Given the packet below
14:29:18.927970 eth0 > 0:0:0a:05:0e:03 0:14:59:66:aa:3eip 142: 199.17.59.166.telnet >66.188.165.185.1749: P 1:89(88) ack 0 win 5840 (DF) [tos 0x10]
4510 0080 7ffa 4000 4006 cf40 c711 3ba6
42bc a5b9 0017 06d5 4a83 71bb cad9 2c07
5018 16d0 a266 0000 4b65 726e 656c 2066
696c 7465 722c 2070 726f 746f 636f 6c20
414c 4c2c 2064 6174 6167 7261 6d20 7061
636b 6574 2073 6f63 6b65 740d 0a74 6370
6475 6d70 3a20 6c69 7374 656e 696e 6720
6f6e 2061 6c6c 2064 6576 6963 6573 0d0a
In the packet above you have: timestamp=14:29:18.927970 interface=eth0, >=leaving that interface, source MAC=0:0:0a:05:0e:03, destination MAC=0:14:59:66:aa:3e, ip protocol expected on layer 3, 142 size of entire packet, source net.node.port=199.17.59.166.telnet, destination net.node.por t= 66.188.165.185.1749, p =push flag, 1:89 = seqnum range sent, (88) size of the payload, ack= ack flag set next relative seqnum expected 0, window size 5840, df don’t fragment, type of service 10x
The dump it starts with ipheader :
A hex character = 4 bits
- version mean IPv4
- size of ip header 5 32 bit words = 20 bytes
10 the type of service value if 0 no special handling
0080 length of packet – layer 2 header 80hex = 8x16= 128 (128+14 should =142)
7ffa id number to identify the datagram
4 (1st 3 bits) 100 don’t fragment, also more and unused
000 + 1 bit from above = 0000000000000 fragment offset.
40 time to live 4X16 = 64 hops
06 protocol expected on layer 4, 6=tcp enter: cat /etc/protocols for the list.
Cf40 error detection checksum
C7113ba6 source 32bit ip in dotted decimal 199.17.59.166
42bca5b9 destination ip 66.188.165.185
note this ip header was 20 bytes or 10 groups of 4 hex characters
Now the tcp header:
0017 source port 16+7 =23 See cat/etc/services for list
06d5 destination port 1749 dec
4a83 71bb absolute sequence number
cad9 2c07 absolute ack number
5 size of the tcp header, 5 32 bit words, 20 bytes
018 reserved and flags, convert to binary 000000 011000 the last six are flags ack and push are on.
16d0 window size
a226 checksum
0000 value of urgent pointer 0 because urg flag not set.
End of tcp header note 10 groups of 4 from end of ip and 20 groups from beginning of dump. The payload follows in clear if you have an ascii conversion table you can read it easily. In this packet the headers:
Layer 2 14
Layer3 20
Layer4 20
Payload 88
Tot 142
Oh% 54/142 = around 38%
Given this new packet:
14:33:54.198474 00:50:56:8c:05:c6 > 00:04:23:d2:12:57, ethertype IPv4 (0x0800), length 317: (tos 0x0, ttl 64, id 1970, offset 0, flags [DF], proto TCP (6), length 303)
199.17.59.234.45454 > 52.27.223.250.80: Flags [P.], cksum 0x1833 (incorrect -> 0x13a1), seq 1:252, ack 1, win 229, options [nop,nop,TSval 1819360386 ecr 880078376], length 251
0x0000: 4500 012f 07b2 4000 4006 1b06 c711 3bea E../..@.@.....;.
0x0010: 341b dffa b18e 0050 cad8 3bc8 2710 7f69 4...... P..;.'..i
0x0020: 8018 00e5 1833 0000 0101 080a 6c71 3c82 .....3...... lq<.
0x0030: 3474 ee28 4745 5420 2f20 4854 5450 2f31 4t.(GET./.HTTP/1
0x0040: 2e30 0d0a 486f 7374 3a20 7777 772e 6263 .0..Host:.
0x0050: 726c 2e73 7463 6c6f 7564 7374 7465 2e65rl.stcloudstte.e
0x0060: 6475 2e63 6f6d 0d0a 4163 6365 7074 3a20 du.com..Accept:.
ONLY ANSWER ONE OF THE FOLLOWING 11 QUESTIONS
- What are the source and destination physical addresses? What OSI layer are they on?
Source 00:50:56:8c:05:c
Destination 00:04:23:d2:12:57
Layer – 2
2. What are the source and destinationIP addresses? What OSI layer are they on?
3. What are the source and destinationportaddresses? What OSI layer are they on?
4. What is the size of the IP header?
5. What is the size of the TCP header?
6. What is the time to live?
7. Is the payload encrypted, Why or why not?
8. What TCP flags are set and what is their purpose?
9. Do you spot any security issues in this packet?
10. What class IP address is the server side, what does this mean?
11. What is the absolute sequence number on the client side (hex is ok).?
PLEASE COMPLETE ALL OF THE FOLLOWING QUESTIONS:
Question 1. How can TCP/IP be broken in to a 4 layer model?
