Further Reading: Chapter 6 — Networking Fundamentals for Hackers

Essential Reading

Networking Foundations

Kurose, James F. and Keith W. Ross. Computer Networking: A Top-Down Approach (8th edition, Pearson, 2021). The standard academic textbook on computer networking. While not security-focused, it provides the most thorough and well-explained treatment of the protocols covered in this chapter. The top-down approach (starting from the application layer and working down) complements our bottom-up security perspective. Why read this: The deepest understanding of network attacks comes from first deeply understanding the protocols themselves.

Fall, Kevin R. and W. Richard Stevens. TCP/IP Illustrated, Volume 1: The Protocols (2nd edition, Addison-Wesley, 2011). The definitive reference on TCP/IP protocols, updated from Stevens' legendary original. Every protocol is explained with actual packet traces, making it invaluable for understanding what you see in Wireshark. Volume 1 covers the protocols; Volume 2 covers the implementation. Why read this: If you want to understand TCP/IP at the level required for advanced packet crafting and protocol exploitation, this is the authoritative reference.

Tanenbaum, Andrew S. and David J. Wetherall. Computer Networks (6th edition, Pearson, 2021). Another excellent networking textbook that provides comprehensive coverage from the physical layer through the application layer. Tanenbaum's explanations of the OSI model and protocol design principles are particularly clear. Why read this: An alternative or complement to Kurose/Ross, with slightly more emphasis on lower-layer protocols.

Network Security

Sanders, Chris. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (3rd edition, No Starch Press, 2017). The best hands-on guide to Wireshark. Sanders walks through real-world packet captures, teaching you how to analyze network traffic, troubleshoot problems, and identify security incidents. Each chapter includes practical exercises with downloadable pcap files. Why read this: The fastest path to Wireshark proficiency for security professionals.

Biondi, Philippe et al. *Scapy Documentation.(Available at scapy.readthedocs.io.) The official Scapy documentation, including tutorials, API references, and examples. While the documentation can be sparse in places, the interactive tutorial is an excellent starting point. Why read this: Essential reference for anyone using Scapy for packet crafting and network testing.

McNab, Chris. Network Security Assessment: Know Your Network (3rd edition, O'Reilly, 2016). A practical guide to network security testing that bridges the gap between networking theory and penetration testing practice. Covers network scanning, service enumeration, and protocol-level testing. Why read this: Directly applies networking fundamentals to penetration testing scenarios.

Protocol-Specific Deep Dives

Liu, Cricket and Paul Albitz. DNS and BIND (5th edition, O'Reilly, 2006). The definitive reference on DNS. While somewhat dated, the protocol fundamentals remain valid, and the book's treatment of zone transfers, dynamic updates, and DNSSEC is comprehensive. Understanding DNS at this level is essential for the DNS attack and defense techniques covered in this chapter. Why read this: DNS is one of the most important protocols for penetration testers, and this book provides the deepest understanding.

Rescorla, Eric. SSL and TLS: Designing and Building Secure Systems (Addison-Wesley, 2001). While the specific protocol versions discussed are now deprecated, Rescorla's explanation of the principles of transport-layer security — handshake protocols, cipher suite negotiation, certificate validation — remains relevant and is clearer than most modern sources. Why read this: Understanding TLS design principles helps you understand why attacks like Heartbleed, POODLE, and BEAST work.

Plummer, David C. "An Ethernet Address Resolution Protocol." RFC 826, November 1982. The original ARP specification. At only 10 pages, it is one of the most readable RFCs ever written and clearly illustrates ARP's trust-based design that makes spoofing possible. Why read this: Reading the original protocol specification gives you the deepest understanding of why ARP spoofing works.

Advanced Topics

BGP Security

Goldberg, Sharon. "Why Is It Taking So Long to Secure Internet Routing?" Communications of the ACM 57, no. 10 (2014): 56-63. An accessible analysis of why BGP security adoption is so slow, covering the technical, economic, and organizational barriers. Why read this: Explains the systemic challenges of securing a protocol that the entire internet depends on.

Hauptman, Sean, Demchak, Chris C., and Shavitt, Yuval. "China's Maxim — Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking." Military Cyber Affairs 3, no. 1 (2018). The Naval War College analysis of China Telecom's BGP anomalies, examining the evidence for intentional routing manipulation. Why read this: A detailed technical analysis of suspected state-sponsored BGP hijacking.

Heartbleed and Protocol Vulnerabilities

Durumeric, Zakir, et al. "The Matter of Heartbleed." Proceedings of the ACM Internet Measurement Conference, 2014. The most comprehensive technical analysis of Heartbleed's impact, based on internet-wide scanning data. The authors measured the vulnerability's prevalence, the speed of patching, and the effectiveness of certificate revocation. Why read this: Data-driven analysis of how a major protocol vulnerability plays out in practice.

Carnavalet, Xavier de, and van Oorschot, Paul C. "Challenges and Implications of TLS 1.3." Proceedings of the Applied Networking Research Workshop, 2017. Analysis of TLS 1.3's security improvements and implementation challenges. Why read this: Understanding current TLS security is essential for web application testing.

Packet Analysis and Crafting

Orebaugh, Angela, Gilbert Ramirez, and Jay Beale. Wireshark & Ethereal Network Protocol Analyzer Toolkit (Syngress, 2007). Despite its age, this book provides an excellent foundation in network protocol analysis methodology that remains relevant. The sections on developing custom Wireshark dissectors and using Wireshark for forensics are particularly valuable. Why read this: Develops advanced Wireshark skills beyond basic packet capture.

Kozierok, Charles M. The TCP/IP Guide (No Starch Press, 2005). An extraordinarily comprehensive reference covering virtually every TCP/IP protocol in detail. At over 1,600 pages, it serves as an encyclopedia of networking protocols. Why read this: The most comprehensive single-volume TCP/IP reference available.

Online Resources and Tools

Wireshark Wiki — Display Filter Reference. The complete reference for Wireshark display filters, organized by protocol. URL: https://wiki.wireshark.org/DisplayFilters

Nmap Reference Guide. The official Nmap documentation, including detailed explanations of every scan type, timing option, and output format. Written by Nmap's creator, Gordon "Fyodor" Lyon. URL: https://nmap.org/book/man.html

IANA Protocol Registries. The Internet Assigned Numbers Authority maintains the definitive registries of port numbers, protocol numbers, and other protocol parameters. URL: https://www.iana.org/protocols

BGPStream by CAIDA. A real-time BGP monitoring service that allows you to observe BGP routing announcements and withdrawals. Excellent for understanding BGP dynamics and studying historical hijacking incidents. URL: https://bgpstream.caida.org/

Shodan. A search engine for internet-connected devices that provides visibility into exposed services, protocols, and configurations across the internet. Useful for understanding the scale of protocol-level exposures. URL: https://www.shodan.io/

Practice Resources

CloudShark. A web-based packet analysis platform that hosts shared pcap files and provides a browser-based Wireshark-like interface. Useful for studying example captures without downloading files. URL: https://www.cloudshark.org/

PacketLife.net — Cheat Sheets. Free cheat sheets for subnetting, Wireshark filters, TCP/IP protocols, and common port numbers. Excellent quick references for penetration testers. URL: https://packetlife.net/library/cheat-sheets/

CyberDefenders — Blue Team Labs. Provides downloadable pcap files and challenges for network forensics practice. Exercises range from beginner to advanced and include realistic network traffic analysis scenarios. URL: https://cyberdefenders.org/

OverTheWire — Bandit and Natas. Online wargames that include network-focused challenges requiring protocol analysis and packet crafting skills. URL: https://overthewire.org/wargames/