1. Internet Protocol (IP) address: identifies a host on a network for a period of time, devices have both a public and a private IP address

   • Divided into 4 octets, example: 0.0.0.0

   • Each octet can span from 0-255, example: 255.255.255.255

   • Protocols allow different devices to communicate in the same language

   • Devices can use both public and private networks

   • Public IP addresses are given by an Internet Service Provider (ISP)

   • More devices connected = harder to get a public IP address under IPv4

   • The next version is IPv6, which looks like this: 2001:0bc8:85a3:0000:0000:8a2e:0370

2. Media Access Control (MAC) address: each device has a microchip board, which is a physical network interface that is assigned a unique address at the factory that built it

   • 12-character hexadecimal, example: a4:c3:f0:85:ac:2d

   • First six: the company vendor that built it

   • Last 6: unique number made by the company vendor

   • MAC addresses can be faked or spoofed (a network device pretending to use another MAC address by manually changing the MAC address)

   • Spoofing makes a firewall think it is receiving communication from an admin when it is not

   • Public network places like stores can use MAC address control by paying extra

Two protocol models explain the theory of networking. The first is the Open Systems Interconnection (OSI) model, which isn't used in the real world but is best for teaching. The OSI model has 7 layers that illustrate the theory behind computer networking. The Introductory Networking module also listed the following mnemonic to memorize the 7 layers: Anxious Pale Shakespeare Treated Nervous Drunks Patiently. I haven't yet found another one that I like since this one is in order.

Seven Layers: OSI Model

The 7 layers in the OSI model basically explain the encapsulation process, which is a process where data is sent from one computer to another. Each layer adds control information to the front of the data, which is called a header.

7th Layer: Is called the Application Layer and is the first to add a header to the data. It, as stated in the name, provides networking options (applications) to the programs on a computer so it can transmit the data. The File Transfer Protocol (FTP), for example, is used here over a TCP/IP network. Then the data is passed onto the next layer.

6th Layer: Is called the Presentation Layer, which translates data into a standardized format that the receiving computer can understand. This layer is necessary because the application layer mostly uses a format that only the application can understand. The Presentation Layer also handles encryption and any other transformations of data. The information from the 6th layer is added as a header in front of the 7th layer header. Once that is complete, the data is transferred to the next layer.

5th Layer: Is called the Session Layer, which checks to see if a connection with the other computer can be established. If the connection is established, it must maintain and synchronize the connections. Also, each session made is unique to that particular communication, which is also what allows multiple ongoing communications between different endpoints. Then the 5th layer adds a header to the front of the 6th and 7th headers of the data. Afterward, the data moves to the next layer.

4th Layer: Is called the Transport Layer, which chooses how data is transmitted. It's basically where data is divided into pieces to make it easier to send a message successfully. At this point, data is referred to as segments or datagrams, depending on which protocol is used. There are 2 common protocols:

TCP Transmission Control Protocol:

• TCP is connection-based, which means a connection is established the whole time it is used for reliable transmission

• acceptable speed is maintained, and any lost data is resent

• TCP is accurate over speed: best for file transfer and webpages

• Data is called a segment when using TCP

UDP User Datagram Protocol

• UDP is when packets are given to a computer without a set pace; the computer has to be the one to keep up (which is why videos could become pixelated if the connection is bad)

• UDP is speed over accuracy, best for video streaming

• Data is referred to as datagrams when using UDP

The 4th layer then adds a header to the front of the 5th layer before it moves on to the next layer.

3rd Layer: Is called the Network Layer, which locates the destination of the request. It takes the IP address and figures out the best route to take. Logical addressing is when it uses IP addresses since it is software-controlled. IP addresses are easy to organize and find, the IPV4 is currently the most common. At this stage, the data is called a packet. The 3rd layer adds a header to the front of the packet before moving on to the next layer.

2nd Layer: Is called the Data Link Layer, which focuses on finding the physical address of the transmission. When it receives a packet with an IP address, it adds the MAC address (every network-enabled computer has a network interface card (NIC) that has a unique MAC). The Data Link layer also checks if the data was corrupted during transmission, which could still happen in the physical layer, which is next. The data is referred to as frames in the 2nd layer. Before the data moves on, the Data Link layer adds a header to the front of it and a trailer to the end of the data. The trailer verifies the data hasn't been corrupted. The only way to tamper with the data would be to break the trailer. Finally, the frames are sent to the first layer.

