Identify the packets of the three-way handshake. Which flags are set in the TCP headers? Explain how these flags are interpreted by the receiving TCP server or TCP client.

What will be an ideal response?

1) The packets of the three-way handshake are:
```
3 0.000119 10.0.5.11 10.0.5.22 TCP 35923 > 23 [SYN] Seq=3217532953 Ack=0 Win=5840
Len=0
4 0.000419 10.0.5.22 10.0.5.11 TCP 23>35923 [SYN, ACK] Seq=3239925241 Ack=3217532954
Win=5792 Len=0
5 0.000460 10.0.5.11 10.0.5.22 TCP 35923 > 23 [ACK] Seq=3217532954 Ack=3239925242
Win=5840 Len=0
```
The first packet sent from PC1 to PC2 was a SYN packet containing the initial sequence number, PC2 sees this as a connection request from PC1. As a response, PC2 sends an SYN+ACK packet (initial sequence number for PC2 is also enclosed), the SYN flag from PC2 indicates that PC2 wants to set up a connection, and the ACK from PC2 indicates that the connection request from PC1 has be granted and PC2 was ready to accept data. Now PC1 sends an ACK to tell PC2 that it was also ready to receive data.
Frame 1
```
(74 bytes on wire, 74 bytes captured)
Arrival Time: Aug 23, 2003 04:21:18.853104000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 0.000000000 seconds
Frame Number: 1
Packet Length: 74 bytes
Capture Length: 74 bytes
Ethernet II, Src: 00:06:5b:4b:e0:dd, Dst: 00:06:5b:4b:e1:da
Destination: 00:06:5b:4b:e1:da (00:06:5b:4b:e1:da)
Source: 00:06:5b:4b:e0:dd (00:06:5b:4b:e0:dd)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.5.11 (10.0.5.11), Dst Addr: 10.0.5.22 (10.0.5.22)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x90a2
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x8be9 (correct)
Source: 10.0.5.11 (10.0.5.11)
Destination: 10.0.5.22 (10.0.5.22)
Transmission Control Protocol, Src Port: 3112 (3112), Dst Port: 23 (23), Seq:

811761928, Ack: 0, Len: 0

Source port: 3112 (3112)
Destination port: 23 (23)
```
Sequence number: 811761928
```
Header length: 40 bytes
Flags: 0x0002 ( SYN )
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0x43ab (correct)
Options: (20 bytes)
Maximum segment size: 1460 bytes
SACK permitted
Time stamp: tsval 1577386, tsecr 0
NOP
Window scale: 0 (multiply by 1)
```
Frame 2
```
(74 bytes on wire, 74 bytes captured)
Arrival Time: Aug 23, 2003 04:21:18.853386000
Time delta from previous packet: 0.000282000 seconds
Time relative to first packet: 0.000282000 seconds
Frame Number: 2
Packet Length: 74 bytes
Capture Length: 74 bytes
Ethernet II, Src: 00:06:5b:4b:e1:da, Dst: 00:06:5b:4b:e0:dd
Destination: 00:06:5b:4b:e0:dd (00:06:5b:4b:e0:dd)
Source: 00:06:5b:4b:e1:da (00:06:5b:4b:e1:da)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.5.22 (10.0.5.22), Dst Addr: 10.0.5.11 (10.0.5.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x0000
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x1c9c (correct)
Source: 10.0.5.22 (10.0.5.22)
Destination: 10.0.5.11 (10.0.5.11)
Transmission Control Protocol, Src Port: 23 (23), Dst Port: 3112 (3112), Seq:

792841441, Ack: 811761929, Len: 0

Source port: 23 (23)
Destination port: 3112 (3112)
Sequence number: 792841441
Acknowledgement number: 811761929
Header length: 40 bytes
Flags: 0x0012 ( SYN, ACK )
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 5792
Checksum: 0x36a7 (correct)
Options: (20 bytes)
Maximum segment size: 1460 bytes
SACK permitted
Time stamp: tsval 1577192, tsecr 1577386
NOP
Window scale: 0 (multiply by 1)
```
Frame 3
```
(66 bytes on wire, 66 bytes captured)
Arrival Time: Aug 23, 2003 04:21:18.853442000
Time delta from previous packet: 0.000056000 seconds
Time relative to first packet: 0.000338000 seconds
Frame Number: 3
Packet Length: 66 bytes
Capture Length: 66 bytes
Ethernet II, Src: 00:06:5b:4b:e0:dd, Dst: 00:06:5b:4b:e1:da
Destination: 00:06:5b:4b:e1:da (00:06:5b:4b:e1:da)
Source: 00:06:5b:4b:e0:dd (00:06:5b:4b:e0:dd)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.5.11 (10.0.5.11), Dst Addr: 10.0.5.22 (10.0.5.22)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x90a3
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x8bf0 (correct)
Source: 10.0.5.11 (10.0.5.11)
Destination: 10.0.5.22 (10.0.5.22)
Transmission Control Protocol, Src Port: 3112 (3112), Dst Port: 23 (23), Seq:

811761929, Ack: 792841442, Len: 0

Source port: 3112 (3112)
Destination port: 23 (23)
Sequence number: 811761929
Acknowledgement number: 792841442
Header length: 32 bytes
Flags: 0x0010 ( ACK )
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0x653c (correct)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1577386, tsecr 1577192
```

Computer Science & Information Technology

You might also like to view...

