subspace.andri.is

🤝 Interactive TCP Three-Way Handshake

The TCP handshake is how reliable connections are established. Watch the synchronized sequence of SYN, SYN-ACK, and ACK packets.

💻

CLIENT

192.168.1.100

🖥️

SERVER

93.184.216.34

📝 TCP Handshake Process

SYN (Synchronize): Client sends SYN packet with initial sequence number to initiate connection
SYN-ACK (Synchronize-Acknowledge): Server responds with SYN-ACK, acknowledging client's sequence number and sending its own
ACK (Acknowledge): Client sends final ACK to confirm - connection established!

Why 3-way? This ensures both sides are ready to communicate and have synchronized their sequence numbers for reliable, ordered data transmission.

🔍 DNS Query Resolution Process

Domain Name System translates human-readable domains into IP addresses. See the hierarchical lookup process.

💻

Your Device

Initiates query

→

🔄

DNS Resolver

Recursive lookup

→

🗄️

Root Server

Points to TLD

→

🌐

TLD Server

Points to Auth NS

→

✅

Authoritative

Returns IP

🎯 DNS Record Types

A Record: Maps domain to IPv4 address (e.g., 93.184.216.34)
AAAA Record: Maps domain to IPv6 address
CNAME: Canonical name (alias) pointing to another domain
MX Record: Mail exchange servers for email routing
TXT Record: Text records for verification and SPF/DKIM
NS Record: Name servers authoritative for the domain

🔐 HTTP vs HTTPS Security Comparison

Understanding the critical differences between secure and insecure web protocols.

⚠️

HTTP (Insecure)

PLAINTEXT NO ENCRYPTION

❌ Unencrypted - Data sent in plain text
👁️ Eavesdropping - Anyone can intercept and read
🎯 MITM Vulnerable - Easy to tamper with data
📡 Port 80 - Standard HTTP port
⚡ No Handshake - Direct connection
⛔ No Authentication - Can't verify server identity
🚫 Browser Warnings - Marked as "Not Secure"

🔒

HTTPS (Secure)

TLS 1.3 AES-256

✅ TLS/SSL Encryption - End-to-end encrypted
🔐 Data Privacy - Unreadable to attackers
🛡️ MITM Protection - Tampering detected
📡 Port 443 - Secure HTTPS port
🤝 TLS Handshake - Establishes secure session
✨ Certificate Auth - Verifies server identity
🏆 SEO Boost - Google ranks HTTPS higher

🔒 HTTPS Security Features

TLS/SSL Versions:

TLS 1.3 (2018): Latest, fastest, most secure. Reduced handshake, removed vulnerable ciphers
TLS 1.2 (2008): Still widely supported, secure with proper configuration
SSL 3.0, TLS 1.0, 1.1: Deprecated due to vulnerabilities (POODLE, BEAST)

HSTS (HTTP Strict Transport Security):

Forces HTTPS: Automatically redirects HTTP to HTTPS
Header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Prevents Downgrade: Blocks SSL stripping attacks
HSTS Preload: Browsers ship with hardcoded HTTPS-only domain list

Certificate Pinning:

Pin Public Keys: Apps validate specific certificate/public key
Prevents: Rogue CA attacks, fraudulent certificates
HPKP Header: Public-Key-Pins (deprecated, use Certificate Transparency)

Perfect Forward Secrecy (PFS):

Ephemeral Keys: Unique session keys for each connection
Past Security: Compromised private key doesn't decrypt past sessions
Cipher Suites: ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)

⚠️ Common HTTPS Mistakes

Mixed Content: Loading HTTP resources on HTTPS pages (blocked by browsers)
Expired Certificates: Must renew before expiration (use Let's Encrypt for free auto-renewal)
Self-Signed Certs: Browser warnings, not trusted by default
Weak Ciphers: RC4, 3DES, MD5-based ciphers are vulnerable
No HSTS: Leaves users vulnerable to SSL stripping on first visit

📦 Packet Structure Breakdown (OSI Model)

Network data is encapsulated in layers. Each layer adds headers for routing, error checking, and delivery. Click layers to expand.

