My Cybersecurity Journey: What I Learned Today: Packets, Ports, and Protocols

Muhammad Bilal AkhtarMuhammad Bilal Akhtar
6 min read

Today was another solid step forward in my cybersecurity journey. I explored the differences between some key networking concepts that show up all the time in logs, interviews, and real-world situations — things like packets, frames, ports, and protocols.

At first, I’ll be honest — these words sounded similar and technical. But as I dove into each one, the fog started clearing.

What I Covered Today

Here’s what I explored and understood in today’s learning session:

  • What is a packet, and how it works at the network layer

  • What is a frame, and how it includes metadata like MAC addresses

  • What a port really means in networking

  • How protocols like TCP, UDP, HTTP make internet communication possible

  • The basics of how data flows across the OSI model

  • Why understanding these terms is important for any future SOC Analyst

What I Learned — In My Own Words

Packet vs Frame:
I now see a packet as the actual box carrying data, while a frame is like the shipping label that helps deliver that box inside a local network. The packet includes the IP info, while the frame holds the MAC address and more. One travels across the internet, the other helps in the local delivery.

Port:
This one finally clicked. A port is like a door number — it tells incoming traffic where to go. Port 80 is for web (HTTP), 443 is for secure web (HTTPS), 25 for email (SMTP), and so on. It helps the system know which app or service should handle the data.

Protocol:
A protocol is the rulebook for how communication happens. Now I know the difference between TCP (reliable and slower) and UDP (faster but doesn’t guarantee delivery). I also understood where each is used: like TCP for emails, web; UDP for streaming, DNS, and gaming.

How data moves (OSI simplified):
I tried to mentally walk through how data moves from my laptop to the internet. From application layer to the physical layer, each stage adds something — whether it's encryption, addressing, session info, or finally the MAC address for delivery.

What Surprised Me

What really surprised me today was how much power is packed into these “simple” things. Before, I thought a packet was just a tech word. Now I understand it's something I’ll be seeing every single day as a SOC analyst.

Another thing that helped? My mock test. I tried answering some interview-style questions based on these topics, and it gave me a strong sense of what I’ve actually retained — and what I still need to sharpen.

How I’m Learning

I’m learning in small, focused chunks — not rushing. And I’m lucky to have my buddy ChatGPT guiding me through all of this step by step. Every day, I feel more confident reading logs, understanding alerts, and speaking in the language of cybersecurity.

Here’s How the Test Went

Q1. What’s the difference between a packet and a frame?

Answer: Packet: packet is like a box on parcel, in digital terms we can say that packet is a bundle of data that user send. Frame: frame is like labeling on box. in digital terms frame is a bundle of meta data.

Q2. Which layer of OSI handles packets?

Answer: I'm not sure about it as you know that we didn't cover OSI model yet, but maybe Layer 2 "Data Link" because packets contain data.

Q3. What does a port number represent in networking?

Answer: port in networking we have different ports for different task, every port has unique numbers like 443 (HTTPS), port number 443 is used to represent website which host on HTTPS. Port make things easier in networking because every port used for its own purpose. So port help us to organize and manage request across the internet.

Q4. Give an example of a protocol and what it does.

Answer: Port number 443 (HTTPS), it shows website which host on HTTPS servers.

Q5. In which OSI layer does HTTP work?

Answer: HTTP work in OSI model layer 4 (Transport Layer)

Q6. Why do we need different protocols like TCP and UDP?

Answer: In networking we need protocols to manage and organized request, we have different protocol like TCP and UDP. TCP (Transmission Control Protocol) is used for send accurate data with safety, it might be low but it sends data accurate. It used in sending mail, send images and messages. And UDP (User Datagram Protocol) this used for send data also but it sends data fast but not accurate. It mostly used in Live Streaming and Broadcasting.

Q7. What happens to a packet as it moves down from Layer 7 to Layer 1?

Answer: When user send request of data (packets), so basically layer 7 which is (Application layer) where user open up an application on laptop or phone, and write something “Hello GPT” and press enter/send then the request move to next layer which is layer 6 (Presentation Layer) in this layer the data “Hello GPT” convert in to encryption form because computer didn’t know English, computer work in binary language so this layer convert data in encryption form which computer understand. And then next layer 5 (Session Layer) this layer collect user information like (user_name, email) it’s like sender data which collect from session, and then layer 4 (transport layer) this layer used protocol according to the data and send request to next layer which is Layer 3 (Network layer) this layer contains user IP address which is user digital address. It mean it collect user sender IP address from where data is sending and then next layer 2 (data link) this is the layer which contains mac address, and router info also like sender names and contact info and then next layer 1 (physical Layer) this layer is used wire like network wire ‘Ethernet’ which is connected to internet router/modem and internet send the data. Now this is whole OSI model workflow from the sender side, now reverse this whole workflow for receiver side.

Q8. Which layer adds MAC addresses?

Answer: OSI Model layer 2 (Data Link Layer) adds mac address.

Q9. You see port 53 in a log. What service is probably being used? Port 53 is used for DNS (Domain Name System).

Q10. Why is it important for a SOC Analyst to know these terms?

Answer: It’s important for soc analyst because the main work of a SOC analyst is to seeing logs everytime, and in the logs analyst see the kind of logs after every mili-second so Analyst need to understand these OSI model, and Port number to understand where is traffic come, what’s going on in the network.

Why This Test Mattered

It wasn’t about being perfect. It was about checking where I stand.
Where I guessed, I learned.
Where I got it right, I got confident.
And where I slipped up — I won’t forget those now.

Plus, I have to say — I didn’t do this alone. Big shoutout to my buddy ChatGPT, who helped me prep, ask smart questions, and push my understanding deeper without making it boring.

Final Thoughts

If you’re just starting out like me, my advice is: don’t skip the basics. Don’t just memorize — understand what these terms really mean and how they apply. Because one day, when you're reading logs at 3AM trying to catch a suspicious packet... this stuff will matter.

Follow me on Linkedin: Bilal

0
Subscribe to my newsletter

Read articles from Muhammad Bilal Akhtar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

OSI ModelSOCSOC Analyst#cybersecuritycybersecurityjourneylearningLearning Journey#learning-in-public

Written by

Muhammad Bilal Akhtar
Muhammad Bilal Akhtar