Networking Fundamentals · beginner · ~11 min
Identify the perimeter devices that shape traffic and how they affect testing.
Firewalls filter by rule (and cause "filtered" scan results); proxies forward traffic (reverse proxies front servers, intercepting proxies aid testing); VPNs tunnel you inside a network; load balancers spread requests across backends.
Perimeter devices explain confusing results — filtered ports, one IP serving many apps, responses that change between requests — and are themselves testable surface (rule misconfigurations, exposed management interfaces).
Stateful firewall. Tracks connections; unsolicited inbound is dropped → "filtered." Reverse proxy. Fronts servers, terminates TLS, hides backends. Intercepting proxy. Burp/ZAP read and modify your own traffic. Load balancer. Same IP, many backends → inconsistent responses.
Between a client and a server sit devices that filter, forward, and distribute traffic. Knowing they're there explains surprising scan results.
Allows or blocks traffic by rules (source/dest IP, port, protocol, sometimes application). A stateful firewall tracks connection state, so it can permit replies to traffic you initiated while blocking unsolicited inbound. During a scan, a firewall is why a port shows filtered (no reply) rather than open or closed.
An intermediary that forwards requests. A forward proxy sits in front of clients (egress control, caching); a reverse proxy sits in front of servers (TLS termination, routing, hiding the backend). Web testers run an intercepting proxy (Burp, ZAP) to read and modify their own browser traffic.
An encrypted tunnel that puts a remote client logically inside a network. On engagements, you often connect over a VPN to reach an internal scope.
Distributes requests across many backend servers. It can make one IP look like many machines (or many machines look like one), so identical requests may hit different backends — important when results seem inconsistent.
These devices explain anomalies: filtered ports (firewall), a single front-end for many apps (reverse proxy), changing responses (load balancer). They're also part of the attack surface — misconfigured rules and exposed admin panels are real findings.
Firewalls, proxies, VPNs, and load balancers sit in the path and shape what you see. Recognising their fingerprints turns confusing scan output into useful information — and each can be a finding when misconfigured.