Wireshark Lab: UDP
The Assignment
Start capturing packets in Wireshark and then do something that will cause your hostto send and receive several UDP packets. After stopping packet capture, set yourpacket filter so that Wireshark only displays the UDP packets sent and received atyour host. Pick one of these UDP packets and expand the UDP fields in the detailswindow.
用wireshark过滤捕获udp包,然后只显示过滤栏只显示从你的主机发送的或者是接收的包,选一个包查看详细数据并回答以下问题
我选的一个udp包
question
1. Select one packet. From this packet, determine how many fields there are in the
UDP header. (Do not look in the textbook! Answer these questions directly from
what you observe in the packet trace.) Name these fields.
描述udp首部一共有哪几个域
一共四个域
Source Port Destination Port Length Checksum
2. From the packet content field, determine the length (in bytes) of each of the UDP
header fields.
观察上题的域,说一下各个域的大小(byte表示)
Source Port: 2bytes
Destination Port: 2bytes
Length: 2bytes
Checksum: 2bytes
3. The value in the Length field is the length of what? Verify your claim with your
captured UDP packet.
length域的值代表什么?
Length表示整个UDP报文段的字节数(首部加数据)
这里是1350+8=1358bytes
4.What is the maximum number of bytes that can be included in a UDP payload.
一个UDP数据报最多能负载多少byte的数据?
UDP 包的最大大小就应该是 1500 - IP头(20) - UDP头(8) = 1472(Bytes)
5.What is the largest possible source port number?
最大可能的源端口号是多大?
65535(0-2^16-1)
6. What is the protocol number for UDP? Give your answer in both hexadecimal and
decimal notation. (To answer this question, you’ll need to look into the IP header.)
udp的协议号是多少,用十进制和十六进制数表示
UDP协议号是17(0x11)
7. Examine a pair of UDP packets in which the first packet is sent by your host and
the second packet is a reply to the first packet. Describe the relationship between the
port numbers in the two packets.
解释一对udp包的端口号的关系:第一个包是你的主机发送的,第二个包是对第一个包的回复
第一个packet的源端口号是第二个packet的目标端口号
第二个packet的源端口号是第一个packet的目标端口号