Вы находитесь на странице: 1из 5

The Assignment

Start capturing packets in Wireshark and then do something that will cause your host to
send and receive several UDP packets. After stopping packet capture, set your packet
filter so that Wireshark only displays the UDP packets sent and received at your host.
Pick one of these UDP packets and expand the UDP fields in the details window.

1. Select one packet. From this packet, determine how many fields there are in the
UDP header. (Do not look in the textbook! Answer these questions directly from
what you observe in the packet trace.) Name these fields.

There is 4 fields :
i) Source port
ii) Destination port
iii) Length
iv) Checksum

2. From the packet content field, determine the length (in bytes) of each of the UDP
header fields.

i) Source port : 2 bytes

ii) Destination port : 2 bytes
iii) Length : 2 bytes
iv) Checksum : 2 bytes
3. The value in the Length field is the length of what? Verify your claim with your
captured UDP packet.

Length field is is a simple count of the number of bytes contained in the header
and data sections. The length of this UDP packet is 45 bytes.

4. What is the maximum number of bytes that can be included in a UDP payload.

UDP datagrams can be up to 65535 bytes long (header + payload).

5. What is the largest possible source port number?

The largest possible source port number is 65535

6. What is the protocol number for UDP? Give your answer in both hexadecimal and
decimal notation. (To answer this question, you’ll need to look into the IP

Hexadecimal = 0x11
Decimal = 161 + 160
= 16+1
= 17

7. Search “UDP” in Google and determine the fields over which the UDP checksum
is calculated.

To calculate UDP checksum a "pseudo header" is added to the UDP header. This

IP Source Address 4 bytes

IP Destination Address 4 bytes
Protocol 2 bytes
UDP Length 2 bytes

The checksum is calculated over all the octets of the pseudo header, UDP header
and data. If the data contains an odd number of octets a pad, zero octet is added
to the end of data. The pseudo header and the pad are not transmitted with the

8. Examine a pair of UDP packets in which the first packet is sent by your host and
the second packet is a reply to the first packet. Describe the relationship between
the port numbers in the two packets.

First packet source port is 3604 and destination port is 712.

Second packet source port is 712 and destination port is 3604.

Extra Credit
1. Capture a small UDP packet. Manually verify the checksum in this packet. Show
all work and explain all steps.

Field Hex Value

IP header : Source IP address 0a6d
IP Header : Destination IP address ffff
IP header: Protocol number(zero padded on left) 4f4d
16 bit UDP Length 002d
UDP header: source port 0e14
UDP header: destination port 02c8
UDP header: length 002d
UDP Data 5052
Sum all hex values 6f5f5