Day 2 of my SOC Analyst journey β and now Iβm starting to see how the internet actually works behind the scenes.
Todayβs focus was on the core networking concepts and commands that SOC analysts rely on during investigations and alert triage.
π§ What I Covered
π IP Addressing
Understanding how every device in a network is uniquely identified.
IPv4 & IPv6 basics
Source and Destination identification
Foundation of all network communication
π DNS (Domain Name System)
Learning how domain names are converted into IP addresses.
Domain β IP resolution
Role of DNS in browsing and communication
How DNS can expose suspicious or malicious domains
π οΈ nslookup
A simple but powerful tool to query DNS records.
Used to check domain resolution
Helps analyze suspicious domains during investigations
Useful for quick DNS verification
π‘ ping
One of the most basic yet essential network tools.
Checks if a host is reachable
Measures response time (latency)
Helps identify connectivity issues
π§ traceroute
Understanding how data travels across networks.
Shows the path (hops) packets take
Helps identify where delays or failures occur
Useful for deeper network troubleshooting
π― Key Takeaways
IP addresses are the identity of devices in a network
DNS acts as the translator between domains and IPs
nslookup is useful for domain investigation
ping helps verify host availability
traceroute reveals the full journey of packets
π Why This Matters in SOC
In a real SOC environment:
Alerts are often tied to IP addresses and domains
Analysts investigate suspicious DNS queries
Network commands help validate and trace activity
Without understanding these basics, itβs difficult to analyze logs or respond to incidents effectively.
π Progress Mindset
No tools yet. No dashboards yet.
Just building the foundation β step by step.
Because strong fundamentals make everything easier later.
π¬ Letβs discuss:
Have you ever used nslookup to investigate a suspicious domain? What did you find?
Top comments (0)