Why This Revision Was Important
In a SOC environment, networking knowledge is not theoretical.
Every alert, every log, every incident —
everything flows through the network.
So before touching Linux, SIEMs, or alerts, I wanted to make sure that:
Concepts are clear
Connections between topics make sense
I can relate theory to real SOC scenarios
What I Revised (Networking Fundamentals)
1. Network & Networking
Understanding what a network actually is and why networking exists — enabling communication, data transfer, and service access between systems.
In SOC, this helps answer:
Where is the traffic coming from?
Where is it going?
Is this communication expected or suspicious?
2. LAN vs WAN
LAN (Local Area Network): Internal communication within an organization
WAN (Wide Area Network): Communication over larger distances (internet, branches)
SOC relevance:
Internal vs external traffic classification
Identifying lateral movement vs external attacks
3. Data Flow in Networks
Revisited how data travels:
Source → destination
Through routers, switches, and networks
This is crucial for:
Understanding packet paths
Interpreting alerts related to unusual traffic flows
4. Reachability & Identification
How systems identify each other
How reachability is tested
SOC relevance:
Detecting unreachable hosts
Understanding failed connection attempts
Identifying scanning or reconnaissance behavior
5. IP Addressing (Basics)
Purpose of IP addresses
How devices are uniquely identified
SOC use-case:
Tracking suspicious IPs
Distinguishing internal vs external addresses
Correlating alerts with source and destination IPs
6. DNS (Domain Name System)
Revisited how:
Domain names are resolved to IP addresses
DNS queries and responses work
SOC relevance:
Detecting malicious domains
Understanding DNS-based attacks
Investigating unusual DNS activity
7. Networking Tools Revision
ping
Tests reachability
Uses ICMP
SOC perspective:
Connectivity checks
Initial investigation during outages or alerts
traceroute
Shows packet path across networks
SOC perspective:
Understanding traffic routes
Identifying unusual or unexpected hops
Nslookup
Queries DNS records
SOC perspective:
Investigating suspicious domains
Validating DNS behavior during incidents
8. TCP vs UDP
Revisited differences with use-case clarity, not rote learning.
TCP: Reliable, connection-oriented
UDP: Faster, connectionless
SOC relevance:
Understanding protocol-based attacks
Interpreting alerts based on protocol behavior
Key Takeaway from Day 7
This revision helped me:
Connect networking concepts instead of memorizing them
Think from a SOC analyst’s perspective
Prepare mentally for Linux, where logs and networking meet
Strong foundations reduce confusion later.
Top comments (0)