Skip to content
· 8 min read INFO @Sdmrf

Networking Basics: How Computers Find Each Other

IP addresses, MAC addresses, DNS, and routing - explained from scratch. The networking foundation every security beginner needs.

#tutorial #fundamentals #ground-up #networking
On this page
Series

Ground Up: Networking

Part 1 of 3

This is the first part
Next

What Actually Happens When You Visit a Website

View all parts
  1. 1Networking Basics: How Computers Find Each Other
  2. 2What Actually Happens When You Visit a Website
  3. 3Ports, Protocols, and Why They Matter for Security

Every cyberattack happens over a network. Every defense monitors a network. If you don’t understand how computers communicate, everything else in security will feel like guesswork.

This isn’t a networking certification prep course. It’s the minimum you need to understand so that security concepts actually click.

The Problem: Billions of Devices, One Internet

There are over 15 billion devices connected to the internet. Your laptop needs to reach a specific server in a data center somewhere across the world. How does your data get there and back?

Three things need to happen:

  1. Addressing - Every device needs a unique identity
  2. Routing - Data needs to know which path to take
  3. Naming - Humans need a way to find things without memorizing numbers

Let’s break each one down.

IP Addresses: Your Computer’s Mailing Address

Every device on a network has an IP address (Internet Protocol address). It’s how devices identify each other.

Think of it like a postal address. Your home address tells the mail carrier exactly where to deliver a package. An IP address tells the network exactly where to send data.

IPv4 (the one you’ll see most):

192.168.1.100

Four numbers separated by dots. Each number ranges from 0 to 255. That gives roughly 4.3 billion possible addresses. Sounds like a lot until you realize there are more devices than addresses.

IPv6 (the newer, longer version):

2001:0db8:85a3:0000:0000:8a2e:0370:7334

Way more addresses (340 undecillion - that’s 340 followed by 36 zeros). Adoption is growing but IPv4 still dominates in most networks you’ll encounter.

Private vs Public IP Addresses

Not all IP addresses are the same.

Public IPs are unique across the entire internet. Your home router has one. Google’s servers have one. No two public IPs are the same.

Private IPs are used inside your local network. Your laptop, phone, and smart TV each have one, but they’re only meaningful inside your home network.

RangeTypeWho Uses It
10.0.0.0 - 10.255.255.255PrivateLarge organizations
172.16.0.0 - 172.31.255.255PrivateMedium networks
192.168.0.0 - 192.168.255.255PrivateHome networks
Everything elsePublicInternet-facing devices

Why this matters for security: When you see IP addresses in logs or attack reports, knowing whether it’s private or public immediately tells you if the traffic is internal or coming from the internet.

NAT: Sharing One Public Address

Your home has one public IP, but you have dozens of devices. How?

NAT (Network Address Translation). Your router acts as a translator. Devices inside your network use private IPs. When they send traffic to the internet, the router swaps the private IP for the public one. When the response comes back, the router figures out which device asked for it and forwards accordingly.

Your laptop (192.168.1.100) ──▶ Router (NAT) ──▶ Internet (as 203.0.113.50)
Your phone  (192.168.1.101) ──▶ Router (NAT) ──▶ Internet (as 203.0.113.50)

Both devices appear as the same public IP to the outside world.

Why this matters for security: NAT is one reason reverse shells are preferred over bind shells. You can’t easily connect into a device behind NAT, but that device can connect out. Attackers exploit this.

MAC Addresses: The Hardware ID

Every network interface (your Wi-Fi card, Ethernet port) has a MAC address (Media Access Control). Unlike IP addresses, MAC addresses are burned into the hardware.

AA:BB:CC:DD:EE:FF

Six pairs of hexadecimal characters. The first three pairs identify the manufacturer. The last three are the unique device ID.

IP vs MAC - when each is used:

  • MAC addresses work on the local network (the devices physically or wirelessly connected to the same router/switch)
  • IP addresses work across networks (routing data across the internet)

Think of it this way: your MAC address is like your name tag at a conference (local identification). Your IP address is like your mailing address (global identification).

Why this matters for security: MAC addresses can be spoofed (faked). Relying on MAC filtering for security is like checking name tags at a conference where anyone can print their own.

DNS: The Internet’s Phone Book

Nobody types 142.250.80.46 into their browser. We type google.com. Something has to translate human-readable names to IP addresses.

That’s DNS (Domain Name System).

When you type google.com:

1. Your computer asks: "What's the IP for google.com?"
2. Your DNS server looks it up
3. DNS responds: "It's 142.250.80.46"
4. Your computer connects to that IP

This happens before every connection. It’s invisible, fast, and absolutely critical.

DNS Hierarchy

DNS isn’t one big lookup table. It’s a distributed system:

You ──▶ Local DNS Resolver (your ISP or 8.8.8.8)
           ──▶ Root DNS Server (knows who handles .com, .org, .net)
                ──▶ TLD Server (knows who handles google.com)
                     ──▶ Authoritative Server (knows the actual IP for google.com)

Each level knows enough to point you to the next level. Nobody stores everything.

DNS Record Types You Should Know

TypePurposeExample
AMaps domain to IPv4 addressgoogle.com → 142.250.80.46
AAAAMaps domain to IPv6 addressgoogle.com → 2607:f8b0:...
MXMail server for the domaingmail.com → mail server address
CNAMEAlias for another domainwww.example.com → example.com
TXTText records (used for verification, SPF, DKIM)"v=spf1 include:..."
NSName server for the domainexample.com → ns1.provider.com

Why this matters for security: DNS is a goldmine for attackers and defenders.

  • Attackers use DNS for reconnaissance (discovering subdomains, mail servers, infrastructure)
  • Defenders monitor DNS logs to detect malware (malware often contacts command-and-control servers via DNS)
  • DNS hijacking redirects users to fake sites by poisoning DNS responses
  • Some malware tunnels data through DNS queries to bypass firewalls

Routing: Getting Data From A to B

Your data doesn’t teleport. It hops between routers, each one deciding where to send it next.

When your laptop sends data to a server in another country:

Your laptop → Home router → ISP router → Regional router →
   → Internet backbone → Destination ISP → Destination server

Each router looks at the destination IP and decides: “Which of my connections gets this packet closer to its destination?” This is routing.

See It Yourself

You can watch this happen:

# On Linux/Mac
traceroute google.com

# On Windows
tracert google.com

This shows every hop your data takes to reach the destination. Each line is a router along the path.

Why this matters for security: Understanding routing helps you understand where traffic can be intercepted, how network segmentation works, and why certain attacks (like man-in-the-middle) are possible at specific points in the path.

Putting It Together

When your laptop loads example.com:

  1. DNS lookup: Your computer asks DNS for the IP of example.com. Gets back 93.184.216.34
  2. Routing: Your data is addressed to 93.184.216.34 and routed hop-by-hop across the internet
  3. Local delivery: On the local network, your MAC address is used to get packets from your laptop to your router
  4. NAT: Your router swaps your private IP for its public IP before sending data out
  5. The server responds and the whole process runs in reverse

This all happens in milliseconds. Hundreds of times a day. Without you noticing.

Try It Yourself

Open a terminal and try these commands. No risk, just observation.

# See your IP address
ip addr show          # Linux
ifconfig              # Mac
ipconfig              # Windows

# See your DNS servers
cat /etc/resolv.conf   # Linux
scutil --dns           # Mac
ipconfig /all          # Windows (look for "DNS Servers")

# Look up a domain's IP
nslookup example.com

# See the route to a server
traceroute example.com    # Linux/Mac
tracert example.com       # Windows

# See your ARP cache (MAC ↔ IP mappings on local network)
arp -a

Run each one. Read the output. Match what you see to what we just covered.

What’s Next

Now you know how devices find each other on a network. In the next post, we’ll zoom into what actually happens during a web request - the TCP handshake, HTTP protocol, and how data is actually exchanged. That’s where things start connecting to security concepts like packet sniffing, man-in-the-middle attacks, and encryption.

References

Every exploit, every defense, every detection rule starts with understanding how data moves. This is where it all begins.

Related Articles

info·9 min read

Ports, Protocols, and Why They Matter for Security

What ports and protocols actually are, which ones matter, and how attackers and defenders use this knowledge. The final networking fundamental.

info·9 min read

What Actually Happens When You Visit a Website

The full chain from URL to rendered page - DNS, TCP handshake, HTTP, and TLS. Understanding the request lifecycle is key to understanding web security.

info·10 min read

Authentication Attacks: Passwords, Sessions, and Tokens

How login systems break - brute force, credential stuffing, session hijacking, token flaws, and MFA bypass. The complete beginner's guide to auth attacks.