Given the Packet Below

Given the Packet Below

Given the packet below

14:29:18.927970 eth0 > 0:0:0a:05:0e:03 0:14:59:66:aa:3eip 142: 199.17.59.166.telnet >66.188.165.185.1749: P 1:89(88) ack 0 win 5840 (DF) [tos 0x10]

4510 0080 7ffa 4000 4006 cf40 c711 3ba6

42bc a5b9 0017 06d5 4a83 71bb cad9 2c07

5018 16d0 a266 0000 4b65 726e 656c 2066

696c 7465 722c 2070 726f 746f 636f 6c20

414c 4c2c 2064 6174 6167 7261 6d20 7061

636b 6574 2073 6f63 6b65 740d 0a74 6370

6475 6d70 3a20 6c69 7374 656e 696e 6720

6f6e 2061 6c6c 2064 6576 6963 6573 0d0a

In the packet above you have: timestamp=14:29:18.927970 interface=eth0, >=leaving that interface, source MAC=0:0:0a:05:0e:03, destination MAC=0:14:59:66:aa:3e, ip protocol expected on layer 3, 142 size of entire packet, source net.node.port=199.17.59.166.telnet, destination net.node.por t= 66.188.165.185.1749, p =push flag, 1:89 = seqnum range sent, (88) size of the payload, ack= ack flag set next relative seqnum expected 0, window size 5840, df don’t fragment, type of service 10x

The dump it starts with ipheader :

A hex character = 4 bits

  1. version mean IPv4
  2. size of ip header 5 32 bit words = 20 bytes

10 the type of service value if 0 no special handling

0080 length of packet – layer 2 header 80hex = 8x16= 128 (128+14 should =142)

7ffa id number to identify the datagram

4 (1st 3 bits) 100 don’t fragment, also more and unused

000 + 1 bit from above = 0000000000000 fragment offset.

40 time to live 4X16 = 64 hops

06 protocol expected on layer 4, 6=tcp enter: cat /etc/protocols for the list.

Cf40 error detection checksum

C7113ba6 source 32bit ip in dotted decimal 199.17.59.166

42bca5b9 destination ip 66.188.165.185

note this ip header was 20 bytes or 10 groups of 4 hex characters

Now the tcp header:

0017 source port 16+7 =23 See cat/etc/services for list

06d5 destination port 1749 dec

4a83 71bb absolute sequence number

cad9 2c07 absolute ack number

5 size of the tcp header, 5 32 bit words, 20 bytes

018 reserved and flags, convert to binary 000000 011000 the last six are flags ack and push are on.

16d0 window size

a226 checksum

0000 value of urgent pointer 0 because urg flag not set.

End of tcp header note 10 groups of 4 from end of ip and 20 groups from beginning of dump. The payload follows in clear if you have an ascii conversion table you can read it easily. In this packet the headers:

Layer 2 14

Layer3 20

Layer4 20

Payload 88

Tot 142

Oh% 54/142 = around 38%

Given this new packet:

14:33:54.198474 00:50:56:8c:05:c6 > 00:04:23:d2:12:57, ethertype IPv4 (0x0800), length 317: (tos 0x0, ttl 64, id 1970, offset 0, flags [DF], proto TCP (6), length 303)
199.17.59.234.45454 > 52.27.223.250.80: Flags [P.], cksum 0x1833 (incorrect -> 0x13a1), seq 1:252, ack 1, win 229, options [nop,nop,TSval 1819360386 ecr 880078376], length 251
0x0000: 4500 012f 07b2 4000 4006 1b06 c711 3bea E../..@.@.....;.
0x0010: 341b dffa b18e 0050 cad8 3bc8 2710 7f69 4...... P..;.'..i
0x0020: 8018 00e5 1833 0000 0101 080a 6c71 3c82 .....3...... lq<.
0x0030: 3474 ee28 4745 5420 2f20 4854 5450 2f31 4t.(GET./.HTTP/1
0x0040: 2e30 0d0a 486f 7374 3a20 7777 772e 6263 .0..Host:.
0x0050: 726c 2e73 7463 6c6f 7564 7374 7465 2e65rl.stcloudstte.e
0x0060: 6475 2e63 6f6d 0d0a 4163 6365 7074 3a20 du.com..Accept:.

ONLY ANSWER ONE OF THE FOLLOWING 11 QUESTIONS

  1. What are the source and destination physical addresses? What OSI layer are they on?

Source 00:50:56:8c:05:c

Destination 00:04:23:d2:12:57

Layer – 2

2. What are the source and destinationIP addresses? What OSI layer are they on?

3. What are the source and destinationportaddresses? What OSI layer are they on?

4. What is the size of the IP header?

5. What is the size of the TCP header?

6. What is the time to live?

7. Is the payload encrypted, Why or why not?

8. What TCP flags are set and what is their purpose?

9. Do you spot any security issues in this packet?

10. What class IP address is the server side, what does this mean?

11. What is the absolute sequence number on the client side (hex is ok).?

PLEASE COMPLETE ALL OF THE FOLLOWING QUESTIONS:

Question 1. How can TCP/IP be broken in to a 4 layer model?

Instead of using the OSI Model, use the TCP/IP Model

Question 2. What are some options in regard to providing physical connectivity? What media can they use? What are some common transmission speeds? What inroads has Ethernet made on WANs?

