TryHackMe | Introductory Networking Walkthrough
Hi there, I’m glad to see you here. In this article, we’ll examine together the “Introductory Networking” room in TryHackMe (Cyber Defense Learning Path). In some sections, I’ll share brief about the subject. Don’t forget! You must always research to learn more. I hope it will be helpful for you. Let’s start!
Contents:
-Cyber Defense Introduction | Introductory Networking
- The OSI Model
- Encapsulation / Decapsulation
- The TCP/IP Model
- Networking Tools: Ping
- Networking Tools: Traceroute
- Networking Tools: WHOIS
- Networking Tools: Dig
Cyber Defense Introduction | Introductory Networking
OSI (Open Systems Interconnection) Model
The OSI Model is a standardised model which we use to demonstrate the theory behind computer networking.
-Application Layer: The application layer of the OSI model essentially provides networking options to programs running on a computer.
-Presentation Layer: The presentation layer receives data from the application layer.
-Session Layer: When the session layer receives the correctly formatted data from the presentation layer, it looks to see if it can set up a connection with the other computer across the network.
-Transport Layer: Its first purpose is to choose the protocol over which the data is to be transmitted. The two most common protocols in the transport layer are TCP and UDP. With a protocol selected, the transport layer then divides the transmission up into bite-sized pieces (over TCP these are called segments, over UDP they’re called datagrams), which makes it easier to transmit the message successfully.
-Network Layer: The network layer is responsible for locating the destination of your request. For example, the Internet is a huge network; when you want to request information from a webpage, it’s the network layer that takes the IP address for the page and figures out the best route to take.
-Data Link Layer: The data link layer focuses on the physical addressing of the transmission.
-Physical Layer: The physical layer is right down to the hardware of the computer.
Q1: Which layer would choose to send data over TCP or UDP?
A1: 4
Q2: Which layer checks received packets to make sure that they haven’t been corrupted?
A2: 2
Q3: In which layer would data be formatted in preparation for transmission?
A3: 2
Q4: Which layer transmits and receives data?
A4: 1
Q5: Which layer encrypts, compresses, or otherwise transforms the initial data to give it a standardised format?
A5: 6
Q6: Which layer tracks communications between the host and receiving computers?
A6: 5
Q7: Which layer accepts communication requests from applications?
A7: 7
Q8: Which layer handles logical addressing?
A8: 3
Q9: When sending data over TCP, what would you call the “bite-sized” pieces of data?
A9: Segments
Q10: [Research] Which layer would the FTP protocol communicate with?
A10: 7
Q11: Which transport layer protocol would be best suited to transmit a live video?
A11: UDP
Encapsulation / Decapsulation
Stage 1: Application Layer Header is added
Stage 2: Presentation Layer Header is added
Stage 3: Session Layer Header is added
Stage 4: Transport Layer Header is added
Stage 5: Network Layer Header is added
Stage 6: Data Link Header and Trailer are added
Stage 7: Encapsulated data is sent across the network
Q1: How would you refer to data at layer 2 of the encapsulation process (with the OSI model)?
A1: Frames
Q2: How would you refer to data at layer 4 of the encapsulation process (with the OSI model), if the UDP protocol has been selected?
A2: Datagrams
Q3: What process would a computer perform on a received message?
A3: De-encapsulation
Q4: Which is the only layer of the OSI model to add a trailer during encapsulation?
A4: Data Link
Q5: Does encapsulation provide an extra layer of security (Aye/Nay)?
A5: Aye
The TCP/IP Model
The TCP/IP model consists of four layers: Application, Transport, Internet and Network Interface. Between them, these cover the same range of functions as the seven layers of the OSI Model.
TCP/IP takes its name from the two most important of these: the Transmission Control Protocol that controls the flow of data between two endpoints, and the Internet Protocol, which controls how packets are addressed and sent.
Three-Way Handshake:
SYN: synchronise
ACK: acknowledgement
TCP is a connection-based protocol. In other words, before you send any data via TCP, you must first form a stable connection between the two computers. The process of forming this connection is called the three-way handshake.
Q1: Which model was introduced first, OSI or TCP/IP?
A1: TCP/IP
Q2: Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)?
A2: Transport
Q3: Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)?
A3: Application
Q4: The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)?
A4: Physical
Q5: Which layer of the TCP/IP model handles the functionality of the OSI network layer?
A5: Internet
Q6: What kind of protocol is TCP?
A6: Connection-based
Q7: What is SYN short for?
A7: Synchronise
Q8: What is the second step of the three way handshake?
A8: SYN/ACK
Q9: What is the short name for the “Acknowledgement” segment in the three-way handshake?
A9: ACK
Networking Tools / Ping
The ping command is used when we want to test whether a connection to a remote resource is possible.
-Ping works using the ICMP protocol, which is one of the slightly less well-known TCP/IP protocols.
-The ICMP protocol works on the Network layer of the OSI Model, and thus the Internet layer of the TCP/IP model.
-The basic syntax for ping is ping <target>.
Q1: What command would you use to ping the bbc.co.uk website?
A1: ping bbc.co.uk
Q2: Ping muirlandoracle.co.uk (What is the IPv4 address?)
A2: 217.160.0.152
Q3: What switch lets you change the interval of sent ping requests?
A3: -i
Q4: What switch would allow you to restrict requests to IPv4?
A4: -4
Q5: What switch would give you a more verbose output?
A5: -v
Networking Tools / Traceroute
Traceroute can be used to map the path your request takes as it heads to the target machine.
-The basic syntax for traceroute on Linux is this: traceroute <destination>
-By default, the Windows traceroute utility (tracert) operates using the same ICMP protocol that ping utilises, and the Unix equivalent operates over UDP.
Q1: Use traceroute on tryhackme.com (Can you see the path your request has taken?)
A1: No answer needed
Q2: What switch would you use to specify an interface when using Traceroute?
A2: -i
Q3: What switch would you use if you wanted to use TCP SYN requests when tracing the route?
A3: -T
Q4: [Lateral Thinking] Which layer of the TCP/IP model will traceroute run on by default (Windows)?
A4: Internet
Networking Tools / WHOIS
Whois essentially allows you to query who a domain name is registered to. There is a web version of the whois tool:
-Just use whois <domain> to get a list of available information about the domain registration.
Q1: Perform a whois search on facebook.com
A1: No answer needed
Q2: What is the registrant postal code for facebook.com?
A2: 94025
Q3: When was the facebook.com domain first registered (Format: DD/MM/YYYY)?
A3: 29/03/1997
Q4: Perform a whois search on microsoft.com (Note: If you fail to read the above instruction and consequently get the wrong answer for the next question, don’t expect a helpful response if you report it as a bug…)
A4: No answer needed
Q5: Which city is the registrant based in?
A5: Redmond
Q6: [OSINT] What is the name of the golf course that is near the registrant address for microsoft.com?
A6: Bellevue Golf Course
Q7: What is the registered Tech Email for microsoft.com?
A7: msnhst@microsoft.com
Networking Tools / Dig
Dig allows us to manually query recursive DNS servers of our choice for information about domains: dig <domain> @<dns-server-ip>
DNS (Domain Name System)
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
TLD (Top-Level Domain)
In the DNS hierarchy, a top-level domain (TLD) represents the first stop after the root zone. In simpler terms, a TLD is everything that follows the final dot of a domain name. For example, in the domain name ‘google.com’, ‘.com’ is the TLD. Some other popular TLDs include ‘.org’, ‘.uk’, and ‘.edu’.
TTL (Time to Live)
Time to live (TTL) refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router.
-It’s important to remember that TTL (in the context of DNS caching) is measured in seconds.
Q1: What is DNS short for?
A1: Domain Name System
Q2: What is the first type of DNS server your computer would query when you search for a domain?
A2: Recursive
Q3: What type of DNS server contains records specific to domain extensions (i.e. .com, .co.uk*, etc)*? Use the long version of the name.
A3: Top-Level Domain
Q4: Where is the very first place your computer would look to find the IP address of a domain?
A4: Local Cache
Q5: [Research] Google runs two public DNS servers. One of them can be queried with the IP 8.8.8.8, what is the IP address of the other one?
A5: 8.8.4.4
Q6: If a DNS query has a TTL of 24 hours, what number would the dig query show?
A6: 86400 (24*60*60 = 86400)
Thank you for your time. See you soon! Until that time.. Happy Hacking ❤
Resources:
https://www.cloudflare.com/learning/cdn/glossary/time-to-live-ttl