Instead of using the OSI Model, use the TCP/IP Model
Question 2. What are some options in regard to providing physical connectivity? What media can they use? What are some common transmission speeds? What inroads has Ethernet made on WANs?
Ethernet over Cat5, Coxil
100mb/s 1gb/s
Ethernet is generally the standard regardless of the type of cable it can still conform to the Ethernet standard
Two sets of address are used to guide information to its destination. The internet uses a technique call packet switching. Packet switching allows a block of data to be encapsulated into a packet and then be transmitted all at once. Because Ethernet is a dominant architecture many networks limit the maximum packet size to Ethernet specifications of 1,514 bytes. We will look at a part of a sample packet to get a basic understanding of how addresses are used.
Given the follow packet information:
11:55:02.9386079e:ce:93:eb:b1:c100:04:23:d2:12:77, ethertype IPv4 (0x0800), length 246: 199.17.59.191.ssh64.83.214.152.56219:
Yellow highlighted: time stamp
Green highlight source/destination physical address (burned into the Ethernet card used for delivering packets to a computer on a LAN)
Length of this packet is 246 bytes
Highlighted in turquoise: source/destination net.node.port addresses (used to route a packet to the appropriate LAN and to the appropriate service on that LAN)
Question 3. Given the below, what are the source and destination physical address? The source and destination net.node.port address? What is the size of the packet?
Source ae:dd:d0:e2:0b:6d
Destination 9e:ce:93:eb:b1:c1
Size is l82 bytes
12:06:18.186648 ae:dd:d0:e2:0b:6d > 9e:ce:93:eb:b1:c1, ethertype IPv4 (0x0800), length 182: 199.17.59.200.ldap > 199.17.59.191.52146:
Question 4. In the above. Which set of addresses are used in the network layer? Which set are used in the internet layer?
Network layer is layer 2 mac address
Internet Layer is Lyer 3 IP addresses
[buster@mermes ~]$ netstat -r
Kernel IP routing table
Destination GatewayGenmaskFlags MSS Window irttIface
10.0.0.0255.0.0.0 UG 0 0 0 eth0
199.17.59.0255.255.255.0 U 0 0 0 eth1You will note that in the packet from question three that the protocol being used was Internet Protocol version 4 (IPv4). When this protocol is used it is not simple to break the internet address into its 3 parts of net.node.port. The routing table above provides a clue on how to break it into parts. Note the gen mask value. In the first destination it is 255.0.0.0 which means the 255 part is the network address. So in the destination 10.0.0.0, 10 is network portion. The second example has a gen mask of 255.255.255.0 so the network portion would be 199.17.59. Note port is not referenced here but is the 5th group of numbers in the address.
Question 5. Using the IP routing table above break the following address into net.node.port:
199.17.59.191:52146
Yellow is network, red is node and port is green.
Next given an address of 132.44.77.35.22 and a gen mask of 255.255.0.0 break that address into net.node.port.
What is the difference between a protocol and a service? A protocol is a set a rules that governs how something is done within a layer of networking. We have already discussed IPv4. A print out from the protocol file follows:
# /etc/protocols:
# $Id: protocols,v 1.10 2010/03/26 13:05:40 ovasikExp $
#
# Internet (IP) protocols
#
#from: @(#)protocols 5.1 (Berkeley) 4/17/89
#
# Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992).
# Last IANA update included dated 2010-03-11
#
# See also
ip 0 IP # internet protocol, pseudo protocol number
hopopt 0 HOPOPT # hop-by-hop options for ipv6
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # internet group management protocol
ggp 3 GGP # gateway-gateway protocol
ipv4 4 IPv4 # IPv4 encapsulation
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
A service is typically an application that is being run on a computer available via the net on a specific port. A printout of the services file follows:
# /etc/services:
# $Id: services,v 1.52 2011/04/12 16:19:32 ovasikExp $
# Network services, Internet style
# IANA services version: last updated 2011-04-06
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol
msp 18/udp # message send protocol
chargen 19/tcpttytst source
chargen 19/udpttytst source
ftp-data20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udpfspfspd
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp# The Secure Shell (SSH) Protocol
telnet 23/tcp
telnet 23/udp
Question 6. Classify the following as either a protocol or a service: ftp, telnet, ip, tcp, ggp, udp, rip, chargen. Pick one service and describe it purpose in detail. Given: 132.44.77.35.22 which service is being referenced?
ftp, protocal
telnet,prodocal
ip, protocal
tcpprotocal
, ggp, prptocal
udp, protocal
rip, chargen.Protocal