TryHackMe – Packets and Frames – Complete Walkthrough
This room provides a great introduction to some important topics including IP, TCP, packets, frames and ports.
The room can be found at: https://tryhackme.com/room/packetsframes
Walkthrough
Task 1 – What are Packets and Frames
Packets and frames are two ways of describing specific types of data units that are used in networking. A frame (think ‘Ethernet frame’) is used at the Data Link layer to transfer data on a network. A packet is used at the Network layer to transfer data between networks.
Packets and frames are both comprised of two sections:
1) A header.
2) A data payload.
The header contains logistical and technical information that helps that data get to the right destination (and back) and check to see if the data was properly received.
Common header fields are: TTL (time to live), checksum (data integrity check), and source and destination addresses (can be MAC address in a frame or IP address in a packet).
Question 1
What is the name for a piece of data when it does have IP addressing information?
Walkthrough:
Remember, there are two names for small pieces of data that are put together to form a larger chunk of data: packets and frames. Packets refer to data with an IP address; frames refer to data that does not have an IP address.
Keep in mind that we’re learning about three different protocols used in networking: ethernet, IP, and TCP. Both IP and TCP contain IP addresses in the header, so ethernet is the only protocol that is not considered a packet here.
Answer:
(Highlight below to find the answer):
Packet
Question 2
What is the name for a piece of data when it does not have IP addressing information?
Walkthrough:
It’s the other choice.
Answer:
(Highlight below to find the answer):
Frame
Task 2 – TCP/IP (The Three-Way Handshake)
Question 1
What is the header in a TCP packet that ensures the integrity of data?
Walkthrough:
Remember that a header is just the first sections of data that pertain to the logistical and technical functions of the overall data packet (or frame). Both the Ethernet and IP protocols use a special header that is used to calculate a number called a checksum.
Basically, this is a special number that is generated by performing a calculation that uses every single bit of data in the whole unit. If a single bit of data is changed, the checksum also changes. In other words, the packet that has arrived must be identical to the correct packet.
Answer:
(Highlight below to find the answer):
Checksum
Question 2
Provide the order of a normal Three-way handshake (with each step separated by a comma)
Walkthrough:
The point of TCP is to establish a connection between the server and client. In order to establish the connection, a short conversation takes place between them.
This conversation is known as the TCP Three-Way Handshake.
1) The client requests a TCP connection with the server by sending a SYN request.
“Hi server 1, this is client 1. I’d like to have a conversation with you. Are you there?”
2) The server responds to the client by sending a SYN/ACK packet.
“Hello client 1, this is server 1. I’m here.”
3) The client then finishes establishing the connection by sending an ACK packet.
Answer:
(Highlight below to find the answer):
SYN,SYN/ACK,ACK
Task 3: Practical – Handshake
This task uses a game in which Alice and Bob have a conversation using a TCP connection.
Question 1
What is the value of the flag given at the end of the conversation?
Walkthrough:
Write up the walkthrough but NOT the answer (if possibl
In this task, we have to help Alice and Bob establish a TCP connection using the Three Way Handshake.
Click the green “View Site” button in this task.
To get the flag, you have to follow correctly complete a TCP connection that involves the transfer of data. The game is basically a conversation where each sentence starts with the type of packet.
The first three pages are basically the Three Way Handshake: SYN, SYN/ACK, ACK.
Next, Alice wants to send Bob some data. The data is contained in a TCP packet that is known as a DATA message. Alice sends Bob the message “Cheesecake is on sale!”.
Bob receives the data and lets Alice know that it was correctly received by sending back an ACK packet.
That was all Alice wanted to say, so she lets him know that she’s done with conversation by sending a FIN/ACK packet.
Bob responds with a FIN/ACK packet, confirming that he is also ready to break-off the connection.
Alice then responds with one final ACK packet, which kills the connection.
Answer:
(Highlight below to find the answer):
THM{TCP_CHATTER}
Task 4: UDP/IP
TCP is often contrasted with another protocol that works at the transport layer of both the OSI and TCP/IP models, UDP.
