CST8230 Assignment-1 Decoding Packets (corrector)1 PDF

Title	CST8230 Assignment-1 Decoding Packets (corrector)1
Author	Nishit Patel
Course	IT security
Institution	Algonquin College
Pages	7
File Size	371.9 KB
File Type	PDF
Total Downloads	60
Total Views	141

Preview

CLICK TO PREVIEW PDF

Summary

Answers for decoding packets...

Description

CST8230

Assignment #1

 Question #1 – Properly analyze and fully decode the Ethernet packet below, including header but not the payload content. (20 marks) Hexadecimal Packet Representation

ASCII representation ........ ......E. .([email protected]. ........ ...F.\.a K.....P. @.o..... ....

0012 f019 e3f3 0000 f801 8cfb 0800 4500 0028 4a70 4000 6706 f7e1 cdbc f8ad 0a0a 010a 1446 125c c461 4bfb e8ce 0eba 5010 4000 6fce 0000 0000 0000 0000 The first 7 octets are Ethernet II information:

Decoded value 00:12:F0:19:E3:F3 00:00:F8:01:8C:FB Ethernet II carrying IP

Hex value (relevant portion) Destination MAC Address Source MAC Address Protocol Type

00 12 f0 19 e3 f3 00 00 f8 01 8c fb 0800

Next, based on the above, we can start to decode the IP header: IP Version Header Length Type of Service

Total Length IP ID Flags

TTL Embedded Protocol Checksum Source Address

Destination Address

V 1.1

It's not known it's Version 4 until you look at the IP header!

45 (first 4 bits are all that are needed) 45 (last 4 bits are all that is needed) 5 –> 5x32 bit words = 20 bytes 00 (convert to binary) -> 0000 0000 Bits 0-2 = 000 –> No Precedence Bit 3 = 0 -> Minimize Delay Bit 4 = 0 -> Maximize Throughput Bit 5 = 0 -> Maximize Reliability Bit 6 = 0 -> Minimize Cost / ECN Bit 7 = 0 -> Reserved / ECN seen 00 28 (convert to decimal) 4a 70 (convert to decimal) 40 00 (convert to binary & look at first 3 bits) 0100 0000 0000 0000 Bit 0 = 0 – Reserved Bit 1 = 1 – Don’t Fragment Bit 2 = 0 – Last Fragment Bits 3-16 = Fragmentation Offset 67 (convert to decimal) 06 (convert to decimal) f7e1 (convert to decimal) cd bc f8 ad\ 0xcd = 205 0xbc = 188 0xf8 = 248 0xad = 173 0a 0a 01 0a 0x0a = 10 0x0a = 10 0x01 = 01 0x0a = 10

March 25, 2019

4 –> IPv4 20 Bytes No precedence, normal packet

40 bytes 19056 Don’t Fragment

103 hops 06 -> TCP

63457 IP = 205.188.248.173

IP = 10.10.1.10

Page 1 of 7

CST8230

Assignment #1

We’ve determined it’s a TCP header, so decoding: Hex value (relevant portion) Source Port Destination Port Sequence Number Ack Number Header Length/Offset Reserved Flags/Code Bits Window Size Checksum Urgent Ptr TCP Options

1446 (convert to decimal) 125c (convert to decimal) c4 61 4b fb (convert to decimal) e8 ce 0e ba (convert to decimal) 50 (convert first nibble to decimal) 0x5 -> 5 * 32 bits = 20 bytes 50 (second nibble is reserved) 10 (convert to binary)-> 00001000 0 0 0 1 0 0 0 C E U A P R S 4000 (convert to decimal) 6fce (convert to decimal) 00 TCP Header = min 20 bytes Current header = 20 bytes 00 -> Therefore, no options!

Decoded value Port 5190 (AOL, IM, iChat) Port 4700 (netxms-agent)

3294710779 3905818298 20 bytes N/A ACK flag set 0 F 16384 bytes 28622 N/A No options

And since the remaining bytes are all 0’s, there’s no payload! Question #2 – Based on the payload and header, what kind of packet is this, exactly? (2 marks) With a bit of research, we can determine that this is a response message from an AOL server [based on DNS backtrack of IP] to a packet sent from an AOL-capable instant messaging software. We can also deduce that it is a standard TCP/IP packet with the ACK flag set, but with no payload.

V 1.1

March 25, 2019

Page 2 of 7

CST8230

Assignment #1

 Question #3 - Properly analyze and fully decode the Ethernet packet below, including header but not the payload content. (20 marks) Hexadecimal Packet Representation 0000 0010 0020 0030 0040

00 00 00 7d 27

00 3c 01 78 24

c0 46 06 e0 00

9f 3c 0e a3 00

a0 40 00 00 00

97 00 17 00 00

00 40 99 02 01

a0 06 c5 04 03

ASCII representation cc 73 a0 05 03

3b 1c ec b4 00

bf c0 00 04

fa a8 00 02

08 00 00 08

00 02 00 0a

45 c0 a0 00

10 a8 02 9c

.........;....E. ....