Same scenario - but digging into the Packet Bytes Pane of Wireshark. If we didn't have...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Same scenario - but digging into the "Packet Bytes Pane" of Wireshark. If we didn't have Wireshark installed on a host that we had compromised, we might have to use something with far fewer features like the tcpdump command, or some other really lightweight tool. This kind of tool may only be able to give us the raw output-without any kind of analysis to help us - which would essentially be just like the information we see in the Packet Bytes Pane. (Which starts with 0000 and a lot of ff ff ff...) We know the IP address of the host sending the ARP packet is 10.0.0.155, and we know it is in that list of bytes somewhere. So, using "Base 10 notation" at what "byte offset" can we find that IP address? A few things to keep in mind... Each row starts at an offset of "0" (zero) so the offset of the first "29" in the top row is 8, even though it is the 9th value. So, watch out for the dreaded "off by one" error. Also, keep in mind that the display is showing you the information in hexadecimal and not "Base 10" so you aren't going to see "155" displayed in there, you will have to convert it to hexadecimal first. (Note: Programmer mode in the Windows calculator can handle that conversion.) File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help Q Q Q Apply a display filter_. Time Source No. Destination Protocol DNS 192.168.179.133 192.168.179.1 50 47.058499727 51 47.583848694 00:00:29:10:0a:7b ff:ff:ff:ff:ff:ff ARP 52 50.591394849 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 53 51.591794493 00:00:29:10:0a:7b ff:ff:ff:ff:ff:ff ARP 54 52.063859550 192.168.179.133 192.168.179.1 DNS 55 52.591445128 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 56 55.596696205 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 57 56.595802686 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 58 57.070890507 192.168.179.133 192.168.179.1 DNS 59 57.595719095 00:0c:29:11:0a:7b ff:ff:ff:ff:ff:ff ARP 60 60.682046093 00:00:29:10:0a:7b ff:ff:ff:ff:ff:ff ARP 61 61.599700647 00:0c:29:1d:0a:7b fr:ff:ff:fr:ff:ff ARP 62 62.076318924 192.168.179.133 192.168.179.1 DNS Destination: ff:ff:ff:ff:ff:ff Address: ff:ff:ff:ff:ff:ff ......1. ...1.... Wireshark. Packet 52. eth0 Frame 52: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface e - Ethernet II, Src: 00:0c:29:1d:0a:7b, Dst: ff:ff:ff:ff:ff:ff Source: 00:0c:29:1d:0a:7b Address: 00:0c:29:1d:0a:7b ......0. Type: ARP (0x0806) Padding: 00000000000000000000000000000 = LG bit: Locally administered address (this is NOT the = IG bit: Group address (multicast/broadcast) Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 0000 ff ff ff ff ff ff 00 0c 0010 08 00 06 04 00 01 00 0c 0020 00 00 00 00 00 00 0a 00 0030 00 00 00 00 00 00 00 00 = LG bit: Globally unique address (factory default) = IG bit: Individual address (unicast) Protocol size: 4 Opcode: request (1) Sender MAC address: 00:0c:29:1d:0a:7b Sender IP address: 10.0.0.155 Length Info 81 Standard query 8x17a6 A WORKGROUP.localdomain 60 who has 10.0.8.1? Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 81 Standard query 8x17a6 A WORKGROUP.localdomain 60 Who has 10.0.0.1? Tell 10.0.0.155 Target MAC address: 00:00:00:00:00:00 Target IP address: 10.0.0.1 60 Who has 10.0.0.1? Tell 10.0.0.155 60 who has 10.0.8.1? Tell 10.0.0.155 69 Standard query 8x9fb6 A WORKGROUP 60 Who has 10.0.0.17 Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 69 Standard query 8x9fb6 A WORKGROUP 29 1d ea 7b 08 06 00 01 29 1d Ba 7b Ba 88 88 9b 00 01 00 00 00 00 00 00 00 00 00 00 )..(. j... Same scenario - but digging into the "Packet Bytes Pane" of Wireshark. If we didn't have Wireshark installed on a host that we had compromised, we might have to use something with far fewer features like the tcpdump command, or some other really lightweight tool. This kind of tool may only be able to give us the raw output-without any kind of analysis to help us - which would essentially be just like the information we see in the Packet Bytes Pane. (Which starts with 0000 and a lot of ff ff ff...) We know the IP address of the host sending the ARP packet is 10.0.0.155, and we know it is in that list of bytes somewhere. So, using "Base 10 notation" at what "byte offset" can we find that IP address? A few things to keep in mind... Each row starts at an offset of "0" (zero) so the offset of the first "29" in the top row is 8, even though it is the 9th value. So, watch out for the dreaded "off by one" error. Also, keep in mind that the display is showing you the information in hexadecimal and not "Base 10" so you aren't going to see "155" displayed in there, you will have to convert it to hexadecimal first. (Note: Programmer mode in the Windows calculator can handle that conversion.) File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help Q Q Q Apply a display filter_. Time Source No. Destination Protocol DNS 192.168.179.133 192.168.179.1 50 47.058499727 51 47.583848694 00:00:29:10:0a:7b ff:ff:ff:ff:ff:ff ARP 52 50.591394849 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 53 51.591794493 00:00:29:10:0a:7b ff:ff:ff:ff:ff:ff ARP 54 52.063859550 192.168.179.133 192.168.179.1 DNS 55 52.591445128 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 56 55.596696205 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 57 56.595802686 00:00:29:1d:0a:7b ff:ff:ff:ff:ff:ff ARP 58 57.070890507 192.168.179.133 192.168.179.1 DNS 59 57.595719095 00:0c:29:11:0a:7b ff:ff:ff:ff:ff:ff ARP 60 60.682046093 00:00:29:10:0a:7b ff:ff:ff:ff:ff:ff ARP 61 61.599700647 00:0c:29:1d:0a:7b fr:ff:ff:fr:ff:ff ARP 62 62.076318924 192.168.179.133 192.168.179.1 DNS Destination: ff:ff:ff:ff:ff:ff Address: ff:ff:ff:ff:ff:ff ......1. ...1.... Wireshark. Packet 52. eth0 Frame 52: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface e - Ethernet II, Src: 00:0c:29:1d:0a:7b, Dst: ff:ff:ff:ff:ff:ff Source: 00:0c:29:1d:0a:7b Address: 00:0c:29:1d:0a:7b ......0. Type: ARP (0x0806) Padding: 00000000000000000000000000000 = LG bit: Locally administered address (this is NOT the = IG bit: Group address (multicast/broadcast) Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 0000 ff ff ff ff ff ff 00 0c 0010 08 00 06 04 00 01 00 0c 0020 00 00 00 00 00 00 0a 00 0030 00 00 00 00 00 00 00 00 = LG bit: Globally unique address (factory default) = IG bit: Individual address (unicast) Protocol size: 4 Opcode: request (1) Sender MAC address: 00:0c:29:1d:0a:7b Sender IP address: 10.0.0.155 Length Info 81 Standard query 8x17a6 A WORKGROUP.localdomain 60 who has 10.0.8.1? Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 81 Standard query 8x17a6 A WORKGROUP.localdomain 60 Who has 10.0.0.1? Tell 10.0.0.155 Target MAC address: 00:00:00:00:00:00 Target IP address: 10.0.0.1 60 Who has 10.0.0.1? Tell 10.0.0.155 60 who has 10.0.8.1? Tell 10.0.0.155 69 Standard query 8x9fb6 A WORKGROUP 60 Who has 10.0.0.17 Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 60 Who has 10.0.0.1? Tell 10.0.0.155 69 Standard query 8x9fb6 A WORKGROUP 29 1d ea 7b 08 06 00 01 29 1d Ba 7b Ba 88 88 9b 00 01 00 00 00 00 00 00 00 00 00 00 )..(. j...
