Lab 05

User Datagram protocol(UDP) using WireShark

Objective:
After this lab, the students will get better understanding of the UDP protocol.

1
In this lab, students will capture some UDP packets using Wireshark and make some observations
on them. Solved Lab Activites.

Activity 1:
In this lab, we’ll take a quick look at the UDP transport protocol. As we saw in Chapter 3 of the
text1 , UDP is a streamlined, no-frills protocol. You may want to re-read section 3,3 in the text
before doing this lab. Because UDP is simple and sweet, we’ll be able to cover it pretty quickly
in this lab. So if you’ve another appointment to run off to in 30 minutes, no need to worry, as
you should be able to finish this lab with ample time to spare.

Start capturing packets in Wireshark and then do something that will cause your host to send and
receive several UDP packets. It’s also likely that just by doing nothing (except capturing packets
via Wireshark) that some UDP packets sent by others will appear in your trace. In particular, the
Simple Network Management Protocol (SNMP - chapter 9 in the text) sends SNMP messages
inside of UDP, so it’s likely that you’ll find some SNMP messages (and therefore UDP packets)
in your trace.

Draw a node diagram here for UDP protocol.

2
After stopping packet capture, set your packet filter so that Wireshark only displays the UDP
packets sent and received at your host. Pick one of these UDP packets and expand the UDP
fields in the details window. If you are unable to find UDP packets or are unable to run
Wireshark on a live network connection, you can download a packet trace containing some UDP
packets.11
Whenever possible, when answering a question below, you should hand in a printout of the
packet(s) within the trace that you used to answer the question asked. Annotate the printout12 to
explain your answer. To print a packet, use File->Print, choose Selected packet only, choose
Packet
Download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract
the file http- ethereal-trace-5, which contains some UDP packets carrying SNMP messages. The
traces in this zip file were collected by Wireshark running on one of the author’s computers.
Once you have downloaded the trace, you can load it into Wireshark and view the trace using the
File pull down menu, choosing Open, and then selecting the http-ethereal-trace-5 trace file.
summary line, and select the minimum amount of packet detail that you need to answer the
question.
1. Select one UDP packet from your trace. From this packet, determine how many fields
there are in the UDP header. (You shouldn’t look in the textbook! Answer these questions
directly from what you observe in the packet trace.) Name these fields.
2. By consulting the displayed information in Wireshark’s packet content field for this
packet, determine the length (in bytes) of each of the UDP header fields.
3. The value in the Length field is the length of what? (You can consult the text for this
answer). Verify your claim with your captured UDP packet.
4. What is the maximum number of bytes that can be included in a UDP payload? (Hint:
the answer to this question can be determined by your answer to 2. above)
5. What is the largest possible source port number? (Hint: see the hint in 4.)
6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal
notation. To answer this question, you’ll need to look into the Protocol field of the IP
datagram containing this UDP segment

3
Examine a pair of UDP packets in which your host sends the first UDP packet and the second
UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response
to a first packet, the sender of the first packet should be the destination of the second packet).
Describe the relationship between the port numbers in the two packets.

Solution:
1. Select one packet. From this packet, determine how many fields there are in the UDP
header. (Do not look in the textbook! Answer these questions directly from what you observe
in the packet trace.) Name these fields
Ans: The UDP header contains 4 fields: source port, destination port, length, and checksum.
2. From the packet content field, determine the length (in bytes) of each of the UDP
header fields.
Ans: Each of the UDP header fields is 2 bytes long.
3. The value in the Length field is the length of what? Verify your claim with your captured
UDP packet.
Ans: The value in the length field is the sum of the 8 header bytes, plus the 42 encapsulated data
bytes.
4. What is the maximum number of bytes that can be included in a UDP payload.
Ans: The maximum number of bytes that can be included in a UDP payload is 216 – 1 less the
header bytes. This gives 65535 – 8 = 65527 bytes.
5. What is the largest possible source port number?
Ans: The largest possible source port number is 216 – 1 = 65535.
4. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal
notation. (To answer this question, you’ll need to look into the IP header.)

