Monday, May 18, 2015

Packet analysis practice part 1 - Solutions

In the last post, I offered some extra questions for packet analysis in preparation for the GCIA exam.  In this post, I'll show the answers.  I'd put them in the same post, but I'm one of those people who can't help but see the answers if they are on the same page and that ruins the practice for me.

Answers:
=======
1. Middle fragment, MF is set. Offset is 32896 (convert 0x3010 to binary and take the low 13 bits, this is 4112. Multiply by 8 to get the answer).

2. First fragment, MF is set.  Offset is zero.

3. Last fragment, no flags are set.  Offset is (convert 0x1058 to binary and take the low 13 bits, this is 4184. Multiply by 8 to get the answer).

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.