Why Networking is the Ultimate Prerequisite
Many aspiring ethical hackers jump straight into buying exploit payloads and executing scripts. However, without a deep understanding of network layers, you are essentially flying blind.
The Certified Ethical Hacker (CEHv13) certification focuses heavily on networking. If you cannot explain how a packet travels from a source IP to a destination port, or how a router decides to drop a TCP frame, you will fail the scan-and-recon modules of the exam.
In this guide, we break down the exact networking fundamentals you need to pass the CEH exam and begin executing real network-level penetration testing.
1. The OSI Model: The Hacker’s Map
The Open Systems Interconnection (OSI) model divides network communication into seven logical layers. As an ethical hacker, your targets usually live in Layers 2, 3, 4, and 7:
| Layer | Name | Common Protocols | Hacker Activity |
|---|---|---|---|
| Layer 7 | Application | HTTP, FTP, DNS, SSH | Web application exploits, API testing |
| Layer 4 | Transport | TCP, UDP | Port scanning, firewall evasion, session hijacking |
| Layer 3 | Network | IP, ICMP, ARP | IP spoofing, routing redirects, ICMP ping sweeps |
| Layer 2 | Data Link | Ethernet, MAC | ARP poisoning, MAC flooding |
To exploit a target, you must determine which layer you are attacking. For example, a WAF bypass operates at Layer 7, while a port scan operates at Layer 4.
2. The TCP Three-Way Handshake
Transmission Control Protocol (TCP) is a connection-oriented protocol. Before any data can transit, the client and server must perform a three-way handshake:
sequenceDiagram
participant Client as Pentester
participant Server as Target Web Server
Client->>Server: SYN (Synchronize)
Note over Client: "I want to talk. Here is my Sequence Number."
Server->>Client: SYN-ACK (Synchronize-Acknowledge)
Note over Server: "I hear you. Here is my ACK and my Sequence Number."
Client->>Server: ACK (Acknowledge)
Note over Client: "Received. Establishing connection."The SYN Scan (Stealth Scanning)
Pentesters leverage the handshake mechanics to perform stealth port scans (SYN scans). Using tools like nmap, a hacker sends a SYN packet.
- If the target responds with a
SYN-ACK, the port is open. The hacker immediately sends aRST(Reset) packet to tear down the connection before it completes, preventing the application server from logging a full connection attempt. - If the target responds with a
RST, the port is closed. - If there is no response, the port is filtered (likely by a firewall).
3. Essential Ports and Services to Memorize
To succeed in the CEHv13 examination, you must know these default ports by heart:
- Port 21: FTP (File Transfer Protocol - often target of anonymous login audits)
- Port 22: SSH (Secure Shell - brute-forcing, credential stuffing)
- Port 23: Telnet (Unencrypted remote shell - absolute security vulnerability)
- Port 25: SMTP (Simple Mail Transfer Protocol - user enumeration)
- Port 53: DNS (Domain Name System - zone transfers, poisoning)
- Port 80 / 443: HTTP / HTTPS (Web applications)
- Port 445: SMB (Server Message Block - critical exploits like EternalBlue)
From Theory to Hands-on Simulation
Memorizing the OSI model and port tables is enough to pass multiple-choice questions, but it will not make you a network security engineer. Real engineering requires execution.
At Hackeronaut, we don’t believe in forcing you to read dry slides. Our CEHv13 Prep Hub features dedicated sandbox instances where you can spin up targets, perform actual stealth scans, construct packet headers, and analyze traffic logs.
Start Training on Your Own Terms
We believe elite security training should be accessible. That’s why we have implemented the PAY WHAT YOU WANT model for our CEHv13 training.
[!TIP] Your Next Action Step: Don’t spend $1,000+ on theoretical bootcamps. Tap the link below, pay whatever amount you want today, and get instant access to the CEH prep simulator and visual skill tree mapping.