Expert Answer:
Related Book For
International Marketing And Export Management
ISBN: 9781292016924
8th Edition
Authors: Gerald Albaum , Alexander Josiassen , Edwin Duerr
Posted Date:
Students also viewed these computer network questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Design a Java class that represents a cache with a fixed size. It should support operations like add, retrieve, and remove, and it should evict the least recently used item when it reaches capacity.
-
(a) Victor and Maria regularly buy and sell a number of items on eBay, Craig's List, and through the free community newspaper, from which they earn about $4,000 each year. What is the accumulated...
-
Answer questions (a)-(e) in the preceding problem under the assumption that the original cross was a+ b/a+ b a b+/a b+.
-
How do managers make decisions to implement strategy?
-
Identify the main drawbacks of a corporate firm.
-
Mike Szabo Company engaged in the following transactions during the month of December: December 2 Made credit sales of $4,000 (accepted accounts receivable). 6 Made cash sales of $2,500. 10 Paid...
-
15 16 17 18 In 1987, an agreement was formulated by the United Nations Environment Programme (UNEP) to freeze the production of "X" to prevent depletion of "Y". "X" and "Y" respectively referred here...
-
Telstar uses job order costing. The T-accounts below summarize its production activity for the year. 1. Compute the amount for each of the following. a. Direct materials used b. Indirect materials...
-
An infinite plane with a surface charge density of ps = 7 C/m^2. find the magnitude of the electric field in [kV/m] at a distance of 1 mm from the plane. O a. 1581.17 O b. 395.29 c. 197.65 O d....
-
liam's mother had 2 pies one was chocolate and one was lemon she game liam of the lemon pies and she gave his brothers of the chocolate pie how much more pied did she give liam?
-
17. (10 points) Bob loans $10,000 to Jim at a nominal annual rate of 8%, convertible monthly. You are given the following information: 1. Jim makes payments at the beginning of each month, starting...
-
one a certain senate subcommittee there are five senators , allen, beau, corbin, dean, and ellen. three of these members are to be appointed to a subcommittee. how many possible subcommittees are...
-
You are starting a business selling products A and B. The making of one product A requires 60 minutes of labor and its materials that cost P21. The making of one product B requires 35 minutes of...
-
In the context of trading and risk systems quantitative development: A) What are low level and high-level programming? Explain and provide at least two examples of each. B) Explain the three layers...
-
A certain alarm clock ticks four times each second, with each tick representing half a period. The balance wheel consists of a thin rim with radius 0.60 cm , connected to the balance staff by thin...
-
1. Firms may hold financial assets to earn returns. How the firm would classify financial assets? What treatment will such financial assets get in the financial statements in accordance with US GAAP...
-
Hong Kongs unequalled bridging role linking European firms with China presented itself as an ideal opportunity for former corporate banker Jennifer Chan. After founding Sinova Management Consultancy...
-
Identify the potential barriers (or obstacles) that face companies considering or expanding international marketing operations. Which are the most important and which are less important? Explain.
-
If not for Hong Kong, Sonya Madden believes she could never have made the quantum leap from investment banker to international fashion designer. Basing her business close to the supplies enabled the...
-
Eugene Fama and Robert Shiller recently won the Nobel Prize in economics. Go to http://nobelprize.org/nobel_prizes/economics/ and locate the press release on Eugene Fama and Robert Shiller. What was...
-
Visit the Bloomberg Markets website at www.bloomberg.com/markets/stocks. Their interactive graph allows you to see cumulative returns for individual stocks as well as market indices. Over the last...
-
Compute the price of a share of stock that pays a \($5\) per year dividend and that you expect to be able to sell in one year for \($40\), assuming you require a 5% return.
Study smarter with the SolutionInn App