← Academy Hub
🌐
Learning Track · 24 modules

Networking

OSI layers, TCP/IP, subnetting, packet analysis — the foundation of every security skill.

Why this track

Networking is the bedrock skill every security practitioner returns to. Whether you are reading a Wireshark capture from an incident, designing a segmentation refactor for an RBI inspection, or pivoting through an internal during a red-team engagement — it always comes back to packets, protocols, and trust boundaries. This track takes you from OSI fundamentals through routing, firewalls, VPNs, BGP, IPv6, and Wireshark-driven investigation. The goal: by the end you can explain any packet on any wire and design any segmentation any auditor will accept.

What you will be able to do
  • Read and explain any packet capture in Wireshark, including TLS handshake decode
  • Design network segmentation that survives RBI / SEBI / IRDAI / NCIIPC scrutiny
  • Diagnose routing, ACL, NAT, and BGP issues in production environments
  • Identify and remediate IPv6 misconfigurations that introduce silent attack surface
  • Evaluate VPN architectures (IPsec, WireGuard, ZTNA) with confidence
Prerequisite: No formal prerequisite — this IS the prerequisite. Comfort with the command line helps.
24
Modules
31.1 h
Total time
24
Free modules
Quiz retries
Difficulty mix
Beginner · 3 Intermediate · 14 Advanced · 7

