Chapter 1: Introduction to Computer Networks

The Day the Internet Came to Life

On October 29, 1969, at 10:30 PM, a UCLA graduate student named Charley Kline attempted to send the first message over ARPANET—the precursor to the internet. The goal was simple: log into a computer at Stanford Research Institute, about 350 miles away, by typing “LOGIN.”

He typed “L.” It transmitted.
He typed “O.” It transmitted.
He typed “G.”

The system crashed.

The first message ever sent over what would become the internet was “LO”—unintentionally prophetic, perhaps, as if the network was saying “Lo and behold.”

An hour later, after the Stanford system rebooted, Kline successfully completed the login. That moment—two computers communicating across hundreds of miles—launched a revolution that would reshape human civilization.

Today, over 5 billion people use the internet daily. More than 30 billion devices are connected. Every financial transaction, every video call, every social media post flows through networks built on principles established in that first “LO” message. Understanding these networks isn’t just technical knowledge—it’s understanding the infrastructure of modern life.

---

What Is a Network?

Imagine two people in the same room wanting to share a document. They could hand it over directly—simple, fast, and reliable. Now imagine those same two people are in different buildings, different cities, or different countries. Suddenly, sharing that document requires infrastructure.

A computer network is a collection of interconnected devices that can communicate and share resources with each other. These devices—called nodes—include computers, servers, printers, smartphones, and increasingly, everyday objects like thermostats, vehicles, and industrial sensors.

Why Networks Exist

Networks solve fundamental limitations of standalone computers:

Limitation	Network Solution
Resource isolation	Resource sharing: Files, printers, storage, computing power
Communication barriers	Connectivity: Email, messaging, video conferencing
Geographic constraints	Distance elimination: Global access to services
Redundancy needs	Distributed systems: Fault tolerance and availability
Scalability limits	Distributed computing: Spread workload across machines

Without networks, every computer would be an island. The digital world as we know it—cloud computing, streaming services, remote work, e-commerce—wouldn’t exist.

The Fundamental Challenge

The core challenge of networking is enabling reliable communication between devices that may have:

• Different hardware architectures
• Different operating systems
• Different software versions
• Arbitrary physical separation
• No prior relationship or trust

Solving this challenge required decades of engineering effort and the development of standardized protocols—agreed-upon rules for communication that we’ll explore throughout this book.

Security Note: These protocols were designed in an era of trusted academic networks. Many prioritize functionality and efficiency over security. Understanding their design assumptions reveals their vulnerabilities.

---

A Brief History of Networking

Understanding where networks came from helps explain why they work the way they do—and why certain security vulnerabilities exist.

The Pre-Network Era (1950s-1960s)

Early computers were standalone behemoths. The ENIAC (1945) weighed 30 tons and filled an entire room. Computing time was precious, accessed through physical presence or batch job submission. The idea of connecting computers seemed impractical—what would they even say to each other?

The ARPANET Era (1969-1983)

The U.S. Department of Defense’s Advanced Research Projects Agency (ARPA) funded research into computer networking for several reasons:

• Resource sharing: Expensive computers could be accessed remotely
• Resilience: A distributed network could survive partial destruction
• Collaboration: Researchers needed to share data and results

ARPANET pioneered several concepts we still use:

• Packet switching: Breaking data into small packets that travel independently
• Distributed routing: No single point of failure
• Protocol layering: Separating concerns into manageable layers

ARPANET Growth

ARPANET Growth:
───────────────
1969: 4 nodes (UCLA, Stanford, UCSB, Utah)
1971: 15 nodes
1973: 40 nodes (first international connections)
1983: Split into MILNET (military) and research networks

The Protocol Wars (1970s-1990s)

Multiple competing protocol suites vied for dominance:

Protocol Suite	Backed By	Fate
TCP/IP	ARPA/Internet community	Won
OSI	ISO/European governments	Lost
DECnet	Digital Equipment Corporation	Obsolete
SNA	IBM	Obsolete
IPX/SPX	Novell	Obsolete

TCP/IP won for several reasons: it was free, already deployed on ARPANET, supported by Unix, and—crucially—worked well in practice.

THINK ABOUT IT

Why might protocols backed by large corporations and governments lose to an open, community-developed alternative? What does this tell us about how standards succeed?

