Options

GCIA header questions

billyr2009billyr2009 Member Posts: 120
in GIAC
Hi Everyone,

With my studies for GCIA, I am using the questions that Jake Williams posted on his site a few years ago. Here is the question.

1. What is the embedded protocol(UDP), the source port, and the amount of data not including protocol headers?
0x0000: 4500 005f 9bf3 4000 4006 a0a3 7f00 0001
0x0010: 7f00 0001 0019 be19 36b4 05e7 319f 5c69
0x0020: 8018 0200 bfad 0000 0101 080a 0b48 9e14


Answer:
1.
Embedded protocol: TCP
Total packet length: 95
IP Header length: 20
protocol header length: 32
Data length: 43
Source Port: 0x0019 (25)


I get how he has came up with the answers for most of these. But, I am not certain on the Data Length and protocol header length. I am looking at my TCP header and IPV4 header example and am a bit miffed. I am probably overthinking icon_redface.gif
· Share on FacebookShare on Twitter

Comments

  • Options
    Pun_ShaPun_Sha Member Posts: 10 ■□□□□□□□□□
    TCP header length(embedded protocol header length):higher order nibble in 12th byte offset --> 0019 be19 36b4 05e7 319f 5c69 8018 0200 bfad 0000 0101 080a 0b48 9e14,
    So in the above packet capture, you see total data length= 95 (calculated from IP header), IP hdr len= 20 , TCP hdr len =8(*4) =32 as it is a 4 multiplier,
    so IP hdr +tcp hdr + payload(data)= total packet length,
    20 + 32 - payload =95, so ,
    data len =43.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.