Free Essay

Wireshark Lab 10 - Udp

In:

Submitted By sgtbrueneman
Words 478
Pages 2
Wireshark Lab 10: UDP
Submitted in Partial Fulfillment of the Requirements for
CIS240
Networking Concepts Spring 2013

1. Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. (You shouldn’t look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields.

There are 4 fields in the UDP datagram
1) Source Port
2) Destination Port
3) UDP Datagram length
4) Checksum field

2. By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields.

UDP Header Length = Source Port (2 bytes) + Destination Port (2 bytes) + Length Field (2 bytes) + Checksum field (2 bytes) = 8 bytes

3. The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet.

The length field = 59 bytes – this is the sum of the UDP header (8 bytes) + UDP payload (in this case SMNP data 51 bytes)

4. What is the maximum number of bytes that can be included in a UDP payload? (Hint: the answer to this question can be determined by your answer to 2. above)

The length of the length field is 2 bytes or 216 – 1 less the header bytes = 65535 – 8 = 65527 bytes. This is in theory. In practice, due to avoiding fragmentation in Network layer, this is restricted to the MTU defined in data link layer.

5. What is the largest possible source port number? (Hint: see the hint in 4.)

The length of the port field is 2 bytes or 216 – 1 = 65535 bytes.
6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. To answer this question, you’ll need to look into the Protocol field of the IP datagram containing this UDP segment (see Figure 4.13 in the text and the discussion of IP header fields).

Protocol: UDP (17) Hex 0x11 7. Examine a pair of UDP packets in which your host sends the first UDP packet and the second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response to a first packet, the sender of the first packet should be the destination of the second packet). Describe the relationship between the port numbers in the two packets.

In multiplexing for UDP datagrams for the transport layer, it uses the source and destination ports as the socket #. In the above example, the socket # would be 4344:161 for the sending client and 161:4344 for the receiving node. The source port for the sending node (4334) is the destination port for the receiving nodes datagram. This is the opposite for the receiving node sending back to the sending n

Similar Documents

Free Essay

Beamforming

...protocols can often be greatly deepened by “seeing protocols in action” and by “playing around with protocols” – observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. This can be done in simulated scenarios or in a “real” network environment such as the Internet. In the Wireshark labs you’ll be doing in this course, you’ll be running various network applications in different scenarios using your own computer (or you can borrow a friends; let me know if you don’t have access to a computer where you can install/run Wireshark). You’ll observe the network protocols in your computer “in action,” interacting and exchanging messages with protocol entities executing elsewhere in the Internet. Thus, you and your computer will be an integral part of these “live” labs. You’ll observe, and you’ll learn, by doing. In this first Wireshark lab, you’ll get acquainted with Wireshark, and make some simple packet captures and observations. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes...

Words: 2509 - Pages: 11

Premium Essay

Jon Jons

...This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Exploration: Network Fundamentals course as part of an official Cisco Networking Academy Program. Activity 1.1.1: Using Google Earth™ to View the World Learning Objectives Upon completion of this activity, you will be able to: • • • • • Explain the purpose of Google Earth. Explain the different versions of Google Earth. Explain the hardware and software requirements needed to use Google Earth (free edition). Experiment with Google Earth features such as Help | Tutorial. Experiment with Google Earth to explore continents, countries, and places of interest. Background Google Earth is a popular application that executes on the desktop of most operating systems. It requires a broadband connection to the Internet and displays Earth as a manipulated 2D, or 3D image. The popular world news channel, CNN, regularly uses Google Earth to emphasize where a news story has occurred. At the time of writing this activity, there are three versions of Google Earth. The version that fits most needs is Google's free version, Google Earth. A Google Earth Plus version includes GPS support, a spreadsheet importer, and other support features. The Google Earth Pro version is for professional and commercial use. The URL http://earth.google.com/product_comparison.html contains a description of the versions...

Words: 60675 - Pages: 243

Premium Essay

Info Security Lab 4

...1. Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why? While both Wireshark and NetWitness Investigator can be used to capture network traffic, the freeware version of NetWitness Investigator has a limitation of 1G of protocol capture per session. Wireshark does not have a limitation on the size of the capture file, which makes it better suited to protocol capture. Wireshark can be used to analyze capture files, but NetWitness Investigator is a seven-layer protocol analyzer that provides detailed protocol analysis and protocol behavior analysis and is much more user-friendly in terms of understanding protocol behavior and protocol analysis. 2. What is the significance of the TCP three-way handshake for applications that utilize TCP as transport protocol? A three-way handshake (SYN > SYN-ACK > ACK) is performed between the IP source and IP destination to establish a connection-oriented connection. 3. How many different source IP host address did you capture in your protocol capture? 8 including 0.0.0.0, otherwise 7 4. How many different protocols did your protocol capture session have? What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment? There were 10 protocols that the protocol capture session have. Click on: Statistics → Protocol Hierarchy In order to see the breakdown of the different protocol types on the LAN segment. 5...

Words: 625 - Pages: 3

Free Essay

Paper

...Assignment#1 MMIS 653 (Fall 2014) Total points: 100 Due date: 9/20/2014 11:59PM Questions: (70 points) 1, (4 points) Is HFC transmission rate dedicated or shared among users? Are collisions possible in a downstream HFC channel? Why or why not. 2, (6 points) Suppose there are exactly two packet switches between a sending host and a receiving host. The transmission rate between the sending host and switch#1 is R1. The transmissions rate between switch#1 and switch#2 and between switch#2 and the receiving host are R2 and R3, respectively. Assuming that the switches user store-andforward packet switching, what is the total end-to-end delay to send a packet of length L? (Ignore queuing, propagation delay, and processing delay.) 3, (10 points) (a) How long does it take for a packet of length 1,000 bytes to be delivered from the sending host to the receiving host over a link of distance 4,800 km, propagation speed 2.4x108 m/s, and transmission rate 2Mbps? (b) More generally, how long does it take a packet of length L to be delivered from the sending host to the receiving host over a link of distance d, propagating speed s, and transmission rate R bps? (c) How long does it take for the first bit of the packet to arrive at the receiving host (start to count the time when the sending host starts to transmit the packet)? (d) How long does it take for the last bit of the packet to be put on the link (start to count the time when the sending host starts to transmit the packet)? 4, (8 points)...

Words: 728 - Pages: 3

Free Essay

Cis 534 - Lab Manual

...Contents Toolwire Lab 1:Analyzing IP Protocols with Wireshark ........................................................................ 6 Introduction ............................................................................................................................................. 6 Learning Objectives ................................................................................................................................ 6 Tools and Software ................................................................................................................................. 7 Deliverables ............................................................................................................................................. 7 Evaluation Criteria and Rubrics ........................................................................................................... 7 Hands-On Steps ....................................................................................................................................... 8 Part 1: Exploring Wireshark ............................................................................................................... 8 Part 2: Analyzing Wireshark Capture Information .......................................................................... 12 Lab #1 - Assessment Worksheet .............................................................................................................. 19 Analyzing IP Protocols with Wireshark .............

Words: 48147 - Pages: 193

Free Essay

Lab Step

...Hands-On Steps Note: This lab contains detailed lab procedures which you should follow as written. Frequently performed tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should review these tasks before starting the lab. 1. From the vWorkstation desktop, open the Common Lab Tasks file. If desired, use the File Transfer button to transfer the file to your local computer and print a copy for your reference. Figure 1 "Student Landing" workstation 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. Part 1: Capture Network Traffic using TCPdump utility Note: In the next steps, you will use TCPdump, a command line utility, to capture network traffic on the TargetLinux01 virtual server. You will generate that traffic by exploiting a cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) tool. In the lab environment, you will be capturing traffic on one interface. In a real-world situation, it is likely the machine would be straddling both an internal network and an external network. In that case, you would want to want to monitor both sides of the interface. Monitoring outside network traffic allows information systems security practitioners to see who and what is attempting to infiltrate your IP network. Monitoring internal traffic allows network analysts to see exactly...

Words: 3168 - Pages: 13

Free Essay

Csec 630 Lab 2

...C:\snort\bin\ *.conf *.rules *.pcap dir PCAP file opened in Wireshark Wire shark TCP only filter Snort cmd run Alert file after modifying Snort rules. Renamed alert file. Alert 2 1. When running Snort IDS why might there be no alerts? There could be several different reasons for Snort not seeing any alerts. The number one reason, is that Snort has not been configured properly to listen for traffic. Snort needs to be configured properly on specific port for it too listen to traffic. Another reason according to the Snort FAQ, no alerts can be due to “the result of a checksum offloading issue.” (Snort FAQ, 2016) The use of –k none should be added in the cmd line to solve the issue of no alerts. 2. If you only went to a few web sites, why are there so many alerts? Snort is an open-source intrusion detection system (IDS). Intrusion detection systems are able to analyze many different types of network traffic to detect abnormalities. Snort analyzes packets on a network depending on the traffic traversing the network. Traffic can include TCP, UDP, and HTTP traffic to name a few. Depending on which protocols where used when going to the website, different types of alerts can be produced by Snort. 3. What are the advantages of logging more information to the alerts file? Advantages to logging more information to the alerts files is that one, it can be more useful to a system administrator trying to figure out what type of malware...

Words: 1170 - Pages: 5

Premium Essay

Nt1210 Introduction to Networking Onsite Course

...ITT Technical Institute NT1210 Introduction to Networking Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 56 (34 Theory Hours, 22 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT1110 Computer Structure and Logic or equivalent Course Description: This course serves as a foundation for the study of computer networking technologies. Concepts in data communications, such as signaling, coding and decoding, multiplexing, circuit switching and packet switching, OSI and TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments Introduction to Networking Syllabus Where Does This Course Belong? This course is required for the associate program in Network System Administration and the associate program in Electrical Engineering Technology. The following diagrams demonstrate how this course fits in each program. Associate Program in Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110...

Words: 4400 - Pages: 18

Premium Essay

Nt 1210

...ITT Technical Institute NT1210 Introduction to Networking Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 56 (34 Theory Hours, 22 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT1110 Computer Structure and Logic or equivalent Course Description: This course serves as a foundation for the study of computer networking technologies. Concepts in data communications, such as signaling, coding and decoding, multiplexing, circuit switching and packet switching, OSI and TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments Introduction to Networking Syllabus Where Does This Course Belong? This course is required for the associate program in Network System Administration and the associate program in Electrical Engineering Technology. The following diagrams demonstrate how this course fits in each program. Associate Program in Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110...

Words: 4400 - Pages: 18

Premium Essay

Moral Principles and Acceptable Use of Private Information

...Information Systems SecurityNOTManualSALE OR DISTRIBUTION Lab FOR v2.0 NOT FOR SALE OR DISTRIBUTION Placeholder for inside cover and copyright page © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Copyright © 2014 by Jones & Bartlett Learning, NOT FOR SALE OR DISTRIBUTION LLC, an Ascend Learning Company. All rights reserved. OR DISTRIBUTION NOT FOR SALE Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning...

Words: 95466 - Pages: 382

Premium Essay

Computer Networking

...COMPUTER NETWORKING SIXTH EDITION A Top-Down Approach James F. Kurose University of Massachusetts, Amherst Keith W. Ross Polytechnic Institute of NYU Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo Vice President and Editorial Director, ECS: Marcia Horton Editor in Chief: Michael Hirsch Editorial Assistant: Emma Snider Vice President Marketing: Patrice Jones Marketing Manager: Yez Alayan Marketing Coordinator: Kathryn Ferranti Vice President and Director of Production: Vince O’Brien Managing Editor: Jeff Holcomb Senior Production Project Manager: Marilyn Lloyd Manufacturing Manager: Nick Sklitsis Operations Specialist: Lisa McDowell Art Director, Cover: Anthony Gemmellaro Art Coordinator: Janet Theurer/ Theurer Briggs Design Art Studio: Patrice Rossi Calkin/ Rossi Illustration and Design Cover Designer: Liz Harasymcuk Text Designer: Joyce Cosentino Wells Cover Image: ©Fancy/Alamy Media Editor: Dan Sandin Full-Service Vendor: PreMediaGlobal Senior Project Manager: Andrea Stefanowicz Printer/Binder: Edwards Brothers Cover Printer: Lehigh-Phoenix Color This book was composed in Quark. Basal font is Times. Display font is Berkeley. Copyright © 2013, 2010, 2008, 2005, 2003 by Pearson Education, Inc., publishing as Addison-Wesley. All rights reserved. Manufactured in the United States of...