The Internet Explosion (1990s)

Three developments transformed networking from academic curiosity to global necessity:

1. Tim Berners-Lee’s World Wide Web (1991): Made the internet accessible to non-technical users
2. Mosaic browser (1993): Visual interface for browsing the web
3. Commercialization: ISPs brought internet access to homes and businesses

By 2000, 400 million people were online. The internet had become critical infrastructure.

The Mobile and Cloud Era (2007-Present)

The iPhone (2007) and subsequent smartphones made networking truly ubiquitous. Cloud computing moved infrastructure from on-premises data centers to globally distributed services. Today’s networks are:

• Mobile-first: More traffic from mobile devices than desktops
• Cloud-centric: Applications run on distributed cloud infrastructure
• Always-on: Expectations of constant connectivity
• Massive scale: Billions of devices, exabytes of daily traffic

What History Teaches Us About Security

Historical Decision	Modern Security Impact
Trust-based design (1970s)	Protocols lack built-in authentication
Open standards movement	Security vulnerabilities are publicly known
Backward compatibility priority	Legacy vulnerabilities persist decades
”Make it work first” culture	Security often retrofitted, not built-in

---

Network Types by Geographic Scope

Networks are classified by the geographic area they cover. This classification matters because different scales present different technical challenges and security considerations.

Personal Area Network (PAN)

A Personal Area Network covers the smallest scope—typically within a few meters of a single person.

Examples:

• Smartphone connected to wireless earbuds via Bluetooth
• Fitness tracker syncing with a phone
• Laptop connecting to a wireless keyboard and mouse

Technologies:

• Bluetooth (up to 100m, typically 10m)
• Near Field Communication (NFC) - few centimeters
• Zigbee (low-power IoT)
• Ultra-wideband (UWB) - precise location

Characteristics:

• Low power consumption
• Short range
• Personal device focus
• Often ad-hoc (no infrastructure needed)

Security Note: PAN protocols often sacrifice security for convenience. Bluetooth has seen numerous vulnerabilities (BlueBorne, KNOB attack, BIAS). NFC’s short range provides some physical security, but relay attacks can extend this virtually. See Part II for wireless exploitation techniques.

Local Area Network (LAN)

A Local Area Network connects devices within a limited geographic area: a home, office building, school, or campus.

Examples:

• Home network with router, computers, smart devices
• Office network with workstations, servers, printers
• University campus network spanning multiple buildings

Technologies:

• Wired: Ethernet (IEEE 802.3) - 100 Mbps to 100 Gbps
• Wireless: WiFi (IEEE 802.11) - up to 9.6 Gbps (WiFi 6)

Characteristics:

• High speeds (100 Mbps to 10+ Gbps)
• Low latency (< 1ms typical)
• Single administrative domain
• Owned and managed by one organization

Typical Home LAN

Typical Home LAN:
────────────────

Internet ─── [ISP Modem] ─── [Router/Switch/AP] ──┬─ Desktop (Ethernet)
                                                  ├─ Laptop (WiFi)
                                                  ├─ Smartphone (WiFi)
                                                  ├─ Smart TV (WiFi)
                                                  └─ IoT Devices (WiFi)

Security Note: LANs are often considered “trusted” environments, leading to relaxed security. However, once an attacker gains LAN access—through malware, physical intrusion, or compromised WiFi—they can launch Layer 2 attacks that are devastating. ARP spoofing, VLAN hopping, and switch attacks all assume LAN access. See Part II, Chapter 2.

Metropolitan Area Network (MAN)

A Metropolitan Area Network spans a city or large campus, bridging LANs and WANs.

Examples:

• City-wide government network connecting municipal buildings
• University network spanning multiple campuses across a city
• Cable TV provider’s network infrastructure
• Citywide emergency services network

Technologies:

• Metro Ethernet (fiber-based)
• Wireless point-to-point links
• Municipal WiFi networks

MANs are less commonly discussed because they’re often just classified as “large LANs” or “small WANs” depending on context.

Wide Area Network (WAN)

A Wide Area Network covers large geographic areas—cities, countries, or continents.

Examples:

• The internet (the largest WAN)
• Corporate networks connecting offices worldwide
• Bank networks connecting branches across a country

Technologies:

• Leased lines (dedicated connections from telecom providers)
• MPLS (Multiprotocol Label Switching)
• SD-WAN (Software-Defined WAN)
• Internet VPNs

Characteristics:

• Lower speeds relative to LANs (though this gap is narrowing)
• Higher latency due to distance
• Multiple administrative domains
• Often traverses public or shared infrastructure

The Internet as a WAN:

The internet is a “network of networks”—a massive WAN interconnecting countless LANs through a hierarchy of Internet Service Providers (ISPs) and Internet Exchange Points (IXPs).

Internet Hierarchy (Simplified)

Internet Hierarchy (Simplified):
────────────────────────────────

              [Tier 1 ISPs]               ← Global backbone providers
                   │
           ┌───────┴─────────┐
           │                 │
      [Tier 2 ISPs]     [Tier 2 ISPs]     ← Regional providers
           │                 │
      ┌────┴────┐       ┌────┴────┐
      │         │       │         │
  [Tier 3]  [Tier 3]  [Tier 3]  [Tier 3]  ← Local ISPs
      │         │       │         │
   [LANs]    [LANs]   [LANs]    [LANs]     ← End users

Summary of Network Types

Type	Range	Speed	Latency	Example
PAN	~10m	1-3 Mbps	< 10ms	Bluetooth headphones
LAN	Building/Campus	100 Mbps - 10 Gbps	< 1ms	Office network
MAN	City	1-100 Gbps	1-10ms	Metro Ethernet
WAN	Global	Variable	10-200ms	The internet

TRY IT YOURSELF

Identify the network types you’re currently connected to. On your device, you’re probably part of a PAN (if using Bluetooth), a LAN (your local network), and connected to WANs (internet). Use traceroute (Linux/Mac) or tracert (Windows) to see the path your packets take to reach a distant server:

traceroute google.com

Each hop represents a router on the path—many are WAN infrastructure.

---

Modern Network Paradigms

Beyond traditional classifications, modern networks incorporate new paradigms that reshape how we think about connectivity.

Edge Computing

Traditional cloud computing centralizes processing in large data centers, sometimes thousands of miles from users. Edge computing pushes computation closer to where data is generated and consumed.

Traditional Cloud

Traditional Cloud:
─────────────────
[IoT Device] ───── [Internet] ───── [Cloud Data Center]
                   (100+ ms latency)

Edge Computing:
──────────────
[IoT Device] ───── [Edge Node] ───── [Cloud Data Center]
                   (< 10ms)
                   └── Local processing

Why edge computing matters:

• Latency reduction: Critical for autonomous vehicles, industrial automation, AR/VR
• Bandwidth savings: Process data locally instead of sending everything to cloud
• Offline operation: Continue functioning during connectivity loss
• Privacy: Keep sensitive data local

Edge computing architectures:

• Mobile Edge Computing (MEC) at cellular towers
• Cloudlets at WiFi access points
• IoT gateways in industrial settings
• CDN edge nodes for content delivery

Security Note: Edge computing distributes the attack surface. Instead of securing one data center, organizations must secure thousands of edge nodes. Physical security, firmware updates, and key management become harder at scale.

Mesh Networking

Traditional networks use hierarchical topologies: devices connect to access points, which connect to routers, which connect to the internet. Mesh networks take a different approach: every node can connect to multiple other nodes, creating redundant paths.

Hierarchical (Star/Tree) Mesh

Hierarchical (Star/Tree):          Mesh:
─────────────────────────         ────
                                  A ──── B
        [Router]                  │ \  / │
       /   |   \                  │  \/  │
      /    |    \                 │  /\  │
     A     B     C                │ /  \ │
                                  C ──── D

Single points of failure          No single point of failure

Mesh network types:

• Full mesh: Every node connects to every other node
• Partial mesh: Some nodes have multiple connections, others don’t
• Wireless mesh: Nodes communicate via radio (WiFi, LoRa, etc.)

Applications:

• Home WiFi mesh systems (Eero, Google Nest WiFi, Ubiquiti)
• Community networks in areas lacking ISP coverage
• Emergency communication networks
• IoT deployments (sensors mesh with each other)
• Military tactical networks

Security Note: Mesh networks introduce complexity. Traffic may flow through untrusted intermediate nodes, and the dynamic topology makes monitoring difficult. Peer authentication and encryption become critical.

Software-Defined Networks (Preview)

Traditional networks are configured device-by-device. Each router, switch, and firewall has its own management interface and configuration. Software-Defined Networking (SDN) separates the control plane (decision-making) from the data plane (packet forwarding), centralizing control.

We’ll explore SDN in depth in Chapter 11, but the core concept is: instead of smart devices with distributed decision-making, SDN uses simple devices controlled by a central brain.

Traditional Network SDN Architecture

Traditional Network:                SDN Architecture:
───────────────────                ────────────────

[Smart Switch] [Smart Switch]      [SDN Controller]
      │               │                   │
      └───────┬───────┘            ┌──────┴──────┐
              │                    │             │
       [Smart Router]       [Simple Switch] [Simple Switch]
                                   │             │
 Each device makes own             └─────────────┘
 routing decisions                 Data plane only

Intent-Based Networking (IBN)

A step beyond SDN, Intent-Based Networking allows administrators to specify what they want the network to do (the intent) rather than how to configure each device. The system automatically translates intent into configurations.

Example:

• Traditional: Configure VLANs, ACLs, routing on each device manually
• IBN: “Isolate finance department from guest WiFi” → System configures everything automatically

Zero Trust Architecture

The traditional network security model assumed that everything inside the corporate firewall was trusted. Zero Trust assumes nothing is trusted—every access request must be authenticated and authorized, regardless of location.

We’ll explore Zero Trust extensively in Part II, Chapter 14. For now, understand it as a paradigm shift: from “trust but verify” to “never trust, always verify.”

---

Communication Models

How do devices on a network interact? Two fundamental models describe the relationships between communicating systems.

Client-Server Model

In the client-server model, devices take asymmetric roles: clients request services, servers provide them.

ClientServer Communication

Client-Server Communication:
───────────────────────────

┌──────────┐         Request          ┌──────────┐
│          │  ──────────────────────► │          │
│  Client  │                          │  Server  │
│          │  ◄────────────────────── │          │
└──────────┘         Response         └──────────┘

Examples:
- Web browser (client) ↔ Web server
- Email app (client) ↔ Mail server
- Mobile app (client) ↔ API server

Advantages:

• Centralized data management and backup
• Consistent services to many clients
• Servers can be optimized for their workload
• Easier to secure and update than distributed systems

Disadvantages:

• Single point of failure (server dies, everyone loses access)
• Scalability limits (server can only handle so many clients)
• Network dependency (clients need connectivity to server)

Security Note: The client-server model concentrates value at servers, making them high-priority targets. Compromising a server can affect thousands of clients. Denial of service attacks (Part II, Chapter 7) often target servers because disabling one server impacts many users.

Peer-to-Peer Model (P2P)

In the peer-to-peer model, devices act as equals—each can function as both client and server. There’s no central authority; peers collaborate directly.

PeertoPeer Communication

Peer-to-Peer Communication:
──────────────────────────

    ┌────────┐
    │ Peer A │◄──────────────┐
    └────────┘               │
        ▲ │                  │
        │ │                  │
        │ ▼                  │
    ┌────────┐          ┌────────┐
    │ Peer B │◄────────►│ Peer C │
    └────────┘          └────────┘

Any peer can:
- Request resources
- Provide resources
- Route requests to other peers

Examples:

• BitTorrent file sharing
• Blockchain networks (Bitcoin, Ethereum)
• Some video conferencing (direct peer connections)
• Early Skype architecture

Advantages:

• No single point of failure
• Scales with participation (more peers = more capacity)
• Can function without central infrastructure
• Resilient to censorship and takedowns

Disadvantages:

• Complexity in finding resources (discovery problem)
• Inconsistent availability (peers come and go)
• Difficult to enforce security policies
• Potentially illegal content harder to control

Hybrid Models

Most real-world systems combine both models:

Application	Client-Server Component	P2P Component
Zoom	Signaling, authentication	Direct video streams (when possible)
Spotify	Catalog, authentication	P2P streaming for popular content
Online games	Game state, matchmaking	Player-to-player traffic
CDNs	Origin servers	Edge cache coordination

PRO TIP

When analyzing a system’s security, identify which parts are client-server and which are P2P. Client-server components have centralized trust; P2P components require distributed trust mechanisms. Different attack strategies apply to each.

---

Network Topologies

The topology of a network describes how nodes are arranged and connected. Topology affects performance, reliability, cost, and security. There are two perspectives:

• Physical topology: How devices are actually wired
• Logical topology: How data actually flows (may differ from physical)

Bus Topology

In a bus topology, all devices connect to a single shared communication line (the “bus”).

