Table of contents
1. Experimental purpose and tasks
5. Contents of the experiment report
1. Experimental purpose and tasks
1. Use Wireshark to clarify the syntax and semantics of each field in the UDP segment.
2. Through analysis, further clarify the working principle of UDP and be able to describe it.
2. Experimental environment
Networked computer; the host operating system is Windows; software such as WireShark.
3. Preliminary knowledge
In this lab, we'll take a quick look at the UDP transport protocol. As we saw in Chapter 3 of the textbook, UDP is a stripped-down protocol. Before doing this experiment, you need to re-read Section 3.3 in the book. In addition, you need to be familiar with the basic operations of Wireshark.
4. Experimental steps
Answer questions 1-7 in "V. Contents of Experiment Report" according to the operations.
1. Start capturing packets in Wireshark, then do something that causes the host to send and receive a few UDP packets.
2. After stopping the packet capture, set the packet filter so that Wireshark only shows UDP packets sent and received on the host. Select one of the UDP packets and expand the UDP field in the details window. If you can't find UDP packets or run Wireshark on a live network connection, you can download a trace file (udp-wireshark-trace.pcap, which contains some UDP packets carrying SNMP messages) that contains some UDP packets.
3. Submit a printout or screenshot of the packet used to answer the questions asked. To print a packet, use File->print, select Selected packet only, select packet summary line, and select the targeted minimum amount of packet detail you need to answer the question.
5. Contents of the experiment report
1. Select a UDP packet from your trace. From this packet, determine how many fields are in the UDP header. Give these fields a name.
Take the DNS query of www.mit.edu as an example
There are 4 fields in the UDP header, namely: source port Source Port, destination port Destination Port, packet length Length, checksum and Checksum
2. Determine the length (in bytes) of each field in the UDP segment header by viewing the information of the data packet displayed in the data packet content field of Wireshark.
By querying the field information in the wireshark packet, it is determined that the 4 fields in the UDP header are all 2 bytes; there are 4 fields in total, so there are 8 bytes in total, that is, 8byte
3. What length does the value in the Length field indicate? Verify your results with your captured UDP packets.
The Length field indicates the sum of the byte length of the UDP header and UDP data. From the UDP payload field, it can be known that the UDP payload is 29 bytes, and the UDP header is 8 bytes; 29+8=37
4. What is the maximum number of bytes that can be included in a UDP payload?
The Length field occupies 2 bytes, that is, the word length is 16 bits, so 2^16-1=65535 bits, of which 8 bytes are UDP header information, so the payload is 65535-8=65527 bits
5. What is the largest possible source port number?
Both port fields occupy 2byte = 65536 bits, and the port number starts from 0, so the maximum port number is 2^16 - 1 = 65535
6. What is the protocol number of UDP? Give the answer in hexadecimal and decimal notation.
The protocol number of UDP is 17 , which is 0x11 in hexadecimal
7. Check for a pair of UDP packets where your host sent the first UDP packet and the second UDP packet is a reply to this first UDP packet. Describe the relationship between the port numbers in these two packets.
The source port number (4375) and destination port number (53) of the DNS query correspond to the destination port number (53) and source port number (4375) of the DNS query response respectively
