Introduction to TryHackMe Introductory Networking
Networking is a critical aspect of cybersecurity and IT infrastructure. TryHackMe offers a great platform for learning about networking through interactive labs and hands-on exercises. This write-up aims to provide a comprehensive overview of the introductory networking room on TryHackMe, covering key concepts, commands, and lessons learned.
Please watch the video at the bottom for full detailed explanation of the walkthrough.
Basic Networking Concepts
To understand how devices communicate over a network, it’s essential to grasp some foundational terms:
- IP Addressing: An IP address is a unique identifier assigned to each device connected to a network. There are two types of IP addresses:
- IPv4: A 32-bit address written in decimal format, e.g., 192.168.1.1.
- IPv6: A 128-bit address written in hexadecimal format, e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
- MAC Address: A Media Access Control address is a hardware identifier assigned to the network interface card (NIC). It’s unique to each device’s network interface.
- Subnetting: Subnetting divides a network into smaller, manageable segments or subnets, improving performance and security. A subnet mask (e.g., 255.255.255.0) determines which part of the IP address represents the network and which part represents the host.
- Packets: Data sent over a network is broken into smaller chunks called packets. Each packet contains the source and destination IP addresses, along with the data payload.
OSI Model
The OSI (Open Systems Interconnection) model is a framework that describes how data is transmitted over a network in seven layers:
- Physical Layer: The physical connection between devices (cables, switches).
- Data Link Layer: Responsible for MAC addresses and error detection in data frames.
- Network Layer: Manages IP addresses and routing of packets.
- Transport Layer: Ensures reliable data transfer (TCP/UDP).
- Session Layer: Manages communication sessions.
- Presentation Layer: Translates data formats (encryption, compression).
- Application Layer: Interfaces with end-user applications (HTTP, FTP).
Common Networking Tools
During the TryHackMe tasks, you’ll be introduced to various networking tools that help troubleshoot and understand the network:
- ping: Used to check connectivity between devices. It sends an ICMP echo request and waits for a reply.
- Example:
ping 8.8.8.8
(pings Google’s public DNS server).
- Example:
- traceroute (or tracert): Shows the path a packet takes to reach its destination, listing all routers (hops) along the way.
- Example:
traceroute 8.8.8.8
(ortracert
on Windows).
- Example:
- ipconfig/ifconfig: Displays network configuration details on your system, such as IP address, default gateway, and subnet mask.
- On Windows:
ipconfig
- On Linux:
ifconfig
- On Windows:
- netstat: Displays active connections, listening ports, and routing tables.
- Example:
netstat -an
- Example:
- nslookup: Queries DNS servers to resolve domain names into IP addresses.
- Example:
nslookup google.com
- Example:
TCP/IP Model
While the OSI model provides a theoretical framework, the TCP/IP model is the practical implementation used on the internet. It has four layers:
- Network Interface: Handles hardware connections (similar to the OSI Physical/Data Link Layers).
- Internet: Routes packets using IP addresses (similar to OSI Network Layer).
- Transport: Manages data transfer between devices (TCP/UDP, like OSI Transport Layer).
- Application: Provides network services to end-users (HTTP, DNS, FTP, similar to OSI Application Layer).
Common Networking Protocols
In TryHackMe’s networking exercises, you’ll encounter various protocols:
- HTTP/HTTPS: Protocols used for transferring web pages.
- DNS (Domain Name System): Translates domain names into IP addresses.
- TCP (Transmission Control Protocol): Provides reliable, ordered data transmission.
- UDP (User Datagram Protocol): Allows faster, but less reliable, data transmission.
- DHCP (Dynamic Host Configuration Protocol): Automatically assigns IP addresses to devices.
Practical Exercise Walkthrough
In the TryHackMe introductory networking room, you’ll perform hands-on exercises to solidify your understanding. Here’s a general overview of the tasks:
- IP Addressing and Subnetting: You’ll identify and calculate IP addresses and subnets to understand how networks are organized.
- Using ping and traceroute: You will use these commands to test connectivity between devices and see the route data takes through a network.
- Inspecting Packets: Using tools like Wireshark, you’ll capture and analyze packets traveling through a network.
Understanding Ports and Services
Ports are used to differentiate services running on a device. For example, web servers typically use port 80 for HTTP and port 443 for HTTPS. During the TryHackMe tasks, you’ll learn to identify open ports on a system using tools like Nmap.
