ajdevhub
    NETWORKING MASTERY · FULL ROADMAP · 6 PHASES · 26 MODULES

    🌐 Networking Mastery

    A structured 6-month curriculum — from absolute networking basics through routing internals, Linux kernel networking, security protocols, and full NGFW application development. Built for engineers working on data-plane, router, and Next-Generation Firewall systems.

    Beginner → Advanced C / C++ / Python Linux Networking Socket Programming TLS / IPsec DPI / IDS / IPS NGFW Development 26 weeks · 20+ Projects
    6Phases
    26Modules
    20+Projects
    26Weeks
    NGFWCapstone
    0→1Beginner OK

    PHASE TIMELINE

    1
    Networking Foundations
    Weeks 1–3
    Start from zero. Understand how data moves through a network — from the physical wire all the way to your application. Covers the OSI and TCP/IP models, Ethernet framing, IP addressing and subnetting, ARP, ICMP, VLANs, and IPv6. Every subsequent phase builds directly on this foundation.
    📡 M01 - OSI and TCP/IP Model 🔌 M02 - Ethernet and L2 🌐 M03 - IPv4 Deep Dive 🔵 M04 - IPv6
    OSI layers Ethernet frames MAC addressing ARP / NDP IPv4 subnetting CIDR ICMP VLANs / 802.1Q IPv6 addressing dual-stack
    🔬 Lab: Wireshark packet dissection 🔬 Lab: Subnet a /20 by hand
    2
    Transport and Application Protocols
    Weeks 4–7
    Go deep into how data is reliably delivered and how the most important application protocols work at the byte level. TCP state machine, flow control, congestion control, and timers. UDP, DNS, HTTP/1.1 through HTTP/3 with QUIC, and the protocols a firewall must inspect — SMTP, FTP, DHCP. This is where NGFW L7 visibility starts.
    ⚡ M05 - TCP Internals 📦 M06 - UDP and ICMP 🔍 M07 - DNS 🌍 M08 - HTTP/1.1, HTTP/2, HTTP/3 and QUIC 📨 M09 - SMTP, FTP, DHCP
    TCP state machine 3-way handshake flow control congestion control NewReno / CUBIC SACK DNS resolution DNSSEC HTTP/2 streams QUIC / IETF SMTP envelope
    🔬 Lab: Trace a TCP handshake in tcpdump 🔬 Lab: Build a DNS resolver in Python 🔬 Lab: Capture and decode HTTP/2 frames
    📌 Prerequisite: Phase 1 complete. TCP builds directly on IPv4 packet structure.
    3
    Routing and Forwarding
    Weeks 8–11
    How packets find their path across networks. Covers the FIB/RIB split, longest prefix match algorithms, ECMP, OSPF link-state routing internals, BGP path selection and policy, MPLS label switching, and overlay tunneling (VxLAN, GRE). Essential for data-plane engineers and anyone building router software or firewall routing tables.
    🗺️ M10 - Routing Fundamentals and FIB 🔄 M11 - OSPF Internals 🌍 M12 - BGP Internals 🔗 M13 - MPLS, VxLAN, GRE and Tunneling
    FIB / RIB LPM ECMP OSPF LSA types SPF algorithm BGP attributes AS path route policy MPLS labels VxLAN VTEP GRE tunnels
    🔬 Lab: Implement LPM in C using a trie 🔬 Lab: Simulate OSPF convergence with GNS3 🔬 Lab: BGP peering between two Linux routers
    📌 Prerequisite: IPv4 (M03) and TCP (M05). Routing builds on L3 fundamentals.
    4
    Linux Networking and Socket Programming
    Weeks 12–16
    The implementation layer — where your C code actually runs. Covers the Linux kernel network stack (sk_buff, netdev, Netfilter, tc), POSIX socket programming from scratch (TCP servers, UDP, non-blocking I/O, epoll), raw and packet sockets, eBPF/XDP for kernel bypass, and high-performance techniques: NUMA-aware design, RSS, CPU affinity, io_uring, AF_XDP. This phase bridges theory and production code.
    🐧 M14 - Linux Network Stack 🔌 M15 - Socket Programming in C 🔬 M16 - Raw Sockets, pcap and eBPF 🚀 M17 - Kernel Bypass and XDP ⚡ M18 - High-Performance Techniques
    sk_buff netfilter hooks iptables internals tc / qdisc POSIX sockets epoll non-blocking I/O raw sockets eBPF / XDP AF_XDP io_uring RSS / RPS NUMA CPU affinity
    🔨 Project: TCP echo server with epoll (C) 🔨 Project: Raw socket packet sniffer 🔨 Project: eBPF packet counter and dropper 🔨 Project: AF_XDP zero-copy forwarder
    📌 Prerequisite: Phases 1–3. Socket programming requires solid TCP/IP knowledge. C programming basics assumed.
    🔐
    Advanced territory begins here. Phases 5 and 6 require a solid foundation in all of the above. Phase 5 covers security protocol internals at the implementation level. Phase 6 is NGFW application development — bringing everything together into a production system.
    5
    Security Protocols and Cryptography
    Weeks 17–21
    The cryptographic and protocol foundation of every NGFW feature. Covers symmetric and asymmetric cryptography, PKI, X.509 certificate chains, TLS 1.2 and TLS 1.3 handshake internals (cipher suites, ALPN, session resumption), IPsec (ESP, AH, IKEv2, tunnel vs transport mode), DTLS, mutual TLS, and SSL inspection techniques used by NGFWs to decrypt and re-encrypt traffic for inspection.
    🔑 M19 - Cryptography Essentials 🔒 M20 - TLS 1.2 and TLS 1.3 Internals 🛡️ M21 - IPsec and IKEv2 🔍 M22 - DTLS, mTLS and SSL Inspection
    AES / ChaCha20 RSA / ECDSA ECDH key exchange PKI / X.509 certificate chains TLS handshake cipher suites ALPN / SNI session tickets ESP / AH IKEv2 VPN tunnels SSL bump certificate pinning
    🔨 Project: TLS 1.3 handshake step-by-step with OpenSSL 🔨 Project: Build a simple IKEv2 client in Python 🔨 Project: SSL inspection proxy (mitmproxy internals)
    📌 Prerequisite: TCP (M05), HTTP (M08). TLS runs over TCP and wraps HTTP — you need both to understand the full picture.
    6
    NGFW Development
    Weeks 22–26
    Everything comes together. Build a Next-Generation Firewall from the ground up. Stateful connection tracking, NAT44/NAT64, ALGs for FTP/SIP. Deep Packet Inspection (DPI) using Hyperscan and nDPI for L7 application classification. IDS/IPS with Snort/Suricata rule engine and signature matching. URL and DNS-based filtering with threat intelligence feeds. SSL inspection pipeline. Policy engine tying it all together. Capstone: a working NGFW prototype.
    🔄 M23 - Connection Tracking and NAT 🔬 M24 - Deep Packet Inspection 🚨 M25 - IDS and IPS 🛡️ M26 - NGFW Policy Engine and Capstone
    conntrack NAT44 / NAT64 ALG (FTP / SIP) L7 classification Hyperscan nDPI regex engine Snort rules Suricata signature matching URL filtering DNS sinkhole threat intel SSL inspection policy engine
    🔨 Project: Stateful conntrack in C using bihash 🔨 Project: L7 classifier with nDPI 🔨 Project: Write 10 custom Snort rules 🏆 Capstone: NGFW prototype — conntrack + DPI + policy + SSL inspection
    📌 Prerequisite: All of Phases 1–5. This phase is the integration layer — every component you build uses knowledge from every prior module.

    ALL 26 MODULES AT A GLANCE

    Module Title Phase Key Topics Weeks
    M01OSI and TCP/IP ModelP1OSI layers, encapsulation, PDUs, TCP/IP vs OSI1
    M02Ethernet and L2P1Ethernet frame, MAC, ARP, VLANs, 802.1Q, STP, RSTP1–2
    M03IPv4 Deep DiveP1Header fields, subnetting, CIDR, fragmentation, ICMP2
    M04IPv6P1Addressing, NDP, ICMPv6, SLAAC, dual-stack, transition3
    M05TCP InternalsP2State machine, handshake, flow control, congestion, SACK4–5
    M06UDP and ICMPP2UDP header, IGMP, multicast, ICMP types, traceroute5
    M07DNSP2Resolution, record types, DNSSEC, DoH, DoT, DNS attacks5–6
    M08HTTP/1.1, HTTP/2, HTTP/3 and QUICP2HTTP methods, headers, streams, multiplexing, QUIC frames6
    M09SMTP, FTP, DHCPP2SMTP envelope, MIME, FTP active/passive, DHCP DORA7
    M10Routing Fundamentals and FIBP3FIB/RIB, LPM, trie, ECMP, policy routing8
    M11OSPF InternalsP3LSA types, SPF, areas, DR/BDR, OSPF v39
    M12BGP InternalsP3eBGP/iBGP, path selection, attributes, communities, policy10
    M13MPLS, VxLAN, GRE and TunnelingP3Label switching, VTEP, overlay networks, encap/decap11
    M14Linux Network StackP4sk_buff, netdev, Netfilter, iptables, tc, nftables12–13
    M15Socket Programming in CP4TCP server/client, UDP, non-blocking, select/poll/epoll13–14
    M16Raw Sockets, pcap and eBPFP4SOCK_RAW, AF_PACKET, libpcap, BPF bytecode, eBPF maps14–15
    M17Kernel Bypass and XDPP4XDP hook, AF_XDP, UMEM, io_uring, DPDK comparison15
    M18High-Performance TechniquesP4RSS/RPS/RFS, NUMA, hugepages, CPU pinning, lock-free16
    M19Cryptography EssentialsP5Symmetric, asymmetric, hashing, PKI, X.509, CRL/OCSP17–18
    M20TLS 1.2 and TLS 1.3 InternalsP5Handshake, cipher suites, ALPN, SNI, session resumption18–19
    M21IPsec and IKEv2P5ESP/AH headers, IKEv2 exchange, SA negotiation, VPN modes19–20
    M22DTLS, mTLS and SSL InspectionP5DTLS over UDP, certificate pinning, SSL bump, re-encryption20–21
    M23Connection Tracking and NATP6conntrack table, NAT44/64, PAT, ALG for FTP/SIP/H.32322–23
    M24Deep Packet InspectionP6L7 classification, Hyperscan, nDPI, regex, protocol fingerprinting23–24
    M25IDS and IPSP6Snort/Suricata rule syntax, signature matching, anomaly detection24–25
    M26NGFW Policy Engine and CapstoneP6URL filtering, DNS sinkhole, threat intel, policy engine, capstone25–26

    RECOMMENDED LEARNING PATH

    For Beginners
    Follow phases strictly in order 1 → 2 → 3 → 4 → 5 → 6. Do not skip M01–M04 even if they seem basic — M05 (TCP) and M14 (Linux stack) assume byte-level IP knowledge. Complete every lab before moving to the next module.
    For Experienced Engineers
    If you have solid L2/L3 foundations, start at M05 (TCP) or M14 (Linux stack) and use M01–M04 as reference. Phase 4 (Linux + sockets) is worth reading fully regardless of experience — eBPF and AF_XDP content is non-trivial even for senior engineers.

    KEY REFERENCES

    ← Learning Hub Start: M01 - OSI and TCP/IP →