Title | CST8230 Assignment-1 Decoding Packets (corrector)1 |
---|---|
Author | Nishit Patel |
Course | IT security |
Institution | Algonquin College |
Pages | 7 |
File Size | 371.9 KB |
File Type | |
Total Downloads | 60 |
Total Views | 141 |
Answers for decoding packets...
CST8230
Assignment #1
Question #1 – Properly analyze and fully decode the Ethernet packet below, including header but not the payload content. (20 marks) Hexadecimal Packet Representation
ASCII representation ........ ......E. .([email protected]. ........ ...F.\.a K.....P. @.o..... ....
0012 f019 e3f3 0000 f801 8cfb 0800 4500 0028 4a70 4000 6706 f7e1 cdbc f8ad 0a0a 010a 1446 125c c461 4bfb e8ce 0eba 5010 4000 6fce 0000 0000 0000 0000 The first 7 octets are Ethernet II information:
Decoded value 00:12:F0:19:E3:F3 00:00:F8:01:8C:FB Ethernet II carrying IP
Hex value (relevant portion) Destination MAC Address Source MAC Address Protocol Type
00 12 f0 19 e3 f3 00 00 f8 01 8c fb 0800
Next, based on the above, we can start to decode the IP header: IP Version Header Length Type of Service
Total Length IP ID Flags
TTL Embedded Protocol Checksum Source Address
Destination Address
V 1.1
It's not known it's Version 4 until you look at the IP header!
45 (first 4 bits are all that are needed) 45 (last 4 bits are all that is needed) 5 –> 5x32 bit words = 20 bytes 00 (convert to binary) -> 0000 0000 Bits 0-2 = 000 –> No Precedence Bit 3 = 0 -> Minimize Delay Bit 4 = 0 -> Maximize Throughput Bit 5 = 0 -> Maximize Reliability Bit 6 = 0 -> Minimize Cost / ECN Bit 7 = 0 -> Reserved / ECN seen 00 28 (convert to decimal) 4a 70 (convert to decimal) 40 00 (convert to binary & look at first 3 bits) 0100 0000 0000 0000 Bit 0 = 0 – Reserved Bit 1 = 1 – Don’t Fragment Bit 2 = 0 – Last Fragment Bits 3-16 = Fragmentation Offset 67 (convert to decimal) 06 (convert to decimal) f7e1 (convert to decimal) cd bc f8 ad\ 0xcd = 205 0xbc = 188 0xf8 = 248 0xad = 173 0a 0a 01 0a 0x0a = 10 0x0a = 10 0x01 = 01 0x0a = 10
March 25, 2019
4 –> IPv4 20 Bytes No precedence, normal packet
40 bytes 19056 Don’t Fragment
103 hops 06 -> TCP
63457 IP = 205.188.248.173
IP = 10.10.1.10
Page 1 of 7
CST8230
Assignment #1
We’ve determined it’s a TCP header, so decoding: Hex value (relevant portion) Source Port Destination Port Sequence Number Ack Number Header Length/Offset Reserved Flags/Code Bits Window Size Checksum Urgent Ptr TCP Options
1446 (convert to decimal) 125c (convert to decimal) c4 61 4b fb (convert to decimal) e8 ce 0e ba (convert to decimal) 50 (convert first nibble to decimal) 0x5 -> 5 * 32 bits = 20 bytes 50 (second nibble is reserved) 10 (convert to binary)-> 00001000 0 0 0 1 0 0 0 C E U A P R S 4000 (convert to decimal) 6fce (convert to decimal) 00 TCP Header = min 20 bytes Current header = 20 bytes 00 -> Therefore, no options!
Decoded value Port 5190 (AOL, IM, iChat) Port 4700 (netxms-agent)
3294710779 3905818298 20 bytes N/A ACK flag set 0 F 16384 bytes 28622 N/A No options
And since the remaining bytes are all 0’s, there’s no payload! Question #2 – Based on the payload and header, what kind of packet is this, exactly? (2 marks) With a bit of research, we can determine that this is a response message from an AOL server [based on DNS backtrack of IP] to a packet sent from an AOL-capable instant messaging software. We can also deduce that it is a standard TCP/IP packet with the ACK flag set, but with no payload.
V 1.1
March 25, 2019
Page 2 of 7
CST8230
Assignment #1
Question #3 - Properly analyze and fully decode the Ethernet packet below, including header but not the payload content. (20 marks) Hexadecimal Packet Representation 0000 0010 0020 0030 0040
00 00 00 7d 27
00 3c 01 78 24
c0 46 06 e0 00
9f 3c 0e a3 00
a0 40 00 00 00
97 00 17 00 00
00 40 99 02 01
a0 06 c5 04 03
ASCII representation cc 73 a0 05 03
3b 1c ec b4 00
bf c0 00 04
fa a8 00 02
08 00 00 08
00 02 00 0a
45 c0 a0 00
10 a8 02 9c
.........;....E. ....