This article provides an in-depth exploration of fundamental networking protocols, including DHCP, ARP, ICMP, and routing protocols like OSPF. It delves into their workflows, functionalities, and significance within network communication and finally the article provides the answers for TryHackMe Networking Essentials room.

Information Security 101 | Study Notes

Powershell Study Notes | Learn Powershell Quickly

DHCP Protocol Explained

To access a network, certain configurations must be set up at a minimum:

  • IP address and subnet mask
  • Router (gateway)
  • DNS server

Whenever a device connects to a new network, these settings need to align with that network. Manually configuring them is ideal for devices like servers, which are stationary and do not frequently change networks. Servers typically have fixed IP addresses to ensure other devices can consistently locate them for communication. For instance, you wouldn’t connect your domain controller to a coffee shop’s WiFi.

However, automating network configuration offers several benefits. It eliminates the need for manual setup, which is especially useful for mobile devices, and prevents IP address conflicts. An address conflict occurs when two devices share the same IP, disrupting network access for both local and Internet resources. This problem can be addressed with Dynamic Host Configuration Protocol (DHCP).

DHCP is an application-layer protocol based on UDP. The server listens on UDP port 67, while clients send requests from UDP port 68. Most devices, like smartphones and laptops, are set to use DHCP by default.

DHCP Workflow: The DORA Process

  1. DHCP Discover: The client broadcasts a DHCPDISCOVER message to locate an available DHCP server.
  2. DHCP Offer: The server replies with a DHCPOFFER message, proposing an available IP address.
  3. DHCP Request: The client sends a DHCPREQUEST message, accepting the offered IP.
  4. DHCP Acknowledge: The server confirms the assignment with a DHCPACK message.

At the end of this process, the device receives all the configurations needed to connect to the network and possibly the Internet. These typically include:

  • A leased IP address to access network resources.
  • A gateway to route packets beyond the local network.
  • A DNS server to resolve domain names.

ARP Protocol Explained

A MAC address is a 48-bit number typically expressed in hexadecimal, such as 7C:DF:A1:D3:8C:5C or 44:DF:65:D8:FE:6C, and is unique to network interfaces. Devices on the same Ethernet network don’t always need to know each other’s MAC addresses; they require them only during direct communication. Network interactions primarily rely on IP addresses.

Scenario: Device Configuration with DHCP

When a device connects to a network with a DHCP server, it is automatically assigned:

  • A gateway (router) to send packets beyond the local network.
  • A DNS server to resolve domain names.

In this process, only IP addresses are involved, and no MAC addresses are disclosed. However, when two devices on the same Ethernet network need to communicate, they must know each other’s MAC addresses.

Ethernet Frame and MAC Addresses

An Ethernet frame header contains:

  1. Destination MAC address
  2. Source MAC address
  3. Type (e.g., IPv4)

These details allow devices to communicate at the data link layer. The Address Resolution Protocol (ARP) facilitates the discovery of MAC addresses for a given IP address.

Example: ARP in Action

Consider a device with IP address 192.168.66.89 that wants to communicate with another device at 192.168.66.1:

  1. The device sends an ARP Request:
    • It asks the device with 192.168.66.1 to reveal its MAC address.
    • The request is broadcast using the destination MAC address ff:ff:ff:ff:ff:ff (a broadcast address).
    • The source MAC address belongs to the requesting device.
  2. The device with IP 192.168.66.1 responds with an ARP Reply, including its MAC address.
user@TryHackMe$ tshark -r arp.pcapng -Nn

    1 0.000000000 cc:5e:f8:02:21:a7 → ff:ff:ff:ff:ff:ff ARP 42 Who has 192.168.66.1? Tell 192.168.66.89
    2 0.003566632 44:df:65:d8:fe:6c → cc:5e:f8:02:21:a7 ARP 42 192.168.66.1 is at 44:df:65:d8:fe:6c

Once the requester receives the reply, the two devices can exchange Ethernet frames directly using their MAC addresses. This process ensures seamless communication at the data link layer while IP addresses handle network-level routing.

