Names & Addresses
IPs, ports, sockets, and how a hostname becomes a packet destination
IP Addresses
Classify any IPv4 or IPv6 address by its leading bits (private, loopback, link-local, documentation, public), read CIDR `/N` to predict host count, and compress an IPv6 address to canonical form with a single `::`.
Ports & Sockets
Name the four numbers that identify a TCP connection, predict whether two `bind()` calls collide before running them, and read a `TIME_WAIT` row in `ss` as an address still held after close.
DNS Resolution
Separate the stub's single query from the recursive's walk down the root, TLD, and authoritative chain, read a `dig +trace` block by block, and predict when a repeat lookup skips the walk from cache.
DNS Records & TTL
Read a `dig` answer line as five fields, match A, AAAA, CNAME, MX, and TXT to the payload each carries, and predict how long a record change takes to clear every cache from the TTL already in flight.
Resolver Priority
Trace the `hosts:` line of `/etc/nsswitch.conf` to predict which source answers a name, distinguish an `/etc/hosts` override that `ping` honors from one `dig` ignores, and read the `[NOTFOUND=return]` bracket that keeps `.local` names off your ISP's resolver.
Wire & Bytes
TCP handshake, connection lifecycle, UDP, and what packets actually carry
TCP Handshake
Send SYN, SYN-ACK, and ACK across two endpoints, predict which packet flips each side to `ESTABLISHED`, and read a real `tcpdump` capture line by line where each `ack` is the previous `seq` plus one.
Connection Lifecycle
Close each direction of a connection on its own, predict why only the active closer lingers in `TIME-WAIT`, and read the `FIN`, `RST`, and `CLOSE-WAIT` rows an abort or a leak leaves in `ss -tan`.
Windows & Retransmits
Meter the sender's in-flight bytes against a receive window that shrinks as the receiver's buffer fills, watch three duplicate acknowledgments fire a fast retransmit while a silent wire falls back to a doubling timer, and unshift a scaled `win` value off `tcpdump`.
UDP & Connectionless
Strip TCP's twenty-byte header down to UDP's eight, trace a two-packet DNS exchange against TCP's setup-and-teardown, and decide which workloads go connectionless by weighing a resend's wait against a lost message's cost.
MTU & Fragmentation
Size a packet to the smallest link on its path, predict whether an oversize one splits into all-or-nothing fragments or bounces back a too-big report, and read TCP's `mss` as the handshake-time ceiling that avoids fragmentation, until a filtered report hangs the transfer.
HTTP
Request lifecycle, methods, headers, caching, and HTTP/2-3
Request Lifecycle
Read a `curl -v` transcript line by line: name the request line, header fields, empty-line boundary, and body, tell a status line from a request line by its first token, and sort each line onto the sent or received side of the wire from its `*`, `>`, `<` prefix.
Methods & Semantics
Classify each method by its two protocol bits (safe? idempotent?), predict which dropped requests a client auto-retries and which a repeated POST turns into a duplicate, and read the 405 plus Allow header that says the route exists but the verb does not.
Headers & Content Negotiation
Weight an Accept wishlist with quality values and predict which representation a server returns, tell a served default apart from a 406 when no listed type is available, and name the Vary header that stops a shared cache serving the wrong variant.
Status Codes
Sort any status code into its class from its first digit alone, route a failure by that class (4xx means change the request, 5xx means retry the server), separate a 5xx from a refused connection that returns no code at all, and catch a 200 whose error body means the request actually failed.
Caching & Revalidation
Drive a stored response from fresh to stale, replay its ETag in a conditional request to pull back a bodyless 304 instead of a full 200, and separate no-cache (still stored, always revalidated) from no-store (never stored).
HTTP/2 & HTTP/3
Trace one lost segment across an HTTP/2 connection versus HTTP/3 over QUIC and predict how many streams freeze, explain why multiplexing relocates head-of-line blocking down a layer instead of deleting it, and pick the protocol whose connection survives a client that changes network mid-download.
The Browser as Client
Same-origin, CORS, cookies, mixed content, the browser's invisible rules
Same-Origin Policy
Name the scheme, host, and port that form a URL's origin, decide whether two pages are same-origin, and predict whether a script can read a cross-origin response or only send the request.
CORS & Preflight
Read an OPTIONS preflight exchange and name what each Access-Control-* header does, predict whether a request is sent directly or preflighted from its method and content type, and fix a wildcard origin that breaks the moment credentials ride along.
Cookies & SameSite
Predict whether a stored cookie rides a cross-site request from its SameSite value, tell the site boundary apart from the origin boundary that blocks a cross-origin read, and assemble the flags a login session versus a third-party embed each needs.
Mixed Content & Secure Contexts
Sort each http subresource an https page loads into upgraded or blocked by whether it can modify the page, predict when an upgrade silently drops a resource, and decide which pages are secure contexts that expose powerful APIs.
Service Workers as Network Layer
Trace a request as it stops at the worker's `fetch` handler, predict which response comes back (the network, a hand-filled cache, or a JavaScript string), and tell the worker's Cache Storage apart from the HTTP cache it does not obey.
TLS & Identity
Handshake, certificate chains, trust stores, mTLS
TLS Handshake
Read a TLS 1.3 handshake message by message, predict why a guessed key share closes it in one round trip while a rejected guess costs a second, and separate the certificate the server presents from the signature that actually proves it holds the key.
Certificate Chains
Climb a certificate chain from the leaf to a root already in your trust store, predict why a missing intermediate breaks curl and Firefox while Chrome silently refetches it, and watch a cross-signed intermediate give one leaf two valid paths to two different roots.
mTLS & Pinning
Present a client certificate so a server running mutual TLS lets you in, then pin one expected key and watch a fully valid, freshly-issued certificate get refused on purpose, and see why the wrong pin locks out your own users.