Here is a query from a current project – enjoy!
- You are examining a packet capture from your local network. What two determinations can you make from this output? (Choose 2)
a. This is a UDP packet
b. This is a TCP packet
c. The target destination is FTP
d. The target destination is HTTP
Correct Answer: b, d
Explanation: Due to its use of reliable transmissions, Transmission Control Protocol (TCP) uses many fields in its packet structure. These include:
- source TCP port number
- destination TCP port number
- sequence number
- acknowledgement number
- TCP data offset
- reserved data
- control flags
- window size
- TCP checksum
- urgent pointer
- TCP optional data
In contrast, the unreliable User Datagram Protocol (UDP) packets feature these simple fields:
- source port number
- destination port number
- length
- checksum
From the destination TCP port number here of 80, you can determine the intended target service is the Hypertext Transfer Protocol (HTTP). Know the following common ports for this exam:
| Port Number | TCP or UDP | Protocol |
| 20 | TCP | FTP Data |
| 21 | TCP | FTP Control |
| 22 | TCP | SSH |
| 23 | TCP | Telnet |
| 25 | TCP | SMTP |
| 53 | UDP | DNS |
| 67, 68 | UDP | DHCP |
| 69 | UDP | TFTP |
| 80 | TCP | HTTP |
| 110 | TCP | POP3 |
| 161 | UDP | SNMP |
| 443 | TCP | SSL/TLS |
| 514 | UDP | Syslog |
| 520 | UDP | RIP |
you can determinate that this is TCP because UPD dose not do ACK’s
and you can assume that it should be HTTP because 80 is a well known port number for HTTP, but it could be anything that runs on tcp 🙂
B and D
Answer:
b. This is a TCP packet
d. The target destination is HTTP
[Source port 49993 (FTP Server web Interface Port) & Destination port 80 (HTTP), sequence numbers & acknowledgement number represent it’s a TCP packet & target destination is HTTP.]
B & D
B and D
B & D 🙂
port 80, must be http which utilizes tcp. B and D.
B
D
Tcp and http 🙂
Its already quite obvious since everybody let the cat out of the bag that the answer is b and d. My justification would be that the destianation port 80 is a well known TCP port number which happens to represent HTTP so even without looking at the ACK packet, you can tell that this is a TCP packet With an HTTP target destination
B
D
B: Acks = TCP protocol
C: Port 80 is HTTP protocol
B
D*
B and D. The destination port of 80 is a well known port for HTTP. Also you can see that there is an acknowledgement in this packet, which means that it is a TCP packet and not UDP.
B & D.
B & D
TCP w/ ACK seq number and HTTP uses TCP port 80
Answer:
b. This is a TCP packet – TCP because i see an ACK.
d. The target destination is HTTP – The Destination Port is 80 (well known port for HTTP)
B and D
Also this is an IPv4 packet. Extra credit :-0
TCP is also a byte header if my grey matter still remembers
B. TCP packet
D. target destination is HTTP
Between ACKs and windowing, it is utilizing TCP. And it’s likely HTTP due to the well known port 80.
B. TCP packet
D. target destination is HTTP
Between ACKs and windowing, it is utilizing TCP. And it’s likely HTTP due to the well known port 80.