At this stage, you should be a Wireshark expert. Thus, we are not going to spell out the steps as explicitly as in earlier labs. In particular, we are not going to provide example screenshots for all the steps.

1. Start capturing packets in Wireshark and then do something that will cause your host to send and receive several UDP packets (Note that DNS is using UDP for communications. You can use nslookup commands in Lab 4 to generate DNS packets for UDP). Its also likely that just by doing nothing (except capturing packets via Wireshark) that some UDP packets sent by others will appear in your trace. In particular, the Simple Network Management Protocol (SNMP see section 5.7 in the text) sends SNMP messages inside of UDP, so its likely that youll find some SNMP messages (and therefore UDP packets) in your trace.

2. After stopping packet capture, set your packet filter so that Wireshark only displays the UDP packets sent and received at your host.

3. Pick one of these UDP packets and expand the UDP header fields in the details window.

Answer the following questions in your lab report. When answering questions below, you should submit the screenshot of the packet(s) that you used to answer the question asked.

4. Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. (You shouldnt look in the textbook! Answer these questions directly from what you observe in the packet trace.) List the names of these fields. 5. By consulting the displayed information in Wiresharks packet content field for this packet, determine the length (in bytes) of each of the UDP header fields. For example, in the following figure, by selecting the source port field in the UDP header in the header window, we can find out that the source port field is 2 bytes. 6. The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet. 7. What is the size (in bytes) of the UDP payload? (Hint: the answer to this question can be determined by your answer to 5 and 6 above) 8. What is the largest possible source port number? 9. Examine a pair of UDP packets in which your host sends the first UDP packet and the second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response to a first packet, the sender of the first packet should be the destination of the second packet). Describe the relationship between the port numbers in the two packets.