Networking Glossary

A network addressing method where the same IP address is assigned to multiple servers in …

A network communication method that sends data to all devices on a subnet simultaneously. The …

Classless Inter-Domain Routing. A method of allocating IP addresses using variable-length subnet masking (e.g., 10.0.0.0/8) …

Dynamic Host Configuration Protocol. A network protocol that automatically assigns IP addresses, subnet masks, gateways, …

An IP address that is temporarily assigned to a device by a DHCP server and …

Internet Protocol version 4. The fourth revision of IP using 32-bit addresses (e.g., 192.168.1.1), providing …

Internet Protocol version 6. The successor to IPv4 using 128-bit addresses (e.g., 2001:0db8::1), providing a …

A reserved IP address (127.0.0.1 in IPv4, ::1 in IPv6) that routes traffic back to …

A network communication method that sends data from one source to a specific group of …

Network Address Translation. A method of remapping private IP addresses to a single public IP …

An IP address from reserved ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) used within local networks. Private addresses …

A globally unique IP address assigned by an ISP that is routable on the public …

A permanently assigned IP address that does not change over time. Commonly used for servers, …

A 32-bit number (e.g., 255.255.255.0) that divides an IP address into network and host portions. …

A network communication method that sends data from one sender to one specific receiver. The …

Automatic Private IP Addressing. A mechanism where a device self-assigns an IP address from the …

An IP address valid only within a single network segment, automatically configured without DHCP. IPv4 …

Variable Length Subnet Masking. A subnetting technique that allows different subnets within the same network …

The process of combining multiple contiguous subnets into a single larger network prefix, also known …

The process of breaking an IP packet into smaller fragments when it exceeds the Maximum …

A DNS record that maps a domain name to an IPv4 address (e.g., example.com -> …

A DNS record that maps a domain name to an IPv6 address. Named "AAAA" (quad-A) …

A DNS server that holds the original, definitive DNS records for a domain zone. It …

A DNS record that creates an alias from one domain name to another (e.g., www.example.com …

Domain Name System. The hierarchical, distributed naming system that translates human-readable domain names (e.g., example.com) …

A server that receives DNS queries from clients and resolves domain names by querying the …

Mail Exchange record. A DNS record that specifies the mail server responsible for receiving email …

Name Server record. A DNS record that delegates a domain or subdomain to a set …

Pointer record. A DNS record used for reverse DNS lookups, mapping an IP address back …

A DNS resolution mode where the server performs the full lookup on behalf of the …

Start of Authority record. A DNS record that contains administrative information about a zone, including …

A DNS record that holds arbitrary text data. Commonly used for email authentication (SPF, DKIM, …

Domain Name System Security Extensions. A suite of IETF specifications that adds cryptographic authentication to …

A protocol that encrypts DNS queries by sending them over HTTPS (port 443), preventing ISPs …

A protocol that encrypts DNS queries by wrapping them in TLS on a dedicated port …

The process of replicating DNS zone data from a primary name server to secondary servers …

An A or AAAA record provided by a parent DNS zone that resolves the IP …

A DNS record using an asterisk (*) as the leftmost label that matches any subdomain …

A DDoS attack that exploits open DNS resolvers by sending small queries with a spoofed …

One of 13 named root server clusters (A through M) that form the top of …

Top-Level Domain. The rightmost label in a domain name (e.g., .com, .org, .net). TLDs are …

A large network or group of networks under a single administrative policy, identified by a …

Border Gateway Protocol. The routing protocol that exchanges reachability information between autonomous systems, effectively determining …

A routing table entry (0.0.0.0/0 in IPv4) that matches all destination addresses not covered by …

A network device (typically a router) that serves as the access point from a local …

One segment of a network path between a source and destination, representing the passage of …

Open Shortest Path First. An interior gateway routing protocol that uses link-state advertisements and Dijkstra's …

A network device that forwards data packets between different networks by examining destination IP addresses …

A data structure stored in a router that lists known network destinations and the next …

A network diagnostic tool that maps the path packets take from source to destination by …

A field in an IP packet header that limits the packet's lifespan by specifying the …

Multiprotocol Label Switching. A routing technique that directs data using short path labels rather than …

Virtual Router Redundancy Protocol. A protocol that assigns a virtual IP address to a group …

Hot Standby Router Protocol. A Cisco proprietary protocol that provides gateway redundancy by allowing multiple …

The process of sharing routing information between different routing protocols (e.g., OSPF into BGP). Route …

Routing Information Protocol. One of the oldest distance-vector routing protocols, using hop count (max 15) …

Enhanced Interior Gateway Routing Protocol. A Cisco-developed advanced distance-vector routing protocol that uses a composite …

Intermediate System to Intermediate System. A link-state routing protocol used by large ISPs and service …

A technique where the sender specifies the exact route a packet should take through the …

A routing method that forwards packets based on criteria beyond the destination address, such as …

A routing method where network paths are manually configured by an administrator rather than learned …

A digital document that binds a cryptographic key pair to an organization or domain, enabling …

Distributed Denial of Service. An attack that overwhelms a target server or network with massive …

An attack that corrupts DNS cache entries to redirect domain name lookups to a malicious …

The process of converting plaintext data into ciphertext using a cryptographic algorithm and key, making …

A network security device or software that monitors and filters incoming and outgoing traffic based …

HTTP Secure. The encrypted version of HTTP that uses TLS to protect data in transit …

A security system that monitors network traffic or system activity for suspicious patterns and known …

An attack where an adversary secretly intercepts and potentially alters communication between two parties who …

A technique used to discover which network ports on a host are open and listening …

An intermediary server that forwards requests between a client and destination server. Forward proxies anonymize …

A general-purpose proxy protocol (SOCKS4/SOCKS5) that relays any TCP (and optionally UDP) traffic through a …

Secure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over …

The Onion Router. An anonymity network that routes traffic through multiple encrypted relays (typically three) …

Virtual Private Network. A technology that creates an encrypted tunnel between a device and a …

A security model based on the principle of "never trust, always verify." Every access request …

A network security system that monitors traffic for malicious activity and actively blocks or drops …

Web Application Firewall. A security layer that filters, monitors, and blocks HTTP/HTTPS traffic to and …

A type of malware that encrypts a victim's files or locks their system, demanding payment …

A social engineering attack that uses fraudulent emails, websites, or messages to trick users into …

A code injection attack that inserts malicious SQL statements into application input fields to manipulate …

Cross-Site Scripting. A web vulnerability that allows attackers to inject malicious scripts into web pages …

Cross-Site Request Forgery. An attack that tricks an authenticated user's browser into sending an unintended …

An authorized simulated cyberattack on a system to evaluate its security posture and identify vulnerabilities …

Common Vulnerabilities and Exposures. A standardized system of unique identifiers (e.g., CVE-2024-12345) for publicly known …

A decoy system or network resource designed to attract and trap attackers, allowing defenders to …

A privacy flaw where DNS queries bypass the VPN tunnel and are sent to the …

Internet Protocol Security. A suite of protocols that authenticates and encrypts IP packets at the …

Layer 2 Tunneling Protocol. A VPN tunneling protocol that encapsulates data but provides no encryption …

An open-source VPN protocol that uses SSL/TLS for key exchange and can operate over UDP …

A VPN configuration that routes only selected traffic through the VPN tunnel while allowing other …

An encrypted, encapsulated connection between two endpoints through which all tunneled data passes securely across …

A privacy vulnerability where WebRTC (a browser API for real-time communication) reveals a user's real …

A modern, lightweight VPN protocol that uses state-of-the-art cryptography (ChaCha20, Curve25519) with a minimal codebase …

Point-to-Point Tunneling Protocol. One of the oldest VPN protocols, developed by Microsoft. PPTP is fast …

Secure Socket Tunneling Protocol. A Microsoft VPN protocol that encapsulates PPP traffic over an SSL/TLS …

Internet Key Exchange version 2. A VPN protocol used with IPSec that excels at quickly …

A privacy technique that routes traffic through two separate VPN servers in succession, applying two …

A VPN feature that automatically blocks all internet traffic if the VPN connection drops unexpectedly, …

A technique that disguises VPN traffic to look like regular HTTPS traffic, allowing it to …

A VPN provider's commitment to not record user activity, connection timestamps, IP addresses, or browsing …

Address Resolution Protocol. A Layer 2 protocol that maps an IP address to a physical …

File Transfer Protocol. A standard protocol for transferring files between a client and server over …

Hypertext Transfer Protocol. The application-layer protocol for transmitting web pages, APIs, and other resources. HTTP …

Internet Control Message Protocol. A network-layer protocol used for diagnostic and error-reporting purposes. Ping (echo …

Internet Message Access Protocol. An email retrieval protocol that synchronizes messages between a server and …

Network Time Protocol. A protocol for synchronizing clocks across computer networks to within milliseconds of …

Post Office Protocol version 3. An email retrieval protocol that downloads messages from a server …

Simple Mail Transfer Protocol. The standard protocol for sending email between servers and from clients …

Simple Network Management Protocol. A protocol for monitoring and managing network devices (routers, switches, servers) …

Secure Shell. A cryptographic protocol for secure remote login, command execution, and file transfer over …

Transmission Control Protocol. A reliable, connection-oriented transport protocol that guarantees ordered, error-checked delivery of data …

User Datagram Protocol. A connectionless transport protocol that sends datagrams without establishing a connection or …

A transport protocol built on UDP that provides multiplexed, encrypted connections with reduced handshake latency. …

A high-performance, open-source RPC framework developed by Google that uses Protocol Buffers for serialization and …

Message Queuing Telemetry Transport. A lightweight publish-subscribe messaging protocol designed for constrained devices and low-bandwidth …

Constrained Application Protocol. A lightweight RESTful protocol designed for resource-constrained IoT devices, running over UDP …

Advanced Message Queuing Protocol. An open standard for message-oriented middleware that provides reliable, asynchronous message …

Lightweight Directory Access Protocol. A protocol for accessing and maintaining distributed directory information services (such …

Remote Authentication Dial-In User Service. A networking protocol that provides centralized authentication, authorization, and accounting …

Session Initiation Protocol. A signaling protocol for initiating, maintaining, and terminating real-time communication sessions including …

The practice of storing copies of frequently accessed data closer to the requester to reduce …

Content Delivery Network. A geographically distributed network of servers that caches and serves content from …

Cross-Origin Resource Sharing. A browser security mechanism that uses HTTP headers to control which origins …

Three-digit codes returned by a web server indicating the result of a request. Organized into …

A device or service that distributes incoming network traffic across multiple backend servers to ensure …

Representational State Transfer Application Programming Interface. An architectural style for web services that uses standard …

A server that sits in front of backend servers, forwarding client requests and returning responses …

A communication protocol that provides full-duplex, persistent connections between a browser and server over a …

A query language and runtime for APIs developed by Meta that allows clients to request …

An open authorization framework that allows third-party applications to access a user's resources without sharing …

JSON Web Token. A compact, URL-safe token format for securely transmitting claims between parties as …

HTTP Strict Transport Security. A web security policy mechanism that instructs browsers to only access …

Content Security Policy. An HTTP header that specifies which sources of content (scripts, styles, images) …

A JavaScript script that runs in the background of a browser, separate from the web …

The second major version of HTTP, introducing multiplexed streams, header compression (HPACK), and server push …

The third major version of HTTP, built on QUIC instead of TCP. HTTP/3 eliminates head-of-line …

A technique that restricts the number of requests a client can make to an API …

A server that acts as a single entry point for multiple backend microservices, handling request …

An architectural style that structures an application as a collection of loosely coupled, independently deployable …

A short-range wireless technology for exchanging data between devices over the 2.4 GHz ISM band. …

Media Access Control address. A unique 48-bit hardware identifier (e.g., AA:BB:CC:DD:EE:FF) assigned to a network …

Service Set Identifier. The human-readable name of a Wi-Fi network that access points broadcast so …

A family of wireless networking protocols based on the IEEE 802.11 standards, enabling devices to …

Wi-Fi Protected Access. A family of security protocols (WPA, WPA2, WPA3) that encrypt wireless network …

The fifth generation of mobile network technology, offering peak speeds up to 20 Gbps, sub-millisecond …

Long-Term Evolution. A 4G wireless broadband standard that provides download speeds of 100+ Mbps using …

A network topology where each node relays data for other nodes, creating multiple redundant paths. …

Multiple-Input Multiple-Output. A wireless technology that uses multiple antennas at both transmitter and receiver to …

A signal processing technique that focuses a wireless signal toward a specific receiving device rather …

The marketing name for IEEE 802.11ax, a Wi-Fi standard that improves efficiency in dense environments …

The marketing name for IEEE 802.11be (Extremely High Throughput), offering peak speeds up to 46 …

A physical location or device that provides Wi-Fi internet access, typically using a cellular data …

A device that receives a Wi-Fi signal and retransmits it to extend coverage range. Repeaters …

A networking device that creates a wireless local area network (WLAN) by connecting wireless clients …

The maximum data transfer rate of a network link, typically measured in bits per second …

The time delay for a data packet to travel from source to destination, typically measured …

The percentage of data packets that fail to reach their destination, typically caused by network …

A network utility that sends ICMP echo request packets to a target host and measures …

The actual rate of successful data transfer over a network, measured in bits per second. …

An unsolicited notification sent by an SNMP agent on a network device to a management …

A standard protocol (RFC 5424) for transmitting log messages from network devices, servers, and applications …

A Cisco-developed protocol that collects metadata about IP network traffic flows (source/destination IP, ports, protocol, …

IP Flow Information Export. An IETF standard based on Cisco NetFlow v9 that defines a …

An open-source infrastructure monitoring tool that watches hosts, services, and network devices, sending alerts when …

An open-source analytics and visualization platform that creates dashboards from time-series data sources like Prometheus, …

An open-source systems monitoring and alerting toolkit that collects time-series metrics via a pull model …

Mean Time to Repair (or Recover). The average time required to restore a system to …

Mean Time to Failure. The average time a non-repairable system or component operates before its …

Service Level Agreement. A formal contract between a service provider and customer that defines measurable …

The percentage of time a system or service is operational and accessible. Expressed in 'nines' …

The ability to understand a system's internal state from its external outputs, built on three …

A proactive monitoring approach that simulates user interactions (HTTP requests, browser transactions, API calls) from …

Application Performance Monitoring. A practice of tracking application-level metrics such as response times, error rates, …

Maximum Transmission Unit. The largest packet size (in bytes) that a network interface can transmit …

Autonomous System Number. A unique identifier (e.g., AS13335 for Cloudflare) assigned by a Regional Internet …

An attack or misconfiguration where a network falsely announces ownership of IP prefixes it does …

A physical facility housing networked computer systems, storage, and networking equipment with redundant power, cooling, …

A human-readable address (e.g., example.com) that identifies a website or service on the internet. Domain …

A network configuration where devices and infrastructure simultaneously support both IPv4 and IPv6 protocols. The …

A physical facility where multiple ISPs and networks interconnect to exchange traffic directly rather than …

The process of estimating the geographic location (country, city, coordinates) associated with an IP address …

Internet Service Provider. A company that provides internet access to consumers and businesses, assigning public …

A mutual arrangement between two networks to exchange traffic directly and freely (settlement-free peering) at …

A paid arrangement where one network (the customer) pays another (the transit provider) for access …

A query-and-response protocol for looking up registration information about domain names, IP addresses, and autonomous …

A distributed computing paradigm that processes data closer to where it is generated (at the …

An extension of cloud computing that distributes processing, storage, and networking services between edge devices …

Software-Defined Networking. An architecture that decouples the network control plane from the data plane, enabling …

Network Functions Virtualization. The practice of replacing dedicated network hardware appliances (firewalls, load balancers, routers) …

The networking layer that enables communication between containers, between containers and the host, and with …

A virtual network built on top of an existing physical (underlay) network using encapsulation protocols …

The physical network infrastructure (routers, switches, cables, fiber) upon which overlay and virtual networks are …

Quality of Service. A set of technologies and techniques that prioritize certain types of network …

Virtual Local Area Network. A logical network segmentation technique that groups devices into separate broadcast …

The practice of dividing a network into smaller, isolated segments to limit the blast radius …

Demilitarized Zone. A network segment that sits between an organization's internal network and the public …

A hardened, publicly accessible server that serves as the sole entry point for administrative SSH …

Network Access Control. A security approach that enforces policies on devices attempting to join a …

Internet of Things. The network of physical devices (sensors, cameras, appliances, vehicles) embedded with connectivity …