Introductory Networking WriteUp – TryHackMe

Image for post

In this article, I tried to prepare a write-up for the “Introductory Networking”room on tryhackme. I tried to support it with images. Thank you to everyone who has already read.


[Task 1] Introduction:

The topics that we’re going to cover in this room are:

  • The OSI Model
  • The TCP/IP Model
  • How these models look in practice
  • An introduction to basic networking tools

#1 Let’s get started!

ANSWER: No answer needed


[Task 2] The OSI Model: An Overview:

All the answers in this section are in the reading text. Before the answers, I will share the sentences with the answers in the reading text with you.

#1 Which layer would choose to send data over TCP or UDP?

Layer 4 — Transport: Its first purpose is to choose the protocol over which the data is to be transmitted. The two most common protocols in the transport layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)

ANSWER: 4

#2 Which layer checks received packets to make sure that they haven’t been corrupted?

Layer 2 — Data Link: The data link layer also serves an important function when it receives data, as it checks the received information to make sure that it hasn’t been corrupted during transmission.

ANSWER: 2

#3 In which layer would data be formatted in preparation for transmission?

Layer 2 — Data Link: Additionally, it’s also the job of the data link layer to present the data in a format suitable for transmission.

ANSWER: 2

#4 Which layer transmits and receives data?

Layer 1 — Physical: This is where the electrical pulses that make up data transfer over a network are sent and received.

ANSWER: 1

#5 Which layer encrypts, compresses, or otherwise transforms the initial data to give it a standardised format?

Layer 6 — Presentation: The presentation layer translates the data into a standardised format, as well as handling any encryption, compression or other transformations to the data.

ANSWER: 6

#6 Which layer tracks communications between the host and receiving computers?

Layer 5 — Session: When the session layer has successfully logged a connection between the host and remote computer the data is passed down to Layer 4: the transport Layer.

ANSWER: 5

#7 Which layer accepts communication requests from applications?

Layer 7 — Application: It works almost exclusively with applications, providing an interface for them to use in order to transmit data. When data is given to the application layer, it is passed down into the presentation layer.

ANSWER: 7

#8 Which layer handles logical addressing?

Layer 3 — Network: It’s the network layer that takes the IP address for the page and figures out the best route to take. At this stage we’re working with what is referred to as Logical addressing

ANSWER: 3

#9 When sending data over TCP, what would you call the “bite-sized” pieces of data?

Layer 4 –Transport: With a protocol selected, the transport layer then divides the transmission up into bite-sized pieces (over TCP these are called segments, over UDP they’re called datagrams), which makes it easier to transmit the message successfully.

ANSWER: 4

#10 [Research] Which layer would the FTP protocol communicate with?

Image for post

ANSWER: 7

#11 Which transport layer protocol would be best suited to transmit a live video?

UDP would be used in situations where speed is more important (e.g. video streaming)

ANSWER: UDP


[Task 3] Encapsulation:

#1 How would you refer to data at layer 2 of the encapsulation process (with the OSI model)?

Image for post

ANSWER: Frames

#2 How would you refer to data at layer 4 of the encapsulation process (with the OSI model), if the UDP protocol has been selected?

In the transport layer the encapsulated data is referred to as a segment or a datagram (depending on whether TCP or UDP has been selected as a transmission protocol).

TCP → Segments

UDP → Datagrams

Answer: Datagrams

#3 What process would a computer perform on a received message?

When the message is received by the second computer, it reverses the process — starting at the physical layer and working up until it reaches the application layer, stripping off the added information as it goes.

This is referred to as de-encapsulation.

ANSWER: De-encapsulation

#4 Which is the only layer of the OSI model to add a trailer during encapsulation?

The data link layer also adds a piece on at the end of the transmission, which is used to verify that the data has not been corrupted on transmission; this also has the added bonus of increased security, as the data can’t be intercepted and tampered with without breaking the trailer.