UDP stands for User Datagram Protocol. Like TCP, it also uses the internet protocol (IP), which works on the network layer.
Basically, TCP and UDP are two ways of transferring data. TCP is slow and reliable while UDP is fast but unreliable.
TCP is used when you want to ensure that the data arrives in perfect condition. Transferring files is a common example; the file might not open or might be corrupted if it does not arrive in perfect condition.
UDP is for when you want to prioritize speed. The most common example is streaming video. What would you prefer, a slightly blurry video or a video that will not play or plays erratically? We need the video to play using our available bandwidth and we are willing to sacrifice a little blurriness to make sure the data arrives quickly enough for the video to play.
One of the things that makes UDP fast is that it does not require a session (like TCP). We say that UDP is a stateless connection because it doesn’t require the server to retain information about the session.
Question 1
What does the term “UDP” stand for?
Walkthrough:
The answer is given above.
Answer:
(Highlight below to find the answer):
User Datagram Protocol
Question 2
What type of connection is “UDP”?
Walkthrough:
UDP does not establish a session the way that TCP does.
Answer:
(Highlight below to find the answer):
stateless
Question 3
What protocol would you use to transfer a file?
Walkthrough:
The one that ensures that data is transferred correctly.
Answer:
(Highlight below to find the answer):
TCP
Question 4
What protocol would you use to have a video call?
Walkthrough:
The faster (albeit less reliable) protocol.
Answer:
(Highlight below to find he answer):
UDP
Task 5: Ports 101 (Practical)
A port is a point of connection between two computers.
Computers need to be able to run different useful protocols at the same time. This means that the need multiple ways of connecting to each other. Ports are how this is done.
For example, your computer might be using one port to connect to a website and another for a game you might be playing. If you open up a new tab in your web browser, your computer will open another port so that the data being transferred to/from one browser tab isn’t confused with the data transferred via the other tab.
When a TCP packet is sent, the first 16 bits of data are reserved for the source port, and the next 16 bits of data are reserved for the destination port.
This means that port numbers can range from 0000000000000000 to 1111111111111111, allowing for 216 = 65536 possibilities. In decimal, this means that ports can range from 0 to 65535.
Ports between 0 and 1024 are referred to as common ports, which will become easier to recognize once we begin learning how to scan networks using tools like nmap.
Question 1
What is the flag received from the challenge?
Walkthrough:
To complete this Task, open the simulator by clicking the green “View Site” button at the top of the Task.
Instructions are given to connect to IP address 8.8.8.8 via port 1234. To do this, just fill in the information at the top of the page:
Notice that the simulator is using your input to populate a command line interface. The command is:
nc <IP address> <port number>
We haven’t yet learned about the nc command. ‘nc’ stands for netcat, and is a powerful tool used to read and write data across network connections using TCP or UDP.
The output contains the flag needed to complete the Task.
Answer:
(Highlight below to find the answer):
THM{YOU_CONNECTED_TO_A_PORT}
Task 6 – Continue Your Learning: Extending Your Network
Continue your learning by joining the “Extending Your Network” room.
Question 1
Join the “Extending Your Network” room.
Walkthrough:
Follow the link to the Extending Your Network room and join it.
Answer:
(Highlight below to find the answer):
No answer needed
Conclusion
The content that is covered in this room is important, but the organization felt a little disjointed to me.
For instance, the room begins with the first Task, ‘Packets and Frames’, which provides decent coverage but it seems a little unclear of what we’re actually talking about here, which is basically verbiage describing different units of data.
Later we are introduced to UDP datagrams, which doesn’t seem to fit neatly into the structure but makes sense because we’re learning about two different protocols that operate on the transport layer of the OSI and TCP/IP models.
I enjoyed the first task because it reinforced the sequence of a TCP connection, but the second task seemed a little random to me. Ostensibly we’re learning about ports but the real test is just entering the correct IP address and port into a text box.
It would be a good time to learn about the command used in the simulator (nc / netcat) and to relate that back to TCP and ports because nc is using a TCP connection.
Overall, I really enjoyed this room. A huge thanks to tryhackme, cmnatic, and adamtlangley for putting this room together!