This packet was taken from a packet sniffer that monitors a Web server.
This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the
standard hexdump representation of a network packet, before being decoded. A hexdump has
three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This
packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP
header ending in two line-feeds (0D 0A 0D 0A) and then the data. By examining the packet
identify the name and version of the Web server?
A.
Apache 1.2
B.
IIS 4.0
C.
IIS 5.0
D.
Linux WServer 2.3
Explanation:
We see that the server is Microsoft,but the exam designer didn’t want to make it easy for you. So
what they did is blank out the IIS 4.0. The key is in line “0B0” as you see:
0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 ..Microsoft
49 is I,so we get II
53 is S,so we get IIS
2F is a space
34 is 4
2E is .
30 is 0
So we get IIS 4.0
The answer is B
If you don’t remember the ASCII hex to Character,there are enough characters and numbers
already converted. For example,line “050” has STRIDER which is 53 54 52 49 44 45 52 and gives
you the conversion for the “I:” and “S” characters (which is “49” and “53”).
Or you could see the 1999 date and assume its a real old version, and go fo the oldest IIS