Published: 1 Jan
2026
5-min read
INTRODUCTION
Task 1: Introduction
Q. Get your notepad ready, and let’s begin.
A. simply click check button
Task 2 DHCP: Give Me My Network Settings
Q1. How many steps does DHCP use to provide network configuration?
A1. 4
Q2. What is the destination IP address that a client uses when it sends a DHCP
Discover packet?
A2. 255.255.255.255
Q3. What is the source IP address a client uses when trying to get IP network
configuration over DHCP?
A3. 0.0.0.0
Explanation
DHCP stands for Dynamic Host Configuration Protocol.
Think of it as the network’s auto-assign helper 🧠🌐
What DHCP does
When a device (laptop, phone, server) joins a network, DHCP automatically gives it:
- IP address
- Subnet mask
- Default gateway
- DNS server
So you don’t have to configure all that manually.
How DHCP works
- Discover: A new device joins the network. It does NOT have an IP address(0.0.0.0 from Port 68). So it sends a broadcast message to everyone at 255.255.255.255
- DHCP OFFER - DHCP servers receive the Discover. It checks its IP pool and reserves an IP temporarily. It Sends an Offer back to the client
- DHCP REQUEST – The Client receives the Offer and selects one IP. It Sends a Request message.
- DHCP ACK – The DHCP server confirms IP is still available and Request is valid. The Server sends ACK to client And Client configures its network interface.
Task 3 ARP: Bridging Layer 3 Addressing to Layer 2 Addressing
Q-1. What is the destination MAC address used in an ARP Request?
A-1. FF:FF:FF:FF:FF:FF
Q-2. In the example above, what is the MAC address of 192.168.66.1?
A-2. 44:df:65:d8:fe:6c (shown in terminal above)
Explanation:
The ARP maps an IP address with MAC address inside a local network. IP works at Layer 3 and
Ethernet works at Layer 2, so Ethernet cannot send data using IP alone — it must know the
MAC address. ARP solves this gap.
How ARP Works
Host A(192.168.1.10) wants to send data to Host B(192.168.1.5). It does not know the
destination MAC.
So Host A checks its ARP table
If mapping exists → use it
If not found → start ARP
- ARP Request (Broadcast) - Host A sends an ARP Request to the entire LAN at broadcast MAC address - FF:FF:FF:FF:FF:FF (broadcast). Its like - “Who has IP 192.168.1.5? Tell 192.168.1.10.”
- ARP Reply (Unicast) - Device with IP 192.168.1.5 responds With its Destination MAC to Host A. Its like “192.168.1.5 is at AA:BB:CC:DD:EE:FF.”
- Data Transmission Begins - Host A now sends Ethernet frames It Uses: Destination MAC: AA:BB:CC:DD:EE:FF with IP: 192.168.1.5
Task 4 ICMP: Troubleshooting Networks
Q-1. Using the example images above, how many bytes were sent in the echo (ping)
request?
A-1. 40
Q-2. Which IP header field does the traceroute command require to become zero?
A-2. ttl
Explanation:
ICMP (Internet Control Message Protocol) is a network-layer protocol used to send error
messages and operational information in IP networks. It helps devices report problems like
unreachable destinations, expired packet lifetimes, and supports diagnostic tools such as
ping and traceroute. ICMP does not carry user data and works without ports, serving only to
inform the sender about the status of network communication. It uses 2 importnant commands
tools ping and traceroute fot this.
Ping: Ping sends ICMP Echo Request packets to a destination and waits for Echo Reply
messages to verify reachability and measure round-trip time.
When you run ping, your device sends an ICMP Echo Request message to the target IP address.
If the destination is reachable and allows ICMP, it responds with an ICMP Echo Reply. Ping
measures the round-trip time (RTT) between sending the request and receiving the reply and
repeats this process multiple times to check packet loss and latency.
If no reply is received, it usually means the host is unreachable, offline, or ICMP is
blocked by a firewall.
