I was recently asked about subnets and masks and what they are.  I'm not sure I did a spectacular job explaining them on the spot.  It did get me thinking that it would make for a good blog post and would be a good excuse to refresh myself on the topic.

Let's start with the obvious question of "what is a subnet?".  A subnet is really just the subdivision of a larger network into smaller networks.  Pretty straight forward but now you might be thinking "Great!  Why do we need them?".  Excellent question.  

IPv4 or Internet Protocol Version 4 has about 4.3 billion unique IP addresses.  1.0.0.0 to 255.255.255.255.  These addresses are how computers find each other, like a mailing address.  4 billion might sound like a lot and it certainly sounded like a lot to the creators of the internet (TLDR; it wasn't).  What they did was break that range of IP address up into Classes A, B, C, D, E.  Class A networks are the largest, able to handle over 16,000,000 hosts per network.  Class B are smaller, each class B network can have over 65,000 hosts.  Finally we have the good ol' Class C network which can have 256 hosts.  Classes D and E are all specialized and we're really just going to ignore them here.   The issue here is that 16 million hosts, or even 65,000 hosts, is an awful lot for a single network.  If a company is handed a Class A or B network and only uses a few thousand IP addresses then that's literally thousands or millions of IP addresses wasted.  As a result the internet quickly started to run low on available IP addresses.  Two things saved IPv4; subnetting is the first, NAT is the second (and deserves its own blog post).  The size of the networks also made them inefficient and difficult to manage.  Class A and Class B networks are massive, and a packet sent from one device will have a harder time finding the correct destination device because of the sheer size of the network.  There are other problems but, we'll stick with these two for simplicity.

Lets have a look at an IP address.

This is a Class A network and it is made up of four "octets" starting at 1.0.0.0 and ending at 1.255.255.255.  The "1" in this example is the Network ID and it never changes.  The Network ID defines the specific network the devices are on.  The last three octets make up the Host ID and these specify each device on the network.  To make this network of over 16 million possible host IP addresses more manageable and responsive, the owner of the network might take 1.5.28.0 to 1.5.28.255 and make that its own network, or "subnet".  Here the first three octets will never change, so when a packet is sent from a device with the IP of 1.5.28.12 to a device with the IP of 1.5.28.46, well now there are only 256 possible addresses so the network much smaller and can work more efficiently.

Wait you say, "how can the router know which set of numbers are the Network ID and which make up the Host ID?"  That's where the Subnet Mask comes in.  It clarifies for the switch or router which is which.  In our example network of 1.5.28.X the subnet mask would be "255.255.255.0".  For each octet of the IP address that has a corresponding octet of "255" in the subnet mask, the router knows that it's part of the Network ID and that the Host ID will correspond to the subnet mask value(s) of "0".  In our earlier "1.0.0.0" example the subnet mask would be "255.0.0.0".

There is plenty more to this.  Why do these numbers range from 0 to 255, why are they called octets, what is NAT, and we haven't even mentioned CIDR.  These all all good questions and worthy of seperate blog posts.  

For now though, the TLDR;

Subnets are smaller networks made out of a larger one.  Subnet masks allow routers and switches to identify which part of an IP address belongs to the Network ID and which part belongs to the Host ID.  For example the IP of "192.168.1.1" with a subnet mask of "255.255.255.0".  Each octet of the subnet mask with a value of "255" corresponds to an octet of the same position in the IP address and indicate it's part of the Network ID, "192.168.1".  An octet of "0" in the subnet mask will indicate that the corresponding octet of the IP is part of the Host ID.  In this case, the final octet of the IP address, "1".

References

What is a Subnet - This is an excellent article from Cloudflare regarding subnets.

Introduction to Subnetting - Another solid article about subnets, this one by GeeksforGeeks.

You Suck at Subnetting - This is a phenomenal series by  Network Chuck that covers pretty much everything and with better detail and examples.  I highly recommend watching the whole playlist.

Thus far the Practical Ethical Hacking course - after advising anyone watching to have some basic network knowledge - has really taken its time walking students through each topic.  Halfway through the Python module of the course it finally hit a point where an understanding how clients and servers communicate would helpful.  For anyone interested in taking this course that hasn't had much exposure to networking principals, let me give you some highlights about clients, servers, and sockets, so that you can get through this module of the class understanding everything that happened.

The Client-Server Model

The first quick concept here is called the client-server model.  Fairly straightforward; there is a client ( which is the user - aka you - and whatever application you're running ), and there is a server that the client is trying to connect to and get information from.  That's the basic gist of the client-server model.  Client connects to server and asks for something, server responds.

If you want to, you can think of this as if it were two people having a conversation.  Just as in real life, the person initiating the conversation ( the client ) needs to find the person that they want to talk to ( the server), and that person has to be willing to listen.  Let's tackle the client first:

The Client

The client needs to find the server that it wants to talk with, to do this it needs two things; an IP address and a port number.