ANSWER: Data Link

#5 Does encapsulation provide an extra layer of security (Aye/Nay)?

The data link layer also adds a piece on at the end of the transmission, which is used to verify that the data has not been corrupted on transmission; this also has the added bonus of increased security, as the data can’t be intercepted and tampered with without breaking the trailer.

ANSWER: AYE (YES)


[Task 4] The TCP/IP Model:

Image for post

#1 Which model was introduced first, OSI or TCP/IP?

The TCP/IP model is, in many ways, very similar to the OSI model. It’s a few years older, and serves as the basis for real-world networking

ANSWER: TCP/IP

#2 Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)?

You can see the answer in the picture above.

ANSWER: Transport

#3 Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)?

You can see the answer in the picture above.

ANSWER: Application

#4 The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)?

You can see the answer in the picture above.

ANSWER: Physical

#5 Which layer of the TCP/IP model handles the functionality of the OSI network layer?

You can see the answer in the picture above.

ANSWER: Internet

#6 What kind of protocol is TCP?

As mentioned earlier, TCP is a connection-based protocol.

ANSWER: Connection-based

#7 What is SYN short for?

This request contains something called a SYN (short for synchronise) bit, which essentially makes first contact in starting the connection process.

ANSWER: Synchronise

#8 What is the second step of the three way handshake?

Image for post

ANSWER: SYN/ACK

#9 What is the short name for the “Acknowledgement” segment in the three-way handshake?

The server will then respond with a packet containing the SYN bit, as well as another “acknowledgement” bit, called ACK.

ANSWER: ACK


[Task 5] Wireshark

There are 5 pieces of information here:

  • Frame 1 →this is showing details from the physical layer of the OSI model (Network Interface layer of the TCP/IP model): the size of the packet received in terms of bytes)
  • Ethernet II →this is showing details from the Data Link layer of the OSI model (Network Interface layer of the TCP/IP model): the transmission medium (in this case an Ethernet cable), as well as the source and destination MAC addresses of the request.
  • Internet Protocol Version 4 →this is showing details from the Network layer of the OSI model (Internet Layer of the TCP/IP model): the source and destination IP addresses of the request.
  • Transmission Control Protocol →this is showing details from the Transport layer of the OSI and TCP/IP models: in this case it’s telling us that the protocol was TCP, along with a few other things that we’re not covering here.
  • Hypertext Transfer Protocol →this is showing details from the Application layer of the OSI and TCP/IP models: specifically, this is a HTTP GET request, which is requesting a web page from a remote server.

With that in mind, click on the second captured packet (in the top window) and answer the following questions:

Image for post

#1 What is the protocol specified in the section of the request that’s linked to the Application layer of the OSI and TCP/IP Models?

Image for post

In fact, the answer appears in the first picture. You can see the DNS text in the protocol section in the second package.

ANSWER: Domain Name System

#2 Which layer of the OSI model does the section that shows the IP address “172.16.16.77” link to (Name of the layer)?

Image for post

ANSWER: Network

#3 In the section of the request that links to the Transport layer of the OSI and TCP/IP models, which protocol is specified?

Image for post

ANSWER: User Datagram Protocol

#4 Over what medium has this request been made (linked to the Data Link layer of the OSI model)?

Image for post

ANSWER: Ethernet II

#5 Which layer of the OSI model does the section that shows the number of bytes transferred (81) link to?

Image for post

Frame 1 — this is showing details from the physical layer of the OSI model

ANSWER: Physical

#6 [Research] Can you figure out what kind of address is shown in the layer linked to the Data Link layer of the OSI model?

Image for post

ANSWER: MAC


[Task 6] [Networking Tools] Ping:

#1 What command would you use to ping the bbc.co.uk website?

ANSWER: ping bbc.co.uk

#2 Ping muirlandoracle.co.uk What is the IP address?

Image for post

ANSWER: 217.160.0.152

#3 What switch lets you change the interval of sent ping requests?