Traceroute is used to discover the path between the source and destination using the
TTL
(Time To Live) field and ICMP messages.
How it works:
TTL (Time To Live) is a field in the IP header that limits how long a packet can travel
across a network. It is a numeric value set by the sender and is decreased by 1 at every
router (hop) the packet passes through. When the TTL reaches zero, the router discards the
packet and sends an ICMP Time Exceeded message back to the sender.
When traceroute starts, it sends packets with a TTL of 1. The first router reduces the TTL
to 0, drops the packet, and sends back an ICMP Time Exceeded message. Traceroute records
that router as the first hop. It then sends another packet with TTL = 2, which expires at
the second router, and the process repeats. This continues until the packet finally reaches
the destination, which responds with an ICMP Echo Reply or Destination Unreachable message.
By increasing TTL values step by step, traceroute reveals the complete path and delay to
each hop.
Task 5: Routing
Q-1. Which routing protocol discussed in this task is a Cisco proprietary protocol?
A-1. EIGRP
Explanation:
Routing is the process of selecting the best path for data packets to travel from a source
network to a destination network across interconnected networks.
Routers use routing tables and routing protocols to decide where to forward packets based on
the destination IP address. Each router examines the packet, determines the next hop, and
forwards it until the packet reaches its final destination. Routing can be static (manually
configured) or dynamic (automatically learned using protocols like RIP, OSPF, or BGP),
enabling efficient and scalable communication across large networks like the Internet.
OSPF, EIGRP, BGP, and RIP are routing protocols that help routers decide the best path for
sending data.
OSPF finds the shortest and fastest path by looking at the whole network. It is fast
and
used in large office or enterprise networks.
EIGRP chooses routes based on speed and delay. It is very fast and mainly used on
Cisco
networks.
BGP is used on the Internet. It decides routes based on rules and policies, not just
speed
or distance.
RIP is a simple protocol that counts how many routers a packet passes through. It is
easy to
use but slow and only works well in small networks.
Task 6: NAT
Q-1. In the network diagram above, what is the public IP that the phone will appear
to use when accessing the Internet?
A-1. 212.3.4.5
Q-2. Assuming that the router has infinite processing power, approximately speaking,
how many thousand simultaneous TCP connections can it maintain?
A-2. 65 (TCP connections are identified using port numbers. A router can use about
65,536 ports per public IP)
Explanation:
NAT (Network Address Translation) is a technique used by routers to translate private IP
addresses into public IP addresses so devices can access the Internet.
The main need for NAT is to conserve public IP addresses, as IPv4 addresses are limited.
NAT allows multiple devices in a home or office network to share a single public IP address.
It
also provides basic security by hiding internal IP addresses from external networks. Without
NAT, every device would require its own public IP, which is impractical and costly.
It allows many devices in a private network (like home or office networks) to share one
public IP address.
When a device sends data to the Internet, NAT replaces its private IP
with the router’s public IP. When the reply comes back, NAT sends it to the correct internal
device.
NAT helps:
- Save public IP addresses
- Hide internal IPs (basic security)
- Enable Internet access for private networks
Task 7: Closing Notes
You will be presented series of questions, after which flag will be displayed. The questions are as follows.
Q-1. We need to give 25 devices Internet access; however, we only have one public IP
address. What can we use to allow multiple private IP addresses to use a single public IP
address?
A-1. nat
Q-2. I am curious about tracing the route of packets as they travel to their
destination server. What protocol would let me discover the path?
A-2. ICMP
Q-3. I want to find out the DNS server and default route on a network automatically.
Which protocol should I use?
A-3. DHCP
Q-4. I want to confirm that I can exchange packets with another host as if I am
playing 'ping pong'. Which protocol supports this?
A-4. icmp
Q. Click on the View Site button to access the related site. Please follow the
instructions on the site to obtain the flag.
A. THM{computer_is_happy}