Large office (Class B)
`/24`	`255.255.255.0`	254	Home / small office
`/25`	`255.255.255.128`	126	Split a /24 in half
`/30`	`255.255.255.252`	2	Point-to-point links
`/32`	`255.255.255.255`	1	Single host route

How to Calculate — Quick Method

1

Find the host bits

Host bits = 32 − prefix length. For /26: 32−26 = 6 host bits.

2

Calculate total addresses

2^{host bits}. For 6 bits: 2⁶ = 64 addresses.

3

Subtract 2 for usable hosts

−1 for network address, −1 for broadcast. 64 − 2 = 62 usable hosts.

4

Find block size & ranges

Block size = 64. Subnets: .0, .64, .128, .192. Each block hosts .1–.62, .65–.126, etc.

06

MAC Addresses & ARP

Physical addressing and address resolution

IP addresses are logical — they can change. MAC addresses are physical — burned into the NIC hardware (though they can be spoofed). When two devices communicate on the same LAN, they actually use MAC addresses at the data link layer.

MAC Address

00:1A:2B:3C:4D:5E

48 bits = 6 bytes, written as 6 hex pairs

00:1A:2B  =  OUI (Organizationally Unique Identifier) — identifies the manufacturer
3C:4D:5E  =  Device-specific portion assigned by manufacturer

Example OUIs:  00:50:56 = VMware   |   00:0C:29 = VMware   |   BC:9F:EF = Apple
Special:       FF:FF:FF:FF:FF:FF  = Broadcast (sent to ALL devices on LAN)

ARP — Address Resolution Protocol

ARP bridges the gap between Layer 3 (IP) and Layer 2 (MAC). Before sending a frame, a device must know the MAC address of the destination. ARP finds it.

1

ARP Request (broadcast)

Device A wants to reach 192.168.1.20. It broadcasts: "Who has 192.168.1.20? Tell 192.168.1.10!"

2

ARP Reply (unicast)

Device B (192.168.1.20) replies directly: "I have 192.168.1.20. My MAC is AA:BB:CC:DD:EE:FF."

3

ARP Cache

Device A stores this mapping in its ARP cache. Run arp -a to see it. Entries expire after a few minutes.

07

TCP vs UDP

The two workhorses of the transport layer

TCP — Transmission Control Protocol

Connection-oriented — must establish connection first (3-way handshake)
Reliable — guarantees delivery, detects lost packets and retransmits
Ordered — data arrives in sequence
Slower — overhead from acknowledgements, flow control
Used for: HTTP, HTTPS, SSH, FTP, email

UDP — User Datagram Protocol

Connectionless — fire and forget, no handshake
Unreliable — no delivery guarantee, no retransmission
Unordered — packets may arrive out of order
Faster — very low overhead
Used for: DNS, video streaming, VoIP, online games

The TCP 3-Way Handshake

Before TCP sends any application data, it establishes a connection using three messages:

TCP 3-Way Handshake Client Server │ │ │──── SYN (seq=100) ─────────────────────────>│ "I want to connect, my seq starts at 100" │ │ │<─── SYN-ACK (seq=300, ack=101) ───────────│ "OK, my seq starts at 300, I got your 100" │ │ │──── ACK (ack=301) ──────────────────────────>│ "Got it, we're connected" │ │ │<═══════════ DATA EXCHANGE ════════════════>│ Closing: 4-way termination with FIN/ACK pairs

Ports

Ports allow multiple services to run on one IP address. TCP/UDP use 16-bit port numbers (0–65535). A connection is identified by: source IP : source port → dest IP : dest port

Port Ranges

Well-known (0–1023): Reserved for standard services (HTTP=80, HTTPS=443, SSH=22)
Registered (1024–49151): Used by applications (Postgres=5432, Redis=6379)
Dynamic/Ephemeral (49152–65535): Temporarily assigned to clients making connections

08

DNS — Domain Name System

The internet's phone book

DNS translates human-readable names like google.com into IP addresses like 142.250.80.46. Without DNS, you'd have to memorize IP addresses for every website.

DNS Resolution — Step by Step

1

Check local cache

Your OS checks its DNS cache first. ipconfig /displaydns (Windows) or sudo resolvectl statistics (Linux) shows it.

2

Ask the Recursive Resolver

Your configured DNS server (e.g., 8.8.8.8 — Google's resolver). This server does the heavy lifting on your behalf.

3

Root Server → TLD Server

The resolver asks a Root server: "Who knows about .com?" Root refers it to the .com TLD server.

4

Authoritative Name Server

The TLD server says "ask google.com's authoritative server." That server returns the actual IP address.

5

Cache & Return

The resolver caches the answer for the TTL (Time to Live) period and returns the IP to your browser.

DNS Record Types

Record	Purpose	Example
`A`	Hostname → IPv4 address	`example.com → 93.184.216.34`
`AAAA`	Hostname → IPv6 address	`example.com → 2606:2800:220:1:248:1893:25c8:1946`
`CNAME`	Alias → another hostname	`www.example.com → example.com`
`MX`	Mail servers for domain	`example.com → mail.example.com (priority 10)`
`NS`	Authoritative name servers	`example.com → ns1.example.com`
`TXT`	Arbitrary text (SPF, DKIM, verification)	`v=spf1 include:sendgrid.net ~all`
`PTR`	Reverse lookup (IP → hostname)	`34.216.184.93.in-addr.arpa → example.com`
`SOA`	Zone authority information	Start of Authority — serial, refresh timers

Security Note

DNS is unencrypted by default. Your ISP (and anyone on the path) can see every domain you look up. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt DNS queries. Use 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google) with DoH for better privacy.

09

DHCP

Automatic IP address assignment

DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses, subnet masks, default gateways, and DNS servers to devices joining the network. Without it, you'd configure every device manually.

DORA — The 4-Step Process

DHCP DORA Process Client DHCP Server (usually your router) │ │ │──── DISCOVER (broadcast) ──────────────────>│ "I need an IP address! Anyone?" │ │ │<─── OFFER (broadcast) ────────────────────│ "I'll offer you 192.168.1.105/24" │ │ │──── REQUEST (broadcast) ─────────────────>│ "Yes, I'd like 192.168.1.105 please" │ │ │<─── ACK (unicast) ──────────────────────│ "Confirmed! Lease for 24 hours." │ │ └──── Client configures IP, gateway, DNS ──────┘ D = Discover | O = Offer | R = Request | A = Acknowledge

What DHCP Provides

📋 IP Address + Lease

A dynamic IP address with a time-limited lease (e.g., 24h). The client must renew before expiry. Expired leases return to the pool.

🗺️ Network Config

Subnet mask, default gateway (router IP), DNS server addresses — everything needed to communicate on the network and internet.

Tip

Servers should use static (manual) IPs, not DHCP. If a server's IP changes, services that depend on it break. You can also configure a DHCP reservation — the DHCP server always gives the same IP to a specific MAC address.

10

HTTP & HTTPS

The protocol of the web

HTTP (HyperText Transfer Protocol) is the request-response protocol browsers use to fetch web pages. HTTPS adds TLS encryption on top, protecting data in transit.

HTTP Request & Response

HTTP/1.1

──── Request ────
GET /api/users/42 HTTP/1.1
Host:            api.example.com
Accept:          application/json
Authorization:   Bearer eyJhbGci...
User-Agent:      Mozilla/5.0

──── Response ────
HTTP/1.1 200 OK
Content-Type:    application/json
Cache-Control:   max-age=3600

{
  "id": 42,
  "name": "Alice",
  "email": "alice@example.com"
}

HTTP Methods

Method	Use	Idempotent?	Has Body?
`GET`	Retrieve a resource	Yes	No
`POST`	Create a resource	No	Yes
`PUT`	Replace a resource entirely	Yes	Yes
`PATCH`	Partially update a resource	No	Yes
`DELETE`	Remove a resource	Yes	Optional
`HEAD`	Like GET but headers only	Yes	No
`OPTIONS`	What methods does server support?	Yes	No

HTTP Status Codes

✅ 2xx — Success

200 OK — Request succeeded
201 Created — Resource created (POST)
204 No Content — Success, nothing to return

🔀 3xx — Redirection

301 Moved Permanently — URL has changed forever
302 Found — Temporary redirect
304 Not Modified — Use your cached copy

❌ 4xx — Client Error

400 Bad Request — Malformed request
401 Unauthorized — Authentication required
403 Forbidden — Authenticated but no permission
404 Not Found — Resource doesn't exist
429 Too Many Requests — Rate limited

💥 5xx — Server Error

500 Internal Server Error — Server-side bug
502 Bad Gateway — Upstream server failed
503 Service Unavailable — Server overloaded/down
504 Gateway Timeout — Upstream timeout

HTTPS & TLS Handshake

HTTPS = HTTP + TLS. TLS (Transport Layer Security) encrypts the connection before any data is exchanged. The TLS handshake:

TLS 1.3 Handshake (simplified) Client Server │ │ │──── ClientHello (TLS version, ciphers) ────>│ │ │ │<─── ServerHello + Certificate ─────────────│ Server sends its public key cert │ │ │ Client verifies cert against CA trust store │ │ │ │──── Key Exchange (encrypted) ──────────────>│ Agree on session keys │ │ │<═══════════ Encrypted Data ═══════════════>│ All data encrypted with session key

11

Routing

How packets find their way across networks

A router decides where to send each packet. It consults a routing table — a list of network destinations and where to forward packets destined for them.

Routing Table Basics

routing table

$ route -n    (Linux)  or  route print  (Windows)

Destination     Gateway         Mask              Interface
0.0.0.0         192.168.1.1     0.0.0.0           eth0     ← Default route (internet)
192.168.1.0     0.0.0.0         255.255.255.0     eth0     ← Local LAN (directly connected)
10.10.0.0       192.168.1.254   255.255.0.0       eth0     ← Remote network via router
127.0.0.0       0.0.0.0         255.0.0.0         lo       ← Loopback

Longest prefix match wins — most specific route takes priority

Static vs Dynamic Routing

Static Routing

Routes configured manually by an admin
Simple, predictable, no overhead
Doesn't adapt to failures automatically
Good for: small networks, stub routes, default routes

Dynamic Routing

Routers share route info using protocols
Adapts automatically to topology changes
Requires CPU, bandwidth, and configuration
Protocols: OSPF (interior), BGP (internet backbone)

Default Gateway

When your device needs to send a packet to an IP outside your subnet, it sends it to the default gateway — your router. The router then takes responsibility for forwarding it further.

12

NAT & PAT

How private IPs reach the public internet

NAT (Network Address Translation) lets many private-IP devices share a single public IP. Your home router does this for every device on your network.

PAT (Port Address Translation) — How your home router works Private LAN Router (NAT) Internet ────────── ──────────── ──────── 192.168.1.10:54321 ──>│ Public IP: 203.0.113.5│──> Server 93.184.216.34:443 192.168.1.11:48900 ──>│ Public IP: 203.0.113.5│──> Server 93.184.216.34:443 192.168.1.12:61234 ──>│ Public IP: 203.0.113.5│──> Server 142.250.80.46:443 NAT Table (inside router): 192.168.1.10:54321 ↔ 203.0.113.5:10001 192.168.1.11:48900 ↔ 203.0.113.5:10002 192.168.1.12:61234 ↔ 203.0.113.5:10003

Implication

Because all your devices share one public IP, incoming connections from the internet cannot reach a device behind NAT without special configuration. This is why you need port forwarding to host a game server or run a web server at home.

13

VLANs

Virtual LANs — logical network segmentation

A VLAN (Virtual LAN) creates separate broadcast domains on the same physical switch. Devices on VLAN 10 cannot talk to devices on VLAN 20 without going through a router — even if they're on the same switch.

🔒 Why Use VLANs?

Security — IoT devices can't reach your file servers
Performance — reduces broadcast traffic
Organization — logical grouping by department
Compliance — isolate payment/cardholder data (PCI DSS)

🏷️ VLAN Tagging (802.1Q)

On trunk links (between switches or router), frames are tagged with a VLAN ID (1–4094). The tag is a 4-byte header inserted into the Ethernet frame. Access ports (to end devices) are untagged.

Example Design

A typical home with VLANs: VLAN 10 = Trusted devices (laptops, phones) · VLAN 20 = IoT devices (smart bulbs, cameras) · VLAN 30 = Guest Wi-Fi. Each VLAN gets its own subnet and firewall rules.

14

Firewalls & ACLs

Controlling traffic flow between networks

Firewall Types

📋 Packet Filter

Inspects each packet in isolation — source/dest IP, port, protocol. Fast but no awareness of connection state.

🔁 Stateful

Tracks the state of connections. Knows that a packet is part of an established session, not a new rogue connection. Used in most modern firewalls.

🔍 NGFW / DPI

Next-Generation Firewall. Inspects application-layer data (Layer 7). Can identify apps, detect malware, and enforce per-app policies.

ACL — Access Control List

ACLs are ordered lists of permit/deny rules evaluated top-to-bottom. The first match wins. Always ends with an implicit "deny all".

iptables (Linux)

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH from management subnet only
iptables -A INPUT -s 10.0.1.0/24 -p tcp --dport 22 -j ACCEPT

# Allow HTTPS from anywhere
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Drop everything else inbound
iptables -A INPUT -j DROP

# Check rules
iptables -L -n -v

Default Stance

Good security design follows "default deny" — block everything by default, then explicitly allow only what's needed. Never use "default allow" on a perimeter firewall.

15

Wireless Networking

Wi-Fi standards, frequencies, and security

Wi-Fi Standards

Standard	Generation	Max Speed	Frequency	Range
802.11b	Wi-Fi 1	11 Mbps	2.4 GHz	~35m indoor
802.11g	Wi-Fi 3	54 Mbps	2.4 GHz	~38m indoor
802.11n	Wi-Fi 4	600 Mbps	2.4 / 5 GHz	~70m indoor
802.11ac	Wi-Fi 5	3.5 Gbps	5 GHz	~35m indoor
802.11ax	Wi-Fi 6/6E	9.6 Gbps	2.4 / 5 / 6 GHz	~30m indoor
802.11be	Wi-Fi 7	46 Gbps	2.4 / 5 / 6 GHz	~30m indoor

2.4 GHz vs 5 GHz

2.4 GHz

Longer range, better wall penetration
More congested (microwaves, neighbors, Bluetooth)
Only 3 non-overlapping channels (1, 6, 11)
Good for: IoT devices, long distances

5 GHz

Shorter range, more affected by walls
Less congested, more channels available
Faster speeds, lower latency
Good for: streaming, gaming, high-bandwidth

Wi-Fi Security Standards

Protocol	Status	Notes
WEP	❌ Broken	Crackable in minutes. Never use.
WPA	⚠️ Deprecated	Weak; TKIP encryption flawed.
WPA2-Personal	✅ Acceptable	AES/CCMP encryption. Use strong passphrase.
WPA2-Enterprise	✅ Good	802.1X/RADIUS per-user auth. Corporate standard.
WPA3-Personal	✅ Best	SAE handshake, forward secrecy. Use if all devices support it.

16

Common Port Numbers

Quick reference for well-known services

Port	Protocol	Service	Description
`20`	TCP	FTP Data	File Transfer — data channel
`21`	TCP	FTP Control	File Transfer — control channel
`22`	TCP	SSH / SFTP / SCP	Secure Shell, secure file transfer
`23`	TCP	Telnet	Unencrypted remote access — never use
`25`	TCP	SMTP	Sending email (server-to-server)
`53`	UDP/TCP	DNS	Domain Name System
`67/68`	UDP	DHCP	Server (67), Client (68)
`80`	TCP	HTTP	Web traffic (unencrypted)
`110`	TCP	POP3	Receive email (older)
`143`	TCP	IMAP	Receive email (modern)
`161/162`	UDP	SNMP	Network device monitoring
`443`	TCP	HTTPS	Web traffic (encrypted with TLS)
`445`	TCP	SMB	Windows file sharing
`3306`	TCP	MySQL	MySQL/MariaDB database
`3389`	TCP	RDP	Windows Remote Desktop
`5432`	TCP	PostgreSQL	PostgreSQL database
`6379`	TCP	Redis	Redis in-memory store
`8080`	TCP	HTTP-alt	Common dev/proxy HTTP alternate

17

CLI Commands

Essential networking commands for every engineer

ping / traceroute

# Test reachability (ICMP echo)
ping 8.8.8.8
ping -c 4 google.com           # Linux: send 4 packets
ping -n 4 google.com           # Windows

# Trace the path a packet takes
traceroute google.com          # Linux/Mac
tracert google.com             # Windows

# MTR — continuous traceroute with stats
mtr google.com

IP & interfaces

# Show IP addresses
ip addr show                   # Linux (modern)
ifconfig                       # Linux/Mac (older)
ipconfig /all                  # Windows

# Show routing table
ip route show                  # Linux
route -n                       # Linux (older)
route print                    # Windows
netstat -r                     # All platforms

