Hi Nathan (and all other forum members),
Nathan, I am studying towards becoming a pen tester and on job descriptions and on various courses I have repeatedly been told that I must have a solid foundation in TCP/IP and network fundamentals. Can you tell me specifically what that means in terms of subjects?
I already understand the 3 way handshaking and the basics about sockets (I program in python and have played a little bit with simple client/server scripts), but do I need to learn the bit level construcion of the various networking layers or what else?
I would really appreciate it if you could explain exactly what I need to learn and if there is a particular course or part of a course that would give me the specific knowledge that I need.
I want to start applying for positions but I really don’t want to fail to get a position for the sake of not learning the right foundation stuff.
Nathan covers this in a pretty good overview in the Cybersecurity volume 2 Network Security course. I imagine it’s covered really in depth in the Network+ Comptia course (I’ve purchased it but haven’t gone through it yet) since the test is about Advanced Networking exclusively
If I was asked this, not knowing the context - as in security focused, I would say:
You understand the concept of IP addresses and subnetting, you know if two are on the same network or not and could use a subnet calculator (if you couldn’t do it in your head) to put a machine or device on the correct network.
You know of, and understand, the 7 layered OSI model.
You’re able to do basic troubleshooting on a Linux based OS using standard packages and their tools/commands. Even as basic as ping, ARP, ip, possibly older netstat, maybe even viewing these stats in their raw form in /proc.
For any commands and tools you understand and can exaplain what they’re doing. For example knowing a default ping protocol is ICMP and this is frequently blocked and what response you would expect in a terminal.
On these responses you could describe how a firewall may handle this, eg what you’d see if the packet was dropped or what you’d see if it were rejected, etc.
Understanding the basics of routes and routing. I don’t think it’s required to describe RIP/v2, OSPF or BGP etc but understanding the output of route or ip route and how different networks can be connected.
Using the above you’re able to create a listening socket and connect to it from somewhere else, it helps if you know basic OS restrictions like not being able to open a socket with a port below 1024 unless you’re root, or using elevated perms such as sudo.
Some general knowledge like what ports indicate what service, 53 for DNS etc etc.
Know of concepts commonly used such as DMZ, NAT, Bastion hosts. This allows you to build up a kind of topology of an organisation.
I think if you read the above and think it’s all common knowledge, you probably tick the box as it would demonstrate at least a basic level of experience and understanding.
Having had a break while attending to other business, please accept a much belated Thank you Andy and AverageJoe.
I have been through he Cyber Security course videos and can see my weak areas from the above list.