HackPath — Learn Hacking the Right Way

Networking Deep Dive/Networking Foundations

Goal

Build a clear mental model of how data travels across a network, then apply it in real commands.

Introduction

Every request you make on the internet turns into packets that move across layers, devices, and protocols. In this lesson you’ll learn how packets flow, how ports and sockets fit in, and why TCP and UDP behave differently.

You’ll also run real commands to inspect traffic and map the theory to what your machine is doing.

The TCP/IP Model (Practical)

Use this model to reason about any network problem:

Application – HTTP, DNS, SSH, SMTP
Transport – TCP/UDP, ports, reliability
Network – IP addresses, routing
Link – Ethernet/Wi‑Fi, MAC addresses

Remember

If you know which layer is broken, you know what tools to use next.

A quick example

When you open https://example.com:

Application: your browser speaks HTTP
Transport: TCP connects to port 443
Network: IP routes packets to the server
Link: Wi‑Fi/Ethernet delivers frames locally

Ports, Sockets, and Processes

A port is a numbered entry point on a machine. A socket is the (IP, port, protocol) combo that uniquely identifies a connection.

Common ports:

Common Ports

Port	Service
22	SSH
53	DNS
80	HTTP
443	HTTPS

Key concept

A TCP connection is defined by source IP + source port + dest IP + dest port.

TCP vs UDP

TCP is reliable and ordered. UDP is fast and connectionless.

Use cases:

TCP: web, SSH, databases
UDP: streaming, gaming, DNS

What changes your debugging

TCP errors often show as connection refused, timeout, or RST.
UDP errors are often silent; you need packet capture to see them.

Commands You’ll Use Daily

1) Inspect open ports

bash

2) Resolve DNS and test latency

bash

3) Capture traffic

tcpdump

Tip

Use packet capture when TCP/UDP doesn’t behave the way you expect.

Exercises

Identify which layer is failing if ping works but curl https://example.com fails.
Find all processes listening on your machine and list their ports.
Capture DNS traffic and identify the request/response.

Scenario

The Unreachable Service

A teammate says the API at api.internal is down. You can resolve DNS, but requests time out.

Your task:

Prove whether the port is closed, firewalled, or service is down.
Use at least two tools to justify your conclusion.

Flashcards

What defines a socket? IP + port + protocol
Which layer is TCP? Transport
Which tools show open ports? lsof, ss, netstat
What’s the main UDP trade‑off? Speed over reliability

Beginnercommand

Discover open ports on your own machine

macOS · Linux · Windows

Context

You want to see which ports are currently listening on your local machine — without installing anything new. This is the first step in any network audit.

Your task

Write the command that lists all listening TCP ports with the process name, without DNS resolution, on macOS/Linux.

Beginneranalysis

Identify a TCP 3-way handshake

macOS · Linux · Windows

Context

You captured network traffic with Wireshark. You see 3 consecutive packets between the same IP pair: SYN → SYN-ACK → ACK.

Your task

What is happening here, and what does each packet mean? Which side initiates the connection?

Beginnerfill

TCP or UDP?

macOS · Linux · Windows

Context

You are designing a real-time multiplayer game. Losing a few packets is acceptable, but high latency is not.

Your task

Which protocol should you use and why? Complete the sentence: 'For real-time gaming I would use ___ because ___'

Continue to the next lesson to dig into DNS and name resolution.

Networking Deep Dive/Networking Foundations

Goal

Build a clear mental model of how data travels across a network, then apply it in real commands.

Introduction

You’ll also run real commands to inspect traffic and map the theory to what your machine is doing.

The TCP/IP Model (Practical)

Use this model to reason about any network problem:

Application – HTTP, DNS, SSH, SMTP
Transport – TCP/UDP, ports, reliability
Network – IP addresses, routing
Link – Ethernet/Wi‑Fi, MAC addresses

Remember

If you know which layer is broken, you know what tools to use next.

A quick example

When you open https://example.com:

Application: your browser speaks HTTP
Transport: TCP connects to port 443
Network: IP routes packets to the server
Link: Wi‑Fi/Ethernet delivers frames locally

Ports, Sockets, and Processes

A port is a numbered entry point on a machine. A socket is the (IP, port, protocol) combo that uniquely identifies a connection.

Common ports:

Common Ports

Port	Service
22	SSH
53	DNS
80	HTTP
443	HTTPS

Key concept

A TCP connection is defined by source IP + source port + dest IP + dest port.

TCP vs UDP

TCP is reliable and ordered. UDP is fast and connectionless.

Use cases:

TCP: web, SSH, databases
UDP: streaming, gaming, DNS

What changes your debugging

TCP errors often show as connection refused, timeout, or RST.
UDP errors are often silent; you need packet capture to see them.

Commands You’ll Use Daily

1) Inspect open ports

bash

2) Resolve DNS and test latency

bash

3) Capture traffic

tcpdump

Tip

Use packet capture when TCP/UDP doesn’t behave the way you expect.

Exercises

Identify which layer is failing if ping works but curl https://example.com fails.
Find all processes listening on your machine and list their ports.
Capture DNS traffic and identify the request/response.

Scenario

The Unreachable Service

A teammate says the API at api.internal is down. You can resolve DNS, but requests time out.

Your task:

Prove whether the port is closed, firewalled, or service is down.
Use at least two tools to justify your conclusion.

Flashcards

What defines a socket? IP + port + protocol
Which layer is TCP? Transport
Which tools show open ports? lsof, ss, netstat
What’s the main UDP trade‑off? Speed over reliability

Beginnercommand

Discover open ports on your own machine

macOS · Linux · Windows

Context

You want to see which ports are currently listening on your local machine — without installing anything new. This is the first step in any network audit.

Your task

Write the command that lists all listening TCP ports with the process name, without DNS resolution, on macOS/Linux.

Beginneranalysis

Identify a TCP 3-way handshake

macOS · Linux · Windows

Context

You captured network traffic with Wireshark. You see 3 consecutive packets between the same IP pair: SYN → SYN-ACK → ACK.

Your task

What is happening here, and what does each packet mean? Which side initiates the connection?

Beginnerfill

TCP or UDP?

macOS · Linux · Windows

Context

You are designing a real-time multiplayer game. Losing a few packets is acceptable, but high latency is not.

Your task

Which protocol should you use and why? Complete the sentence: 'For real-time gaming I would use ___ because ___'

Continue to the next lesson to dig into DNS and name resolution.

Goal

Introduction

The TCP/IP Model (Practical)

Remember

A quick example

Ports, Sockets, and Processes

Key concept

TCP vs UDP

What changes your debugging

Commands You’ll Use Daily

1) Inspect open ports

2) Resolve DNS and test latency

3) Capture traffic

Tip

The Unreachable Service

Discover open ports on your own machine

Identify a TCP 3-way handshake

TCP or UDP?

Next

Ready to go further?

Goal

Introduction

The TCP/IP Model (Practical)

Remember

A quick example

Ports, Sockets, and Processes

Key concept

TCP vs UDP

What changes your debugging

Commands You’ll Use Daily

1) Inspect open ports

2) Resolve DNS and test latency

3) Capture traffic

Tip

The Unreachable Service

Discover open ports on your own machine

Identify a TCP 3-way handshake

TCP or UDP?

Next

Ready to go further?