Words: 69922 - Pages: 280

Premium Essay

Liao

...Volume 1 FACULTY OF INFORMATION TECHNOLOGY Computer Network Systems Department Computer Networks 1 Lab Manual V 2.0 P R E P A R E D D R . A S U B Y H I J J A W I M O H A M M A D 2 0 1 2 R E V I E W E D B Y D R . M O H A M M A D H I J J A W I Applied Science Private University – Jordan http://FIT.asu.edu.jo Table of Contents Lab 1: Network Components ....................................................................................... 7 Introduction ........................................................................................................ 7 Objectives: ........................................................................................................ 13 Lab Steps: ......................................................................................................... 13 Lab 2: Cable Construction ......................................................................................... 14 Introduction: ...................................................................................................... 14 Objectives: ........................................................................................................ 20 Lab Steps: ......................................................................................................... 21 Preparation ....................................................................................................... 21 Main Steps .................................................

Words: 20902 - Pages: 84

Free Essay

Botnet Analysis and Detection

...Acknowledgements I would like to appreciate God Almighty for his faithfulness and for the strength, without him I am nothing. I would like to thank my supervisor Dr Hatem Ahriz for his guidance throughout the writing of this report. I would like to thank Richboy and Ete Akumagba for their guidance and for proof reading this report. I would like to thank my family for their support and love. ii Abstract This era of explosive usage of networks have seen the rise of several opportunities and possibilities in the IT sector. Unfortunately, cybercrime is also on the rise with several forms of attack including, but not limited to botnet attacks. A Botnet can simply be seen as a network of compromised set of systems that can be controlled by an attacker. These systems are able to take malicious actions as needed by the attacker without the consent of the device owner and can cause havoc. This paper is the first part of a two-part report and discusses on several reportedly known botnets and describes how they work and their mode of infection. Several historic attacks and the reported damage have been given to give a good picture and raise the bar on the capabilities of botnets. Several existing tools have been considered and examined which are useful for detecting and terminating botnets. You would find that each tool has its own detection strategy, which may have an advantage on some end than others. iii Table of Contents Declaration ................

Words: 13171 - Pages: 53

Free Essay

A Hands on Intro to Hacking

...Penetration testing Penetration testing A Hands-On Introduction to Hacking by Georgia Weidman San Francisco Penetration testing. Copyright © 2014 by Georgia Weidman. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14   123456789 ISBN-10: 1-59327-564-1 ISBN-13: 978-1-59327-564-8 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066...

Words: 117203 - Pages: 469

Premium Essay

345 Lab 4

...CNIT 345 | Enterprise Internetwork Design & Implementation | Lab IV | | Contents OSPF 4 BASIC COMMANDS 4 Backup link Configuration 4 QOS 8 Testing 10 Trouble Shooting 11 Implications/How it works 11 SNMP & NetFlow 12 In Global Configuration Mode on each Cisco Router: 12 In Interface Configuration Mode on each Cisco Router: 12 Install Cacti on the HQ Server 12 Installing NfSen on the HQ Server: 13 Troubleshooting: 14 Verification/Testing: 14 Explanation: 15 What was not accomplished: 15 Formatting Cisco IOS on 2600 series routers 15 Testing 16 Trouble Shooting 16 General IPv6 commands: 17 Rip6 commands: 17 Implications/How it works 18 Testing 19 Troubleshooting 20 IP 21 Delegation: 21 VLAN information: 22 VLAN IP Addresses: 23 HQ Subnetting: 23 Store Subnetting: 24 Procedures: 25 Troubleshooting: 27 Traffic generation/Services 29 Installing Ubuntu 10.04.2 LTS 29 Installing and Configuring NTP on Ubuntu 31 Installing BackTrack 4 R2 32 Installing and Configuring Nping 35 Verification and Troubleshooting for Nping 35 Reflection 36 Troubleshooting 36 Adtran 37 Commands for set-up 37 How does Adtran differ from Cisco? 38 How do you verify/what were the results 38 Bibliography 39 Appendix A 40 OSPF BASIC COMMANDS The following commands are entered into global configuration mode. router ospf 10 network <the ip network of the network you wish to add> <the inverse...

Words: 7461 - Pages: 30