Ethernet over Cat5, Coxil

100mb/s 1gb/s

Ethernet is generally the standard regardless of the type of cable it can still conform to the Ethernet standard

Two sets of address are used to guide information to its destination. The internet uses a technique call packet switching. Packet switching allows a block of data to be encapsulated into a packet and then be transmitted all at once. Because Ethernet is a dominant architecture many networks limit the maximum packet size to Ethernet specifications of 1,514 bytes. We will look at a part of a sample packet to get a basic understanding of how addresses are used.

Given the follow packet information:

11:55:02.9386079e:ce:93:eb:b1:c100:04:23:d2:12:77, ethertype IPv4 (0x0800), length 246: 199.17.59.191.ssh64.83.214.152.56219:

Yellow highlighted: time stamp

Green highlight source/destination physical address (burned into the Ethernet card used for delivering packets to a computer on a LAN)

Length of this packet is 246 bytes

Highlighted in turquoise: source/destination net.node.port addresses (used to route a packet to the appropriate LAN and to the appropriate service on that LAN)

Question 3. Given the below, what are the source and destination physical address? The source and destination net.node.port address? What is the size of the packet?

Source ae:dd:d0:e2:0b:6d

Destination 9e:ce:93:eb:b1:c1

Size is l82 bytes

12:06:18.186648 ae:dd:d0:e2:0b:6d > 9e:ce:93:eb:b1:c1, ethertype IPv4 (0x0800), length 182: 199.17.59.200.ldap > 199.17.59.191.52146:

Question 4. In the above. Which set of addresses are used in the network layer? Which set are used in the internet layer?

Network layer is layer 2 mac address

Internet Layer is Lyer 3 IP addresses

[buster@mermes ~]$ netstat -r

Kernel IP routing table

Destination GatewayGenmaskFlags MSS Window irttIface

10.0.0.0255.0.0.0 UG 0 0 0 eth0

199.17.59.0255.255.255.0 U 0 0 0 eth1You will note that in the packet from question three that the protocol being used was Internet Protocol version 4 (IPv4). When this protocol is used it is not simple to break the internet address into its 3 parts of net.node.port. The routing table above provides a clue on how to break it into parts. Note the gen mask value. In the first destination it is 255.0.0.0 which means the 255 part is the network address. So in the destination 10.0.0.0, 10 is network portion. The second example has a gen mask of 255.255.255.0 so the network portion would be 199.17.59. Note port is not referenced here but is the 5th group of numbers in the address.

 Question 5. Using the IP routing table above break the following address into net.node.port:

199.17.59.191:52146

Yellow is network, red is node and port is green.

Next given an address of 132.44.77.35.22 and a gen mask of 255.255.0.0 break that address into net.node.port.

What is the difference between a protocol and a service? A protocol is a set a rules that governs how something is done within a layer of networking. We have already discussed IPv4. A print out from the protocol file follows:

# /etc/protocols:

# $Id: protocols,v 1.10 2010/03/26 13:05:40 ovasikExp $

#

# Internet (IP) protocols

#

#from: @(#)protocols 5.1 (Berkeley) 4/17/89

#

# Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992).

# Last IANA update included dated 2010-03-11

#

# See also

ip 0 IP # internet protocol, pseudo protocol number

hopopt 0 HOPOPT # hop-by-hop options for ipv6

icmp 1 ICMP # internet control message protocol

igmp 2 IGMP # internet group management protocol

ggp 3 GGP # gateway-gateway protocol

ipv4 4 IPv4 # IPv4 encapsulation

st 5 ST # ST datagram mode

tcp 6 TCP # transmission control protocol

A service is typically an application that is being run on a computer available via the net on a specific port. A printout of the services file follows:

# /etc/services:

# $Id: services,v 1.52 2011/04/12 16:19:32 ovasikExp $

# Network services, Internet style

# IANA services version: last updated 2011-04-06

tcpmux 1/tcp # TCP port service multiplexer

tcpmux 1/udp # TCP port service multiplexer

rje 5/tcp # Remote Job Entry

rje 5/udp # Remote Job Entry

echo 7/tcp

echo 7/udp

discard 9/tcp sink null

discard 9/udp sink null

systat 11/tcp users

systat 11/udp users

daytime 13/tcp

daytime 13/udp

qotd 17/tcp quote

qotd 17/udp quote

msp 18/tcp # message send protocol

msp 18/udp # message send protocol

chargen 19/tcpttytst source

chargen 19/udpttytst source

ftp-data20/tcp

ftp-data 20/udp

# 21 is registered to ftp, but also used by fsp

ftp 21/tcp

ftp 21/udpfspfspd

ssh 22/tcp # The Secure Shell (SSH) Protocol

ssh 22/udp# The Secure Shell (SSH) Protocol

telnet 23/tcp

telnet 23/udp

Question 6. Classify the following as either a protocol or a service: ftp, telnet, ip, tcp, ggp, udp, rip, chargen. Pick one service and describe it purpose in detail. Given: 132.44.77.35.22 which service is being referenced?

ftp, protocal

telnet,prodocal

ip, protocal

tcpprotocal

, ggp, prptocal

udp, protocal

rip, chargen.Protocal

Top View