Address Resolution Protocol (ARP) operates at the boundary of the OSI model’s Layer 2 (Data Link Layer) and Layer 3 (Network Layer), which sometimes leads to debate about its classification. Here’s a breakdown of the reasoning:

  • Layer 2 (Data Link Layer): ARP is considered part of Layer 2 because it deals directly with MAC addresses, which are physical hardware addresses used for communication within a local network (Ethernet, for instance). MAC addresses are fundamental to the Data Link Layer.
  • Layer 3 (Network Layer): Some argue ARP belongs to Layer 3 because it supports IP operations, specifically translating an IP address (Layer 3) into a MAC address (Layer 2). This functionality is critical for IP-based communication, which relies on Layer 3 addressing.

Key Understanding:

ARP essentially serves as a bridge between Layer 3 addressing (IP) and Layer 2 addressing (MAC). Its role is to map an IP address to its corresponding MAC address, enabling devices to communicate at the data link layer based on network-layer instructions.

Rather than categorizing ARP strictly as Layer 2 or Layer 3, it’s most useful to understand it as a mechanism that facilitates the translation between these layers, ensuring seamless communication across the network stack.

ICMP Protocol Explained

The Internet Control Message Protocol (ICMP) is a key protocol used for network diagnostics and error reporting. Two commonly used commands rely on ICMP, making them essential tools for network troubleshooting and network security:

1. ping

The ping command uses ICMP to:

  • Test connectivity: It checks whether a target system is reachable.
  • Measure round-trip time (RTT): It calculates the time taken for packets to travel to the target and back, verifying both communication and latency.

The command sends an ICMP Echo Request (ICMP Type 8) and waits for an Echo Reply (ICMP Type 0) from the target. This process is similar to the game of ping-pong, where you “serve” a request and wait for a “reply.”

Reasons for No Reply

Several factors might prevent a response:

  • The target system could be offline or shut down.
  • Firewalls along the path may block ICMP traffic, disabling the ping command.

Example Usage

ping -c 4 <target-address>

Here, the -c 4 flag limits the command to send four ICMP Echo Requests before stopping.

The Internet Control Message Protocol (ICMP) is a key protocol used for network diagnostics and error reporting. Two commonly used commands rely on ICMP, making them essential tools for network troubleshooting and network security:

1. ping

The ping command uses ICMP to:

  • Test connectivity: It checks whether a target system is reachable.
  • Measure round-trip time (RTT): It calculates the time taken for packets to travel to the target and back, verifying both communication and latency.

The command sends an ICMP Echo Request (ICMP Type 8) and waits for an Echo Reply (ICMP Type 0) from the target. This process is similar to the game of ping-pong, where you “serve” a request and wait for a “reply.”

Reasons for No Reply

Several factors might prevent a response:

  • The target system could be offline or shut down.
  • Firewalls along the path may block ICMP traffic, disabling the ping command.

Example Usage

bashCopyEditping -c 4 <target-address>

Here, the -c 4 flag limits the command to send four ICMP Echo Requests before stopping.

2. traceroute

The traceroute command (or tracert on Windows) uses ICMP to:

  • Discover the route between the source system and the target.
  • Identify intermediate devices (hops) and measure the time taken at each hop.

Traceroute sends packets with incrementally increasing Time-to-Live (TTL) values to map the route step-by-step. Each router along the path sends an ICMP “Time Exceeded” message back when the TTL expires, revealing its identity.

