I am documenting every single day of my cybersecurity learning journey publicly. This is Day 3. Previous entries are on my profile.
What today was about
Common ports, IP addresses, Nmap scanning in Kali Linux, DNS recon commands, and completing the TryHackMe OSI Model room. On paper, that sounds like a full course. In practice, it was about 2 hours, and the most hands-on day I have had so far.
Ports — why I finally understand why they matter
I have been reading the words "port number" for three days. Today I watched Professor Messer's Common Ports video, and something about the way he explains it made it land.
Ports are numbered doors on a server. Every service that runs on a server listens on a specific port waiting for connections. SSH waits on door 22. Web servers wait on door 80 (HTTP) or 443 (HTTPS). MySQL databases wait on door 3306.
The security implication is direct: if you find port 3389 open on a Windows server, you know Remote Desktop is running. That is a door that ransomware groups specifically target because they can brute force the login and get full access to the machine. Understanding ports means understanding what every open door on a server could let in.
The port I found most interesting to learn about was 445 — SMB (Windows file sharing). This is the port that the EternalBlue exploit used, which is what spread WannaCry ransomware globally in 2017. One misconfigured port, one unpatched vulnerability, and 230,000 computers across 150 countries were encrypted. Real consequences from a port number.
Running Nmap for the first time
Nmap is already installed in Kali Linux. I opened the terminal and typed:
nmap scanme.nmap.org
That is it. One command. And results appeared showing which ports are open on a real server on the internet.
I then ran version detection:
nmap -sV scanme.nmap.org
This does not just show you that port 22 is open. It tells you the exact software and version. OpenSSH 6.6.1p1 in my case. That version number matters because if there is a known vulnerability in that specific version, an attacker now has a precise target.
The workflow I did today — DNS queries, then Nmap — is literally the first 20 to 30 minutes of a professional penetration test. The reconnaissance phase. The attacker (or, in my case, a student on a legal practice target) maps the infrastructure before touching anything.
DNS recon — I did not expect this to be interesting
I ran nslookup, dig, and host against google.com today.
What struck me is that this information is completely public. There is no authentication, no permission required, and no login. Anyone in the world can query the DNS records of any domain. And those records reveal a lot:
- A records show IP addresses
- MX records show which servers handle email for the domain
- NS records show which nameservers control DNS for the domain
- TXT records often reveal which third-party services a company uses
From a security standpoint, an attacker uses this to map a company's infrastructure before ever sending a single malicious packet. And the company has no way to see who is querying their DNS records or to prevent it.
Understanding this made me think differently about domain registration and DNS management. Companies should audit their own DNS records regularly to make sure they are not exposing more than intended.
TryHackMe OSI Model room — 14 out of 16
Completed it today. The two questions I got wrong both involved the boundary between Layer 2 and Layer 3. Specifically, ARP — Address Resolution Protocol. ARP maps IP addresses (Layer 3) to MAC addresses (Layer 2). Because it deals with IP addresses, you might assume Layer 3. But ARP actually operates at Layer 2 because the MAC address lookup is a Data Link layer function.
The boundary between layers is where the tricky exam questions live. Something to review.
What I noticed about how I am learning
Three days in, I can see a pattern in what actually makes things stick:
Watch the video → immediately open the terminal → run the command I just learned about → write down what I see and why it matters.
The gap between watching and doing needs to be as short as possible. When I watched the Nmap video and then immediately opened Kali and ran the scan, the concepts were still fresh, and the hands-on made them concrete. When I tried to do exercises hours after watching a video, I had to rewatch sections.
Twenty minutes of hands-on practice after a video is worth more than two hours of watching without touching a terminal.
Tomorrow — Linux fundamentals
Day 4 shifts to Linux. I will be working through linuxjourney.com, running commands in my Kali terminal, and starting OverTheWire Bandit — a game where you SSH into a remote server and find passwords using Linux commands. Looking forward to that one.
All notes and commands from today are on my GitHub. https://github.com/narasimhamallegari/cybersecurity-notes
Top comments (0)