Introduction to Networking

Networking is the foundation of IT and security. At its simplest, a network enables two computers to communicate with each other. But once you scale beyond two machines, the complexity grows. Suddenly, you’re dealing with topologies (mesh, tree, star), mediums (Ethernet, fiber, coax, wireless), and protocols (TCP, UDP, IPX, and beyond).

For security professionals, understanding how networks are structured is not optional — it’s essential. When networks fail, the error may not be obvious, and if we miss it, attackers won’t.

The Problem with Flat Networks

A flat network is one in which every device resides on the same logical segment. Setting one up isn’t particularly difficult, and operationally, it can be reliable. But from a security standpoint, a flat network is like building a house and thinking it’s secure just because you locked the front door.

Attackers thrive in flat networks. Once inside, pivoting from one host to another is simple, and lateral movement often goes undetected. Segmentation, on the other hand, acts as layers of defense — slowing attackers, raising alarms, and giving defenders a fighting chance.

Analogies: Defending the Digital “Property”

To make sense of network segmentation, let’s return to the house analogy. Imagine your IT infrastructure as property that needs protection:

Example 1: Fences and Entry Points

Segmentation with Access Control Lists (ACLs) = Fences around your property.
They create controlled entry/exit points.
Attackers can still jump the fence, but it’s suspicious and detectable.
Example question: Why is the printer network talking to servers over HTTP?

Example 2: Lights Around the Property

Network Mapping & Documentation = Floodlights around the house.
They reveal unusual movement between networks.
Example question: Why is the printer network talking to the internet at all?

Example 3: Bushes as Deterrents

Intrusion Detection Systems (IDS) like Suricata or Snort = Bushes around windows.
They discourage casual probing and scanning.
Example question: Why did a port scan originate from the printer network?

These examples may seem simplistic, but they illustrate why common sense restrictions are difficult in a flat /24 network. If a printer receives a DHCP address in the same segment as servers and clients, enforcing restrictions becomes messy.

Story Time: A Pentester’s Oversight

Flat networks don’t just trip up defenders — they can also trip up penetration testers. Here’s a real-world-inspired example:

Most networks use a /24 subnet mask (255.255.255.0). This allows any computer with the same first three octets in its IP address (e.g., 192.168.1.xxx) to communicate freely.

But what happens when an organization uses /25 subnets instead?

The Setup

Server Gateway: 10.20.0.1/25
Domain Controller: 10.20.0.10/25
Client Gateway: 10.20.0.129/25
Client Workstation: 10.20.0.200/25
Pentester IP: 10.20.0.252/24 (set to use 10.20.0.1 as gateway)

What Went Wrong

The pentester, assuming a /24 network, only communicated with Client Workstations.
They even managed to steal a workstation password via Impacket — and thought they’d scored a major win.
But they completely missed the Domain Controller and database servers, which were on the other side of the /25 boundary.

The oversight? Failing to understand the network segmentation meant the pentester never reached the “high-value” targets.

Lesson learned: Misconfigured or misunderstood subnets can hide critical systems in plain sight.

Key Takeaways

Flat networks are risky: They make lateral movement easy for attackers and hinder defenders.
Segmentation adds defense layers: ACLs, IDS, and documentation turn a flat landscape into a monitored, controlled environment.
Analogies help explain it: Think fences, lights, and bushes — deterrents that slow intruders and make detection easier.
Pentesters aren’t immune: Assuming a /24 can cause testers to miss entire sections of a network.
Always validate network structure: Understand subnets, gateways, and segmentation before drawing conclusions.

By segmenting networks, monitoring flows, and properly documenting infrastructure, organizations turn a single locked door into a layered security system. For attackers, that means more work, more noise, and less chance of success. For defenders and pentesters, it means clearer visibility and stronger defenses.

Subnetting

Networking often feels abstract, but at its core, it’s about dividing and organizing address spaces so devices can communicate efficiently. One of the most important concepts to understand is subnetting.

Subnetting allows us to split a large IP address range into smaller, manageable segments. These smaller segments — called subnets — make networks more efficient, secure, and easier to control.

What is Subnetting?

Subnetting is the process of dividing an IPv4 address range into multiple smaller ranges.

A subnet is a logical segment of a larger network, where all devices share the same network address.

Think of a subnet as a glass door in a corporate building:

The building = the whole network.
Each department = a subnet.
The door = the boundary (subnet mask) that separates one subnet from another.

This separation helps with:

Organization (grouping devices by role or department).
Security (restricting unnecessary communication between groups).
Efficiency (reducing broadcast traffic).

Key Components of a Subnet

Every subnet has some critical definitions:

Network Address – identifies the subnet itself (not assigned to any host).
Broadcast Address – used to send messages to all hosts within the subnet.
First Host Address – the first usable IP in the subnet (assigned to a device).
Last Host Address – the last usable IP in the subnet.
Number of Hosts – the total usable addresses inside the subnet.

Example: Subnetting an IPv4 Address

Let’s work through an example step by step.

IPv4 Address: 192.168.12.160
Subnet Mask: 255.255.255.192
CIDR Notation: 192.168.12.160/26

Step 1: Understand the Subnet Mask

255.255.255.192 = /26
In binary: 11111111.11111111.11111111.11000000
This means 26 bits are reserved for the network and the remaining 6 bits are for hosts.

Step 2: Calculate Number of Hosts

Formula: 2^n – 2 (where n = number of host bits).
Here, n = 6.
2^6 – 2 = 64 – 2 = 62 usable hosts.

So, each /26 subnet supports 62 hosts.

