Professional Documents
Culture Documents
Deteccion de Intrusos: Laboratorio # 2.tcpdump Using Filters
Deteccion de Intrusos: Laboratorio # 2.tcpdump Using Filters
Deteccion de intrusos
Nombre(s) Estudiante(s): ____________________________________________ Grupo:
_______
____________________________________________
Grupo: ______
____________________________________________ Grupo:
_______
____________________________________________
Grupo: ______
Se buscan los registros con un valor mayor a 45 en el primer byte, esto porque 4
corresponde a la versin IP y 5 a la longitud del encabezado IP, cualquier valor
mayor a 45 indica que el encabezado es ms grande del estndar y por lo tanto
tiene opciones.
Command used:
2.2 What is the IP header length in decimal of the first IP record:
(5 * 4) = 20 bytes
Command used:
2.3 What is the IP Version of the first record IP record:
Version 4
2.4 What is the payload length in decimal of the first IP record:
Cero
TCP
2.6Is there any TCP record that has options? Explain.
Se determina el tamao del header TPC hacienda uso del campo tpc[12]
buscando registros que contengan un valor mayor a 50.
Command used:
2.7 If there are any fragments in the data, what is the decimal value of the
fragment offset field found in the hex record?
Command used:
2^2
2^1
2^0
2^3
2^2
2^1
2^0
ECE
URG
ACK
PSH
RST
SYN
FIN
Command used:
2.10 How many records have the ACK flag set?:
Command used:
2.11 How many records have the RST or ACK flag set.
Command used:
2.12 How many records have either the RSTorACK flag set.
Command used:
2.13 How many records have exactly the RST and ACK flags set.
Command used:
2.14 How many records have the Push and ACK flags set?
Command used:
2.15 How many records have the Fin flag set?
Command used: