in Computer Networks edited by
11,638 views
50 votes
50 votes

An IP machine $Q$ has a path to another $IP\ machine\ H$ via three $IP\ routers \ R1, R2,$ and $R3$.

$Q-R1-R2-R3-H$

$H$ acts as an $\text{HTTP}\ server$, and $Q$ connects to $H$ via $\text{HTTP}$ and downloads a file. Session layer encryption is used, with $\text{DES}$ as the shared key encryption protocol. Consider the following four pieces of information:

$[I1]$ The $\text{URL}$ of the file downloaded by $Q$

$[I2]$ The $\text{TCP}$ port numbers at $Q$ and $H$

$[I3]$ The $\text{IP}$ addresses of $Q$ and $H$

$[I4]$ The link layer addresses of $Q$ and $H$

Which of $I1$, $I2$, $I3$, and $I4$ can an intruder learn through sniffing at $R2$ alone? 

  1. Only $I1$ and $I2$
  2. Only $I1$
  3. Only $I2$ and $I3$
  4. Only $I3$ and $I4$
in Computer Networks edited by
11.6k views

3 Comments

Q1. Can intruder see the link layer addresses of R1 and R2?
Q2. Why can't intruder see the link layer addresses of Q and H ?

0
0
A1. Yes, the link layer addresses of R1 and R2 would be visible at Router R2. Since the link addresses are modified at every hop, it would be R2 and R3's addresses visible by sniffing at Router R3.

A2. Due to the above reason the link layer addresses of Q and H wouldn't be available at Router R2.
6
6
whithout DES encryption URL would be visible, right?
2
2

5 Answers

54 votes
54 votes
Best answer

[I1] intruder cant see URL because it is well encrypted by DES at session layer..
[I2] TCP PORT number available to intruder because TCP header contains source as well as destination address.

[I3] Network layer header contains Source as Well as Destination IP.
[I4] Link address unavailable because on sniffing at $R2$  intruder can see link address of $R$1, $R3$ ,only not link address of  $Q$ and $H$

Answer is C.

edited by

4 Comments

@srestha It is coz of Sniffing

0
0
Can somebody tell me that how TCP port number is in IP datagram?
0
0
Coz. Port Numbers are encapsulated in the payload field of IP datagram.
0
0
30 votes
30 votes
I1 is encrypted by DES at the Session layer so intruder can't see that.

I2 is a part of TCP header(below Session layer), so it is not encrypted. Obv., the intruder can see that.

I3 is a part of the IP header(below TCP layer), so again, it is not encrypted and the intruder can see that as well.

I4 is not a part of the DLL header(below the IP layer), since the DLL always contains the Mac Addresses of the immediate sender(previous hop-R1) and the immediate destination(next hop-R3), so the intruder cannot see I4.

So, answer - (C)

3 Comments

Router works at network layer. So how is it possible for someone to see TCP port numbers at the routers. As router doesn't have any visibility of Transport layer. Please explain
1
1
According to me ,
Router can't learn.
But attacker can learn bcoz attacker is sniffing.
4
4
TCP segment's port number would get included in the IP packet's payload, that's how.
1
1
9 votes
9 votes
An Intruder can’t learn [I1] through sniffing at R2 because 
URLs and Download are functioned at Application layer of OSI Model.

An Intruder can learn [I2] through sniffing at R2 because
Port Numbers are encapsulated in the payload field of IP Datagram.

An Intruder can learn [I3] through sniffing at R2 because IP 
Addresses and Routers are functioned at network layer of OSI Model.

An Intruder can’t learn [I4] through sniffing at R2 because 
it is related to Data Link Layer of OSI Model.
3 votes
3 votes
Router works at network layer. So it has only three layers.(physical,datalink,network). since the intruder is sniffing at R2 so intruder can only see the ip address of Q and H becoz the source and destination ip address can't change.

1 comment

someone  pls clarify answer if its C or only I3
0
0
Answer:

Related questions