Exploring the intricacies of the User Datagram Protocol (UDP) through the lens of Wireshark, a popular network protocol analyzer, offers profound insights into networking fundamentals and packet analysis. The Cover Wireshark UDP form, a detailed solution guide supplementing the esteemed textbook "Computer Networking: A Top-Down Approach" by J.F. Kurose and K.W. Ross, elucidates various aspects of UDP packet examination. Highlighted within this comprehensive guide are the specific attributes of a selected UDP packet—sourced from the trace file http-ethereal-trace-5—such as the identification and analysis of header fields, which include source port, destination port, length, and checksum. This guide meticulously explains how to determine the byte length of each field solely through Wireshark’s interface, without the need to consult external textbooks. Furthermore, it discusses the overall length of the UDP segment, touching on the conceptual maximums for payload size and port numbers grounded in binary limitations. Additionally, the protocol number for UDP is identified, enhancing understanding of its position within the networking ecosystem. By examining the interaction between paired UDP packets, namely a request and its response, the document sheds light on the dynamic nature of port numbers within communication sessions. This exploration not only serves as a practical guide for using Wireshark to analyze UDP packets but also deepens the reader's comprehension of network protocols and their operational mechanics.
| Question | Answer |
|---|---|
| Form Name | Cover Wireshark Udp Form |
| Form Length | 3 pages |
| Fillable? | No |
| Fillable fields | 0 |
| Avg. time to fill out | 45 sec |
| Other names | Wireshark_UDP_S OLUTION_v6.1 cover wireshark udp form |
WIRESHARK LAB: UDP
SOLUTION
Supplement to Computer Networking: A
Approach, 6th ed., J.F. Kurose and K.W. Ross
©
The answers below are based on the trace file
Here is what is printed out for packet 1 in this trace:
No. |
Time |
Source |
Destination |
|
Protocol Length Info |
|
|
|
|
|
1 0.000000 |
192.168.1.102 |
192.168.1.104 |
SNMP |
92 |
|
|||
Frame 1: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: DellComp_4f:36:23 (00:08:74:4f:36:23), Dst:
Internet Protocol Version 4, Src: 192.168.1.102 (192.168.1.102),
Dst: 192.168.1.104 (192.168.1.104)
User Datagram Protocol, Src Port: 4334 (4334), Dst Port: snmp (161) Source port: 4334 (4334)
Destination port: snmp (161)
Length: 58
Checksum: 0x65f8 [validation disabled] Simple Network Management Protocol
1.Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. (You shouldn’t look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields. Answer: There are four fields in the header: source port, destination port, Length, and checksum.
2.By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields. Answer: by clicking on the source port field (top red circle in the figure below), we see the value corresponding to that port number value in the packet content window at the bottom of the Wireshark display. The port number is shown as a hexadecimal number (small lower left red circle) and in ASCII format (small lower right red circle), and is two bytes long.
©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved.
Two bytes for source port
3.The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet. Answer: The UDP length field is the length of the header and data fields of the UDP segment, measured in bytes).” The displayed packet has a length field of 58 bytes. We know there are 8 byres of header. If we look at the packet content field, we also find 50 bytes of hexadecimal or
4.What is the maximum number of bytes that can be included in a UDP payload? (Hint: the answer to this question can be determined by your answer to 2. above). Answer: Since there are only 16 bits, the maximum length of a UDP segment (including header) is 2**16
5.What is the largest possible source port number? (Hint: see the hint in 4.) Answer: Since there are only 16 bits, the maximum source port number is 2**16
6.What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. To answer this question, you’ll need to look into the Protocol field of the IP datagram containing this UDP segment (see Figure 4.13 in the text, and the discussion of IP header fields). Answer: UDP has a protocol number of
17 (this number is displayed in Wireshark as the value of the “protocol:” field in the IPV4 datagram.
7.Examine a pair of UDP packets in which the first packet is sent by your host and the second packet is a reply to the first packet. Describe the relationship between the port numbers in the two packets. Answer: Let’s look at packets 1 and 2 in the trace. These packets carry SNMP
©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved.
address of the sender of packet 2, The names in the Info field of
©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved.