Pick one of these UDP packets and expand the UDP fields in the details window.Īnswer the following questions based on your captured packets: (Type "udp" in the text box labeled "Filter" at the top of the Wireshark window and press enter). Third, set your packet filter so that Wireshark only displays UDP packets sent and received at your host. After you see a few UDP packets in your capture window, stop packet capture before you have a massive file! (Hint: what very common protocol have we talked about in class that uses UDP as the transport layer? What could you easily do in order to trigger this protocol to run?). Then, you should do something that will cause your host (computer) to send and receive several UDP packets. Note that this typically requires running the program in Administrator or root mode. Then, tell Wireshark to start capturing packets on the active network interface. Turn off any network-intensive programs you may already have running. Second, use Wireshark to capture UDP packets.
Versions for Windows and Mac are available at, and versions for Linux are available in the normal software manager for your distribution.
In this exercise, you will use Wireshark to analyze UDP packets.įirst, install the Wireshark packet capture program on your own computer. Simply upload a document in PDF format, or type your solution directly into the Assignment submission box. You must turn it in electronically via the companion Sakai website. The "Filter Expression" dialog box can help you build display filters.Submission information: This homework assignment is due at the start of class on the due date. For display filters, try the display filters page on the Wireshark wiki. For example, to capture only packets sent to port 80, use: dst tcp port 80Ĭouple that with an http display filter, or use: tcp.dstport = 80 & httpįor more on capture filters, read " Filtering while capturing" from the Wireshark user guide, the capture filters page on the Wireshark wiki, or pcap-filter (7) man page. If you want to measure the number of connections rather than the amount of data, you can limit the capture or display filters to one side of the communication. Note that a filter of http is not equivalent to the other two, which will include handshake and termination packets. Ping packets should use an ICMP type of 8 (echo) or 0 (echo reply), so you could use a capture filter of: icmpĪnd a display filter of: icmp.type = 8 || icmp.type = 0įor HTTP, you can use a capture filter of: tcp port 80
0 kommentar(er)