📱 Layer 7: Application Layer (HTTP/HTTPS/DNS/SSH)

Purpose: User-facing protocols and application data
Protocols: HTTP, HTTPS, FTP, SMTP, DNS, SSH, Telnet, IMAP, POP3
Data Unit: Messages/Data
Example Header:

GET /api/users HTTP/1.1
Host: api.example.com
User-Agent: Mozilla/5.0
Accept: application/json
Authorization: Bearer eyJhbGc...

🔌 Layer 4: Transport Layer (TCP/UDP)

Purpose: End-to-end communication, reliability, flow control
Protocols: TCP (reliable), UDP (fast, unreliable)
Data Unit: Segments (TCP) / Datagrams (UDP)
TCP Header Fields:

Source Port: 16 bits (e.g., 52341)
Destination Port: 16 bits (e.g., 443 for HTTPS)
Sequence Number: 32 bits (for ordering)
Acknowledgment Number: 32 bits
Flags: SYN, ACK, FIN, RST, PSH, URG
Window Size: Flow control
Checksum: Error detection

🌐 Layer 3: Network Layer (IP)

Purpose: Logical addressing and routing between networks
Protocols: IPv4, IPv6, ICMP, OSPF, BGP
Data Unit: Packets
IPv4 Header Fields:

Version: 4 bits (IPv4 = 0100)
Source IP: 32 bits (e.g., 192.168.1.100)
Destination IP: 32 bits (e.g., 93.184.216.34)
TTL (Time To Live): 8 bits (hop limit, decrements at each router)
Protocol: 8 bits (6=TCP, 17=UDP, 1=ICMP)
Header Checksum: Error detection for header
Flags & Fragment Offset: For packet fragmentation

🔗 Layer 2: Data Link Layer (Ethernet/WiFi)

Purpose: Physical addressing, local network delivery
Protocols: Ethernet, WiFi (802.11), PPP, ARP
Data Unit: Frames
Ethernet Frame Fields:

Destination MAC: 48 bits (e.g., AA:BB:CC:DD:EE:FF)
Source MAC: 48 bits (hardware address)
EtherType: 16 bits (0x0800=IPv4, 0x86DD=IPv6, 0x0806=ARP)
Payload: 46-1500 bytes
FCS (Frame Check Sequence): 32-bit CRC for error detection

ARP (Address Resolution Protocol): Maps IP addresses to MAC addresses on local network

⚡ Layer 1: Physical Layer

Purpose: Raw bit transmission over physical medium
Media Types:

Copper (Ethernet): Cat5e, Cat6, Cat7 cables - electrical signals
Fiber Optic: Single-mode, Multi-mode - light pulses
Wireless: WiFi, 5G, Bluetooth - radio frequencies

Signal Encoding: Manchester, 4B/5B, 8B/10B encoding
Speeds: 1 Gbps (Gigabit Ethernet), 10 Gbps, 100 Gbps+
Binary: 10101100 11010101... (voltage levels, light on/off, radio waves)

🎯 Encapsulation Process

Sending (Top-Down):

Application creates data (e.g., HTTP request)
Transport layer adds TCP/UDP header (ports, sequence numbers)
Network layer adds IP header (source/dest IP addresses)
Data Link layer adds Ethernet frame (MAC addresses)
Physical layer converts to electrical/light signals

Receiving (Bottom-Up): Reverse process - each layer strips its header and passes data up

⚠️ Man-in-the-Middle Attack Demonstration

Compare how HTTP vs HTTPS handle the same attack scenario. Watch what an attacker can see!

❌ HTTP (Vulnerable)

👤

USER

💀

ATTACKER

🖥️

SERVER

Login: admin

Password: secret123

👁️ READING: admin / secret123

✅ HTTPS (Protected)

👤

USER

💀

ATTACKER

🖥️

SERVER

🔒 Encrypted

🔒 TLS Protected

❌ BLOCKED: ��&*#@$%

🎯 How MITM Attacks Work

ARP Spoofing: Attacker claims to be the router, intercepts local traffic
DNS Spoofing: Redirects domain lookups to malicious servers
SSL Stripping: Downgrades HTTPS to HTTP, steals plaintext data
Rogue WiFi: Fake access points (e.g., "Free Airport WiFi")
Session Hijacking: Steals session cookies to impersonate users

