edited by
14,625 views
50 votes
50 votes

An IP machine $Q$ has a path to another $IP\ machine\ H$ via three $IP\ routers \ R1, R2,$ and $R3$.

$Q-R1-R2-R3-H$

$H$ acts as an $\text{HTTP}\ server$, and $Q$ connects to $H$ via $\text{HTTP}$ and downloads a file. Session layer encryption is used, with $\text{DES}$ as the shared key encryption protocol. Consider the following four pieces of information:

$[I1]$ The $\text{URL}$ of the file downloaded by $Q$

$[I2]$ The $\text{TCP}$ port numbers at $Q$ and $H$

$[I3]$ The $\text{IP}$ addresses of $Q$ and $H$

$[I4]$ The link layer addresses of $Q$ and $H$

Which of $I1$, $I2$, $I3$, and $I4$ can an intruder learn through sniffing at $R2$ alone? 

  1. Only $I1$ and $I2$
  2. Only $I1$
  3. Only $I2$ and $I3$
  4. Only $I3$ and $I4$
edited by

5 Answers

Best answer
56 votes
56 votes

[I1] intruder cant see URL because it is well encrypted by DES at session layer..
[I2] TCP PORT number available to intruder because TCP header contains source as well as destination address.

[I3] Network layer header contains Source as Well as Destination IP.
[I4] Link address unavailable because on sniffing at $R2$  intruder can see link address of $R$1, $R3$ ,only not link address of  $Q$ and $H$

Answer is C.

edited by
30 votes
30 votes
I1 is encrypted by DES at the Session layer so intruder can't see that.

I2 is a part of TCP header(below Session layer), so it is not encrypted. Obv., the intruder can see that.

I3 is a part of the IP header(below TCP layer), so again, it is not encrypted and the intruder can see that as well.

I4 is not a part of the DLL header(below the IP layer), since the DLL always contains the Mac Addresses of the immediate sender(previous hop-R1) and the immediate destination(next hop-R3), so the intruder cannot see I4.

So, answer - (C)
10 votes
10 votes
An Intruder can’t learn [I1] through sniffing at R2 because 
URLs and Download are functioned at Application layer of OSI Model.

An Intruder can learn [I2] through sniffing at R2 because
Port Numbers are encapsulated in the payload field of IP Datagram.

An Intruder can learn [I3] through sniffing at R2 because IP 
Addresses and Routers are functioned at network layer of OSI Model.

An Intruder can’t learn [I4] through sniffing at R2 because 
it is related to Data Link Layer of OSI Model.
3 votes
3 votes
Router works at network layer. So it has only three layers.(physical,datalink,network). since the intruder is sniffing at R2 so intruder can only see the ip address of Q and H becoz the source and destination ip address can't change.
Answer:

Related questions

19 votes
19 votes
4 answers
1
go_editor asked Sep 26, 2014
6,950 views
Which of the following are used to generate a message digest by the network security protocols?RSASHA-$1$DESMD5I and III onlyII and III onlyII and IV onlyIII and IV only
39 votes
39 votes
12 answers
2