Ans: The IP protocol number for UDP is 0x11 hex, which is 17 in decimal value

4
5. Examine a pair of UDP packets in which the first packet is sent by your host and the second
packet is a reply to the first packet. Describe the relationship between the port numbers in the
two packets. Ans: The source port of the UDP packet sent by the host is the same as the
destination port of the reply packet, and conversely the destination port of the UDP packet sent
by the host is the same as the source port of the reply packet.

1. Graded Lab
Tasks Lab Task
Capture a small UDP packet. Manually verify the checksum in this packet. Show all work
and explain all steps.

5
 Lab Exercise and Summary
Summary should cover Introduction, Procedure, Data Analysis and Evaluation.
___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________
6
___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________
___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________ 7

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________
___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________ 8

Student’s Signature: _______________ Date: ____________

LABORATORY SKILLS ASSESSMENT (Psychomotor)
Criteria (Max Level 1 Level 2 Level 3 Level 4 90%≤ Score
Marks) 0% ≤ S < 50% 50% ≤ S< 70% 70% ≤ S< 90% S ≤100% (S)

Selects Selects and Selects and Selects and

inappropriate applies applies the applies
skills and/or appropriate skills appropriate appropriate
Procedural
strategies and/or strategies strategies and/or strategies and/or
Awareness (30)
Required by the required by the task skills specific to the skills specific to the
task. with major task without task without
errors. significant errors. any error.

Makes major Makes numerous Makes some non- Applies the

critical errors in critical errors in critical errors in procedural
applying applying applying knowledge in
procedural procedural procedural optimized ways
Practical
knowledge knowledge knowledge related to UDP.
Implementation
(30) related to UDP. related to UDP. related to UDP.

Uses tools, Uses tools, Uses tools, Uses tools,

Use of
equipment and equipment and equipment and equipment and

Tool/Equipment materials with materials with materials with materials with a

(30) limited some copetence. considerable high degree of
competence. competence. competence.
Requires constant Requires some Follows safety Routinely follows
reminders to follow reminders to follow procedures with safety procedures.
Safety (10)
safety procedures. safety procedures. only minimal
reminders.

Marks Obtained

Total Marks:100

9
LABORATORY SKILLS ASSESSMENT (Affective)
Total Marks: 40

10
 Criteria Level 1 Level 2 Level 3 Level 4
(Max. Marks) 0% ≤ S < 50% 50% ≤ S < 70% 70% ≤ S < 90% 90% ≤ S ≤ 100% Score
Introduction (5) Very little Introduction is brief Introduction is Introduction
background with some minor nearly complete, complete and well-
information mistakes missing some written; provides
provided or minor points all necessary
information is background
incorrect principles for the
experiment
Procedure (5) Many stages of Many stages of the The procedure The procedure is
the procedure are procedure are could be more well designed and
not entered on the entered on the lab efficiently designed all stages of the
lab report. report. but most stages procedure are
of the entered on the lab
procedure are report.
entered on the lab
report.
Data Record Data is brief and Data provides Data is almost Data is complete
(10) missing some complete and
significant pieces significant but has some relevant. Tables
of information. information minor with
and has few mistakes. units are provided.
critical Graphs are
mistakes. labeled.
All questions are
answered
correctly.
Data Analysis Data is Data is presented Data is presented Data is presented in
(10) presented in in ways that best
in very unclear ways that are not ways that can be facilitate
manner. clear enough. understood and understanding and
interpreted. interpretation.

Report Quality Report contains Report is Report is well Report is well

(10) many errors. somewhat organized and organized and
organized with cohesive but cohesive and
some spelling or contains some contains no
grammatical errors. grammatical errors. grammatical errors.
Presentation seems
polished.

Marks Obtained
LABORATORY SKILLS ASSESSMENT (Cognitive)

(If any) 11

Marks Obtained
 Total Marks: 10

Instructor’s Signature: Date:__________________________

12