4*HEL KSN Test (Group B)

2023-03-07

Max. 100 points

Name:

Task Max. Achieved
1 12
2 12
3 12
4 36
5 28
Sum 100
Grading: >= 88: 1, >=76: 2, >=64 : 3, >=51: 4, <=50: 5

Requires header tables!

0000   c8 94 02 f8 a6 1d ec 3e b3 4d 71 2c 08 00 45 00
0010   0e 14 57 f8 40 00 3b 06 f6 87 97 65 41 45 0a 00
0020   00 ba 01 bb ad 3c d4 bc 92 90 c9 f7 1e 90 80 18
0030   01 32 f1 6a 00 00 01 01 08 0a 34 9c 2d 54 1d dd
0040   88 4c 17 03 03 0d db 60 29 f6 ea a0 3b a0 ae 85
0050   7f 24 55 ad 8e a1 73 61 b5 e8 3f c7 02 c6 b2 aa
0060   50 c5 c5 0c d1 94 46 74 1c 4b 3f 36 3a e1 ef 31
    1. Link Layer
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      In TCP/IP, the link layer is directly below the internet layer.
      The MAC header is usually large compared to the encompassed data.
      Internet layer protocols transport network packets from the originating host across network boundaries.
      A link protocol only works between adjacent network nodes of a network segment.
      IPv4 is used for discovering MAC addresses.
      The EtherType indicates the size of the current header.
    2. Transport Layer
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      In TCP/IP, the transport layer is directly below the application layer.
      QUIC, TCP and UDP are transport layer protocols.
      UDP is connection oriented.
      TCP and UDP use ip addresses to identify sending and receiving application end-points on a host.
      Ports 465, 993 and 995 are well-known ports.
      Port numbers are 16-bit unsigned integers.
  2. Wireshark The (partial) hex dump on the first page is from an HTTP GET request from computer A to server B. It shows an ethernet frame from the beginning that is cut off before the end. Answer the following questions / fill out the appropriate values using the hex dump on the first page and the relevant header tables.
    1. 4 points each
      • Next node's MAC address:
      • Computer A's MAC address:
      • EtherType (in hex):
      • Next node's MAC address: c8:94:02:f8:a6:1d
      • Computer A's MAC address: ec:3e:b3:4d:71:2c
      • EtherType (in hex): 0x0800 (IPv4)
    2. 4 points each except 8 points for each IP address
      • Internet protocol version (decimal):
      • Header length (number of bytes, decimal):
      • Total length (bytes, decimal):
      • Time to live (decimal):
      • Protocol (text; {1: ICMP, 6: TCP, 17: UDP}):
      • Source IP (dot-decimal notation):
      • Destination IP (dot-decimal notation):
      • Internet protocol version (decimal): 4
      • Header Length (number of bytes, decimal): 5 * 4 = 20
      • Total length (bytes, decimal): 3604 (0x0e14)
      • Time to live (decimal): 59 (0x3b)
      • Protocol (text): TCP (6)
      • Source IP: 151.101.65.69 (97 65 41 45)
      • Destination IP: 10.0.0.186 (0a 00 00 ba)
    3. 6/ 2/ 6/ 2/ 4/ 2/ 2/ 2/ 2 points
      • Source port (decimal):
      • Is the source port a well known port? If yes, which one?
      • Destination port (decimal):
      • Is the destination port a well known port? If yes, which one?
      • Data offset (number of bytes, decimal):
      • ACKnowledgement (true / false):
      • PuSH (true / false):
      • Syn (true / false):
      • Fin (true / false):
      • Source port (decimal): 443 (0x01bb)
      • Is the source port a well known port? If yes, which protocol? HTTPS
      • Destination port (decimal): 44348 (0xad3c)
      • Is the destination port a well known port? If yes, which protocol? no
      • Data offset (number of bytes, decimal): 8 * 4 = 32
      • ACKnowledgement (true / false): true
      • PuSH (true / false): true
      • Syn (true / false): false
      • Fin (true / false): false