UDP WireShark Lab

***** I KNOW THERE ARE ALREADY EXISTING ANSWERS TO THIS QUESTION, BUT PLEASE CAPTURE YOUR OWN PACKETS FOR THIS ONE AND SEND THE SCREENSHOT FOR EACH QUESTION. IF I SEE THAT SOMEONE COPIED AND PASTED ANOTHER SOURCE FOR THIS LAB, I WILL REPORT YOUR ANSWER AND THUMB YOU DOWN*****

in this lab, well take a quick look at the UDP transport protocol. As we saw in Chapter 3 of the text 1 , UDP is a streamlined, no - f rills protocol. You may want to re - read section 3,3 in the text before doing this lab. Because UDP is simple and sweet, well be able to cover it pretty quickly in this lab. So if youve another appointment to run off to in 30 minutes, no need to worry, as you should be able to finish this lab with ample time to spare.

At this stage, you should be a Wires hark expert. Thus, we are not going to spell out the steps as explicitly as in earlier labs. In particular, we are not going to provide example screenshots for all the steps.

The Assignment

Start capturing packets in Wireshark and then do something that will cause your host to send and receive several UDP packets. It s also likely that just by doing nothing (except capturing packets via Wireshark) that some UDP packets sent by others will appear in your trace. In particular , the Simple Network Managemen t Protocol (SNMP - chapter 9 in the text) sends SNMP messages inside of UDP, so its likely that youll find some SNMP messages (and therefore UDP packets) in your trace. After stopping packet capture, set your packet filter so that Wireshark only displa ys the UDP packets sent and received at your host. Pick one of these UDP packets and expand the UDP fields in the details window. If you are unable to find UDP packets or are unable to run Wireshark on a live network connection, you can download a packet trace containing some UDP packets.

Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout 3 to explain your answer. To print a packet, use File - >Print , choose Selected packet only , choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question.

1. Select one UDP packet from you r trace . From this packet, determine how many fields there are in the UDP header. ( You shouldnt look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields.

2. By consulting the displayed information in Wiresharks packet content field for this packet , determi ne the length (in bytes) of each of the UDP header fields.

3. The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet.

4. What is the maximum number of bytes that c an be in cluded in a UDP payload? (Hint: the answer to this question can be determined by your answer to 2. above)

5. What is the largest possible source port number? (Hint: see the hint in 4.)

6. What is the protocol number for UDP? Give your answer in both hex adecimal and decimal notation. To answer this question, youll need to look into the Protocol field of the IP datagram containing this UDP segment (see Figure 4.13 in the text, and the discussion of IP header fields).

7. Examine a pair of UDP packets in which your h ost sends the first UDP packet and the second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response to a first packet, the sender of the first packet should be the destination of the second packet). Describe the relationship between the port numbers in the two packets.