Forem: Faizan Nazir

Day 3 Learning How Data Actually Moves (TCP/IP, TCP vs UDP, DHCP)

Faizan Nazir — Fri, 01 May 2026 03:58:07 +0000

Day 3 of my SOC journey — and things are getting real.

Today I focused on how communication actually happens inside networks:

TCP/IP basics
4-layer model
TCP vs UDP
TCP handshake
DHCP + DORA

💡 Biggest insight:

Everything in SOC — alerts, logs, attacks —
depends on how data flows.

If you don’t understand this, you’re just guessing.

⚡ TCP = reliable
⚡ UDP = fast

Both matter.

What’s next?
MAC Address, ARP, ICMP, and Ping

🚀 SOC Analyst Journey – Day 2: IP, DNS & Basic Network Commands

Faizan Nazir — Mon, 27 Apr 2026 10:28:07 +0000

Day 2 of my SOC Analyst journey — and now I’m starting to see how the internet actually works behind the scenes.

Today’s focus was on the core networking concepts and commands that SOC analysts rely on during investigations and alert triage.

🧠 What I Covered
🌐 IP Addressing

Understanding how every device in a network is uniquely identified.

IPv4 & IPv6 basics
Source and Destination identification
Foundation of all network communication
🌍 DNS (Domain Name System)

Learning how domain names are converted into IP addresses.

Domain → IP resolution
Role of DNS in browsing and communication
How DNS can expose suspicious or malicious domains
🛠️ nslookup

A simple but powerful tool to query DNS records.

Used to check domain resolution
Helps analyze suspicious domains during investigations
Useful for quick DNS verification
📡 ping

One of the most basic yet essential network tools.

Checks if a host is reachable
Measures response time (latency)
Helps identify connectivity issues
🧭 traceroute

Understanding how data travels across networks.

Shows the path (hops) packets take
Helps identify where delays or failures occur
Useful for deeper network troubleshooting
🎯 Key Takeaways
IP addresses are the identity of devices in a network
DNS acts as the translator between domains and IPs
nslookup is useful for domain investigation
ping helps verify host availability
traceroute reveals the full journey of packets
🔍 Why This Matters in SOC

In a real SOC environment:

Alerts are often tied to IP addresses and domains
Analysts investigate suspicious DNS queries
Network commands help validate and trace activity

Without understanding these basics, it’s difficult to analyze logs or respond to incidents effectively.

📌 Progress Mindset

No tools yet. No dashboards yet.

Just building the foundation — step by step.

Because strong fundamentals make everything easier later.

💬 Let’s discuss:
Have you ever used nslookup to investigate a suspicious domain? What did you find?

# Day 1 – The Biggest Beginner Mistake in SOC: Ignoring Networking 🚀

Faizan Nazir — Sun, 26 Apr 2026 13:01:18 +0000

When I first thought about becoming a SOC Analyst, I imagined dashboards, alerts, and powerful security tools.

But Day 1 of my journey changed that completely.

Instead of jumping into tools, I started with the real foundation: networking.

Why Networking Matters More Than Tools

At its core, networking is just communication between devices.

Every time we:

Open a website
Send an email
Use an app

Data moves across a network.

Here’s what most beginners miss:

👉 Every cyber attack uses the same path.

If there’s no network, there’s no attack.

That’s why networking isn’t optional — it’s essential.

What I Learned Today

Networking basics
Data communication
Communication components
- Sender
- Receiver
- Message
- Medium
- Protocol

Simple concepts, but they explain how systems interact — and how attackers exploit them.

Client–Server Model (Game Changer)

Client → sends request
Server → sends response

We use this every day while browsing.

But attackers use it too.

Malware can act as a client and communicate with a malicious server.

That’s where detection starts.

LAN vs WAN (Important for SOC)

LAN → Private, trusted
WAN → Public, untrusted

Most attacks come from WAN and try to enter LAN.

Understanding this helps in prioritizing threats.

SOC Reality

SOC is not about chasing hackers.

It’s about understanding behavior.

Logs = records
Alerts = warnings

👉 Tools show data
👉 Networking helps you understand it

Key Takeaway

👉 SOC work starts with understanding behavior, not tools.

Networking is the language of SOC.

Without it:

Logs = confusing
Alerts = overwhelming

With it:

Everything connects

Final Thoughts

This is just Day 1, but it already changed my mindset.

I’m focusing on fundamentals first — tools later.

Let’s see where this journey goes 🚀

Discussion

Are you also starting in cybersecurity or SOC?

What did you focus on in your early days?