📰 Originally published on SecurityElites — the canonical, fully-updated version of this article.
DAY 5 OF 100
100-Day Ethical Hacking Course
🔴 Day 5 — Networking Basics for Hackers
Day 100 — Professional Pentester
Day 6: IP Addressing & Subnetting →
05
Every time you scan a target with Nmap, intercept a request with Burp Suite, or set up a listener for a reverse shell — you are working with networking concepts at a fundamental level. If you don’t understand what’s happening under the hood, you’re following instructions blindly. Blind instruction-following breaks down the moment something goes differently than expected.
Today we build your mental model of how networks work — from the physical cable all the way up to your browser. By the end of this lesson, when a packet travels from your Kali VM to a target machine, you’ll know exactly what’s happening at every step.
This lesson has a reputation for being dry. I’m going to make it the opposite. We’re going to trace a real connection — from you typing a URL in a browser to receiving the page — and explain every networking concept through that single journey. No abstract theory divorced from reality. Just the real thing, explained clearly.
📋 Day 5 Contents
- Why Networking Is Non-Negotiable
- The OSI Model — 7 Layers Explained
- TCP vs UDP — The Two Protocols
- IP Addresses — Public vs Private
- Ports — The Service Directory
- DNS — The Internet’s Phone Book
- ARP — How Devices Find Each Other
- HTTP vs HTTPS — Why It Matters
- Tracing a Full Packet Journey
- Day 5 Practical Task
Why Networking Is Non-Negotiable for Ethical Hackers
Here is the honest truth: almost every attack in ethical hacking is a networking operation. When you scan for open ports, you’re sending TCP packets and reading responses. When you intercept traffic with Burp Suite, you’re acting as a proxy in an HTTP conversation. When you set up a listener for a reverse shell, you’re opening a TCP socket and waiting for a connection. When you perform a man-in-the-middle attack, you’re manipulating ARP tables.
The students who struggle most in this field are the ones who skipped networking basics and jumped straight to tools. They can run Nmap but can’t explain what a SYN packet is. They can intercept HTTP with Burp but don’t know why HTTPS is different. Tools without understanding is a dead end — you hit the first unexpected result and have no idea why.
📡
Scanning
Nmap sends TCP/UDP packets and reads responses — pure networking
🔀
Interception
Burp Suite proxies HTTP — requires knowing how HTTP works
🐚
Shells
Reverse shells are TCP connections — socket, port, listener
🎭
MITM Attacks
ARP poisoning manipulates Layer 2 — needs ARP understanding
The OSI Model — 7 Layers That Explain Everything
The OSI (Open Systems Interconnection) model is a conceptual framework with 7 layers that describes how network communication works. Each layer has a specific job and communicates with the layers immediately above and below it. When data travels from your browser to a server, it passes through all 7 layers — twice.
I’m going to give you the hacker’s take on each layer — not a textbook definition, but what each layer means for the attacks and defences you’ll encounter over the next 95 days.
OSI Model — Hacker’s Edition
7
APPLICATION
Application Layer
Where user-facing apps communicate. Protocols: HTTP, HTTPS, FTP, SSH, DNS, SMTP. Hacker target: web vulnerabilities, credential theft, phishing.
6
PRESENTATION
Presentation Layer
Data translation, encryption, and compression. SSL/TLS lives here. Hacker angle: SSL stripping, downgrade attacks, certificate spoofing.
5
SESSION
Session Layer
Manages sessions between applications — start, maintain, end. Hacker angle: session hijacking, session fixation attacks.
4
TRANSPORT
Transport Layer
TCP and UDP live here — ports, reliable delivery, segmentation. Hacker angle: port scanning, SYN floods, TCP session attacks.
3
NETWORK
Network Layer
IP addressing and routing — getting packets to the right destination. Hacker angle: IP spoofing, ICMP attacks, routing manipulation.
2
DATA LINK
Data Link Layer
MAC addresses, frames, local network delivery. Switches operate here. Hacker angle: ARP poisoning, MAC spoofing, VLAN hopping.
1
PHYSICAL
Physical Layer
Actual cables, radio waves, electrical signals. Hardware. Hacker angle: wireless sniffing, physical access attacks, hardware implants.
Memory aid: “All People Seem To Need Data Processing” (Application → Physical, top to bottom)
💡 The hacker shortcut: In practice, most people work with a simplified 4-layer TCP/IP model (Application, Transport, Internet, Network Access) rather than all 7 OSI layers. But knowing the OSI model is essential for interviews, certifications, and understanding documentation. When someone says “Layer 3 attack” or “Layer 7 firewall” — now you know exactly what they mean.
TCP vs UDP — The Two Protocols Every Hacker Works With
At the Transport Layer (Layer 4), two protocols carry the vast majority of all internet traffic: TCP and UDP. Understanding the difference between them is not optional — Nmap’s scan types, reverse shell selection, and service fingerprinting all depend on it.
📖 Read the complete guide on SecurityElites
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on SecurityElites →
This article was originally written and published by the SecurityElites team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit SecurityElites.
Top comments (0)