Wireshark Lab: UDP

The Assignment

Start capturing packets in Wireshark and then do something that will cause your host

to send and receive several UDP packets. After stopping packet capture, set your

packet filter so that Wireshark only displays the UDP packets sent and received at

your host. Pick one of these UDP packets and expand the UDP fields in the details

window.

---

用wireshark过滤捕获udp包，然后只显示过滤栏只显示从你的主机发送的或者是接收的包，选一个包查看详细数据并回答以下问题

---

我选的一个udp包

---

question

1. Select one packet. From this packet, determine how many fields there are in the 
UDP header. (Do not look in the textbook! Answer these questions directly from 
what you observe in the packet trace.) Name these fields. 

---

描述udp首部一共有哪几个域

一共四个域
Source Port  Destination Port   Length  Checksum

 

---

2. From the packet content field, determine the length (in bytes) of each of the UDP 
header fields. 

---

观察上题的域，说一下各个域的大小（byte表示）

Source Port： 2bytes
Destination Port： 2bytes
Length：  2bytes
Checksum： 2bytes

 

---

3. The value in the Length field is the length of what? Verify your claim with your 
captured UDP packet. 

---

length域的值代表什么？

Length表示整个UDP报文段的字节数（首部加数据）
这里是1350+8=1358bytes

 

---

4.What is the maximum number of bytes that can be included in a UDP payload. 

---

一个UDP数据报最多能负载多少byte的数据？

UDP 包的最大大小就应该是 1500 - IP头(20) - UDP头(8) = 1472(Bytes)

 

---

5.What is the largest possible source port number? 

---

最大可能的源端口号是多大？

65535（0-2^16-1）

 

---

6. What is the protocol number for UDP? Give your answer in both hexadecimal and 
decimal notation. (To answer this question, you’ll need to look into the IP header.)

---

udp的协议号是多少，用十进制和十六进制数表示

UDP协议号是17（0x11）

 

---

7. Examine a pair of UDP packets in which the first packet is sent by your host and 
the second packet is a reply to the first packet. Describe the relationship between the 
port numbers in the two packets.

---

解释一对udp包的端口号的关系：第一个包是你的主机发送的，第二个包是对第一个包的回复

第一个packet的源端口号是第二个packet的目标端口号
第二个packet的源端口号是第一个packet的目标端口号