Essential Network Protocols

On this page, I am sharing the most common network protocols security analyst should master. These protocols help you understand how data flows, where threats might hide, and how to intercept malicious activity. 

🧠 Core Communication Protocols

TCP/IP

Reliable data transmission.

Used in most attacks; TCP flags help detect scans and exfiltration.

UDP

Fast, connectionless communication.

Common in DNS tunnelling and DDoS attacks.

ICMP

Diagnostic and error reporting.

Used in reconnaissance (e.g., ping sweeps).

🔐 Security-Focused Protocols

These are designed to protect data in transit — knowing how they work (and how attackers bypass them) is critical.

IPSec

Network (Layer 3)

Encrypts IP traffic; used in VPNs

SSL/TLS

Transport (Layer 4)

Secures web traffic

HTTPS

Application (Layer 7)

Secure web browsing

SSH

Application

Secure remote access; often abused for lateral movement

🧭 Discovery & Management Protocols

These help devices communicate and manage themselves; attackers often exploit them for reconnaissance purposes.

DNS

Resolves domain names

Used in DNS tunnelling and C2 communication

DHCP

Assigns IP addresses

Rogue DHCP servers can redirect traffic

SNMP

Network device management

Can leak sensitive config data if misconfigured

🕵️‍♂️ Monitoring & Logging Protocols

Syslog

Centralized logging

NetFlow/sFlow

Traffic flow analysis

SMB

File sharing; often targeted for lateral movement