4BHEL KSN Test (Group B)

2024-04-24

Max. 100 points

Name:

Task Max. Achieved
1 12
2 12
3 12
4 36
5 28
Sum 100
Grading: >= 88: 1, >=76: 2, >=64 : 3, >=51: 4, <=50: 5

Requires header tables!

  1. Internet Protocol Suite (TCP/IP)
    1. Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      An IPv6 address has 16 bytes (octets).
      ping configures a network interface via DHCP.
      TCP and UDP are application layer protocols.
      QUIC is a transport layer protocol.
      A packet sniffer consists of a package capture library and a packet analyzer.
      Wireshark users can select from which interface to capture packets.
    2. Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      Postel's law states: "Be liberal in what you deliver, and conservative in what you accept".
      HTTP allows remote shell access to other computers.
      SSH uses port 22.
      DNS, SMTP and SSH are application layer protocols.
      HTTPS uses port 443 as default.
      Users should generally prefer HTTPS over HTTP.
  2. Wireshark The following hex dump is from an http response from computer B to computer A. It shows an ethernet frame from the beginning that is cut off before the end. Answer the following questions / fill out the appropriate values using this hex dump and the relevant header tables. 
    0000   00 e0 4c 68 07 c4 ec 3e b3 4d 71 2c 08 00 45 00
0010   00 ff 14 a6 40 00 33 06 b2 1c c3 32 b2 c8 0a 00
0020   00 3c 00 50 ca b4 1e 38 f5 a0 6e ea 98 1a 50 18
0030   01 12 c5 93 00 00 48 54 54 50 2f 31 2e 31 20 33
0040   30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65
0050   6e 74 6c 79 0d 0a 44 61 74 65 3a 20 53 75 6e 2c
0060   20 32 31 20 41 70 72 20 32 30 32 34 20 32 31 3a
    1. 4 points each
      • Next node's MAC address:
      • Computer A's MAC address:
      • EtherType (in hex):
      • Next node's MAC address: 00:e0:4c:68:07:c4
      • Computer A's MAC address: ec:3e:b3:4d:71:2c
      • EtherType (in hex): 0x0800 (IPv4)
    2. 4 points each except 8 points for each IP address
      • Internet protocol version (decimal):
      • Header length (bytes, decimal):
      • Total length (bytes, decimal):
      • Time to live (decimal):
      • Protocol (text; {1: ICMP, 6: TCP, 17: UDP}):
      • Source IP (dot-decimal notation):
      • Destination IP (dot-decimal notation):
      • Internet protocol version (decimal): 4
      • Header Length (bytes, decimal): 5 * 4 = 20
      • Total length (bytes, decimal): 255 (0x0ff)
      • Time to live (decimal): 51 (0x33)
      • Protocol (text): TCP (6)
      • Source IP: 195.50.178.200 (c3 32 b2 c8)
      • Destination IP: 10.0.0.60 (0a 00 00 3c)
    3. The following hex dump is the TCP header. Answer the following questions / fill out the appropriate values.
      4/ 4/ 4/ 4/ 4/ 4/ 4 points 
      0000   ca b4 00 50 6e ea 8e 1e 1e 38 f5 a0 50 18 01 f6
0010   8a 4d 00 00
      • Source port (decimal):
      • Destination port (decimal):
      • Is the destination port a well known port? If yes, which one?
      • Which type of program usually initiates such requests?
      • Acknowledgment number (hex):
      • Data offset (bytes, decimal):
      • Is the payload (data) under normal circumstances encrypted?
      • Source port (decimal): 51892 (0xcab4)
      • Destination port (decimal): 80 (0x0050)
      • Is the destination port a well known port? If yes, which protocol? HTTP
      • Which type of program usually initiates such requests? web browser
      • Acknowledgment number (hex): 1e 38 f5 a0
      • Data offset (bytes, decimal): 5 * 4 = 20
      • Is the payload (data) under normal circumstances encrypted? no