First Step: Readjust Learning Plan
Last year, I decided to finally start studying cybersecurity. I sat down and came up with a plan using the various resources I accumulated from random videos. I also wanted to learn web development, so I decided to make a blog focused on my cybersecurity learning journey. I figured it wouldn't be that hard to learn both, and the blog would hold me accountable. I paid for the hosting and domain, decided to use WP, and gathered a few images...but then I never published anything. I realized I was trying to learn too much at once, but still I often reminded myself I already paid for a domain so might as well keep trying.
Over the course of maybe seven months, I played a few Over the Wire games (it's fun, highly recommend), finished ISC2 modules (didn't take the test), watched a Wireshark tutorial and analyzed basic traffic, learned about VirtualBox, and did a handful of TryHackMe modules.
After that, I completely neglected my cybersecurity studies. Not because I didn't want to learn. I just never made time to study. I promised myself I would try again the next day and the next...
And now, I'm here to try again. I plan to actually follow a routine this time: I'll post once a week on a topic I focused on.
Last week, I focused on a subnetting YT playlist, it was interesting! I also started the Network Fundamentals module on THM, but didn't get very far. Now I'll summarize everything I learned from the subnetting playlist to review my notes and see if this helps me teach it to myself. I'm wondering if I'll need to rewatch a few of the videos. Also, I recommend drawing blocks out to sketch the ideas being explained below.
Anyways, we'll start by defining subnetting, which is a network divided into subnetworks. Each subnetwork can be measured by using a CIDR Notation, such as /24. Each CIDR has a set number of IP addresses. For example, /24 is a standard network that has 256 IP addresses. That means IP addresses between .0 through .255. Remember it always starts at .0!
Then, to subnet just divide into 2 equal /25 networks. That means there are still 256 IP addresses but now there's two sections. The first spans from .0 through .127 and the second includes .128 through .255.
The subnetting can be divided even more: 4 sections use /26, eight sections use /27. They can also be mixed and matched: one /25, two /27, and one /26 completes the 256 IP addresses.
So, seven pieces of information can be obtained from subnetting:
Network ID: very first IP address in each sub-net. For example, 10.0.0.0 uses .0 as the first IP address or if using a /25 network with 10.0.0.128 then .128 is the first address.
Broadcast IP (BC IP): very last IP address. This address allows a user to speak to any or all IP addresses in a subnet. For example, in the first part of a /25 network .127 is the last address so the BC IP is 10.0.0.127. In the second block of a /25 network, .255 is the last address so the BC IP for that section is 10.0.0.255.
Side Note: These first two can't be assigned to any users by the way, since they already have a function: identification and broadcasting! That means even if there are a total of 128 addresses, only 126 are usable, and even if there are 256, then only 254 are usable. Always subtract two!
First Host IP: IP address immediately after Network ID. Example: if the first one is 10.0.0.0 then first host IP is 10.0.0.1
Last Host IP: IP address immediately before broadcast IP. Example: if the last IP is 10.0.0.255 then the last host IP is 10.0.0.254
Next Network: Network ID of the next subnet, which is always right after BC IP. Example: if it's a /27 that's next then it would be 10.0.0.28.
of IP addresses: Total number of addresses in each block. Initial one /24 has 256 addresses, from there divide. So a /25 has 128, /26 has 64, /27 has 32 addresses
CIDR/Subnet Mask: identify the size of a subnet and convert between the two. Basically subtract how many available addresses there are from the total. For example, /25 has a subnet mask of 255.255.255.128 because it has 128 available addresses and if you subtract that from 256 then you still get 128. So for /26 the subnet mask is 255.255.255.192 because there are 64 available addresses and if you subtract it from 256 then you have 192.
Then the subnetting YT playlist taught me a cheat sheet to quickly solve problems! There are three steps and it's definitely helpful. Basically, each row lists the relevant combination:
Group Size: 128 64 32 16 8 4 2 1
Subnet Mask: 128 192 224 240 248 252 254 255
CIDR: /25 /26 /27 /28 /29 /30 /31 /32
So when given an IP address with a certain CIDR, you just look at the list to find a starting point. For example, if the CIDR is /28 then the subnet mask is 255.255.255.240 and the total group size is 16. Each IP address will have a target IP. In the first problem, it was .55 and to get there, you count by the group size. For example, the start is always .0, then .16, .32, .48, and .64. You stop once you pass the target IP address; you always have to pass it, even if you land right on the target IP address.
The number before the target IP address is the network ID, which is .48 in this case. The first host IP is one more than the network ID so add one, making the Network ID .49. The next network is always the address that passed the target, which is .64. The BC IP is right before the next network ID so subtract one, which makes the BC IP .63. And the last host IP is one less then the BC IP so subtract one, making it .62.
Also, .256 doesn't exist, which means the next octet has to be used. For example, if starting with 10.2.2.192 and the group size is 64, then the next one becomes 10.2.3.0. If the target isn't reached by then, you keep going, which means the next one is 10.2.3.64.
Anyways, I watched all the practice videos and worked on the problems before they revealed the answers. I happily got them right. It gets so easy once you get the hang of it! Then I tried out https://subnetipv4.com/ to practice some more. I realized they featured different types of problems, so I went back to the playlist to watch more videos.
Three tips were shown to make solving problems quicker. Such as starting with larger numbers if the target IP is a large number, or starting with a higher number and subtracting by group size. Also, every group size lands at 128 at some point so technically the start can also be .128 instead of .0. And last but not least, every group size lands on its own subnet value of the same column or every column to the left. For example, /30 with .197 is a large number, but /30 has 240 as a subnet mask, and the closest number to 197 that's to the left of that is 192. That means the start can be 192.
Also, the cheat sheet can be extended to include the 2nd and 1st octet:
128 64 32 16 8 4 2 1
128 192 224 240 248 252 254 255
/25 /26 /27 /28 /29 /30 /31 /32
/17 /18 /19 /20 /21 /22 /23 /24 (this is 3rd octet, ex: target is .77. in 10.2.77.188 /19)
/9 /10 /11 /12 /13 /14 /15 /16 (this is 2nd octet)
/1 /2 /3 /4 /5 /6 /7 /8 (this is 1st octet)
Also, for 3rd, 2nd, and 1st octects, the ends become .255. For example, 10.4.95.255. Then to find the Last Host IP, always subtract from the end so if the end is .255 then the last host is .254. Oh and to find the total number of IP addresses, use the following formula: (2^(32-CIDR)).
In one video they also explained that the next network IP can be N/A if it reaches the very last network and that 0.0.0.0 /0 network includes all 4.2 billion addresses. It can be split into 2 of /1 or 4 of /2. I also watched the video on FLSM: Fixed-Length Subnet Mask. Basically, each CIDR doubles the number of networks available and that can be true even if you start with /22 or /0. For example, /0 would be one network but /1 would be 2 and /22 could be one but /23 would have 2. The faster way to solve FLSM questions would be subtracting the CIDR closest to the target total IP addresses from the starting CIDR and using 2^N. For example, /26 - /21 = 5 and 2^5 = 32 subnets when you start at /21 and want 51 IP addresses. /26 is the closest with a 64 address group size. Then there was an explanation about VLSM, variable length subnet masks, where essentially you need to determine how many IP addresses you need and then allocate them from largest to smallest to maximize space.
Overall, I found subnetting very interesting and plan to practice using https://subnetipv4.com/ this week. I'm also going to finish the THM modules and play some more OTW games. I plan to build a simple Ticketing System based on a video I found too. I can't wait to write my next post!