4BHEL KSN Test (Group A)

2023-03-07

Max. 100 points

Name:

Task Max. Achieved
1 12
2 12
3 12
4 36
5 28
Sum 100
Grading: >= 88: 1, >=76: 2, >=64 : 3, >=51: 4, <=50: 5

Requires header tables!

0000   ec 3e b3 4d 71 2c d8 5e d3 6f c4 a2 08 00 45 00
0010   01 a6 36 6d 40 00 40 06 bc ab 0a 00 00 0b c1 ab
0020   7a 83 96 aa 00 50 97 13 37 fb e6 aa 3b 1d 80 18
0030   01 f6 1a 41 00 00 01 01 08 0a 07 a9 f4 e3 7e ce
0040   90 20 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31
0050   0d 0a 48 6f 73 74 3a 20 77 69 72 65 73 68 61 72
0060   6b 2e 62 75 6c 6d 65 2e 61 74 0d 0a 55 73 65 72
    1. Link Layer
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      In TCP/IP, the link layer is directly below the transport layer.
      The MAC header is usually small compared to the encompassed data.
      The link layer is the network component used to interconnect hosts or nodes.
      A link protocol operates across different networks.
      ARP is used for discovering MAC addresses.
      The EtherType indicates which protocol is encapsulated in a frame.
    2. Transport Layer
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      Transport layer protocols provide end-to-end communication services for applications.
      QUIC, SSH and TFTP are transport layer protocols.
      QUIC improves performance of connection-oriented web applications that are currently using TCP.
      TCP and UDP use port numbers to identify sending and receiving application end-points on a host.
      Ports 0-1023 are well-known ports.
      Port numbers are 32-bit unsigned integers.
  2. Wireshark The (partial) hex dump on the first page is from an HTTP GET request from computer A to server B. It shows an ethernet frame from the beginning that is cut off before the end. Answer the following questions / fill out the appropriate values using the hex dump on the first page and the relevant header tables.
    1. 4 points each
      • Next node's MAC address:
      • Computer A's MAC address:
      • EtherType (in hex):
      • Next node's MAC address: ec:3e:b3:4d:71:2c
      • Computer A's MAC address: d8:5e:d3:6f:c4:a2
      • EtherType (in hex): 0x0800 (IPv4)
    2. 4 points each except 8 points for each IP address
      • Internet protocol version (decimal):
      • Header length (number of bytes, decimal):
      • Total length (bytes, decimal):
      • Time to live (decimal):
      • Protocol (text; {1: ICMP, 6: TCP, 17: UDP}):
      • Source IP (dot-decimal notation):
      • Destination IP (dot-decimal notation):
      • Internet protocol version (decimal): 4
      • Header Length (number of bytes, decimal): 5 * 4 = 20
      • Total length (bytes, decimal): 422 (0x01a6)
      • Time to live (decimal): 64 (0x40)
      • Protocol (text): TCP (6)
      • Source IP: 10.0.0.11 (0a 00 00 0b)
      • Destination IP: 193.171.122.131 (c1 ab 7a 83)
    3. 6/ 2/ 6/ 2/ 4/ 2/ 2/ 2/ 2 points
      • Source port (decimal):
      • Is the source port a well known port? If yes, which one?
      • Destination port (decimal):
      • Is the destination port a well known port? If yes, which one?
      • Data offset (number of bytes, decimal):
      • ACKnowledgement (true / false):
      • PuSH (true / false):
      • Syn (true / false):
      • Fin (true / false):
      • Source port (decimal): 38570 (0x96aa)
      • Is the source port a well known port? If yes, which protocol? no
      • Destination port (decimal): 80 (0x0050)
      • Is the destination port a well known port? If yes, which protocol? HTTP
      • Data offset (number of bytes, decimal): 8 * 4 = 32
      • ACKnowledgement (true / false): true
      • PuSH (true / false): true
      • Syn (true / false): false
      • Fin (true / false): false