🛡️ Defense Against MITM Attacks

✅ Always Use HTTPS: Check for 🔒 padlock in address bar
🔐 Enable HSTS: Force HTTPS, prevent downgrade attacks
🌐 Use VPN: Encrypts all traffic on untrusted networks (airports, cafes)
⚠️ Avoid Public WiFi: For banking, shopping, sensitive data
🚫 Validate Certificates: Don't ignore browser security warnings!
📱 End-to-End Encryption: Signal, WhatsApp, iMessage encrypt on your device
🔒 Certificate Pinning: Apps validate specific certificates
🛡️ Use DNS over HTTPS (DoH): Encrypts DNS queries (Cloudflare 1.1.1.1)

✅ Real-World Example: Banking App

Without Protection (HTTP + Public WiFi):

❌ Attacker sees: Username, Password, Account Number, Transaction Details

With Protection (HTTPS + Certificate Pinning):

✅ Attacker sees: Encrypted gibberish - attack fails!

📊 Network Protocol Comparison

Compare characteristics of different network protocols and their use cases.

Protocol	Layer	Type	Speed	Reliability	Security	Use Case
TCP	Transport (L4)	Connection-oriented	🐢 Moderate	✅ High	❌ No encryption	Web, Email, File Transfer
UDP	Transport (L4)	Connectionless	🚀 Very Fast	⚠️ Best-effort	❌ No encryption	Streaming, Gaming, DNS, VoIP
HTTP	Application (L7)	Request/Response	⚡ Fast	✅ TCP-based	❌ Plaintext	Legacy web browsing
HTTPS	Application (L7)	HTTP + TLS	⚡ Fast	✅ TCP-based	✅ TLS encryption	Modern web, APIs, everything!
FTP	Application (L7)	File transfer	🐢 Moderate	✅ TCP-based	❌ Plaintext	Legacy file transfer
SFTP/SSH	Application (L7)	Encrypted shell	⚡ Fast	✅ TCP-based	✅ SSH encryption	Secure remote access, file transfer
DNS	Application (L7)	Name resolution	🚀 Very Fast	⚠️ UDP (fallback TCP)	⚠️ Plaintext (use DoH)	Domain to IP translation
WebSocket	Application (L7)	Full-duplex	🚀 Real-time	✅ TCP-based	✅ Can use TLS (wss://)	Chat, live updates, gaming
QUIC	Transport (L4)	UDP-based	🚀 Very Fast	✅ Built-in recovery	✅ Always encrypted	HTTP/3, modern web
ICMP	Network (L3)	Diagnostic	⚡ Fast	⚠️ Best-effort	❌ No encryption	Ping, traceroute, network diagnostics

🎯 TCP vs UDP

TCP: Like certified mail - guaranteed delivery, ordered, acknowledged. Perfect for web, email, file transfer where accuracy matters.

UDP: Like postcards - fast, no guarantees, no handshake. Perfect for streaming, gaming, DNS where speed > reliability.

🔐 Security First

Always prefer encrypted protocols:

HTTPS over HTTP
SFTP/SSH over FTP/Telnet
DoH (DNS over HTTPS)
WSS (WebSocket Secure)

🔥 Firewall Rule Simulator

Create and test firewall rules to control network traffic. Rules are evaluated in order (first match wins).

Source IP Address:

Destination Port:

Protocol:

Action:

Active Firewall Rules (evaluated in order):

No rules configured. Add rules to control traffic.

💡 Common Firewall Rules & Best Practices

Port 80 (HTTP): Usually allowed outbound, restricted inbound
Port 443 (HTTPS): Allow for web traffic
Port 22 (SSH): Restrict to specific IPs, disable password auth, use key-based
Port 3389 (RDP): Block from internet, use VPN for remote access
Port 3306 (MySQL): Never expose to internet, localhost only
ICMP Ping: Allow for diagnostics, or block to reduce recon
Default Deny: Block all, then whitelist specific services (better security)
Egress Filtering: Control outbound traffic to prevent data exfiltration

⚠️ Firewall Configuration Mistakes

Allow Any/Any: Defeats the purpose of a firewall
Exposed Database Ports: 3306, 5432, 27017 should never face internet
No Logging: Can't detect attacks without logs
Stale Rules: Old rules for decommissioned services create attack surface
No Rate Limiting: Vulnerable to DoS attacks

🔢 CIDR Notation Calculator

Calculate network ranges, subnet masks, and IP address information from CIDR notation.