user@TryHackMe$ traceroute example.com


traceroute to example.com (93.184.215.14), 30 hops max, 60 byte packets
 1  _gateway (192.168.66.1)  4.414 ms  4.342 ms  4.320 ms
 2  192.168.11.1 (192.168.11.1)  5.849 ms  5.830 ms  5.811 ms
 3  100.104.0.1 (100.104.0.1)  11.130 ms  11.111 ms  11.093 ms
 4  10.149.1.45 (10.149.1.45)  6.156 ms  6.138 ms  6.120 ms
 5  * * *
 6  * * *
 7  * * *
 8  172.16.48.1 (172.16.48.1)  5.667 ms  8.165 ms  6.861 ms
 9  ae81.edge4.Marseille1.Level3.net (212.73.201.45)  50.811 ms  52.857 ms 213.242.116.233 (213.242.116.233)  52.798 ms
10  NTT-level3-Marseille1.Level3.net (4.68.68.150)  93.351 ms  79.897 ms  79.804 ms
11  ae-9.r20.parsfr04.fr.bb.gin.ntt.net (129.250.3.38)  62.935 ms  62.908 ms  64.313 ms
12  ae-14.r21.nwrknj03.us.bb.gin.ntt.net (129.250.4.194)  141.816 ms  141.782 ms  141.757 ms
13  ae-1.a02.nycmny17.us.bb.gin.ntt.net (129.250.3.17)  145.786 ms ae-1.a03.nycmny17.us.bb.gin.ntt.net (129.250.3.128)  141.701 ms  147.586 ms
14  ce-0-3-0.a02.nycmny17.us.ce.gin.ntt.net (128.241.1.14)  148.692 ms ce-3-3-0.a03.nycmny17.us.ce.gin.ntt.net (128.241.1.90)  141.615 ms ce-0-3-0.a02.nycmny17.us.ce.gin.ntt.net (128.241.1.14)  148.168 ms
15  ae-66.core1.nyd.edgecastcdn.net (152.195.69.133)  141.100 ms ae-65.core1.nyd.edgecastcdn.net (152.195.68.133)  140.360 ms ae-66.core1.nyd.edgecastcdn.net (152.195.69.133)  140.638 ms
16  93.184.215.14 (93.184.215.14)  140.574 ms  140.543 ms  140.514 ms
17  93.184.215.14 (93.184.215.14)  140.488 ms  139.397 ms  141.854 ms

Routing Protocols Explained

Here’s a brief overview of a few common routing protocols to familiarize you with their names and key features:

1. OSPF (Open Shortest Path First)

  • Type: Link-state routing protocol.
  • Function: Routers exchange information about the network topology and calculate the most efficient paths for data transmission.
  • Mechanism: Each router maintains a complete map of the network by sharing updates about the state of its links and connected networks.
  • Use case: Commonly used in large enterprise networks due to its efficiency and scalability.

2. EIGRP (Enhanced Interior Gateway Routing Protocol)

  • Type: Hybrid routing protocol (combines distance-vector and link-state features).
  • Function: Cisco proprietary protocol that shares information about reachable networks and their associated costs (e.g., bandwidth, delay).
  • Mechanism: Uses advanced metrics and efficient algorithms to determine the best path for data.
  • Use case: Suitable for Cisco environments, offering fast convergence and network stability.

3. BGP (Border Gateway Protocol)

  • Type: Path-vector routing protocol.
  • Function: The primary routing protocol of the Internet; enables different networks (Autonomous Systems) to exchange routing information.
  • Mechanism: Establishes paths for data to travel across multiple networks while ensuring efficient routing even on a global scale.
  • Use case: Essential for Internet Service Providers (ISPs) and large-scale networks.

4. RIP (Routing Information Protocol)

  • Type: Distance-vector routing protocol.
  • Function: Shares information about reachable networks and uses the number of hops (routers) as the metric for determining the best route.
  • Mechanism: Each router builds a routing table and selects routes with the fewest hops to reach destinations.
  • Use case: Often used in small networks due to its simplicity but less effective for larger or more complex networks due to limitations like slow convergence and a maximum hop count of 15.

Network Address Translation (NAT) Explained

Purpose of NAT:
NAT (Network Address Translation) is designed to allow multiple devices on a private network to access the Internet using a single public IP address, thereby conserving public IP addresses.

Key Idea:
Instead of assigning a unique public IP address to each device in a network (e.g., a company with 20 computers), NAT enables these devices to share one or a few public IP addresses. This significantly reduces the demand for public IP addresses.

Technical Note:
In a network, the number of IP addresses is typically a power of two. For example:

  • Without NAT: 32 public IP addresses would be reserved for 32 devices.
  • With NAT: Only two public IP addresses are needed (one for NAT and one for backup). This saves 30 public IP addresses.