1st Layer: Is called the Physical Layer, which is when binary data is converted into signals and transmitted across a network. The data is now referred to as bits.

The whole process is reversed when the second computer receives the bits, it removes information layer by layer, which is called de-encapsulation. It starts with the physical layer, then unravels it until it reaches the data. It's the same OSI model in each computer, but it isn't as straightforward in real life. The OSI model is merely used to explain the theory of networking. The older, real-world networking protocol is the TCP/IP Model.

Quick side note, before the TCP/IP and OSI models, there wasn't an agreed-upon model to follow. The DoD provided the standard in 1982 to solve the inconsistencies. Then the ISO (International Organization for Standardization) introduced the OSI model to help guide learners, but the TCP/IP model is the standard used in modern networking.

TCP/IP Model

The TCP/IP Model still follows the same encapsulation and decapsulation process as the OSI Model. However, there are 4 layers in the ICP/IP Model:

• Application: is basically the application, presentation, and session layers from the OSI model

• Transport

• Internet: is the network layer of the OSI model

• Network Interface: was broken into data link and physical layers, like with the OSI model, but not officially defined in RFC1122, but it's the same thing

TCP is a connection-based protocol; there needs to be a stable connection between two computers, and the process to establish that connection is the three-way handshake.

A three-way handshake is when a computer sends a special request containing a SYN bit, short for synchronize, to a remote server. The server responds with the same SYN attached to an ACK bit, which is short for acknowledgement. Then the computer will send back an ACK bit. This establishes that the data can be reliably sent, and anything lost or corrupted can be resent.

I also tested out the networking tool Ping, which uses the Internet Control Message Protocol (ICMP) to check the connection on devices by using an echo packet that replies once it is received. Ping works on the network layer of the OSI model, which is the Internet layer of the TCP/IP model. I typed ping [target URL address] -4 into the command line so that it would show me the IP address of a server hosting a website in IPV4. I can also type in an IP address, and it'll list the seconds per packet along with the average time it takes to establish a connection.

Last but not least, I finally got around to making a Ticketing System!

A ticketing system tracks, manages, and resolves user issues. Each issue is a ticket, and they can be organized to decide which to prioritize. The video mentioned multiple different ticketing systems and which organization commonly used each, and then it explained the components of a ticketing system.

Components of a Ticketing System:

1. ID: unique identifier to track progress, past issues, and maintain records (often numeric)

2. Requester: the user who submits the ticket

3. Category: organized labels to determine the issue

   • Hardware: laptop not booting, monitor issues

   • Software: application crashes and can't install

   • Network: connectivity issues

   • Security: account lockouts and phishing attempts

   • Access request: new employee or permissions

4. Priority Level: not everything is equally urgent, decide what is handled first

   • Critical P1: the entire company is affected (email is down)

   • High P2: department-wide issue (finance team's payroll system is inaccessible)

   • Medium P3: individual user impacted (a slow laptop)

   • Low: minor inconvenience (request for a new mouse)

5. Assigned Tech: who handles it based on expertise and shift schedule

6. Status:

   • new: just created

   • in progress: working on it

   • pending user response: asking for more info from the user

   • escalated: ticket moved to a higher level

   • resolved: issue fixed and pending user confirmation

   • closed: when the user has confirmed it is solved and the ticket is archived

7. Proper Logging

• Gather essential details: user information like name, dep, email, and contact number, device name, category, priority, ask questions, then assign it, add notes before escalating

Life cycle of a ticket

1. User submits a ticket

2. The ticket gets categorized and assigned to a tech

3. Tech troubleshoots and documents findings

4. The issue is resolved and escalated if needed

5. User is notified and marked closed once confirmed

6. Post follow-up is optional

SLA Ticketing Practices (the standard)

• A formal contract between IT support teams and users that defines expected response and resolution times

• Response time, resolution time, ticket prioritization, escalation process, service availability, penalties, and breach consequences

• Example: critical issue, then respond within 15 min, resolve in 2 hrs, breach happens when IT fails

• SLA ensures timely support, manages user expectations, prevents ticket backlog, and supports performance tracking of IT teams

Workflow

1. Always acknowledge tickets promptly, and confirm receipt

2. Follow SLA guidelines

3. Communicate clearly

4. Document Everything

5. Escalate when necessary

6. Close tickets properly

I made an account on https://www.spiceworks.com/ and then worked through each activity in the video. The first activity focused on filling a ticket with all of the necessary information.

Then I had to close the ticket properly by first asking if the fix was sufficient. I also wrote internal notes before pressing the close button.

Then I learned about the escalation process. SpiceWorks doesn't have an escalation option, so I just wrote what would be a message to the next team and selected internal notes. In that situation, I would also have to notify the person asking for access that the ticket has been escalated.

Overall, it was incredibly simple to set up and play around with. Next week, I'm planning on exploring a couple more networking tools and continuing the THM modules. I'll also start learning Python because there's another project I'll do in the fourth week.

Over the course of maybe seven months, I played a few Over the Wire games (it's fun, highly recommend), finished ISC2 modules (didn't take the test), watched a Wireshark tutorial and analyzed basic traffic, learned about VirtualBox, and did a handful of TryHackMe modules.

After that, I completely neglected my cybersecurity studies. Not because I didn't want to learn. I just never made time to study. I promised myself I would try again the next day and the next...

And now, I'm here to try again. I plan to actually follow a routine this time: I'll post once a week on a topic I focused on.

Last week, I focused on a subnetting YT playlist, it was interesting! I also started the Network Fundamentals module on THM, but didn't get very far. Now I'll summarize everything I learned from the subnetting playlist to review my notes and see if this helps me teach it to myself. I'm wondering if I'll need to rewatch a few of the videos. Also, I recommend drawing blocks out to sketch the ideas being explained below.

Anyways, we'll start by defining subnetting, which is a network divided into subnetworks. Each subnetwork can be measured by using a CIDR Notation, such as /24. Each CIDR has a set number of IP addresses. For example, /24 is a standard network that has 256 IP addresses. That means IP addresses between .0 through .255. Remember it always starts at .0!

Then, to subnet just divide into 2 equal /25 networks. That means there are still 256 IP addresses but now there's two sections. The first spans from .0 through .127 and the second includes .128 through .255.

The subnetting can be divided even more: 4 sections use /26, eight sections use /27. They can also be mixed and matched: one /25, two /27, and one /26 completes the 256 IP addresses.

So, seven pieces of information can be obtained from subnetting:

1. Network ID: very first IP address in each sub-net. For example, 10.0.0.0 uses .0 as the first IP address or if using a /25 network with 10.0.0.128 then .128 is the first address.

2. Broadcast IP (BC IP): very last IP address. This address allows a user to speak to any or all IP addresses in a subnet. For example, in the first part of a /25 network .127 is the last address so the BC IP is 10.0.0.127. In the second block of a /25 network, .255 is the last address so the BC IP for that section is 10.0.0.255.

Side Note: These first two can't be assigned to any users by the way, since they already have a function: identification and broadcasting! That means even if there are a total of 128 addresses, only 126 are usable, and even if there are 256, then only 254 are usable. Always subtract two!

1. First Host IP: IP address immediately after Network ID. Example: if the first one is 10.0.0.0 then first host IP is 10.0.0.1

2. Last Host IP: IP address immediately before broadcast IP. Example: if the last IP is 10.0.0.255 then the last host IP is 10.0.0.254

3. Next Network: Network ID of the next subnet, which is always right after BC IP. Example: if it's a /27 that's next then it would be 10.0.0.28.

4. of IP addresses: Total number of addresses in each block. Initial one /24 has 256 addresses, from there divide. So a /25 has 128, /26 has 64, /27 has 32 addresses

5. CIDR/Subnet Mask: identify the size of a subnet and convert between the two. Basically subtract how many available addresses there are from the total. For example, /25 has a subnet mask of 255.255.255.128 because it has 128 available addresses and if you subtract that from 256 then you still get 128. So for /26 the subnet mask is 255.255.255.192 because there are 64 available addresses and if you subtract it from 256 then you have 192.

Then the subnetting YT playlist taught me a cheat sheet to quickly solve problems! There are three steps and it's definitely helpful. Basically, each row lists the relevant combination:

Group Size: 128 64 32 16 8 4 2 1

Subnet Mask: 128 192 224 240 248 252 254 255

CIDR: /25 /26 /27 /28 /29 /30 /31 /32

So when given an IP address with a certain CIDR, you just look at the list to find a starting point. For example, if the CIDR is /28 then the subnet mask is 255.255.255.240 and the total group size is 16. Each IP address will have a target IP. In the first problem, it was .55 and to get there, you count by the group size. For example, the start is always .0, then .16, .32, .48, and .64. You stop once you pass the target IP address; you always have to pass it, even if you land right on the target IP address.

The number before the target IP address is the network ID, which is .48 in this case. The first host IP is one more than the network ID so add one, making the Network ID .49. The next network is always the address that passed the target, which is .64. The BC IP is right before the next network ID so subtract one, which makes the BC IP .63. And the last host IP is one less then the BC IP so subtract one, making it .62.

Also, .256 doesn't exist, which means the next octet has to be used. For example, if starting with 10.2.2.192 and the group size is 64, then the next one becomes 10.2.3.0. If the target isn't reached by then, you keep going, which means the next one is 10.2.3.64.

Anyways, I watched all the practice videos and worked on the problems before they revealed the answers. I happily got them right. It gets so easy once you get the hang of it! Then I tried out https://subnetipv4.com/ to practice some more. I realized they featured different types of problems, so I went back to the playlist to watch more videos.

Three tips were shown to make solving problems quicker. Such as starting with larger numbers if the target IP is a large number, or starting with a higher number and subtracting by group size. Also, every group size lands at 128 at some point so technically the start can also be .128 instead of .0. And last but not least, every group size lands on its own subnet value of the same column or every column to the left. For example, /30 with .197 is a large number, but /30 has 240 as a subnet mask, and the closest number to 197 that's to the left of that is 192. That means the start can be 192.

Also, the cheat sheet can be extended to include the 2nd and 1st octet:

128 64 32 16 8 4 2 1

128 192 224 240 248 252 254 255

/25 /26 /27 /28 /29 /30 /31 /32

/17 /18 /19 /20 /21 /22 /23 /24 (this is 3rd octet, ex: target is .77. in 10.2.77.188 /19)

/9 /10 /11 /12 /13 /14 /15 /16 (this is 2nd octet)

/1 /2 /3 /4 /5 /6 /7 /8 (this is 1st octet)

Also, for 3rd, 2nd, and 1st octects, the ends become .255. For example, 10.4.95.255. Then to find the Last Host IP, always subtract from the end so if the end is .255 then the last host is .254. Oh and to find the total number of IP addresses, use the following formula: (2^(32-CIDR)).

In one video they also explained that the next network IP can be N/A if it reaches the very last network and that 0.0.0.0 /0 network includes all 4.2 billion addresses. It can be split into 2 of /1 or 4 of /2. I also watched the video on FLSM: Fixed-Length Subnet Mask. Basically, each CIDR doubles the number of networks available and that can be true even if you start with /22 or /0. For example, /0 would be one network but /1 would be 2 and /22 could be one but /23 would have 2. The faster way to solve FLSM questions would be subtracting the CIDR closest to the target total IP addresses from the starting CIDR and using 2^N. For example, /26 - /21 = 5 and 2^5 = 32 subnets when you start at /21 and want 51 IP addresses. /26 is the closest with a 64 address group size. Then there was an explanation about VLSM, variable length subnet masks, where essentially you need to determine how many IP addresses you need and then allocate them from largest to smallest to maximize space.

Overall, I found subnetting very interesting and plan to practice using https://subnetipv4.com/ this week. I'm also going to finish the THM modules and play some more OTW games. I plan to build a simple Ticketing System based on a video I found too. I can't wait to write my next post!