By examining the packet identify the name and version of the Web server?

This packet was taken from a packet sniffer that monitors a Web server.

This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standard hexdump representation of a network packet, before being decoded. A hexdump has three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP header ending in two line-feeds (0D 0A 0D 0A) and then the data.

By examining the packet identify the name and version of the Web server?
A . Apache 1.2
B . IIS 4.0
C . IIS 5.0
D . Linux WServer 2.3

View Answer

Answer: B

Explanation:

We see that the server is Microsoft, but the exam designer didn’t want to make it easy for you. So what they did is blank out the IIS 4.0. The key is in line “0B0” as you see:

0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 ..Microsoft

49 is I, so we get II

53 is S, so we get IIS

2F is a space

34 is 4

2E is .

30 is 0

So we get IIS 4.0

The answer is B

If you don’t remember the ASCII hex to Character, there are enough characters and numbers already converted. For example, line “050” has STRIDER which is 53 54 52 49 44 45 52 and gives you the conversion for the “I:” and “S” characters (which is “49” and “53”).