Prompt
Dissect an IP packet header to understand how the protocol works.
You can read this guide to learn more about computer networking.
Data
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
Tutorial Video
Walk-Through
This challenge involves following the IPv4 specification to interpret the data using the raw binary of an IP packet. A data manipulation tool, such as cyberchef, will help simplify certain data conversion steps when following the specification to interpret the data in the packet. While the provided quick-reference guide is helpful, it is recommend that you search for the original specification, which provides additional details on how to interpret the values for each header.
To solve the first question, follow the specification, which indicates that the header checksum is 2-bytes long, starting at an offset of 10 bytes from the beginning of the data packet.
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
Copying these 2 bytes into cyberchef and then running a binary to hex conversation will reveal the answer to this first question (try it out).
To solve the second question, follow the specification, which indicates that the Time-to-Live (TTL) is a 1-byte integer, starting at an offset of 8 bytes from the beginning of the packet.
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
Copying this byte into cyberchef and then converting the binary into a decimal value will reveal the answer to this first question (try it out).
To solve the third and fourth questions, follow the specification, which indicates that the source IP address is 4-bytes long, starting at an offset of 12 bytes from the beginning of the packet and that the destination IP address is 4-bytes long, starting at an offset of 16 bytes from the beginning of the packet.
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
These IP addresses can be parsed one-at-a-time by copying each 4-byte values into cyberchef and then utilizing the “from binary” recipe, followed by the “to hex” recipe, followed by the “change ip format” recipe with “hex” selected as the input format (try it out).
Questions
What is the header checksum in hexadecimal representation?
Convert the 2 bytes starting at an offset of 10 bytes from binary into hexadecimal
What is the TTL of the packet?
Convert the byte starting at an offset of 8 bytes from binary into decimal
What is the source IP address?
Convert the 4 bytes starting at an offset of 12 bytes from binary into decimal dot notation
What is the destination IP address?
Convert the 4 bytes starting at an offset of 16 bytes from binary into decimal dot notation
©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.