- Nmap: A powerful network scanning tool that helps in identifying devices, open ports, and services running on a network.
- Example:
nmap -sV 192.168.1.1
(scans a target for open ports and service versions).
- Example:
Practical Example: Network Troubleshooting
One task might involve troubleshooting connectivity issues. Let’s break down a typical troubleshooting process using the tools and concepts you’ve learned:
- Step 1: Use
ping
to check connectivity between your machine and the target. - Step 2: If
ping
fails, usetraceroute
to identify where the connection breaks down. - Step 3: Run
ipconfig
(Windows) orifconfig
(Linux) to check your machine’s network configuration. - Step 4: Use
nslookup
to resolve domain names to IP addresses if DNS issues are suspected. - Step 5: Inspect open ports using
netstat
or scan withNmap
to identify which services are running on the network.
Key Takeaways
Understanding networking basics is essential for anyone looking to delve into cybersecurity or IT infrastructure.
Hands-on tools like ping, traceroute, and Nmap give you direct insights into how networks function and help troubleshoot connectivity issues.
TryHackMe’s labs provide a practical environment to apply networking concepts and troubleshoot real-world scenarios.
Room Answers | TryHackMe Introductory Networking
Which layer would choose to send data over TCP or UDP?
4
Which layer checks received information to make sure that it hasn’t been corrupted?
2
In which layer would data be formatted in preparation for transmission?
2
Which layer transmits and receives data?
1
Which layer encrypts, compresses, or otherwise transforms the initial data to give it a standardised format?
6
Which layer tracks communications between the host and receiving computers?
5
Which layer accepts communication requests from applications?
7
Which layer handles logical addressing?
3
When sending data over TCP, what would you call the “bite-sized” pieces of data?
Segments
[Research] Which layer would the FTP protocol communicate with?
7
Which transport layer protocol would be best suited to transmit a live video?
UDP
How would you refer to data at layer 2 of the encapsulation process (with the OSI model)?
Frames
How would you refer to data at layer 4 of the encapsulation process (with the OSI model), if the UDP protocol has been selected?
Datagrams
What process would a computer perform on a received message?
De-encapsulation
Which is the only layer of the OSI model to add a trailer during encapsulation?
Data Link
Does encapsulation provide an extra layer of security (Aye/Nay)?
Aye
Which model was introduced first, OSI or TCP/IP?
TCP/IP
Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)?
Transport
Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)?
Application
The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)?
Physical
Which layer of the TCP/IP model handles the functionality of the OSI network layer?
Internet
What kind of protocol is TCP?
Connection-based
What is SYN short for?
Synchronise
What is the second step of the three way handshake?
SYN/ACK
What is the short name for the “Acknowledgement” segment in the three-way handshake?
ACK
What command would you use to ping the bbc.co.uk website?
ping bbc.co.uk
Ping muirlandoracle.co.uk
What is the IPv4 address?
217.160.0.152
What switch lets you change the interval of sent ping requests?
-i
What switch would allow you to restrict requests to IPv4?
-4
What switch would give you a more verbose output?
-v
Use traceroute on tryhackme.com
Can you see the path your request has taken?
What switch would you use to specify an interface when using Traceroute?
-i
What switch would you use if you wanted to use TCP SYN requests when tracing the route?
-T
[Lateral Thinking] Which layer of the TCP/IP model will traceroute run on by default (Windows)?
Internet
Perform a whois search on facebook.com
No answer needed
What is the registrant postal code for facebook.com?
94025
When was the facebook.com domain first registered (Format: DD/MM/YYYY)?
29/03/1997
Perform a whois search on microsoft.com
(Note: Please ensure you have read the task above before attempting the next questions.)
No answer needed
Which city is the registrant based in?
Redmond
[OSINT] What is the name of the golf course that is near the registrant address for microsoft.com?
Bellevue Golf Course
What is the registered Tech Email for microsoft.com?
msnhst@microsoft.com
What is DNS short for?
Domain Name System
What is the first type of DNS server your computer would query when you search for a domain?
Recursive
What type of DNS server contains records specific to domain extensions (i.e. .com, .co.uk, etc)? Use the long version of the name.
Top-Level Domain
Where is the very first place your computer would look to find the IP address of a domain?
Hosts File
[Research] Google runs two public DNS servers. One of them can be queried with the IP 8.8.8.8, what is the IP address of the other one?
8.8.4.4
If a DNS query has a TTL of 24 hours, what number would the dig query show?
86400