Networking is arguably one of the most important concepts in computing. While topics like processing and manufacturing are incredibly useful, the concept of connecting to another person or a service and sharing data has taken computing far beyond what anyone could have imagined during the 1970s. Because of this, we at X9 Security will be covering many of the core topics and concepts in networking as well as providing some friendly examples. This series will be primarily focused on explaining the topics in a way someone new to computer security or networking can understand, but we will occasionally dip our toes into more complicated territory when possible. The most effective way to learn is to experiment, so we recommend following along and trying some of the concepts we teach and resources will be provided to assist.
The Internet Protocol
Now the defacto standard, IP or Internet Protocol is the method for which two computers are able to talk to each other. Connecting two or more computers like this creates a network which can either be a small, internal network like a home Wi-Fi or a massive network spanning many countries such as the Internet. There are two main types of Internet Protocol that are used today, IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6). IPv5 technically existed, but its a strange history lesson we won’t get into. Both IPv4 and IPv6 have some pros and cons which is why they are still used today.
- Already widely adopted, most networked devices already support it
- Short, simple addresses are easier to memorize than IPv6’s
- Limited number of addresses that we have almost maxed on multiple occasions
- Significantly more addresses possible
- Compared to IPv4, not as many devices or services support IPv6
- Longer, more complicated addresses to memorize than IPv4.
When we say that IPv4’s addresses are easier to remember and that IPv6’s addresses are harder to remember, we’re talking both about length and the letters and numbers in those addresses. For example, we’ll take an example of Alice and Bob. Alice and Bob are on their home Wi-Fi and want to connect to each other. Alice’s IPv4 address may be 192.168.1.2 and Bob’s IPv4 address may be 192.168.1.3. Now, for IPv6 things get more complicated as Alice’s IPv6 address may be
and Bob’s IPv6 address may be
. A common way to get over the “memorization” issue for IP addresses comes in the form of DNS or Domain Name Service which we will cover in part 2 of this series.
Masks and Gateways
Every IP address requires two additional pieces of information to be used properly called the subnet mask and the default Gateway. Subnet masks are a tool for splitting up a bunch of devices over “subnets”. These miniature networks offer many advantages for networking administrators such as security, performance, and scalability.
For security an administrator could block certain subnets from talking to other subnets. This is especially useful if one subnet is marked as “the Internet of Things” subnet and is not allowed to talk to the rest of the corporate network. If a device such as an Amazon Alexa is breached by an attacker, they would have a harder time moving from that Amazon Alexa to another machine on the corporate network due to restrictions.
For performance, devices talking to each other can use subnetting as a routing mechanism. If a device’s subnet is
and it talks to another device on
the connection never has to leave the subnet before reaching its target. This lowers overall congestion on the network as the device will be able to easily route to its target.
For scalability, additional devices can be assigned IPs on specific subnets for overflow purposes such as corporate computers being on
. This allows administrators to expand ranges by simply modifying the mask.
These subnets are created through a process called “masking” where a group of bits specify the range of devices that can be part of what subnets. For example, the address
is part of the
subnet with a subnet mask of 255.255.255.0 or 11111111 11111111 11111111 00000000. This means that the first 3 places are fixed and specify the subnet and the last place indicates the range of devices.
Now that we’ve established IP addresses exist, we’re lead to the natural question of: Where do IP addresses come from? There are multiple ways a device will be given an IP address such as manual entry or DHCP. For manual entry, a user will set a IP address for the device to use for all of its communication. This requires the user to know in advance the gateway, subnet, and mask of their network.
When manual entry is too difficult or unnecessary, DHCP or Dynamic Host Configuration Protocol can also be used to assign IP addresses. On most home networks, the router will take care of any DHCP configurations and IP assignments. That doesn’t mean you can’t host your own DHCP Server on Windows or Linux. On a high level, DHCP works by the new device sending out a request to the broadcast address
. The DHCP server will respond with its configuration and the device will request an IP address matching that configuration, similar to someone ordering from a menu at a restaurant. Once the new device has accepted the configuration, the DHCP server sends it one last message indicating what IP it has been assigned and other details such as its mask and default gateway.
IP Addresses may have some complexities, but they are one of the core building blocks of how computers are able to communicate. Without some way of indicating which computer a specific message is for, networks would be limited to either direct communication over a hard wire or blasting out messages for all with no “intended” recipient. On the latter note, this is sometimes expected and even desire behavior which we will cover in later sections. For now I hope this has been informative, and happy hacking!