The Gateway to Computer Science Excellence
First time here? Checkout the FAQ!
+35 votes

An IP machine Q has a path to another IP machine H via three IP routers R1, R2, and R3.


H acts as an HTTP server, and Q connects to H via HTTP and downloads a file. Session layer encryption is used, with DES as the shared key encryption protocol. Consider the following four pieces of information:

$[I1]$ The URL of the file downloaded by Q 

$[I2]$ The TCP port numbers at Q and H 

$[I3]$ The IP addresses of Q and H 

$[I4]$ The link layer addresses of Q and H 

Which of $I1$, $I2$, $I3$, and $I4$ can an intruder learn through sniffing at R2 alone? 

  1. Only $I1$ and $I2$
  2. Only $I1$
  3. Only $I2$ and $I3$
  4. Only $I3$ and $I4$
asked in Computer Networks by Veteran (99.8k points)
edited by | 3.7k views

Q1. Can intruder see the link layer addresses of R1 and R2?
Q2. Why can't intruder see the link layer addresses of Q and H ?

A1. Yes, the link layer addresses of R1 and R2 would be visible at Router R2. Since the link addresses are modified at every hop, it would be R2 and R3's addresses visible by sniffing at Router R3.

A2. Due to the above reason the link layer addresses of Q and H wouldn't be available at Router R2.
whithout DES encryption URL would be visible, right?

6 Answers

+28 votes
Best answer

[I1] intruder cant see URL because it is well encrypted by DES at session layer..
[I2] TCP PORT number available to intruder because TCP header contains source as well as destination address.

[I3] Network layer header contains Source as Well as Destination IP.
[I4] Link address unavailable because on sniffing at $R2$  intruder can see link address of $R$1, $R3$ ,only not link address of  $Q$ and $H$

Answer is C.

answered by Veteran (55.1k points)
edited by
Your forgot to comment on IP address.
Network layer header contains Source as Well as Destination IP. Anything interesting ??
Well I know that :) Maybe somebody might not know ! Felt like it should be there, for sake of completeness !
@digvijay, Why can't intruder be able to see link address of Q & H at R2 unlike at R1 & R3.?????
How TCP port number visible to router as it has only 3 layer; Physical, DLL, Network.

router doesnt contain transport layer, so how it is able to look into port no [email protected]
I think Sniffer uses SPAN(switched packet analyzer) to receive a copy of each packet send from one host to other at it can analyze the packet and can know upto transport layer...but since packet is encrypted at session layer ,so it can't know about data or url of host. @Rajesh Raj
Because During Journey of Packet from Q to H, PORT Number which is added by Q by Transport Layer wil not change thats why Intruder can see port number therefore I2 is true

And IP address of Source and Destination will also not change therefore i3 is also true

only mac addresses will change and URL is encrypted as mentioned by DES
@rude , @habib khan , @rajesh pradhan bro tell me "How TCP port number visible to router as it has only 3 layer; Physical, DLL, Network."
The intruder will be able to see TCP port nos. although it belongs to transport layer because TCP segment is in the payload of IP datagram
@digvijay  how can an intruder see TCP port number on router R2 ...router contains only up to network layer right ??
@Tuhin dutta TCP segment is in the payload of IP datagram that is correct but it will be uncovered on a device which has transport layer. we can only wrap off up to IP header and that doesnt contain the port number.some  body please explain it with valid reasons.
Since the IP datagram contains within the TCP segment the intruder can see the TCP port nos( bcz intruder has access to datagram) but not beyond that.Now, this is bcz from session layer onwards it is encrypted till application or message.
@ Tuhin yeah now i got it thanxxx :)
If session layer encryption is not used then sniffer can also see through URL of the file downloaded by Q??
Nice explanation.
+22 votes
I1 is encrypted by DES at the Session layer so intruder can't see that.

I2 is a part of TCP header(below Session layer), so it is not encrypted. Obv., the intruder can see that.

I3 is a part of the IP header(below TCP layer), so again, it is not encrypted and the intruder can see that as well.

I4 is not a part of the DLL header(below the IP layer), since the DLL always contains the Mac Addresses of the immediate sender(previous hop-R1) and the immediate destination(next hop-R3), so the intruder cannot see I4.

So, answer - (C)
answered by Active (3.2k points)
Router works at network layer. So how is it possible for someone to see TCP port numbers at the routers. As router doesn't have any visibility of Transport layer. Please explain
According to me ,
Router can't learn.
But attacker can learn bcoz attacker is sniffing.
+6 votes
An Intruder can’t learn [I1] through sniffing at R2 because 
URLs and Download are functioned at Application layer of OSI Model.

An Intruder can learn [I2] through sniffing at R2 because
Port Numbers are encapsulated in the payload field of IP Datagram.

An Intruder can learn [I3] through sniffing at R2 because IP 
Addresses and Routers are functioned at network layer of OSI Model.

An Intruder can’t learn [I4] through sniffing at R2 because 
it is related to Data Link Layer of OSI Model.
answered by Loyal (8.3k points)
+3 votes
Router works at network layer. So it has only three layers.(physical,datalink,network). since the intruder is sniffing at R2 so intruder can only see the ip address of Q and H becoz the source and destination ip address can't change.
answered by Active (4.7k points)
someone  pls clarify answer if its C or only I3
+2 votes
Answer : C
answered by (39 points)
hey can you please explain your ans ?
I don't know the exact reason I'm making a guess here.. Please tell me whether my guess is correct or not for the reason...

Encryption happens at session also it is clearly mentioned..

So from session layer and above session layer intruder can not analyze the data and get information from it...

I1: He can not make URL, since URL is of application layer information because he can't make url from packet snifing because packet is well encrypted..!!

I2: TCP port can be made through packet sniffing because this information comes below session layer, so it was not encrypted..

I3: same reason as that of I2

I4: Only from R2 he can not make link layer of address of Q and H.. because it is a point to point address.. when a packet comes, it has link address of R1 and R2.. when a packet goes from this router it has address of R2 and R3..Link address keep on changing from one router to another but not IP and TCP port.. So he can't make link address of Q and H, by having access to R2 only.

let me know if I m wrong!!
No, its not that like the layer above session are only encrypted and so the URL remains safe.

Actually, its the general SSL encryption to wrap HTML. (See . And in actual SSL encryption happens in session layer ( that's why the name => sessiin layer encryption). And all this is basically done for securing iur data.

Now, in given question all data exchanged should be secured (and so does the URL). And as you MUST not violate your basic objective of "communication of machines" , you will always require port nos, ip addreses and MAC(dll) addresses, so you cant encrypt these. But, as MAC address is only exposed from Link-to-Link fashion, one can never find Mac id of Q and H by sniffing at R2 alone.
0 votes
answered by (15 points)

Related questions

Quick search syntax
tags tag:apple
author user:martin
title title:apple
content content:apple
exclude -tag:apple
force match +apple
views views:100
score score:10
answers answers:2
is accepted isaccepted:true
is closed isclosed:true

38,203 questions
45,703 answers
49,752 users