📚 CIDR Notation Explained

CIDR (Classless Inter-Domain Routing) uses /X notation to specify network prefix length.

Common CIDR Blocks:

/32 - Single IP (255.255.255.255) - 1 host
/31 - Point-to-point link (255.255.255.254) - 2 IPs
/30 - 4 IPs (255.255.255.252) - 2 usable (router links)
/29 - 8 IPs (255.255.255.248) - 6 usable
/28 - 16 IPs (255.255.255.240) - 14 usable
/27 - 32 IPs (255.255.255.224) - 30 usable
/26 - 64 IPs (255.255.255.192) - 62 usable
/24 - 256 IPs (255.255.255.0) - 254 usable (Class C)
/16 - 65,536 IPs (255.255.0.0) - Class B
/8 - 16,777,216 IPs (255.0.0.0) - Class A

Private IP Ranges (RFC 1918):

10.0.0.0/8 - 10.0.0.0 to 10.255.255.255 (16M IPs)
172.16.0.0/12 - 172.16.0.0 to 172.31.255.255 (1M IPs)
192.168.0.0/16 - 192.168.0.0 to 192.168.255.255 (65K IPs)

Special Addresses:

127.0.0.0/8 - Loopback (localhost)
169.254.0.0/16 - Link-local (APIPA - auto-config when DHCP fails)
224.0.0.0/4 - Multicast
0.0.0.0/8 - "This network"

💡 Pro Tips

Subnetting: /24 gives you 256 IPs. /25 splits it into 2 subnets of 128 each.
Quick Math: /24 = 256 IPs, /25 = 128, /26 = 64, /27 = 32, /28 = 16, /29 = 8, /30 = 4
AWS VPC: Typical setup uses /16 for VPC, /24 for subnets
Kubernetes: Needs large ranges for pod IPs (often /16 or /14)

📈 Real-Time Network Statistics

Simulated network performance metrics and monitoring dashboard.

📡

0

Bandwidth (Mbps)

⚡

0

Latency (ms)

📦

0

Packets/sec

❌

0

Dropped Packets

🔄

0

Active Connections

⏱️

0

Uptime (hours)

📊 Understanding Network Metrics

Bandwidth: Maximum data transfer rate

Higher is better. Measured in Mbps/Gbps. Affects download speed, streaming quality.

Latency: Round-trip time for packets

Lower is better. <20ms excellent, <50ms good, >100ms noticeable lag.

Packets/sec: Packet transmission rate

Indicates network activity. High values during large transfers or many connections.

Dropped Packets: Lost in transmission

Should be near zero. Causes retransmissions, affects performance.

🤝 Interactive TCP Three-Way Handshake

📝 TCP Handshake Process

🔍 DNS Query Resolution Process

DNS Resolution Result:

🎯 DNS Record Types

🔐 HTTP vs HTTPS Security Comparison

HTTP (Insecure)

HTTPS (Secure)

🔒 HTTPS Security Features

TLS/SSL Versions:

HSTS (HTTP Strict Transport Security):

Certificate Pinning:

Perfect Forward Secrecy (PFS):

⚠️ Common HTTPS Mistakes

📦 Packet Structure Breakdown (OSI Model)

🎯 Encapsulation Process

⚠️ Man-in-the-Middle Attack Demonstration

❌ HTTP (Vulnerable)

✅ HTTPS (Protected)

🎯 How MITM Attacks Work

🛡️ Defense Against MITM Attacks

✅ Real-World Example: Banking App

📊 Network Protocol Comparison

🎯 TCP vs UDP

🔐 Security First

🔥 Firewall Rule Simulator

Active Firewall Rules (evaluated in order):

🧪 Packet Test Result:

💡 Common Firewall Rules & Best Practices

⚠️ Firewall Configuration Mistakes

🔢 CIDR Notation Calculator

📚 CIDR Notation Explained

Common CIDR Blocks:

Private IP Ranges (RFC 1918):

Special Addresses:

💡 Pro Tips

📈 Real-Time Network Statistics

📊 Understanding Network Metrics