Wireshark Lab: UDP
In this lab, we’ll take a quick look at the UDP transport protocol. As we saw in Chapter 3
of the text, UDP is a streamlined, no-frills protocol. You may want to re-read section 3,3
in the text before doing this lab. Because UDP is simple and sweet, we’ll be able to cover
it pretty quickly in this lab. So if you’ve another appointment to run off to in 30 minutes,
no need to worry, as you should be able to finish this lab with ample time to spare.
Disable IPv6, if necessary.
Capture your own packets and answer the questions based on your captured packets.
Include screenshots whenever possible. You will lose (many) points if you do not provide
necessary screenshots. This project is quite easy. Please read the questions carefully and
make things correct in order not to unnecessarily lose points.
Start capturing packets in Wireshark and then do something that will cause your host to
send and receive several UDP packets. It’s also likely that just by doing nothing (except
capturing packets via Wireshark) you can capture some UDP segments. For example,
DNS, DHCP, and SNMP messages will be carried by UDP segments. And your host may
have several background processes that are sending and/or receiving some DNS, DHCP,
and SNMP messages.
After stopping packet capture, set your packet filter so that Wireshark only displays the
UDP packets sent and received at your host. Pick one of these UDP packets and expand
the UDP fields in the details window.
1. Select one UDP packet from your trace. From this packet, determine how many
fields there are in the UDP header. (You shouldn’t look in the textbook! Answer
these questions directly from what you observe in the packet trace.) Name these
2. By consulting the displayed information in Wireshark’s packet content field for
this packet, determine the length (in bytes) of each of the UDP header fields.
3. The value in the Length field is the length of what? (You can consult the text for
this answer). Verify your claim with your captured UDP packet.
4. What is the maximum number of bytes that can be included in a UDP payload?
(Hint: the answer to this question can be determined by your answer to 2. above)
5. What is the largest possible source port number? (Hint: see the hint in 4.)
6. What is the protocol number for UDP? Give your answer in both hexadecimal and
decimal notation. To answer this question, you’ll need to look into the Protocol
field of the IP datagram containing this UDP segment (see Figure 4.13 in the text,
and the discussion of IP header fields).
7. Examine a pair of UDP packets in which your host sends the first UDP packet and
the second UDP packet is a reply to this first UDP packet. (Hint: for a second
packet to be sent in response to a first packet, the sender of the first packet should
be the destination of the second packet). Describe the relationship between the
port numbers in the two packets. (Hint: you can first find an incoming UDP
segment, i.e., with a source IP address as an outside IP address, and a destination
IP address as your host’s IP address. Then, find the corresponding outgoing UDP
segment with a source IP address as your host’s IP address and a destination IP
address as the previous outside IP address.)
Purchase answer to see full