4CHEL KSN Test (Group D)

2023-03-30

Max. 100 points

Name:

Task Max. Achieved
1 12
2 12
3 12
4 36
5 28
Sum 100
Grading: >= 88: 1, >=76: 2, >=64 : 3, >=51: 4, <=50: 5

Requires header tables!

0000   64 e8 81 48 3e c0 c8 94 02 f8 a6 1d 08 00 45 00
0010   01 ae fc 2f 40 00 20 06 06 a8 ac 10 4e 33 c1 ab
0020   7a 83 ff ff 00 50 f4 3f 43 92 36 5d 4b c3 80 18
0030   01 f6 c3 0d 00 00 01 01 08 0a e1 6f 7c dc 85 3d
0040   04 f9 47 45 54 20 2f 7e 67 65 72 61 6c 64 2f 20
0050   48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20
0060   77 69 72 65 73 68 61 72 6b 2e 62 75 6c 6d 65 2e
    1. Internet Protocol Suite (TCP/IP)
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      An IPv4 address has 4 bytes (octets).
      ping is used to log in to remote hosts.
      TCP and UDP are application layer protocols.
      TCP is a connection oriented protocol.
      Wireshark is a network packet analyzer.
      ARP is used to discover an IP address when given a mac address.
    2. Application Layer
      Answer the following statements indicating whether they are True or False.
      0-3 correct: 0 points, 4 correct: 4 points, 5 correct: 8 points, 6 correct: 12 points.
      Statement True False
      Postel's law states: "Fiber-optic cables allow long distances to be spanned with few repeaters".
      HTTP, DNS and FTP are application layer protocols.
      SSH uses port 22.
      SSH, HTTPS and SFTP use encryption.
      HTTP and HTTPS use ports 80 and 443 as default ports.
      A password sent over HTTP cannot be sniffed.
  2. Wireshark The (partial) hex dump on the first page is from an HTTP GET request from computer A to server B. It shows an ethernet frame from the beginning that is cut off before the end. Answer the following questions / fill out the appropriate values using the hex dump on the first page and the relevant header tables.
    1. 4 points each
      • Next node's MAC address:
      • Computer A's MAC address:
      • EtherType (in hex):
      • Next node's MAC address: 64:e8:81:48:3e:c0
      • Computer A's MAC address: c8:94:02:f8:a6:1d
      • EtherType (in hex): 0x0800 (IPv4)
    2. 4 points each except 8 points for each IP address
      • Internet protocol version (decimal):
      • Header length (number of bytes, decimal):
      • Total length (bytes, decimal):
      • Time to live (decimal):
      • Protocol (text; {1: ICMP, 6: TCP, 17: UDP}):
      • Source IP (dot-decimal notation):
      • Destination IP (dot-decimal notation):
      • Internet protocol version (decimal): 4
      • Header Length (number of bytes, decimal): 5 * 4 = 20
      • Total length (bytes, decimal): 430 (0x01ae)
      • Time to live (decimal): 32 (0x20)
      • Protocol (text): TCP (6)
      • Source IP: 172.16.78.51 (ac 10 4e 33)
      • Destination IP: 193.171.122.131 (c1 ab 7a 83)
    3. 6/ 2/ 6/ 2/ 4/ 4/ 4 points
      • Source port (decimal):
      • Is the source port a well known port? If yes, which one?
      • Destination port (decimal):
      • Is the destination port a well known port? If yes, which one?
      • Data offset (number of bytes, decimal):
      • Checksum (hex):
      • Reserved (binary):
      • Source port (decimal): 65535 (0xffff)
      • Is the source port a well known port? If yes, which protocol? no
      • Destination port (decimal): 80 (0x0050)
      • Is the destination port a well known port? If yes, which protocol? HTTP
      • Data offset (number of bytes, decimal): 8 * 4 = 32
      • Checksum (hex): 0xc30d
      • Reserved (binary): 0b0000