4CHEL KSN Test (Group C)

2024-04-22

Max. 100 points

Name:

Task Max. Achieved
1 12
2 12
3 12
4 36
5 28
Sum 100
Grading: >= 88: 1, >=76: 2, >=64 : 3, >=51: 4, <=50: 5

Requires header tables!

0000   9c b6 54 0b e5 5b d8 5e d3 68 34 a2 08 00 45 00
0010   01 9e f2 7f 40 00 22 06 32 4b 0a 00 00 a1 0a 00
0020   00 85 f0 00 00 50 ee 72 ab 24 36 98 94 3b 80 18
0030   01 f6 24 fa 00 00 01 01 08 0a 30 e8 f4 ea 19 6a
0040   2b 67 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31
0050   0d 0a 48 6f 73 74 3a 20 31 30 2e 30 2e 30 2e 31
0060   33 33 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20
    1. Internet Protocol Suite (TCP/IP)
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      A MAC address has 6 bytes (octets).
      A MAC address is typically written as 6 pairs of two hexadecimal values, separated by colons (":").
      An IPv4 address has 4 times 4 bytes, separated by dots (".").
      The most common transport layer application is ICMP.
      Wireshark is a program to stream high quality video over IPv6.
      The address resolution protocol translates domain names to IP addresses.
    2. Application Layer
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      Postel's law states: "Be liberal in what you accept, and conservative in what you send".
      HTTP, DNS and QUIC are application layer protocols.
      SSH uses port 21.
      If an application layer protocol does not use encryption, it has to be considered insecure.
      HTTP and HTTPS use ports 80 and 663 as default ports.
      A packet analyzer can run in user space.
  1. Wireshark The (partial) hex dump on the first page is from an HTTP GET request from computer A to server B. It shows an ethernet frame from the beginning that is cut off before the end. Answer the following questions / fill out the appropriate values using the hex dump on the first page and the relevant header tables.
    1. 4 points each
      • Next node's MAC address:
      • Computer A's MAC address:
      • EtherType (in hex):
      • Next node's MAC address: 9c:b6:54:0b:e5:5b
      • Computer A's MAC address: d8:5e:d3:68:34:a2
      • EtherType (in hex): 0x0800 (IPv4)
    2. 4 points each except 8 points for each IP address
      • Internet protocol version (decimal):
      • Header length (number of bytes, decimal):
      • Total length (bytes, decimal):
      • Time to live (decimal):
      • Protocol (text; {1: ICMP, 6: TCP, 17: UDP}):
      • Source IP (dot-decimal notation):
      • Destination IP (dot-decimal notation):
      • Internet protocol version (decimal): 4
      • Header Length (number of bytes, decimal): 5 * 4 = 20
      • Total length (bytes, decimal): 414 (0x019e)
      • Time to live (decimal): 34 (0x22)
      • Protocol (text): TCP (6)
      • Source IP: 10.0.0.161 (0a 00 00 a1)
      • Destination IP: 10.0.0.133 (0a 00 00 85)
    3. 6/ 2/ 6/ 2/ 4/ 4/ 4 points
      • Source port (decimal):
      • Is the source port a well known port? If yes, which one?
      • Destination port (decimal):
      • Is the destination port a well known port? If yes, which one?
      • Data offset (number of bytes, decimal):
      • Checksum (hex):
      • Urgent Pointer (decimal):
      • Source port (decimal): 61440 (0xf000)
      • Is the source port a well known port? If yes, which protocol? no
      • Destination port (decimal): 80 (0x0050)
      • Is the destination port a well known port? If yes, which protocol? HTTP
      • Data offset (number of bytes, decimal): 8 * 4 = 32
      • Checksum (hex): 0x24fa
      • Urgent Pointer (decimal): 0