Module sequence

M1
Networking Fundamentals — OSI, TCP/IP, and Why Layers Actually Matter
OSI is a teaching model. TCP/IP is what actually runs on the wire. Most "OSI questions" in interviews are really about how data physically moves between two computers — frames, packets, segments, sockets. This module gives you the working mental model: the four layers that matter
Beginner 60 min
M2
Packet Analysis with Wireshark — From “Open the PCAP” to Diagnosing Real Incidents
Wireshark is the universal protocol analyser. Every IR investigation, network design review, and "this protocol is misbehaving" debug eventually becomes a Wireshark session. This module teaches the workflow that distinguishes a beginner from a practitioner: capture filters vs dis
Beginner 90 min
M3
Network Protocols Deep Dive — ARP, DHCP, ICMP, DNS, HTTP and the Trust They Assume
Protocols are contracts between machines. Most of the protocols the Internet runs on were designed in the 1980s assuming everyone on the wire was friendly. They are not. This module dissects the seven protocols you must know cold — ARP, DHCP, ICMP, DNS, NTP, HTTP, TLS — and the t
Intermediate 90 min
M4
Advanced Routing and VLANs — Static, OSPF, EIGRP, and Where Trust Boundaries Actually Live
Routing is how packets find their way across networks larger than a single broadcast domain. This module is the working introduction to routing tables, longest-prefix match, static routes, OSPF, EIGRP, redistribution, and the VLAN model that segments a single switch into multiple
Intermediate 90 min
M5
Firewall and ACL Design — Stateless, Stateful, NGFW, and the Rules That Survive 5 Years
A firewall is just a structured list of "allow / deny" rules applied to traffic. Stateless ACLs filter packet by packet; stateful firewalls track connections; NGFWs add Layer 7 inspection. The trick to firewall design is not picking the product — it is designing rules that are ex
Intermediate 90 min
M6
VPN Fundamentals — IPsec, OpenVPN, WireGuard and the Math That Makes Them Work
A VPN tunnels Layer 3 (or Layer 2) traffic over an untrusted network, with confidentiality, integrity, and authentication. The three protocols you need to know are IPsec (the enterprise default), OpenVPN (the legacy SSL VPN), and WireGuard (the modern lightweight default). This m
Intermediate 90 min
M7
IPv6 Security — Why You Already Have IPv6 Even If You Did Not Notice
IPv6 is on by default in every modern operating system. If you only configured IPv4 ACLs, half your network is unprotected. This module covers IPv6 addressing (link-local, ULA, GUA), Stateless Address Auto-Configuration (SLAAC), Neighbor Discovery (the ARP replacement and its att
Advanced 90 min
M8
BGP Security and RPKI — How the Internet Trusts Itself, and Why It Sometimes Should Not
BGP is the routing protocol of the Internet — every ISP, hyperscaler, and large enterprise speaks it. It assumes good behaviour by every participant; that assumption fails several times a year, and we get prefix hijacks, route leaks, and accidental outages. RPKI cryptographically
Advanced 120 min
M9
DNS — From Resolution to Tunneling, Cache Poisoning, and DoH-Driven Bypass
DNS is unauthenticated, mostly unencrypted, and the precondition for every connection on the Internet. This module walks through how a query actually resolves (recursive vs authoritative), the attack catalogue (cache poisoning, hijack, tunnelling, NXDOMAIN exfil), and the modern
Intermediate 90 min
M10
Wireless Security and Wi-Fi Attacks — WEP to WPA3, and Why Captive Portals Lie
Wi-Fi has gone through five generations of security: WEP (broken, do not deploy), WPA/WPA2 (still common, still attackable via offline cracking and KRACK), WPA3 (the modern default with SAE replacing PSK), and 802.1X / WPA3-Enterprise for managed environments. This module covers
Intermediate 90 min
M11
TLS 1.3 — Inside the Handshake, Byte by Byte
TLS 1.3 (RFC 8446) is the modern transport-security protocol every browser, API, and increasingly every database now speaks. Compared to TLS 1.2 it cuts handshake round-trips, removes broken cryptography, and provides forward secrecy by default. This module walks the handshake —
Intermediate 75 min
M12
NAT, PAT, and the IPv4 Internet’s Duct Tape
Network Address Translation maps private IPv4 addresses to public ones, allowing many devices to share a single public IP. PAT (Port Address Translation, often called NAPT or "NAT overload") is the variant most home routers and enterprise edges use. NAT is the duct-tape that kept
Beginner 60 min
M13
Network Segmentation — VLANs, VRFs, Microsegmentation, and the Tiers Auditors Actually Look For
Segmentation is splitting your network into zones with controlled traffic between them. Done well it slows lateral movement, reduces blast radius, and is the single control RBI/SEBI/IRDAI auditors quote most often. This module covers VLAN segmentation (the campus baseline), VRF f
Intermediate 90 min
M14
Load Balancers, Reverse Proxies, and the L7 Stack
A load balancer distributes traffic across backend servers. A reverse proxy sits in front of backend servers, terminating client connections, often inspecting and rewriting traffic. In modern architectures, the line is blurred: nginx, HAProxy, Envoy, AWS ALB, Cloudflare all do bo
Intermediate 90 min
M15
Network Telemetry — NetFlow, sFlow, IPFIX, and What a SOC Actually Watches
Network telemetry is the per-flow metadata your routers and switches export — who talked to whom, when, how much, on what ports. NetFlow (Cisco), sFlow (broadcom/multivendor), IPFIX (the IETF standard) are the three protocols you will meet. PCAP captures everything; telemetry cap
Intermediate 90 min
M16
CDN and DDoS Defence — Cloudflare, Akamai, Anti-Bot in 2026
A CDN serves your content from edge nodes near users — fast, reliable, and incidentally an extraordinary DDoS shield. This module covers what a CDN actually does (caching, anycast, TLS termination), how DDoS attacks have evolved (volumetric, protocol, application, bot-driven), an
Intermediate 90 min
M17
Zero Trust Network Access vs Traditional VPN — The Replacement Pattern That Is Now Default
Traditional VPN puts users on the corporate network — once authenticated, broad reachability. ZTNA does the opposite — explicit per-application authorisation, no network-level access, continuous verification. ZTNA is the modern remote-access pattern; VPN remains for site-to-site.
Intermediate 90 min
M18
MPLS, SD-WAN, and the Indian Enterprise WAN
MPLS is the legacy carrier-grade WAN — expensive, predictable, low-jitter, with operator-managed L3 VPNs. SD-WAN overlays multiple cheaper transports (broadband, LTE, 5G, MPLS) with software-defined policy, dynamic path selection, and integrated security. The Indian enterprise WA
Intermediate 90 min
M19
Network Forensics — Reading Captures Like a Detective
Network forensics is the art of reconstructing what happened from packets and flow logs after the fact. This module is the practitioner walk-through: chain of custody, the evidence stack (PCAP + Zeek + flow + endpoint), the workflow for a compromise investigation, the most useful
Advanced 120 min
M20
SD-WAN and SASE Architecture
The traditional WAN vs SD-WAN Traditional SD-WAN MPLS private circuits Internet underlay with overlay tunnels All branches → HQ → internet Local internet break-out at branches Static routing Dynamic policy-driven path selection High cost per Mbps Internet-economics pricing SASE — the convergence SASE = SD-WAN + cloud-delivered security stack: SWG (Secure Web Gateway): web traffic […]
Advanced 35
M21
DNS Security — DoH, DoT, DNSSEC, Sinkholing
The classic DNS problems Plaintext queries visible to network observers. Response forgery / cache poisoning. No cryptographic authenticity. DNS used for data exfiltration. DGA and fast-flux evading blocklists. DoH and DoT Protocol Port Defender visibility DoT 853/TCP Recognisable at the network layer DoH 443/TCP mixed with HTTPS Hidden in HTTPS; hard to distinguish DoQ 443/UDP […]
Intermediate 30
M22
IPv6 Security in Modern Networks
The IPv6 attack surface The single most common Indian enterprise issue: IPv6 enabled on endpoints / VMs by default, no explicit IPv6 security controls. Dual-stack hosts get IPv6 addresses, IPv4 firewalls don’t see the traffic, attack-paths become invisible. The recurring IPv6-specific issues Link-local addresses: every host has fe80::/10. No DHCP needed; auto-configuration via SLAAC. Attacker […]
Advanced 35
M23
Mutual TLS and Service Identity at the Network Layer
What mTLS provides Each side of the connection presents a certificate. Both verify the other’s certificate against trust chain. Traffic encrypted with negotiated keys. Identity bound cryptographically to the endpoint. This eliminates network-position-based trust: “you’re inside the firewall, so I trust you” becomes “you have a valid certificate from our CA, so I trust you.” […]
Advanced 35
M24
Network Forensics — PCAP, NetFlow, Zeek
The network-forensics evidence layers Layer What it shows Full PCAP Every byte of every packet NetFlow / IPFIX / sFlow Conversation summaries (src, dst, bytes, duration) Zeek / Bro logs Protocol-decoded conversation logs DNS / Proxy logs Application-layer name resolution / web access Firewall logs Connection accept / deny events Each layer trades storage for […]
Advanced 35

Related tracks

🛰️
Track
Attacker Mindset — Network
Segmentation, Layer 2 trust, C2 evasion, Kerberos, VPN, BGP, OT, wireless — why each class of network attack persists.
Track
Cloud Security Practitioner
AWS → Azure → GCP → Kubernetes. Real hardening, not checklists.
📡
Track
Blue Team / SOC Operations
How defenders actually work. SOC structure, SIEM, detection engineering, EDR, malware triage.

Common questions about this track

Do I need this if I already work in cloud? +

Yes. Cloud is a network on top of a network. Every cloud security practitioner we work with who skips fundamentals hits a wall at VPC peering, transit gateway, or cross-region traffic engineering. These modules close that gap.

Is this red-team or blue-team focused? +

Neither — it is foundational. Both red and blue teams need it. The Attacker Mindset — Network track is the offensive companion; Blue Team / SOC adds the defender layer.

Will I need real network gear? +

No. Modules use Wireshark on captures we provide, plus optional GNS3 / EVE-NG labs for those who want hands-on routing practice. Everything works on a laptop.

How long does the full track take? +

Most learners finish in 6-10 weeks at 4-5 hours per week. Faster if you have prior CCNA-level exposure.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map