What is wrong with the following simple password program where today's password is "Intrepid"

``` Private Sub btnDisplay_Click(...) Handles btnDisplay.Click Dim password As String password = InputBox("Enter today's password:") Do lstBox.Items.Add("Incorrect") password = InputBox("Enter today's password:") Loop Until password = "intrepid" lstBox.Items.Add ("Password Correct. You may continue.") End Sub (A) There is no way to re-enter a failed password. (B) The Loop Until condition should be passWord <> "intrepid". (C) It will display "Incorrect." even if the first response is "Intrepid". (D) Nothing ```

View

Computer Science & Information Technology

Which method do you use to test if an element is in a set or list named x?

a. (element instanceof List) || (element instanceof Set) b. x.in(element) c. x.contain(element) d. x.contains(element) e. x.include(element)

View

Computer Science & Information Technology

What are the permissions of the myFile.txt file?

File Permissions Visualize and Change the File Permissions. a. Navigate to /home/analyst/lab.support.files/scripts/.

[analyst@secOps ~]$ cd lab.support.files/scripts/

b. Use the ls -l command to display file permissions.

[analyst@secOps scripts]$ ls -l
total 60
-rwxr-xr-x 1 analyst analyst 190 Jun 13 09:45 configure_as_dhcp.sh
-rwxr-xr-x 1 analyst analyst 192 Jun 13 09:45 configure_as_static.sh
-rwxr-xr-x 1 analyst analyst 3459 Jul 18 10:09 cyberops_extended_topo_no_fw.py
-rwxr-xr-x 1 analyst analyst 4062 Jul 18 10:09 cyberops_extended_topo.py
-rwxr-xr-x 1 analyst analyst 3669 Jul 18 10:10 cyberops_topo.py
-rw-r--r-- 1 analyst analyst 2871 Apr 28 11:27 cyops.mn
-rwxr-xr-x 1 analyst analyst 458 May 1 13:50 fw_rules
-rwxr-xr-x 1 analyst analyst 70 Apr 28 11:27 mal_server_start.sh
drwxr-xr-x 2 analyst analyst 4096 Jun 13 09:55 net_configuration_files
-rwxr-xr-x 1 analyst analyst 65 Apr 28 11:27 reg_server_start.sh
-rwxr-xr-x 1 analyst analyst 189 Dec 15 2016 start_ELK.sh
-rwxr-xr-x 1 analyst analyst 85 Dec 22 2016 start_miniedit.sh
-rwxr-xr-x 1 analyst analyst 76 Jun 22 11:38 start_pox.sh
-rwxr-xr-x 1 analyst analyst 106 Jun 27 09:47 start_snort.sh
-rwxr-xr-x 1 analyst analyst 61 May 4 11:45 start_tftpd.sh

c. The touch command is very simple and useful. It allows for the quick creation of an empty text file. Use the command below to create an empty file in the /mnt directory:

[analyst@secOps scripts]$ touch /mnt/myNewFile.txt
touch: cannot touch '/mnt/myNewFile.txt': Permission denied

[analyst@secOps ~]$ ls -l /mnt
total 4
drwxr-xr-x 2 root root 4096 Mar 3 11:13 second_drive

[analyst@secOps ~]$ ls -ld /mnt
drwxr-xr-x 3 root root 4096 Mar 3 15:43 /mnt

d. The chmod command is used to change the permissions of a file or directory. As before, mount the /dev/sdb1 partition on the /home/analyst/second_drive directory created earlier in this lab:

[analyst@secOps scripts]$ sudo mount /dev/sdb1 ~/second_drive/

e. Change to the second_drive directory and list the contents of it:

[analyst@secOps scripts]$ cd ~/second_drive
[analyst@secOps second_drive]$ ls -l
total 20
drwx------ 2 root root 16384 Mar 3 10:59 lost+found
-rw-r--r-- 1 root root 183 Mar 3 15:42 myFile.txt

View

Computer Science & Information Technology

Which of the following commands do you use to specify which MySQL database you want to use?

a. SWITCH b. USE c. USING d. INCLUDE

View

Computer Science & Information Technology