Hostbound is a teaching tool first and a game second. This guide is for instructors using it in a class, lab, or assigned-homework setting. It assumes you've already played the game once or twice and have read the Student Guide; this page focuses on the workflows that only make sense from the front of the room.
What Hostbound teaches
The single core concept is the SSH perspective shift: once you ssh into a remote machine, every command runs there, and the network that machine is on decides who you can reach next. Students who have only ever opened a terminal on their own laptop typically assume the laptop's connectivity travels with the session - Hostbound makes that wrong assumption fail loudly.
Layered on top of that core concept, the game also drills:
- Reading
ip afor real. Every interface has a network number on the same line. Students who do not look at the mask discover the hard way thatnmap 192.168.1.0/24on a/29link is rejected. - Subnet recognition across the full IPv4 range. Worlds are not RFC1918-only; public-looking addresses dominate the higher difficulties.
- Variable subnet sizes from /30 up to /16. A LAN with too many hosts to fit a /30 is auto-grown by the generator, but a thoughtless /24 assumption still bites.
- IPv6 fundamentals via ULA
/64s, hostname-onlysshin v6 worlds, family-aware reachability, and dual-stack bridges. - The "you can reach the host but not from here" failure mode via Firewall mode - which is exactly the failure mode that confuses new students on real networks.
- Threat-model reading and capability matching via Cybersecurity Mode - which vulnerability needs which tool, intelligence economics, and what shows up in a service banner.
Classroom uses
- Five-minute warmup. Open a fresh Casual world on the projector and ask the class to predict where you'll find gold from the first
ip aandnmap. Two hops, no branches, very low cognitive load. - Hands-on lab. Assign a code (see below); students play independently and turn in their run report. Hops vs par and claims is a natural rubric.
- Race / leaderboard. Use "Today's network" so everyone plays the exact same world. Best hops-and-claims-and-time wins.
- Concept demo with a known answer. Build an HB4 sandbox world with par 4 and no branches, then walk through it on the projector unlocking the Admin tools to highlight the route.
- Cross-family exercise. Hand out an HB3 dual-stack code; the assignment is to find every dual-stack bridge in the world and identify which LANs are v4-only, v6-only, and dual-stack.
- Defense-in-depth thinking. Turn on Firewalls and have students explain, after winning, where the filtered hosts were and how they routed around them.
- Intro to ethical pen-testing concepts. Turn on Cybersecurity Mode at Hard or Brutal. The Darkweb sets up clean conversations about what counts as authorised access, the economics of selling intel, and why threat modelling matters.
Assigning a network
Code format
Every world is identified by a short shareable code. The prefix carries the address family, the body packs the topology seed plus mode bits (difficulty, Hidden Host Mode, Firewalls, Cybersecurity). A student pasting just the code reproduces your exact world byte-for-byte.
| Prefix | Family | Notes |
|---|---|---|
HB1- | Pure IPv4 | The default. 10.x, 172.16-31.x, 192.168.x show up naturally; public-looking nets dominate at Normal+. |
HB2- | Pure IPv6 | Every LAN a unique ULA /64 inside fd00::/8. Hostname-only ssh works. |
HB3- | Dual-stack | Each LAN independently v4-only, v6-only, or true dual-stack. Crossing v4↔v6 requires hopping a dual-stack bridge. |
HB4- | Custom sandbox | You dial the topology. See below. |
HB1, HB2, HB3 bodies are 9 base36 characters: two mode chars + seven seed chars. Difficulty, Hidden Host Mode state, Firewalls bit, and Cybersecurity bit are inside the mode chars - so the code alone tells the recipient's browser everything. No URL parameters required.
HB4 bodies pack par hop count, branches, loops, family, IPv6 percentage, dual-stack percentage, and a density preset directly into the code body. Difficulty does not apply to a sandbox world; the recipient's difficulty badge shows Custom.
Copy Share Link vs Copy Challenge Link
Both menu items put a URL on the clipboard in the form https://www.its.ohio.edu/tools/hostbound/#<code>. The code itself carries every mode bit - difficulty, family, Firewalls, Hidden Host Mode, Cybersecurity - so the two buttons currently produce identical output. Use whichever language feels right for the moment ("here's a network" vs "here's a challenge").
Today's network (daily seed)
Hamburger menu → Today's network. The code is derived from today's local date and the current address-family selection - so every student opening the daily on the same day, in the same family, gets the same world. Useful for a once-a-week class race or a "warmup of the day" routine.
Custom sandbox worlds (HB4)
Hamburger menu → Challenges ▸ Custom network. Opens a modal where you can dial:
- Par hop count (G): the shortest start-to-gold distance. 1 to 31.
