← Back to Mission Control

🌐 Network Recon

The internet has hidden structure you can query. Every challenge here teaches you a real technique investigators use. If a command is blocked, use the Google fallback — the learning is the same.

0/6 solved · 0/120 pts

🖥️ How To Open Command Prompt

Press Windows key + R, type cmd, press Enter. Or search for Command Prompt in the Start menu. Each challenge shows the exact command to type. If a command is blocked on school computers, look for the Google fallback option instead.

Every device on the internet has an IP address — a number like 8.8.8.8. But numbers are hard to remember, so computers can also have names.

Run this command in Command Prompt to find out the name of the server at address 8.8.8.8:

nslookup 8.8.8.8

Look for the line that says "Name:" in the output. That hostname is a two-word phrase (with a dot in the middle). The flag is agent{ + that name with the dot replaced by a hyphen + }.

# Example output from nslookup 8.8.8.8
Server: your-school-dns.local
Address: 192.168.1.1

Name: dns.google
Address: 8.8.8.8

Can't use Command Prompt? Google "what is the hostname of 8.8.8.8" — you'll find the answer immediately.

The Name you see is two words joined by a dot: dns.google. Replace the dot with a hyphen and wrap it in agent{}.

✓ 8.8.8.8 is Google's public DNS server, named "dns.google"! DNS translates names to numbers and back again.

"Ping" is like knocking on a door on the internet. If you get a reply, the server is alive. Run this command:

ping 8.8.8.8

You'll see lines starting with "Reply from". What IP address appears after "Reply from"? Take that IP address and replace the dots with hyphens to form the flag.

# Example ping output
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=12ms TTL=116
Reply from 8.8.8.8: bytes=32 time=11ms TTL=116

Can't use ping? Think about it — if you ping 8.8.8.8, which IP address replies? (Hint: the IP you pinged!)

When you ping 8.8.8.8, the reply comes from... 8.8.8.8! Replace dots with hyphens and wrap it in agent{}.

✓ Ping confirmed the server is alive! 8.8.8.8 is Google's DNS — it responds to pings from anywhere in the world.

Every domain name (like google.com or bbc.co.uk) is registered to an owner. A database called WHOIS holds this information — you can look up who owns any domain.

Look up who owns example.com. Use a free online WHOIS lookup tool (search Google for "whois example.com"). Find the Registrant Organization field — it's a well-known internet organisation with 4 letters. That's your flag!

Command line option: In Command Prompt, there isn't a built-in whois on Windows, so use a web search: Google "whois example.com registrant"

Search Google for "whois example.com" and click a WHOIS result. Look for "Registrant Organization" or "Registered by". The organisation name is a 4-letter acronym.

✓ IANA (Internet Assigned Numbers Authority) owns example.com — they set it aside for educational use so developers can use it in examples!

Look up the IP addresses of two very different websites:

nslookup google.com

nslookup youtube.com

Both sites return IP addresses. Look at them — even though Google and YouTube look like completely separate websites, their IP addresses come from the same range. That's because YouTube is owned by Google and runs on Google's servers.

When multiple websites share the same server infrastructure, it's called ___ hosting. That first word is part of your flag: agent{___-hosting}.

Not sure of the word? Search Google for "what is shared hosting" — the answer is in every result.

The word that fills the blank is the most common adjective used to describe this type of hosting — it means the server is divided between many websites. Search "types of web hosting" if you're stuck.

✓ Shared hosting! One physical server can host many websites. Google and YouTube share the same servers because they're both owned by Alphabet.

Some domain names are just nicknames pointing to another address. Run this command — the -type=CNAME flag tells nslookup to look up the real name behind the address:

nslookup -type=CNAME www.bbc.co.uk

Look for the line that says canonical name =. It shows that www.bbc.co.uk is just pointing to a completely different real address — the BBC's content delivery network.

# What you should see:
www.bbc.co.uk canonical name = www.bbc.co.uk.edgekey.net

CNAME stands for Canonical Name — the "canonical" name is the real one. www.bbc.co.uk is just a nickname for it. What's the one-word technical term for a name that stands in for another name? That's your flag: agent{___}.

Command blocked? Search Google for "CNAME record definition" — the one-word answer appears in every explanation.

Think about what a nickname is — it's a name that stands in for another name. There's a single technical word for this. It starts with 'a'.

✓ A CNAME is an alias! Investigators use DNS lookups to find the real server behind a website, even when it's hiding behind a nickname.

⚠️ This command might be blocked on school networks — that's OK! Read the output below and use what you learn to find the flag.

When your computer sends data to a website, it doesn't go directly — it travels through many routers on the way. Run this command to watch it happen:

tracert google.com

The very first line of output tells you something important. Read it carefully — it uses a specific word to describe each step of the journey:

# First line of tracert output:
Tracing route to google.com [142.250.179.174]
over a maximum of 30 hops:

Each router your data passes through is one ___. That word is your flag: agent{___}.

✓ Each step is a hop! Your data bounces through many routers to reach its destination — sometimes crossing several countries on the way. The tool that shows you all these hops is called traceroute.