Think of the IP address as the location of the server on the internet, its home address if an analogy helps.

Once you have an IP address and you've made your way to where the server is at, you need only to knock on the door - except this is actually a massive apartment building.  There are literally thousands of doors; you've got some time to kill so you count them all and find there are exactly 65,535.  How do you know which one to knock on?  Here is where the port number comes in to play, this number represents the door behind which the server is waiting and listening for a knock.

When you combine an IP address and port number into a single item - an "object" - you have a socket.  With this socket in hand, the client is ready to connect with the server.

The Server

This is going to be much shorter then the client section, really the client has done all the work.  The server is just waiting at home for someone to come knocking.  When a client finds the server (using its IP address), and knocks on the right door (using the port number), the server responds by accepting the connection - basically opening the door - and then handing over what was requested.

The Weeds

If that made sense to you then you probably have enough understanding to make it as far as I've made it in the course.  We'll see how much more complicated the networking gets as the course progresses, so far though the presenter really has taken care to explain what's been happening - mostly this post is just adding some context.

This last bit isn't strictly necessary to understand the current Python module, but if you want a little something extra here it is.

This module has an assignment to follow along as the presenter writes a simple port scanner, and there are some Python commands and syntax I can explain.  The presenter goes over some of this, but a little repetition while learning never hurts.  Here we go:

- socket.gethostbyname(): This function accepts a value, either an IP address or a hostname ( www.google.com would be an example of a hostname ).  If an IP address is passed in then it returns that same string, if a hostname is passed in then it finds that host's IP address and returns that value.

- socket.socket( socket.AF_INET, socket.SOCK_STREAM ): This one is a bit of a mouth-full.  What's happening here is a new socket object is being created.  We can see this object has the parameters of socket.AF_INET and socket.SOCK_STREAM.

This first parameter, socket.AF_INET, is telling this newly created socket that it needs to be ready to take in an IPv4 IP address.

The second parameter, socket.SOC_STREAM, tells the socket that its second value will be an integer representing a port number.

- socket.connect_ex( address ): This function is used by the client to connect to the server.  The address parameter is actually a tuple that contains both the IP address of the sever, as well as the port number it's listening on.  Lastly, if a connection attempt is successful then this function will return a zero.  If anything other than a zero gets returned, the connection has failed and the returned number identifies the particular error.

Closing

That should be plenty to make sure you can follow along with the Python module, at least as far as the Port Scanner assignment - which is as far as I've made it.  Hopefully this has been helpful to anyone else taking the course.  If...more likely when...this course wades further into the weeds of networking I'll make another post.

References

Python 3.11.3 Documentation - Additional details on socket objects and the functions used.

Client-Server Model - GeeksforGeeks for information about the client-server model.

Python - Get IP Address from Hostname - DigitalOcean for a deeper dive into the gethostbyname function.

Howdy everyone,

I started a new course this week from the TCM Security Academy; Practical Ethical Hacking.  I learned about the course from a recent episode on David Bombal's YouTube channel, it one of a trilogy of courses recommended by Rana Khalil - David's guest for the episode.  I'm really enjoying the course and I plan to complete all three.

The course recommends some prior exposure to networking concepts - fortunately I just finished a networking course this semester - and so far there haven't been any concepts that required my diving down an internet rabbit hole...and I can't decide if I'm a little sad about that or not.  I'm about 15% through the material, meaning that could easily (or hopefully?) change.  As it stands, the course has been a high level look at networking, set up for virtual machines, and quite a bit of Linux and Python review.  The course doesn't throw the student into the deep end.  The videos walk the student through everything step by step, explaining not just the "how" but the "why".

There has been only one single hangup so far, it was with syntax during the bash scripting segment.  There was a "for" loop constructed as:

       " for ip in 'seq 1 254'; do "

This didn't work for me, when running the script the loop wasn't counting from 1 to 254 and was simply assigning the string "seq 1 254" to the "ip" variable.  After some trial, some error, and some Googling, I made a small correction and it worked.

      " for ip in $(seq 1 254); "

I'm still not sure why the presenter's syntax didn't work for me.  Perhaps it has something to do with the version of Kali Linux that they are running compared to my own?

Hopefully the next post will have something more exciting - I'm coming up on the section about Reconnaissance and I cannot wait!

Oh, before I sign off on this much-too-long blog post - if anyone hasn't checked out David Bombal's YouTube channel then stop reading and go there now.  It's an incredible source of both information and inspiration.  It's linked up in the first paragraph of this post.

It's said that the best way to learn something is to teach it - and I want to learn penetration testing.  I won't exactly be teaching, but that's the general idea.  I'll be making posts about the courses, videos, and books I've been watching and reading, and what it is I've been learning.

My hope is that by writing about it, by thinking about the material repeatedly, it will help me to learn and understand it, and just maybe someone else on the internet will be able to pick up a few things here along with me.

This was merely my obligatory introductory post, but to anyone that happened to stumble onto this post, maybe I'll see you again shortly!