- Left arm: how far back the start sits from one end of the spine. 0 to 7. (A non-zero left arm gives you a dead-end direction students can wander into.)
- Number of branches: 0 to 15 dead-end network trees hanging off the spine.
- Loops: 0 to 7 ring networks. Needs a chain of 3+ LANs (
G + leftArm ≥ 3) or it auto-clamps to 0. - Address family: IPv4 / IPv6 / Dual-stack.
- IPv6 mix and dual-stack mix (Dual-stack only): how often each LAN gets each family.
- Density preset: the count of filler hosts, dead-end stubs, and 3+-NIC routers.
Hit Generate & play to drop into the world; hit Copy custom link to put the resulting HB4- link on the clipboard. The same parameters always produce the same world (the code is the source of truth); a random nonce inside the code lets a re-roll at identical parameters vary.
Every HB4 world is still solvability-proven: pinned G feeds the same chain generator, so the shortest start-to-gold path is exactly the par you dialled and the greedy hop-distance descent always succeeds.
Difficulty does not apply (it shows Custom); Firewalls and Cybersecurity are ignored on HB4 sandbox worlds - if you want filtered or vuln-laden topology, build it with a regular HB1 / HB2 / HB3 code at the difficulty you want.
Difficulty levels and what they teach
| Level | Par hops | Branches | Loops | Routers | Best for |
|---|---|---|---|---|---|
| Casual | 2 | 0 | 0 | 1 | First-five-minutes intro; a single demo on the projector. |
| Normal | 2-4 | a few | 0 | 1-2 | Default lab world. Subnet sizes start varying here. |
| Hard | 4-6 | several | 0-1 | 2-3 | Homework or graded turn-in. |
| Brutal | 6-8 | many | 1-2 | 3-5 | Capstone-style; rewards careful note-taking. |
| Extreme | 10-13 | many | 3-4 | 5-8 | ~120 hosts. Class race / one-off challenge. |
Casual is intentionally boring: no branches, no loops, the par is two hops. That makes it perfect for teaching the loop (ip a → nmap → ssh → cat) without distractions. Normal is where variable subnet sizes start showing up. Hard adds occasional loop rings. Extreme has been verified to stay solvable across hundreds of seeds even with the largest counts.
Address modes (IPv4 / IPv6 / Dual-stack)
Selecting an address mode (top-right family badge) only steers the next new code you roll. Loaded codes always play in their own native family.
- HB1 (IPv4) drills mask-reading, subnet recognition across the full routable range, and the same-LAN rule.
- HB2 (IPv6) drills
fd00::/8ULA notation, the/64standard, and family-aware reachability. The bare-hostnamesshform (e.g.ssh atlas.com) is enabled only in IPv6 worlds to give students one extra affordance - and to make the point that name resolution is not a routing bypass (it still enforces same-LAN). - HB3 (dual-stack) drills family-crossing. The first hop past the start is forced to be single-v6 so every dual-stack run has to traverse a v4↔v6 boundary near the start. A true dual-stack LAN shows two CIDR lines on its square and every host on it has both an inet and an inet6 line in
ip a.
Firewall mode
Hamburger menu → Network Options ▸ Firewalls, or click the orange FW badge in the top bar once it's on. Some hosts and off-spine subnets silently drop ICMP and / or refuse ssh - the symptom is "host up in nmap but ssh refuses and ping times out". The puzzle is to find an unfiltered same-LAN peer and route around. The generator's filter-placement pass is constructive validate-or-revert: every tentative filter is kept only if the filtered forward-reachability still has dist(start → golden) == par AND every non-golden host stays reachable with truthful hints. Every Firewall world is solvable by construction. Toggling Firewalls regenerates the world (it is a generator-gate, not a runtime overlay) - so toggling mid-run will reroll your seed.
What this is good for in class: the most common confusing failure mode on real networks ("but I can ping it from the other room") is exactly what a Firewall world produces. Run the same world side-by-side with and without Firewalls on the projector and let students see the symptom shift.
Hidden Host Mode
The HHM / HHM Hard badge in the top bar (left of the Difficulty badge) cycles three states (Off / HHM / HHM Hard). HHM Hard hides everything except the LAN squares (and their labels) and the current host - host icons, ports, switches, and the hop trail are all hidden, so the rest must be deduced from terminal commands.
The win screen always shows the full map, so HHM Hard reveals what they were navigating only at the end. Useful for screen-reader-first students (the describe command works in any mode) and for upper-division labs where you want to force tracking on paper.
The Tutorial forces HHM Off; it needs the visible map to function.
Cybersecurity Mode
The purple CS badge in the top bar enables Cybersecurity Mode (Hamburger menu → Network Options ▸ Cybersecurity). Some hosts grow a vulnerability (sudo-misconfig, default-password, weak-password, unpatched-service) and to ssh them you need the matching tool in your inventory (priv-esc-kit, default-creds, hash-cracker, bof-exploit). nmap -sV annotates each up host's 22/ssh line with the vulnerability class so students can plan capability before they walk into a "Permission denied".
Capability comes from two sources:
- Loot. A subset of hosts drop a tool on first
ssh-arrival.inv(aliastools) lists what they're carrying. - The Darkweb. Every CS world has a hidden broker host (never the start, never the gold). When CS is on, every host's recon
.txtfile carries a second clue pointing at the broker - its hop distance plus one octet/group of its address - so students locate it the same way they locate the gold machine. Visiting it and runningdw enterunlocks a full-screen shop / inventory / sell-intel panel. Credits come from selling per-host.intelfiles (read withcat <file>.intel). Prices are in tens of thousands - this is a real economy, not a toy.
The CS placement pass uses the same constructive validate-or-skip discipline as the Firewall pass: every vulnerability is kept only if a key-door BFS from start (with achievable inventory) still preserves dist(start → golden) == par and every baseline-reachable host stays reachable. Every CS world is solvable. Verified across 50 worlds per difficulty.
HB4 sandbox worlds ignore Cybersecurity - if you want a vulnerability-laden lab, use HB1 / HB2 / HB3 at Normal+.
Difficulty controls the difficulty: Casual is a no-op (zero vulns, zero loot, one starting tool); Normal / Hard give you a starting kit; Brutal / Extreme start you empty - you must walk into the broker's neighbourhood before you can do much.
The cipher ladder on the win screen
Win on any non-sandbox world and the win panel shows a short encrypted note about the next difficulty level. There is no scheme name and no hint - identifying and cracking it by hand is the puzzle. The ladder goes Caesar → Pigpen → Polybius → Rail Fence → Vigenère across Casual / Normal / Hard / Brutal / Extreme. Each level's plaintext spells the cipher used on the next level; Extreme's plaintext is the final reward.
The Pigpen rung is rendered as canvas line-segment glyphs (no external font - the no-CDN constraint still applies), auto-sized and word-wrapped to fit the win card.
Custom sandbox (HB4) worlds do not show a cipher note - difficulty doesn't apply and there's no canonical "next level" to point at.
Run reports and answer keys
Hamburger menu → Export run report, or the Export report button on the win panel. Produces a plain-text report covering:
- Network code, difficulty, address mode.
- Won / in-progress state; hops (with par); claims; time; rating.
- The full
sshtrail (name + primary IP at each step). - If the player has unlocked Admin: the golden host's name and address, plus the optimal start-to-gold path. Without Admin: the report says "Answer key hidden - unlock Admin ▸".
The report is emitted three ways at once (no server / file://-safe): printed to the terminal as selectable text, copied to the clipboard, and offered as a data: download of hostbound-<code>.txt. Students hand in the unredacted report; you regenerate the same report on your own browser with Admin unlocked to compare against the answer key. (Or, if the assignment is just "win it", the hops / claims / rating lines are enough on their own.)
Admin tools
The hamburger menu has an Admin ▸ popout (a left-flyout, like Challenges ▸ and Theme ▸). It is gated by a passphrase prompt the first time you open it during a session.
Unlock (the passphrase)
Opening Admin ▸ opens a masked-input modal (not a plaintext browser prompt()). Wrong passphrase keeps the modal open with an inline error; Cancel / Esc / backdrop click drops the action. Successful unlock sets the session's S.admin flag. The passphrase is now sticky: it is remembered in localStorage, so you are not asked again on later games or reloads (admin mode still starts fresh each game - only the authentication is remembered). Use Clear Local Settings (below) to forget it.
The default passphrase is ducky. Because Hostbound ships as a static file, this is client-side obscurity, not real authentication - it stops casual shoulder-surfing and stops a student from poking around the menu by accident. Don't expect it to stop a determined student reading the source. If you'd rather use your own passphrase, recompute the hash in index.html (the comment near seedFromCode walks through it).
Reveal Path
Reveals the route from the current host to the golden machine: the path's hosts and LANs are added to the discovered set, a gold dashed line draws on the map, and the terminal prints the named hops. Useful when demoing a finished world without needing to actually play it.
Reveal Network
Adds every host and every LAN in the world to the discovered set. The whole map renders; you can pan / zoom to inspect topology, branches, loops, and bridges. The most useful Admin item in front of a class.
Jump to host
Opens a modal with a typeahead list of every host in the world (sorted by name). Pick one - or paste an IP - and you are teleported there. Does not count as an ssh hop, does not push to the hop trail, and does not trigger gameplay events (loot pickup, broker discovery). Admin teleports stay out of the recorded path so they don't pollute the student-facing record.
Show Firewalls
Toggle-style admin overlay. While on, every discovered host that is filtered (host firewall or a LAN-ACL victim) shows an orange flame badge at the top-right of its icon - on both the main map and the minimap. Honours fog-of-war and HHM Hard. Run-only visual aid for debugging "why won't this hop?"
Show Darkweb
Toggle-style admin overlay (Cybersecurity Mode only). Auto-reveals the broker host and its LAN on enable and overlays a purple $ badge on the broker's icon - on both the main map and the minimap. Useful for showing a class "this is the host they need to find to unlock the shop". Silent on non-CS worlds and on HB4 sandboxes.
Clear Local Settings
Wipes the only browser-persisted state Hostbound keeps - the Theme choice, High-Visibility, and the sticky Admin passphrase - and resets them to their defaults. Use it to re-lock Admin (the passphrase will be required again) or to hand a lab machine back in a clean state. Game progress is never persisted, so there is nothing else to clear.
Accessibility for students with different needs
- High-Visibility Mode (Hamburger menu → Theme ▸ ▸ High-Visibility): larger type, bolder weights, higher contrast. Persists across reloads.
- Theme: Light / Dark / Auto. Auto follows the OS preference. Persists across reloads.
- Screen reader: the terminal is real DOM (not a canvas), so a screen reader reads it normally. The
describe(aliasmap) command narrates the discovered map as terminal text - it can completely replace looking at the canvas for a visually impaired student. - Keyboard map navigation: focus the canvas (click it), then arrows pan,
+/-zoom about the centre,0resets and recenters. Doesn't fight the terminal's arrow-key history. - Reduced motion / contrast: the in-game UI honours
prefers-reduced-motionandprefers-contrastwhen High-Visibility is off.
High-Visibility, Theme, and (once you unlock it) the sticky Admin passphrase are the only things that persist across reloads - and Admin ▸ Clear Local Settings wipes all three. Everything else - game progress, the current code, all the mode toggles - resets, which is the intentional behaviour for a learning tool that gets re-opened many times.
In-class demo checklist
- Pick the code beforehand. Either roll a Casual / Normal world ahead of time and copy the share link, or pin "Today's network".
- On the projector, switch to High-Visibility Mode and a Dark theme - both make the canvas and the terminal readable from the back of the room.
- Unlock Admin before you start narrating, so the unlock modal does not appear mid-flow. Use Reveal Network only after the class has tried the first few commands themselves.
- Mention the Tutorial item explicitly - students who arrive late or want to replay can use it.
- If the lab will use Firewalls or Cybersecurity Mode, turn them on before rolling the world for the day - both regenerate the topology when toggled.
- Have students paste their run report into a course-management text box; the answer key lines will be absent from a non-Admin export, which is the point.
Grading suggestions
- Completion - any winning claim counts. The run report carries the winning code and the trail, so a student cannot fabricate a win on a different world.
- Efficiency - hops vs par. Hops at or under par with zero wrong claims is "Optimal run" on the win panel.
- Method - have students paste both the run report and a short narrative ("here is what each
sshhop taught me"). The trail in the report makes the narrative verifiable. - Identification - on a Cybersecurity Mode lab, ask students to identify which hosts were filtered or vulnerable and how they got past them.
- Map reading - on a dual-stack lab, ask students to list every dual-stack LAN by CIDR and explain how they identified them.
What Hostbound deliberately does not do
- No accounts, no per-student state, no server. The page is a static file. Nothing leaves the student's browser unless they paste their run report somewhere.
- No game progress persistence. Reopening a code restarts that same world fresh. Hops, claims, the clock, the inventory, the credit balance - all reset.
- No routing. Same-LAN reachability only. To cross a subnet you must
ssha multi-homed host and inherit its other interfaces. The absence of routing is the lesson; do not promise students that "future versions will route". - No host owns its name. Name resolution exists only in IPv6 worlds and only as an affordance - it still enforces same-LAN.
- No realtime traffic. Hostbound does not animate packets or simulate latency. (If you want a packet-level emulator with wires, devices, and live traffic, look at ENE.)