Day 2 at ReDI: Networking Fundamentals Through a Security Lens

Day two of the ReDI Cybersecurity course and we dived straight into networking. I had covered some of this at university, so parts of it were familiar territory — but revisiting it through a security lens made everything feel fresh and sharper. When you already know what a packet is, understanding how an attacker manipulates one hits differently. This is my write-up of the core concepts we went through.

What is a Network? Switches & Routers

A network is any collection of devices connected together to share resources and communicate. The devices doing the connecting — switches and routers — each have a specific role:

• Switch — operates at Layer 2 (Data Link). Connects devices within the same local network (LAN) and forwards data based on MAC addresses. Switches learn which device is on which port and send traffic only where it needs to go.
• Router — operates at Layer 3 (Network). Connects different networks together and forwards traffic based on IP addresses. Your home router connects your LAN to the internet.

Data Units — Bits, Bytes and Beyond

Before anything travels across a network it is broken down into the smallest possible unit: the bit (a 0 or a 1). From there:

• 1 Byte = 8 bits
• 1 Kilobyte (KB) = 1,024 bytes
• 1 Megabyte (MB) = 1,024 KB
• 1 Gigabyte (GB) = 1,024 MB

Network speeds are measured in bits per second (bps, Mbps, Gbps). File sizes are measured in bytes. A 100 Mbps connection downloads a 100 MB file in about 8 seconds, not 1.

IP Addresses and MAC Addresses

Every device on a network has two addresses that serve different purposes:

• MAC Address — a hardware address burned into the network interface card. It looks like 00:1A:2B:3C:4D:5E. Used for communication within a local network (Layer 2). Think of it like your name — it stays with the device.
• IP Address — a logical address assigned to a device. IPv4 looks like 192.168.1.10. Used for routing traffic across networks (Layer 3). Think of it like your home address — it can change.

The OSI Model vs the TCP/IP Model

Both models describe how data moves across a network, just with different levels of abstraction.

The OSI Model has 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, Application. It is a conceptual framework — great for understanding where a problem lives or where a security control applies.

The TCP/IP Model is the practical one — 4 layers: Network Access, Internet, Transport, Application. It is what actually runs the internet.

From a security perspective: firewalls work at Layer 3/4, WAFs at Layer 7, switches at Layer 2. Knowing the layer tells you what an attacker can and can’t hide from a given control.

Subnetting and CIDR

Subnetting divides a large network into smaller sub-networks, which limits the blast radius if one subnet is compromised. CIDR (Classless Inter-Domain Routing) notation expresses both the IP address and the subnet mask in one string:

192.168.1.0/24
# /24 = first 24 bits are the network part
# 8 bits left for hosts → 256 addresses (254 usable)

10.0.0.0/8      → ~16 million hosts
172.16.0.0/16   → ~65,000 hosts
192.168.1.0/24  → 254 hosts (typical home LAN)

TCP vs UDP

Both are Transport Layer (Layer 4) protocols with very different trade-offs:

• TCP (Transmission Control Protocol) — reliable, ordered, connection-oriented. Uses a three-way handshake (SYN → SYN-ACK → ACK). Every packet is acknowledged. Used for HTTP, SSH, email — anything where losing data is unacceptable.
• UDP (User Datagram Protocol) — fast, connectionless, no guarantees. Used for DNS, video streaming, VoIP, and online games — where speed matters more than perfection.

Security note: TCP’s handshake is targeted by SYN flood attacks. UDP’s lack of connection state makes it useful for amplification attacks.

The Encapsulation Process

Encapsulation is what happens as data travels down the OSI layers before being sent — each layer wraps the data with its own header, adding the information that layer needs to do its job. On the receiving end, de-encapsulation strips each header back off as the data climbs back up.

Application Layer   →  Data       (e.g. HTTP request)
Transport Layer     →  Segment    (adds TCP/UDP header: ports, seq numbers)
Network Layer       →  Packet     (adds IP header: source & dest IP)
Data Link Layer     →  Frame      (adds MAC header + FCS trailer)
Physical Layer      →  Bits       (electrical signals, light, radio waves)

Understanding encapsulation is key for packet analysis tools like Wireshark, where you inspect each layer’s headers directly.

Bringing It Together

Even though I had touched on most of these at university, going through them again in a security context made a real difference. It is one thing to know that a router forwards packets — it is another to understand that an attacker on your LAN can intercept Layer 2 traffic before it even reaches the router. The fundamentals are not background noise. They are the map you use to understand where attacks happen.