Networking is where most "it doesn't work" tickets come from. You don't need to be a CCNP — you need a working mental model of how a packet leaves a laptop, traverses a network, and reaches a server. This lesson gives you that.
The OSI Model (Briefly)
| Layer | Name | Examples |
|---|---|---|
| 7 | Application | HTTP, HTTPS, SSH, DNS |
| 6 | Presentation | TLS, character encoding |
| 5 | Session | Connection state |
| 4 | Transport | TCP, UDP |
| 3 | Network | IP, ICMP, routers |
| 2 | Data link | Ethernet frames, MAC addresses, Wi-Fi, switches |
| 1 | Physical | Cables, radio waves, NICs |
You don't memorise this — you use it to ask "which layer is broken?" when troubleshooting.
IP Addressing
IPv4
- 32-bit address, written as four decimal octets:
192.168.1.10 - 4.3 billion total addresses — exhausted years ago, propped up by NAT
IPv6
- 128-bit address:
2001:0db8:85a3::8a2e:0370:7334 - Vast address space; eliminates need for NAT in most cases
- Coexists with IPv4 (dual-stack) on most networks today
Private vs public
| Range | Use |
|---|---|
| 10.0.0.0 / 8 | Large private networks |
| 172.16.0.0 / 12 | Medium private |
| 192.168.0.0 / 16 | Home / small office (most home routers default to 192.168.1.x or 192.168.0.x) |
| 169.254.0.0 / 16 | APIPA — Windows self-assigned when DHCP fails (a tell-tale sign) |
| 127.0.0.0 / 8 | Loopback (localhost = 127.0.0.1) |
Subnet mask and CIDR
The subnet mask says which bits identify the network vs the host. 255.255.255.0 or /24 means the first 24 bits are network. A /24 gives 256 addresses (254 usable hosts).
Two devices can talk directly only if they're in the same subnet. Different subnets require a router.
The Default Gateway
The IP address (usually the router) that traffic leaves through to reach anything outside the local subnet. If your gateway is wrong or unreachable, you can ping local devices but not the internet.
DHCP — Automatic IP Configuration
When a device joins a network, DHCP gives it:
- IP address
- Subnet mask
- Default gateway
- DNS server(s)
- Lease time
The 4-step DORA dance: Discover → Offer → Request → Acknowledge. If DHCP fails on Windows, the device assigns itself a 169.254.x.x address (APIPA) — meaning "I couldn't reach any DHCP server".
DNS — Names to Numbers
Humans use google.com; computers route by IP. DNS bridges the two.
Lookup flow:
- App calls
getaddrinfo("google.com") - OS checks hosts file (rarely used today)
- OS checks local DNS cache
- OS asks the recursive resolver (usually configured by DHCP — your router, Google 8.8.8.8, or Cloudflare 1.1.1.1)
- Resolver walks the hierarchy: root servers → .com TLD servers → Google authoritative server
- Returns the IP; client connects
Common record types: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT (verification / SPF / DKIM), NS (nameservers).
DNS failures manifest as "this site can't be reached" even when other sites work, or when the IP works directly but the name doesn't.
Common Protocols and Ports
| Port | Protocol | Use |
|---|---|---|
| 20 / 21 | FTP | File transfer (legacy) |
| 22 | SSH / SFTP | Secure shell, file transfer |
| 23 | Telnet | Legacy remote (insecure) |
| 25 | SMTP | Email send (server-to-server) |
| 53 | DNS | Name resolution (UDP and TCP) |
| 67 / 68 | DHCP | IP assignment |
| 80 | HTTP | Web (unencrypted) |
| 110 / 143 | POP3 / IMAP | Email retrieval |
| 123 | NTP | Time sync |
| 389 / 636 | LDAP / LDAPS | Directory services |
| 443 | HTTPS | Web (encrypted) |
| 445 | SMB | Windows file sharing |
| 3389 | RDP | Windows remote desktop |
| 5900 | VNC | Cross-platform remote desktop |
Wi-Fi
Standards
| Wi-Fi name | IEEE | Max theoretical | Bands |
|---|---|---|---|
| Wi-Fi 4 | 802.11n | ~600 Mb/s | 2.4 + 5 GHz |
| Wi-Fi 5 | 802.11ac | ~3.5 Gb/s | 5 GHz |
| Wi-Fi 6 | 802.11ax | ~9.6 Gb/s | 2.4 + 5 GHz |
| Wi-Fi 6E | 802.11ax | ~9.6 Gb/s | + 6 GHz |
| Wi-Fi 7 | 802.11be | ~46 Gb/s | 2.4 + 5 + 6 GHz, MLO |
Bands
- 2.4 GHz: Longer range, slower, crowded (microwaves, Bluetooth, neighbours)
- 5 GHz: Shorter range, faster, less crowded
- 6 GHz (Wi-Fi 6E/7 only): Even faster, very clean, very short range
Security
- WEP: Broken; never use
- WPA / WPA2: Common; WPA2-PSK uses a shared password
- WPA3: Current standard; stronger; required for Wi-Fi 6 certification
- WPA2/3-Enterprise: Per-user authentication via RADIUS (802.1X)
Network Hardware
- NIC (Network Interface Card): Wired (RJ45) or wireless
- Switch: Connects devices in a LAN; learns MAC addresses to forward frames intelligently
- Router: Routes between subnets; the gateway to the internet at home
- Access point (AP): Adds Wi-Fi to a wired LAN
- Firewall: Filters traffic based on rules
- Modem: Connects to the ISP (cable, DSL, fibre ONT, 4G/5G)
Network Troubleshooting Toolkit
| Tool | What it does |
|---|---|
ipconfig /all / ip a | Show local IP config |
ping <host> | Test reachability + latency |
tracert / traceroute | Show each hop to a destination |
nslookup / dig | Query DNS |
netstat -an / ss -tunap | Listening ports and connections |
ipconfig /flushdns | Clear DNS cache |
nbtstat / arp -a | NetBIOS / ARP cache |
| Wireshark | Packet capture for deep inspection |
A Standard Network Troubleshooting Flow
- Can you ping
127.0.0.1? (TCP/IP stack ok) - Do you have a valid IP (not 169.254.x.x)? (DHCP ok)
- Can you ping the default gateway? (LAN ok)
- Can you ping
8.8.8.8? (Internet routing ok) - Can you ping
google.com? (DNS ok) - Can you reach the failing URL/port specifically? (App layer)
Where the chain breaks tells you the layer to investigate. Most of the time it's DHCP, DNS, or Wi-Fi — and most of those are fixed by "renew lease", "switch DNS", or "forget and rejoin the SSID".
VPN Basics
A VPN tunnels your traffic over the internet to a remote network as if you were physically present. Common types:
- Remote-access VPN: Per-user; connects laptop to corp network (Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet FortiClient, OpenVPN, WireGuard)
- Site-to-site VPN: Connects whole offices
- Zero-trust replacement: Cloudflare Access, Zscaler, Tailscale — VPN is increasingly replaced by per-app zero-trust access
With this map of networking, you can diagnose 90% of connectivity tickets. The next lesson moves to peripherals — the printers and accessories that drive the rest.