Module 04 · The Wire

Network Security

Traffic, protocols, and the devices that move data from one place to another. These pages walk through the fundamentals you need before you can capture, inspect, and defend what crosses the wire.

00

About this module

The network security module covers the building blocks of data communication: how addresses work at layers 2 and 3, what the core terminal commands reveal about a live network, and which devices sit at the boundaries doing the filtering. Every topic here is something you can test at a terminal right now.

Pages are sequenced for a first read, starting with the commands you will type most often and building toward the addressing and device concepts those commands expose.

Pages
5 of 5 live
Module
04
Track
Foundational
01

Pages in this module

04.01
Terminal Network Commands
The commands every security professional types first: ping, traceroute, nslookup, netstat, ipconfig/ifconfig, arp, and their output. Hands-on from the first paragraph.
Live 04.02
MAC Addresses
Layer 2 addressing: the 48-bit hardware identifier burned into every NIC, how ARP resolves IP to MAC, OUI lookups, and why MAC addresses matter for security (and why they don't).
Live 04.03
IPv4 Anatomy
The 32-bit address, dotted-decimal notation, subnet masks, CIDR, private vs. public ranges, and the header fields that matter when reading a packet capture.
Live 04.04
IPv6 Anatomy
The 128-bit address, colon-hex notation, address types (unicast, multicast, anycast), link-local scope, and the simplified header that replaced IPv4's complexity.
Live 04.05
Network Devices
Hubs, switches, routers, firewalls, load balancers, and IDS/IPS. What each device does, which OSI layer it operates at, and where it sits in a typical network topology.
Live 04.06
Reading PCAPs
tcpdump, BPF filters, the nested-envelope anatomy of a packet, and what real captures look like when something interesting is happening on the wire.
Live 04.07
Wireshark-Lite
An interactive three-pane analyzer in the browser. Synthetic intrusion capture: scan → DNS → login → payload fetch → beacon. Click through, follow the story.
Live LAB
Port Scanning Lab
Six scan techniques (Connect, SYN, FIN, Xmas, UDP, version), three target scenarios. Fire each, watch the packets, read the verdict.
Lab