Step 3: Determine Subnet Increments

A /26 subnet increments in blocks of 64 addresses (since 2^6 = 64).
The ranges for 127.0.0.1/26 would be:
- 192.168.12.0 – 192.168.12.63
- 192.168.12.64 – 192.168.12.127
- 192.168.12.128 – 192.168.12.191 ✅ (our subnet)
- 192.168.12.192 – 192.168.12.255

Step 4: Identify Network Details

For 192.168.12.160/26:

Network Address: 192.168.12.128
Broadcast Address: 192.168.12.191
First Host: 192.168.12.129
Last Host: 192.168.12.190
Total Usable Hosts: 62

Why Subnetting Matters

Subnetting isn’t just an academic exercise — it’s essential in the real world:

Security: Separating printers, servers, and clients prevents unnecessary cross-communication.
Efficiency: Reduces broadcast storms and network congestion.
Control: Helps administrators assign IPs logically and spot anomalies quickly.
Pentesting Insight: Misunderstanding subnets can cause testers to overlook critical hosts (as seen in many real-world pentest reports).

Key Takeaways

Subnetting divides a large IP range into smaller, logical networks.
Each subnet has a network address, broadcast address, host range, and size.
With /26, we get 64 IPs per subnet (62 usable).
In our example:
- Network: 192.168.12.128
- Broadcast: 192.168.12.191
- Host Range: 192.168.12.129 – 192.168.12.190

Mastering subnetting allows you to read an IP address like a map, instantly knowing which network it belongs to, how many devices it supports, and where its boundaries are.

Submit the decimal representation of the subnet mask from the following CIDR: 10.200.20.0/27

Step 1: Understand `/27`

CIDR /27 means the first 27 bits of the 32-bit IP address are 1s (network portion).
The remaining 5 bits are 0s (host portion).

Step 2: Binary subnet mask

11111111.11111111.11111111.11100000

Step 3: Convert to decimal

11111111 = 255
11111111 = 255
11111111 = 255
11100000 = 224

Final Answer:

The decimal subnet mask for 10.200.20.0/27 is:

[REDACTED]

Submit the broadcast address of the following CIDR: 10.200.20.0/27

Step 1: Subnet mask

From earlier:<br><code>/27</code> → <code>255.255.255.224</code><br>Block size = <code>224</code> in the last octet → increment = <strong>32</strong>.

Step 2: Find subnet range

Network address: 10.200.20.0
Next subnet would start at: 10.200.20.32

So, this subnet covers addresses from 10.200.20.0 → 10.200.20.31

Step 3: Broadcast address

The last address in the block is always the broadcast address.
→ 10.200.20.31

Final Answer:

The broadcast address of 10.200.20.0/27 is:

[REDACTED]

Split the network 10.200.20.0/27 into 4 subnets and submit the network address of the 3rd subnet as the answer.

1. Starting point

We have the network 10.200.20.0/27.

Subnet mask: 255.255.255.224
Block size: 32 addresses (because 2^(32−27) = 2^5 = 32).
So this network spans: 10.200.20.0 → 10.200.20.31

2. Splitting into 4 subnets

We want to divide this /27 into 4 equal subnets.

If we have 32 total addresses, each subnet will get 32 ÷ 4 = 8 addresses.
To have 8 addresses per block, we need 3 host bits (2^3 = 8).
That means each subnet will be a /29.

3. Resulting subnets

Each /29 has 8 addresses:

1st subnet: 10.200.20.0/29 → 10.200.20.0–7
2nd subnet: 10.200.20.8/29 → 10.200.20.8–15
3rd subnet: 10.200.20.16/29 → 10.200.20.16–23
4th subnet: 10.200.20.24/29 → 10.200.20.24–31

4. Final Answer

The network address of the 3rd subnet is:

[REDACTED]

Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.

1. Original network

We start with 10.200.20.0/27.

Subnet mask: 255.255.255.224
Total addresses: 32 (because 2^(32−27) = 2^5 = 32)
Range: 10.200.20.0 → 10.200.20.31

2. Splitting into 4 equal subnets

We need 4 subnets inside this /27.

32 total addresses ÷ 4 = 8 addresses per subnet
A block of 8 addresses means each subnet is a /29

3. Define the 4 subnets

Each /29 increments by 8 in the last octet:

1st subnet: 10.200.20.0/29 → addresses 0–7 → broadcast 10.200.20.7
2nd subnet: 10.200.20.8/29 → addresses 8–15 → broadcast 10.200.20.15
3rd subnet: 10.200.20.16/29 → addresses 16–23 → broadcast 10.200.20.23
4th subnet: 10.200.20.24/29 → addresses 24–31 → broadcast 10.200.20.31

4. Final Answer

The broadcast address of the 2nd subnet is:

[REDACTED]

The Problem with Flat Networks

Analogies: Defending the Digital “Property”

Example 1: Fences and Entry Points

Example 2: Lights Around the Property

Example 3: Bushes as Deterrents

Story Time: A Pentester’s Oversight

The Setup

What Went Wrong

Key Takeaways

Subnetting

What is Subnetting?

Key Components of a Subnet

Example: Subnetting an IPv4 Address

Step 1: Understand the Subnet Mask

Step 2: Calculate Number of Hosts

Step 3: Determine Subnet Increments

Step 4: Identify Network Details

Why Subnetting Matters

Key Takeaways

Step 1: Understand /27

Step 2: Binary subnet mask

Step 3: Convert to decimal

Final Answer:

Step 1: Subnet mask

Step 2: Find subnet range

Step 3: Broadcast address

Final Answer:

1. Starting point

2. Splitting into 4 subnets

3. Resulting subnets

4. Final Answer

1. Original network

2. Splitting into 4 equal subnets

3. Define the 4 subnets

4. Final Answer

Step 1: Understand `/27`