How NAT Works

  1. Internal vs. External Networks:
    • The internal network uses private IP addresses (e.g., 192.168.x.x, 10.x.x.x, or 172.16.x.x – address ranges not routable on the Internet).
    • The external network communicates using public IP addresses assigned by an ISP.
  2. Address Translation:
    • Routers supporting NAT maintain a translation table that maps private IP addresses and their associated ports to the public IP address.
    • When a device sends data to the Internet, the router replaces the private source IP and port with the public IP and an assigned port from its pool.
    • When the reply arrives, the router uses its NAT table to reverse the translation, delivering the data to the correct internal device.

NAT vs. Traditional Routing

  • Routing:
    Traditional routing forwards packets based on the destination IP address, assuming every device has a unique IP address.
  • NAT:
    NAT modifies packet headers to translate addresses, requiring the router to track ongoing connections in its translation table. This allows multiple devices on a private network to share a single public IP address.

Benefits of NAT

  • IP Address Conservation: Reduces the need for public IP addresses, which are limited in availability.
  • Security: Private IP addresses are not directly exposed to the Internet, providing an additional layer of protection.
  • Flexibility: Simplifies network management by using a single public IP for multiple devices.

NAT has become a vital technology in networking, especially with the increasing scarcity of IPv4 addresses.

TryHackMe Networking Essentials | Room Answers

How many steps does DHCP use to provide network configuration?

4

What is the destination IP address that a client uses when it sends a DHCP Discover packet?

255.255.255.255

What is the source IP address a client uses when trying to get IP network configuration over DHCP?

0.0.0.0

What is the destination MAC address used in an ARP Request?

ff:ff:ff:ff:ff:ff

In the example above, what is the MAC address of 192.168.66.1?
44:df:65:d8:fe:6c

Using the example images above, how many bytes were sent in the echo (ping) request?

40

Which IP header field does the traceroute command require to become zero?

TTL

Which routing protocol discussed in this task is a Cisco proprietary protocol?

EIGRP

In the network diagram above, what is the public IP that the phone will appear to use when accessing the Internet?

212.3.4.5

Assuming that the router has infinite processing power, approximately speaking, how many thousand simultaneous TCP connections can it maintain?
65

Click on the View Site button to access the related site. Please follow the instructions on the site to obtain the flag.

THM{computer_is_happy}

Watch Also:

Summary

  1. Dynamic Host Configuration Protocol (DHCP): Simplifies network management by automatically assigning IP addresses to devices, reducing manual configuration errors.
  2. Address Resolution Protocol (ARP): Essential for translating IP addresses into MAC addresses, ensuring accurate data delivery within local networks.
  3. Internet Control Message Protocol (ICMP): Facilitates network diagnostics by reporting errors and providing operational information, crucial for maintaining network health.
  4. Open Shortest Path First (OSPF): A link-state routing protocol that dynamically updates routing tables, optimizing data transmission paths in large networks.
  5. Domain Name System Security Extensions (DNSSEC): Adds a layer of security to DNS by validating responses, protecting against attacks like cache poisoning.
  6. Secure Shell (SSH): Enables secure remote access to systems, encrypting sessions to prevent eavesdropping and unauthorized access.
  7. Secure Sockets Layer/Transport Layer Security (SSL/TLS): Encrypts data between web servers and clients, safeguarding information transmitted over the internet.
  8. Internet Protocol Security (IPsec): Secures IP communications by authenticating and encrypting each IP packet, widely used in VPNs for secure remote connectivity.
  9. Virtual Private Network (VPN): Creates a secure tunnel over public networks, allowing safe data transmission and remote access to network resources.
  10. Simple Mail Transfer Protocol Secure (SMTPS): Secures email transmission by wrapping SMTP with TLS, ensuring that emails are encrypted during transit.

Conclusion

Understanding networking protocols is crucial for efficient network management and security. Protocols such as DHCP automate IP address allocation, ARP resolves IP addresses to MAC addresses, ICMP facilitates network diagnostics, and routing protocols like OSPF determine optimal data paths. Mastering these protocols enhances one’s ability to design, troubleshoot, and secure networks effectively.

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles