Hello and a TCP/IP study question!

Hi Nathan (and all other forum members),

Nathan, I am studying towards becoming a pen tester and on job descriptions and on various courses I have repeatedly been told that I must have a solid foundation in TCP/IP and network fundamentals. Can you tell me specifically what that means in terms of subjects?
I already understand the 3 way handshaking and the basics about sockets (I program in python and have played a little bit with simple client/server scripts), but do I need to learn the bit level construcion of the various networking layers or what else?
I would really appreciate it if you could explain exactly what I need to learn and if there is a particular course or part of a course that would give me the specific knowledge that I need.
I want to start applying for positions but I really don’t want to fail to get a position for the sake of not learning the right foundation stuff.

many thanks

1 Like

Nathan covers this in a pretty good overview in the Cybersecurity volume 2 Network Security course. I imagine it’s covered really in depth in the Network+ Comptia course (I’ve purchased it but haven’t gone through it yet) since the test is about Advanced Networking exclusively

If I was asked this, not knowing the context - as in security focused, I would say:

  • You understand the concept of IP addresses and subnetting, you know if two are on the same network or not and could use a subnet calculator (if you couldn’t do it in your head) to put a machine or device on the correct network.

  • You know of, and understand, the 7 layered OSI model.

  • You’re able to do basic troubleshooting on a Linux based OS using standard packages and their tools/commands. Even as basic as ping, ARP, ip, possibly older netstat, maybe even viewing these stats in their raw form in /proc.

  • For any commands and tools you understand and can exaplain what they’re doing. For example knowing a default ping protocol is ICMP and this is frequently blocked and what response you would expect in a terminal.

  • On these responses you could describe how a firewall may handle this, eg what you’d see if the packet was dropped or what you’d see if it were rejected, etc.

  • Understanding the basics of routes and routing. I don’t think it’s required to describe RIP/v2, OSPF or BGP etc but understanding the output of route or ip route and how different networks can be connected.

  • Using the above you’re able to create a listening socket and connect to it from somewhere else, it helps if you know basic OS restrictions like not being able to open a socket with a port below 1024 unless you’re root, or using elevated perms such as sudo.

  • Some general knowledge like what ports indicate what service, 53 for DNS etc etc.

  • Know of concepts commonly used such as DMZ, NAT, Bastion hosts. This allows you to build up a kind of topology of an organisation.

I think if you read the above and think it’s all common knowledge, you probably tick the box as it would demonstrate at least a basic level of experience and understanding.

1 Like

Having had a break while attending to other business, please accept a much belated Thank you Andy and AverageJoe.
I have been through he Cyber Security course videos and can see my weak areas from the above list.
Thanks guys.