# Show ARP cache
arp -a                         # All platforms
ip neigh show                  # Linux (modern)

DNS lookup

# Query DNS
nslookup google.com            # All platforms
dig google.com                 # Linux/Mac (more detail)
dig google.com MX              # Query specific record type
dig +short google.com          # Just the IP
dig @8.8.8.8 google.com        # Query specific DNS server

# Reverse lookup (IP → hostname)
dig -x 8.8.8.8

ports & connections

# Show open ports and connections
netstat -tulnp                 # Linux: TCP/UDP listening ports with process
ss -tulnp                      # Linux: modern replacement for netstat
netstat -ano                   # Windows

# Test if a specific port is open
nc -zv 192.168.1.1 22          # nc (netcat) — connect test
telnet google.com 443           # crude connection test
Test-NetConnection -Port 443 -ComputerName google.com  # PowerShell

# Capture live traffic
tcpdump -i eth0 port 80         # capture HTTP on eth0
tcpdump -i any host 8.8.8.8    # capture to/from 8.8.8.8

18

Glossary

Quick-reference definitions

Term	Definition
Bandwidth	Maximum data transfer rate of a link. Measured in Mbps/Gbps. Not the same as speed.
Latency	Time for a packet to travel from source to destination (one-way) or round-trip (RTT). Measured in ms.
Jitter	Variation in latency over time. High jitter degrades VoIP and video calls.
Throughput	Actual data transferred per second, which is often less than bandwidth due to overhead and congestion.
Broadcast Domain	The set of devices that receive a broadcast packet. Routers separate broadcast domains; switches do not.
Collision Domain	Network segment where packets can collide. Switches create separate collision domains per port.
MTU	Maximum Transmission Unit — largest packet size allowed on a link. Ethernet MTU = 1500 bytes.
QoS	Quality of Service — mechanism to prioritize certain traffic (e.g., voice over file downloads).
SSID	Service Set Identifier — the name of a Wi-Fi network.
Gateway	A router that provides access to another network; usually your router's IP on the LAN.
VPN	Virtual Private Network — encrypted tunnel over the public internet, creating a private connection.
CDN	Content Delivery Network — geographically distributed servers to serve content closer to users.
ISP	Internet Service Provider — company that provides your internet connection (Comcast, AT&T, etc.).
AS / ASN	Autonomous System / Number — a network under single administrative control on the internet (e.g., Google = AS15169).
BGP	Border Gateway Protocol — the routing protocol of the internet, used between autonomous systems.
OSPF	Open Shortest Path First — link-state routing protocol used within enterprise networks.
STP	Spanning Tree Protocol — prevents switching loops in networks with redundant links.
ICMP	Internet Control Message Protocol — used for diagnostics (ping, traceroute) and error reporting.
TTL	Time to Live — (1) packet hop limit, decremented by each router; (2) DNS record cache duration in seconds.
Half/Full Duplex	Half duplex = transmit OR receive at one time. Full duplex = both simultaneously. All modern Ethernet is full duplex.

What to Learn Next

After mastering these foundations, explore: Network Security (TLS deep dive, certificates, PKI) · Cloud Networking (VPCs, security groups, load balancers) · Container Networking (Docker networks, Kubernetes CNI) · Certifications (CompTIA Network+, Cisco CCNA).

The NetworkingHandbook

What is a Network?

Network Types by Scale

How Data Actually Moves

OSI & TCP/IP Models

The OSI Model — 7 Layers

TCP/IP Model — 4 Layers

Encapsulation — How Layers Work Together

Network Hardware

IP Addresses

IPv4

Public vs Private Addresses

IPv6 — The Solution to IPv4 Exhaustion

Subnetting

CIDR Notation

Common Subnet Masks

How to Calculate — Quick Method

MAC Addresses & ARP

ARP — Address Resolution Protocol

TCP vs UDP

The TCP 3-Way Handshake

Ports

DNS — Domain Name System

DNS Resolution — Step by Step

DNS Record Types

DHCP

DORA — The 4-Step Process

What DHCP Provides

HTTP & HTTPS

HTTP Request & Response

HTTP Methods

HTTP Status Codes

HTTPS & TLS Handshake

Routing

Routing Table Basics

Static vs Dynamic Routing

Default Gateway

NAT & PAT

VLANs

Firewalls & ACLs

Firewall Types

ACL — Access Control List

Wireless Networking

Wi-Fi Standards

2.4 GHz vs 5 GHz

Wi-Fi Security Standards

Common Port Numbers

CLI Commands

Glossary

The Networking
Handbook