No jargon. Analogies from life. After this lesson, you'll understand how one computer "calls" another over the internet โ and where a hacker can "eavesdrop".
Imagine a hacker is like a burglar. Before breaking in, they look for:
This lesson is about "house, doors, windows". If you don't understand โ the next modules will be like Chinese. If you get it โ you'll have a mental picture to build on.
No commands. Just pictures and analogies.
IP address = computer's home address on the internet.
Want to send a message to your grandma? You need to know her address (street, house). Without an address, the mailman won't arrive.
Want to open Google? Your computer needs to know Google's IP address. Without it, the browser won't arrive.
An IP address looks like four numbers separated by dots:
192.168.1.5
74.6.143.26
8.8.8.8Each number is between 0 and 255. That's it. This is the "address".
You have two addresses at home:
"Moscow, Pushkin Street, house 5" โ this address is known to the whole world. The mailman, friends, tax office. Anyone can write to you using this address.
On the internet, this is a public IP โ provided by your internet service provider (Bilain, MTS). All websites you visit can see it.
Inside your building, you don't have a street โ you have "apartment 22 on the 5th floor". This address is known only to your neighbors.
On the internet, this is a local IP โ your address within your home Wi-Fi. Usually starts with 192.168. or 10.. Websites on the internet can't see it.
Your neighbor on a different street also has apartment 22 โ nobody gets confused. Similarly: you have 192.168.1.5 at home, and your neighbor might also have 192.168.1.5. They are in different networks and don't intersect.
Without an IP, a hacker simply doesn't know where to knock. It's like trying to rob an apartment without knowing the building's address.
Getting a company's IP is easy: you google their domain, and DNS (which we'll cover later) converts "company.com" to an IP. Then the hacker works with the specific IP.
Port = window or door at your "house" (IP).
In a real apartment, there's one front door and some windows. In a computer, on one IP, there are 65,535 "windows". Each one runs its own program.
Analogy:
74.6.143.26 (Google)When your browser opens Google over https โ it knocks on 74.6.143.26 at window 443. Only on this window. Other windows are closed or not responding.
No need to memorize all 65,535 numbers. The main ones:
| Window Number | What Lives There | How to Explain to Mom |
|---|---|---|
| 22 | SSH (remote management) | Admin door, through which they enter the server |
| 80 | HTTP (regular website) | Store window without a lock |
| 443 | HTTPS (secure website) | Window with bulletproof glass |
| 3306 | MySQL (database) | Door to the warehouse with goods |
| 3389 | RDP (remote Windows desktop) | "Mirror" of someone else's screen |
If a website has an open window 3306 (database) โ this is a huge mistake by the owner. The database shouldn't be exposed. Often, there's no password either.
One of the largest classes of attacks in 2024 โ finding open databases on the internet. Shodan.io (a search engine for "windows on the internet") shows millions of such mistakes.
You've decided where to knock (IP + port). Now you need to decide how to send the data.
On the internet, there are two methods. In simple terms:
You send it, the mailman checks that the recipient actually received it. If not โ sends it again. Nothing gets lost.
When to use: when it's crucial not to lose data.
Downside: slightly slower. Each confirmation is an extra exchange.
You throw it in the mailbox and forget. If it arrives โ great. If not โ the next one will. No confirmations.
When to use: when speed is crucial, and losing 1-2 packets isn't critical.
Downside: can lose packets.
What delivery method do the following use:
When a hacker scans a server (Module 4) โ they can check TCP windows or UDP windows. TCP is fast: it's clear if it's open or closed. UDP is slow: the packet is sent, no response... is it closed or just not responding?
Many hackers forget to check UDP. But there are often interesting services (DNS, SNMP, NTP) running there. This can be useful โ looking for what others have missed.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ INTERNET โ
โ โ
โ Google's house (IP: 74.6.143.26) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Window 80 - HTTP โ โ
โ โ Window 443 - HTTPS โ โ your browser knocks here โ
โ โ Window 53 - DNS โ โ
โ โ Window 22 - SSH (closed from outside) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ Your house (IP: 95.181.4.12) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ All windows usually closed โ โ
โ โ Browser opens temporary windows โ โ
โ โ to receive responses โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ Between them, packets fly: โ
โ ๐ฌ TCP โ registered (important) โ
โ ๐ข UDP โ postcards (fast) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโIf you want to try it hands-on โ open a Kali terminal and try:
# Find your local IP
hostname -I
# Find your public IP (the one the internet sees)
curl ifconfig.me
# What windows are open on google.com?
# (full scanning will be in Module 4)
nc -zv google.com 80
nc -zv google.com 443
nc -zv google.com 22Don't panic if something doesn't work. This is a bonus. The main thing is to have a mental picture of "house โ windows โ delivery method".
Open Claude (claude.ai) and ask:
Explain in simple terms, as if I'm a 10-year-old:
1. What is an IP address โ using a postal address example
2. What is a port โ using a house with windows example
3. How does TCP differ from UDP โ using a food delivery example
Each explanation โ 2-3 sentences max.
No jargon. No abbreviations like "TCP/IP".If Claude explains it clearly โ great, you can explain these concepts to a friend. If it's confusing โ ask Claude to rephrase it even simpler.
Lesson 3.2 โ HTTP, HTTPS, DNS. What happens in 200 milliseconds between pressing "Enter" and the page opening. Where a hacker can intervene. Without jargon, with pictures.