Introduction
This article provides an introduction to computer networking, covering essentials such as the Internet’s structure, IP and MAC addresses, and the ping tool. It explains the differences between private and public networks, the role of IP addresses for device identification, and the significance of MAC addresses for device security. Additionally, it outlines IPv4 and IPv6 protocols and introduces ping commands using ICMP for network troubleshooting. This article also provides the walkthrough for the room TryHackMe What is Networking?
Computer Forensics Study Notes
What is The Internet
The Internet is essentially one vast network made up of numerous smaller networks within it. Building on our example from the last task, let’s imagine that Alice has made new friends named Zayn and Toby, whom she wants to introduce to Bob and Jim. The challenge is that Alice is the only one who speaks the same language as Zayn and Toby, so she’ll need to act as the messenger!
The Internet consists of numerous smaller networks connected together. These smaller networks are known as private networks, while the networks that link these smaller networks are called public networks – or simply, the Internet! To summarize, a network can be one of two types:
- A private network
- A public network
The initial version of the Internet emerged within the ARPANET project in the late 1960s. Funded by the United States Department of Defense, this project marked the first documented functioning network. However, it wasn’t until 1989 that the Internet, as we know it, was developed by Tim Berners-Lee with the creation of the World Wide Web (WWW). From this point onward, the Internet began to serve as a repository for storing and sharing information, much like it does today.
IP Addresses
In brief, an IP (Internet Protocol) address serves as an identifier for a host on a network for a certain period, allowing that IP address to be reassigned to another device without changing the IP itself. An IP address consists of four octets of numbers, and the value of each octet together forms the IP address of the device on the network. This number is determined through a process called IP addressing and subnetting, but that’s a topic for another time. What’s key to understand here is that IP addresses can be reassigned to different devices but cannot be active on more than one device at the same time within the same network.
IP addresses follow specific standards, known as protocols, which form the foundation of networking and ensure that devices communicate in a common language. We’ll explore this further later. For now, remember that devices can belong to both private and public networks. Where they are located determines the type of IP address they use: either a public or a private IP address.
A public IP address is used to identify a device on the Internet, while a private IP address is used to identify a device within a group of other devices.
As more devices connect to the Internet, obtaining a unique public IP address is increasingly challenging. For example, Cisco, a leader in networking, estimated that by the end of 2021, around 50 billion devices would be online (Cisco, 2021). This brings us to IP address versions. Up to this point, we’ve primarily discussed IPv4, the original Internet Protocol addressing scheme, which operates with a 2^32 address space (4.29 billion addresses), explaining the current shortage.
IPv6 is the latest version of the Internet Protocol designed to address this limitation. Although it may seem more complex, it offers key advantages:
- Supports up to 2^128 IP addresses (over 340 trillion), alleviating the limitations faced with IPv4
- Increases efficiency through updated methodologies
MAC Addresses
Every device on a network has a physical network interface, a microchip embedded in the device’s motherboard. This network interface comes with a unique factory-assigned address known as a MAC (Media Access Control) address. A MAC address is a twelve-character hexadecimal number (a base-16 system used in computing) organized into pairs and separated by colons, such as a4:c3:f0:85:ac:2d. The first six characters identify the manufacturer of the network interface, while the last six are a unique identifier.
Interestingly, MAC addresses can be altered or “spoofed” in a process called spoofing, where one device on a network pretends to have the MAC address of another. Spoofing can undermine security systems that rely on MAC address verification to determine trusted devices. For example, if a firewall is set to allow all communication to and from the administrator’s MAC address, a spoofed device mimicking this MAC address could trick the firewall into granting it access under the guise of the administrator.
Ping (ICMP)
Ping is one of the most basic yet essential network tools. It uses ICMP (Internet Control Message Protocol) packets to check the status and reliability of a connection between devices, determining if a connection is active and measuring its performance.
The time taken for ICMP packets to travel between devices is recorded by ping, using ICMP’s echo request packet followed by the echo reply from the target device.
Pings can be directed at devices within a network, like a home network, or resources like websites. This tool is user-friendly and is pre-installed on most operating systems, including Linux and Windows. To perform a simple ping, the syntax is ping followed by an IP address or website URL.
Room Answers | TryHackMe What is Networking?
What is the key term for devices that are connected together?
Network
IWho invented the World Wide Web?
Tim Berners-Lee
What does the term “IP” stand for?
Internet Protocol
What is each section of an IP address called?
Octet
How many sections (in digits) does an IP address have?
4
What does the term “MAC” stand for?
Media Access Control
Deploy the interactive lab using the “View Site” button and spoof your MAC address to access the site. What is the flag?
THM{YOU_GOT_ON_TRYHACKME}
What protocol does ping use?
ICMP
What is the syntax to ping 10.10.10.10?
ping 10.10.10.10
What flag do you get when you ping 8.8.8.8?
THM{I_PINGED_THE_SERVER}