ANSWER: -i

#4 What switch would allow you to restrict requests to IPV4?

-4 → This forces the ping command to use IPv4 only but is only necessary if target is a hostname and not an IP address.

ANSWER: -4

#5 What switch would give you a more verbose output?

ANSWER: -v


[Task 7] [Networking Tools] Traceroute:

#1 Use traceroute on tryhackme.com Can you see the path your request has taken?

ANSWER: No answer needed

#2 What switch would you use to specify an interface when using Traceroute?

ANSWER: -i

#3 What switch would you use if you wanted to use TCP requests when tracing the route?

ANSWER: -T

#4 [Lateral Thinking] Which layer of the TCP/IP model will traceroute run on by default?

Traceroute is IP so it would be layer 3 OSI (Network)

ANSWER: Internet


[Task 8] [Networking Tools] WHOIS:

#1 Perform a whois search on facebook.com

Image for post

ANSWER: No answer needed

#2 What is the registrant postal code for facebook.com?

You can see the answer in the picture above.

ANSWER: 94025

#3 When was the facebook.com domain first registered?

Image for post

ANSWER: 29/03/1997

#4 Perform a whois search on microsoft.com

Image for post

ANSWER: No answer needed

#5 Which city is the registrant based in?

You can see the answer in the picture above.

ANSWER: Redmond

#6 [OSINT] What is the name of the golf course that is near the registrant address for microsoft.com?

Image for post

ANSWER: Bellevue Golf Course

#7 What is the registered Tech Email for microsoft.com?

Image for post

ANSWER: msnhst@microsoft.com


[Task 9] [Networking Tools] Dig:

#1 What is DNS short for?

The answer is a TCP/IP protocol called DNS (Domain Name System).

ANSWER: Domain Name System

#2 What is the first type of DNS server your computer would query when you search for a domain?

Assuming the address hasn’t already been found, your computer will then send a request to what’s known as a recursive DNS server. These will automatically be known to the router on your network. Many Internet Service Providers (ISPs) maintain their own recursive servers, but companies such as Google and OpenDNS also control recursive servers. This is how your computer automatically knows where to send the request for information: details for a recursive DNS server are stored in your router.

ANSWER: Recursive

#3 What type of DNS server contains records specific to domain extensions (i.e. .com, .co.uk, etc)? Use the long version of the name.

These lower level servers are called Top-Level Domain servers. Top-Level Domain (TLD) servers are split up into extensions. So, for example, if you were searching for tryhackme.com your request would be redirected to a TLD server that handled .com domains.

ANSWER: Top-Level Domain

#4 Where is the very first place your computer would look to find the IP address of a domain?

Another interesting piece of information that dig gives us is the TTL (Time TLive) of the queried DNS record. As mentioned previously, when your computer queries a domain name, it stores the results in its local cache.

ANSWER: Local Cache

#5 [Research] Google runs two public DNS servers. One of them can be queried with the IP 8.8.8.8, what is the IP address of the other one?

Image for post

ANSWER: 8.8.4.4

#6 If a DNS query has a TTL of 24 hours, what number would the dig query show?

Image for post

ANSWER: 86400


[Task 10] Further Reading:

#1 Read the final thoughts

ANSWER: No answer needed


I hope I can explain the subject as a whole. I hope it is useful for you. For your questions, comments and feedback, you can send an e-mail to fatihturgutegitim@gmail.com.

You can also reach me via linkedin. I thank everyone who reads and wish you healthy days. See you in my next write-up…

Bir Cevap Yazın

Aşağıya bilgilerinizi girin veya oturum açmak için bir simgeye tıklayın:

WordPress.com Logosu

WordPress.com hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Google fotoğrafı

Google hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Twitter resmi

Twitter hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Facebook fotoğrafı

Facebook hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Connecting to %s

WordPress.com'da Blog Oluşturun.

Yukarı ↑

%d blogcu bunu beğendi: