Ethical Hacking Lab
-------------------------------------------------
-------------------------------------------------
Lab Exercise #2
4500 0028 bc90 0000 3606 5953 43e4 6e78 ac10 1080 0050 0d23 3108 8a5f 7bf0 d439 5011 0047 279b 0000 1703 0100 4856
4500 0028 72f3 4000 8006 18f0 ac10 1080 43e4 6e78 0d23 0050 7bf0 d439 3108 8a60 5010 107a 1768 0000
4500 0028 72f6 4000 8006 18ed ac10 1080 43e4 6e78 0d23 0050 7bf0 d439 3108 8a60 5011 107a 1767 0000
4500 0028 bc91 0000 3606 5952 43e4 6e78 ac10 1080 0050 0d23 3108 8a60 7bf0 d43a 5010 0047 279a 0000 1703 0100 4856
1. Complete the following table for the four frames above:
| Frame 1 | Frame 2 | Frame 3 | Frame 4 | Version (IPv4 or IPv6) | 4 | 4 | 4 | 4 | Header Length (in bytes) | 20 | 20 | 20 | 20 | Total Length of IP Header | 40 | 40 | 40 | 40 | Time To Live | 54 | 128 | 128 | 54 | Protocol | TCP | TCP | TCP | TCP | Source IP Address | 67.228.110.120 | 172.16.16.128 | 172.16.16.128 | 67.228.110.120 | Destination IP Address | 172.16.16.128 | 67.228.110.120 | 67.228.110.120 | 172.16.16.128 | Source Port | 80 | 3363 | 3363 | 80 | Destination Port | 3363 | 80 | 80 | 3363 | Flags Set | ACK/FIN | ACK | ACK/FIN | ACK | Sequence Number | 822643295 | 2079380537 | 2079380537 | 822643296 | Acknowledge Number | 2079380537 | 822643296 | 822643296 | 2079380538 |
2. Copy the capture2 pcap file into the home folder in BTR3. 3. Launch a terminal window. 4. Enter the following command to view the pcap file in hexadecimal format (-x) using absolute, instead of relative, TCP sequence numbers (-S).
------------------------------------------------- tcpdump -r capture2 –xS
5. Analyze the output to check your answers in the table you completed above.
6. Enter the following command to determine how many packets were sent from 67.228.110.120
-------------------------------------------------
Lab Exercise #2
4500 0028 bc90 0000 3606 5953 43e4 6e78 ac10 1080 0050 0d23 3108 8a5f 7bf0 d439 5011 0047 279b 0000 1703 0100 4856
4500 0028 72f3 4000 8006 18f0 ac10 1080 43e4 6e78 0d23 0050 7bf0 d439 3108 8a60 5010 107a 1768 0000
4500 0028 72f6 4000 8006 18ed ac10 1080 43e4 6e78 0d23 0050 7bf0 d439 3108 8a60 5011 107a 1767 0000
4500 0028 bc91 0000 3606 5952 43e4 6e78 ac10 1080 0050 0d23 3108 8a60 7bf0 d43a 5010 0047 279a 0000 1703 0100 4856
1. Complete the following table for the four frames above:
| Frame 1 | Frame 2 | Frame 3 | Frame 4 | Version (IPv4 or IPv6) | 4 | 4 | 4 | 4 | Header Length (in bytes) | 20 | 20 | 20 | 20 | Total Length of IP Header | 40 | 40 | 40 | 40 | Time To Live | 54 | 128 | 128 | 54 | Protocol | TCP | TCP | TCP | TCP | Source IP Address | 67.228.110.120 | 172.16.16.128 | 172.16.16.128 | 67.228.110.120 | Destination IP Address | 172.16.16.128 | 67.228.110.120 | 67.228.110.120 | 172.16.16.128 | Source Port | 80 | 3363 | 3363 | 80 | Destination Port | 3363 | 80 | 80 | 3363 | Flags Set | ACK/FIN | ACK | ACK/FIN | ACK | Sequence Number | 822643295 | 2079380537 | 2079380537 | 822643296 | Acknowledge Number | 2079380537 | 822643296 | 822643296 | 2079380538 |
2. Copy the capture2 pcap file into the home folder in BTR3. 3. Launch a terminal window. 4. Enter the following command to view the pcap file in hexadecimal format (-x) using absolute, instead of relative, TCP sequence numbers (-S).
------------------------------------------------- tcpdump -r capture2 –xS
5. Analyze the output to check your answers in the table you completed above.
6. Enter the following command to determine how many packets were sent from 67.228.110.120