[go: up one dir, main page]
Scribd
Upload
809 views3 pages

Solution: Wireshark Lab: UDP

The document discusses a lab exercise analyzing UDP packets captured in a Wireshark trace. It contains 7 questions about UDP headers and port numbers that can be answered by examining the details of the packets in the trace, such as the source/destination ports and IP addresses of communicating hosts.

Uploaded by

UmmeHaniAsif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
809 views3 pages

Solution: Wireshark Lab: UDP

The document discusses a lab exercise analyzing UDP packets captured in a Wireshark trace. It contains 7 questions about UDP headers and port numbers that can be answered by examining the details of the packets in the trace, such as the source/destination ports and IP addresses of communicating hosts.

Uploaded by

UmmeHaniAsif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Wireshark Lab: UDP

SOLUTION
Supplement to Computer Networking: A Top-Down
Approach, 7th ed., J.F. Kurose and K.W. Ross

© 2005-2016, J.F Kurose and K.W. Ross, All Rights Reserved

The answers below are based on the trace file http-ethereal-trace-5, in


http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip

Here is what is printed out for packet 1 in this trace:


No. Time Source Destination
Protocol Length Info
1 0.000000 192.168.1.102 192.168.1.104 SNMP
92 get-request 1.3.6.1.4.1.11.2.3.9.4.2.1.2.2.2.1.0

Frame 1: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)


Ethernet II, Src: DellComp_4f:36:23 (00:08:74:4f:36:23), Dst:
Hewlett-_61:eb:ed (00:30:c1:61:eb:ed)
Internet Protocol Version 4, Src: 192.168.1.102 (192.168.1.102),
Dst: 192.168.1.104 (192.168.1.104)
User Datagram Protocol, Src Port: 4334 (4334), Dst Port: snmp (161)
Source port: 4334 (4334)
Destination port: snmp (161)
Length: 58
Checksum: 0x65f8 [validation disabled]
Simple Network Management Protocol

1. Select one UDP packet from your trace. From this packet, determine how many
fields there are in the UDP header. (You shouldn’t look in the textbook! Answer
these questions directly from what you observe in the packet trace.) Name these
fields. Answer: There are four fields in the header: source port, destination port,
Length, and checksum.

2. By consulting the displayed information in Wireshark’s packet content field for


this packet, determine the length (in bytes) of each of the UDP header fields.
Answer: by clicking on the source port field (top red circle in the figure below),
we see the value corresponding to that port number value in the packet content
window at the bottom of the Wireshark display. The port number is shown as a
hexadecimal number (small lower left red circle) and in ASCII format (small
lower right red circle), and is two bytes long.
Two  bytes  for  source  port  

3. The value in the Length field is the length of what? (You can consult the text for
this answer). Verify your claim with your captured UDP packet. Answer: The
UDP length field is the length of the header and data fields of the UDP segment,
measured in bytes).” The displayed packet has a length field of 58 bytes. We
know there are 8 byres of header. If we look at the packet content field, we also
find 50 bytes of hexadecimal or ASCII-encoded data which corresponds to the
payload of this UDP segment.
4. What is the maximum number of bytes that can be included in a UDP payload?
(Hint: the answer to this question can be determined by your answer to 2. above).
Answer: Since there are only 16 bits, the maximum length of a UDP segment
(including header) is 2**16 -1 or 65535 bytes.
5. What is the largest possible source port number? (Hint: see the hint in 4.) Answer:
Since there are only 16 bits, the maximum source port number is 2**16 -1 or
65535 bytes.
6. What is the protocol number for UDP? Give your answer in both hexadecimal and
decimal notation. To answer this question, you’ll need to look into the Protocol
field of the IP datagram containing this UDP segment (see Figure 4.13 in the text,
and the discussion of IP header fields). Answer: UDP has a protocol number of
17 (this number is displayed in Wireshark as the value of the “protocol:” field in
the IPV4 datagram.
7. Examine a pair of UDP packets in which the first packet is sent by your host and
the second packet is a reply to the first packet. Describe the relationship between
the port numbers in the two packets. Answer: Let’s look at packets 1 and 2 in the
trace. These packets carry SNMP application-level messages encapsulated inside
of UDP. (Got that? If not, re-read section 1.5 and Figure 1.24 in the text, in
particular) The IP address of the sender of packet 1 is the IP address of the
destination of packet 2, and the IP address of the destination of packet 1 is the IP
address of the sender of packet 2, The names in the Info field of get-request and
get-response suggest that the second packet (a response) is sent in reply to the
first packet (a request). Indeed this is the case. The value of the source port in
packet 1 is the value of the destination port of packet 2; the value of the
destination port of packet 1 is the value of the source port of packet 2,

You might also like