Bus Topology

Bus Topology:
────────────

════════════════════════════════════════════════
    │           │           │           │
┌───┴───┐   ┌───┴───┐   ┌───┴───┐   ┌───┴───┐
│   A   │   │   B   │   │   C   │   │   D   │
└───────┘   └───────┘   └───────┘   └───────┘

- All devices share one cable
- Data from any device is visible to all
- Terminators at ends prevent signal reflection

Advantages:

• Simple design
• Low cable cost
• Easy to extend

Disadvantages:

• Single point of failure (cable break disables network)
• Performance degrades with more devices (collisions)
• Security concern: all traffic visible to all devices
• Troubleshooting is difficult

Modern use: Rare. Legacy Ethernet (10BASE2, 10BASE5) used bus topology. CAN bus in vehicles still uses this design.

Star Topology

In a star topology, all devices connect to a central node (typically a switch or hub).

Star Topology

Star Topology:
─────────────

        ┌───────┐
        │   A   │
        └───┬───┘
            │
            │
┌───────┐   │   ┌───────┐
│   B   │───┼───│   C   │
└───────┘   │   └───────┘
            │
       ┌────┴────┐
       │ Switch  │
       └────┬────┘
            │
        ┌───┴───┐
        │   D   │
        └───────┘

Advantages:

• Easy to install and manage
• Fault isolation (one connection fails, others unaffected)
• Easy to add/remove devices
• Centralized monitoring possible

Disadvantages:

• Central device is single point of failure
• More cabling than bus (separate cable to each device)
• Central device can be bottleneck

Modern use: Dominant topology for LANs. Almost all wired Ethernet networks use star topology with switches.

Security Note: Star topology centralizes traffic at the switch. This is both an opportunity (monitoring, access control) and a risk (switch becomes high-value target). MAC flooding attacks attempt to overwhelm the switch’s MAC address table. See Part II, Chapter 2.

Ring Topology

In a ring topology, each device connects to exactly two others, forming a closed loop.

Ring Topology

Ring Topology:
─────────────

    ┌───────┐
    │   A   │
    └───┬───┘
   ┌────┴────┐
   │         │
   │         │
┌──┴──┐   ┌──┴──┐
│  B  │   │  D  │
└──┬──┘   └──┬──┘
   │         │
   │         │
   └────┬────┘
    ┌───┴───┐
    │   C   │
    └───────┘

- Data travels in one direction (or both in dual ring)
- Each device regenerates signal

Advantages:

• Predictable performance
• Equal access for all devices
• No collisions (token-based access)

Disadvantages:

• Single break disables network (single ring)
• Adding/removing devices disrupts network
• Difficult to troubleshoot

Modern use: Rare for LANs. Used in some high-reliability scenarios with dual counter-rotating rings (SONET/SDH fiber networks). Some industrial networks use ring topology.

Mesh Topology

In a mesh topology, devices have multiple connections to other devices, providing redundant paths.

Full Mesh (4 devices) Partial Mesh

Full Mesh (4 devices):          Partial Mesh:
─────────────────────          ─────────────

    A ─────── B                    A ─────── B
    │ \     / │                    │         │
    │   \ /   │                    │         │
    │   / \   │                    │         │
    │ /     \ │                    │         │
    C ─────── D                    C ─────── D

Full mesh: Every device                Partial mesh: Some
connects to every other               redundancy, not complete
N devices = N(N-1)/2 links

Advantages:

• Highly redundant—survives multiple failures
• Multiple paths allow load balancing
• No single point of failure

Disadvantages:

• Expensive (many connections needed)
• Complex to configure and troubleshoot
• Scales poorly (full mesh connections grow with square of devices)

Modern use: Internet backbone uses partial mesh. Data center spine-leaf architectures use mesh principles. Wireless mesh networks for home and community WiFi.

Hybrid Topology

Real networks almost always use hybrid topologies—combinations of the above.

Typical Enterprise Hybrid Topology

Typical Enterprise Hybrid Topology:
──────────────────────────────────

Internet ─── [Firewall] ─── [Core Switch] ────┬─── [Server Switch]
                                              │
                            ┌─────────────────┼─────────────────┐
                            │                 │                 │
                       [Dist Switch 1]   [Dist Switch 2]   [Dist Switch 3]
                            │                 │                 │
                         (Star)            (Star)            (Star)
                           │││               │││               │││
                      Departments       Departments       Departments

The internet itself is a massive hybrid: mesh at the backbone, star at the edges, with hierarchy organizing it all.

Topology Comparison

Topology	Redundancy	Cost	Complexity	Failure Impact	Modern Use
Bus	None	Low	Low	Entire network	Rare
Star	None	Medium	Low	One device	LANs
Ring	None/Medium	Medium	Medium	Entire/half	Industrial
Mesh	High	High	High	Minimal	Backbones
Hybrid	Varies	Varies	High	Localized	Most real networks

Security Note: Topology affects attack propagation. In bus topology, any compromised device sees all traffic (passive eavesdropping is trivial). Star topology with switches provides better traffic isolation, but switch attacks can restore eavesdropping capability. Understanding topology helps model attack paths.

---

Network Devices

The physical devices that make networks function. Understanding them is essential for both building networks and attacking/defending them.

Network Interface Card (NIC)

A Network Interface Card is the hardware that connects a computer to a network. Every NIC has a unique MAC address (Media Access Control address)—a 48-bit identifier assigned at manufacture.

MAC Address Format

MAC Address Format:
──────────────────

XX:XX:XX:XX:XX:XX
│                │
└────────────────┴─── 48 bits total (6 bytes)
   
Example: 00:1A:2B:3C:4D:5E

First 3 bytes: OUI (Organizationally Unique Identifier)
               Identifies the manufacturer
               
Last 3 bytes: Device unique identifier
              Assigned by manufacturer

Modern computers typically have:

• Wired Ethernet NIC (built into motherboard)
• Wireless NIC (built-in or add-on card)
• Sometimes additional NICs for VMs or specialized use

Security Note: MAC addresses are supposed to be unique, but they can be easily changed (spoofed) in software. MAC-based access controls are therefore weak. Virtual machines can generate arbitrary MAC addresses. See Part II, Chapter 2.

Hub (Legacy)

A hub is a simple device that connects multiple devices in a star topology. When any device sends data, the hub repeats it to all ports—it’s essentially a multi-port repeater.

Hub Behavior

Hub Behavior:
────────────

When A sends to D:

    A ─ sends ─►[HUB]─ broadcasts ─► B
                 │
                 ├─ broadcasts ─► C
                 │
                 └─ broadcasts ─► D 
                 
B and C also receive the data (but ignore it)

Hubs are obsolete for most purposes:

• No intelligence—broadcast everything everywhere
• Collisions occur (devices can’t transmit simultaneously)
• Security nightmare—all traffic visible to all devices

You may still encounter them in:

• Very old networks
• Intentional network monitoring setups (to capture all traffic)
• Low-cost IoT scenarios

Security Note: The hub’s “send everything everywhere” behavior is what switches were designed to prevent. However, ARP spoofing and MAC flooding attacks can make switches behave like hubs, allowing attackers to sniff traffic. Hubs in security contexts are sometimes used deliberately to enable packet capture.

Switch

A switch is an intelligent device that connects devices in a star topology and forwards traffic only to the intended recipient.

Switch Behavior

Switch Behavior:
───────────────

When A sends to D:

    A ─ sends ─►[SWITCH]─────────────► D 
                  │
                  │    (B and C don't see this traffic)
                  │
              ┌───┴───┐
              │ MAC   │
              │ Table │
              └───────┘
              Port 1: MAC_A
              Port 2: MAC_B
              Port 3: MAC_C
              Port 4: MAC_D

How switches learn:

1. Device A sends frame with source MAC_A
2. Switch notes: “MAC_A is on port 1”
3. Switch builds table mapping MAC addresses to ports
4. Future frames to MAC_A go only to port 1

Switch types:

• Unmanaged: Plug and play, no configuration
• Managed: Configurable VLANs, port security, monitoring
• Layer 3: Also performs routing (hybrid switch/router)

Switches operate at Layer 2 (Data Link Layer), making forwarding decisions based on MAC addresses.

Security Note: Switches provide better security than hubs by isolating traffic, but they’re not impenetrable. MAC flooding can overflow the MAC table, causing the switch to broadcast like a hub. ARP spoofing can redirect traffic through an attacker. Port security features can mitigate these, but must be enabled. See Part II, Chapter 2.

Router

A router connects different networks together, making forwarding decisions based on IP addresses (Layer 3).

Router Connecting Networks

Router Connecting Networks:
──────────────────────────

Network 192.168.1.0/24          Network 192.168.2.0/24
         │                                │
   ┌───────────┐                    ┌───────────┐
   │ Switch    │                    │ Switch    │
   └─────┬─────┘                    └─────┬─────┘
         │                                │
         └────────── [Router] ────────────┘
                         │
                     Routing Table:
                     192.168.1.0/24 → interface eth0
                     192.168.2.0/24 → interface eth1
                     0.0.0.0/0 → ISP gateway

Router functions:

• Connect networks using different technologies
• Route packets based on destination IP
• Provide Network Address Translation (NAT)
• Often include firewall capabilities
• Separate broadcast domains

Home “routers” are actually multi-function devices combining:

• Router (WAN to LAN routing, NAT)
• Switch (multiple LAN ports)
• Wireless access point (WiFi)
• DHCP server (IP assignment)
• Basic firewall

Wireless Access Point (AP)

A wireless access point bridges wireless devices to a wired network.

Access Point Function

Access Point Function:
─────────────────────

     Wireless Clients
  ┌──────────┐  ┌────────┐
  │Smartphone│  │ Laptop │
  └─────┬────┘  └──┬─────┘
        │   WiFi   │
        └────┬─────┘
             │
        ┌────┴────┐
        │   AP    │
        └────┬────┘
             │ Ethernet
             │
        ┌────┴────┐
        │ Switch  │
        └─────────┘

Modern access points support:

• Multiple frequency bands (2.4 GHz, 5 GHz, 6 GHz)
• Multiple SSIDs (networks) with different security settings
• Mesh networking with other APs
• Client isolation and security features

Firewall

A firewall monitors and controls network traffic based on security rules.

Firewall Position

Firewall Position:
─────────────────

                       Blocked Traffic
                            │
Internet ──► [Firewall] ───►│──────── LAN
                  │         │
                  │         │
             Rules:         │
             - Allow 80,443 │
             - Block 23     │
             - Allow established
             - Default deny

Firewall types:

• Packet filter: Examines headers (IP, ports, protocols)
• Stateful: Tracks connection state, allows related traffic
• Application/proxy: Understands application protocols
• Next-generation (NGFW): Deep inspection, IPS, application awareness

Firewalls can be:

• Dedicated hardware appliances
• Software on general-purpose servers
• Built into routers/operating systems
• Cloud-based services

Device Summary

Device	OSI Layer	Forwards Based On	Primary Function
Hub	1 (Physical)	Nothing—broadcasts all	Signal repeating
Switch	2 (Data Link)	MAC address	LAN forwarding
Router	3 (Network)	IP address	Network interconnection
Firewall	3-7	Rules	Security filtering
AP	2	MAC (bridges wireless)	Wireless connectivity

TRY IT YOURSELF

On your own network, identify each device type:

# Find your default gateway (router)
ip route | grep default        # Linux
netstat -nr | grep default     # macOS
ipconfig | findstr Gateway     # Windows

# Find your MAC address
ip link show                   # Linux
ifconfig | grep ether          # macOS
getmac                         # Windows

---

Key Takeaways

1. Networks exist to share resources, enable communication, and overcome the limitations of standalone computers

2. Historical context matters: Protocols were designed for trusted environments, explaining why security was often an afterthought

3. Network classification by scope (PAN, LAN, MAN, WAN) affects technology choices and security considerations

4. Modern paradigms (edge computing, mesh networking, SDN) are reshaping network architecture

5. Communication models (client-server, P2P, hybrid) have different trust assumptions and attack surfaces

6. Topology affects performance, reliability, and how attacks propagate

7. Understanding devices is essential—switches, routers, firewalls each have different security profiles

---

Review Questions

1. What was ARPANET, and what fundamental networking concepts did it pioneer?

2. Compare LANs and WANs in terms of speed, latency, and security considerations.

3. How does edge computing differ from traditional cloud computing, and what new security challenges does it introduce?

4. In the client-server model, why are servers high-value targets for attackers?

5. Why is star topology dominant in modern LANs despite having a single point of failure?

6. What’s the security difference between a hub and a switch, and how can that difference be undermined?

7. At which OSI layer does a router make forwarding decisions? A switch?

---

Further Reading

• “Where Wizards Stay Up Late” by Katie Hafner - History of ARPANET
• RFC 1180 - A TCP/IP Tutorial (introductory overview)
• IEEE 802.3 - Ethernet standard
• IEEE 802.11 - Wireless LAN standards

---