Identify UDP Header Fields and Operation Using a Wireshark TFTP Session Capture

Use Wireshark to capture a TFTP session and inspect the UDP header fields.

Step 1. Start Mininet and tftpd service.
a. Start Mininet. Enter cyberops as the password when prompted.
```
[analyst@secOps ~]$ sudo lab.support.files/scripts/cyberops_topo.py
[sudo] password for analyst:
```
b. Start H1 and H2 at the mininet> prompt.
*** Starting CLI:
mininet> xterm H1 H2
c. In the H1 terminal window, start the tftpd server using the provided script.
```
[root@secOps analyst]# /home/analyst/lab.support.files/scripts/start_tftpd.sh
[root@secOps analyst]#
```
Step 2. Create a file for tftp transfer.
a. Create a text file at the H1 terminal prompt in the /srv/tftp/ folder.
```
[root@secOps analyst]# echo "This file contains my tftp data." > /srv/tftp/
my_tftp_data
```
b. Verify that the file has been created with the desired data in the folder.
```
[root@secOps analyst]# cat /srv/tftp/my_tftp_data
This file contains my tftp data.
```
c. Because of the security measure for this particular tftp server, the name of the receiving
file needs to exist already. On H2, create a file named my_tftp_data.
```
[root@secOps analyst]# touch my_tftp_data
```
Step 3. Capture a TFTP session in Wireshark
a. Start Wireshark in H1.
[root@secOps analyst]# wireshark-gtk &
b. From the Edit menu, choose Preferences and click the arrow to expand Protocols.
Scroll down and select UDP. Click the Validate the UDP checksum if possible check
box and click Apply. Then click OK.

c. Start a Wireshark capture on the interface H1-eth0.
d. Start a tftp session from H2 to the tftp server on H1 and get the file my_tftp_data.
[root@secOps analyst]# tftp 10.0.0.11 -c get my_tftp_data
e. Stop the Wireshark capture. Set the filter to tftp and click Apply. Use the three TFTP
packets to fill in the table and answer the questions in the rest of this lab.

Instructor Note: If students point out UDP acknowledgments, explain that the UDP header does
not contain an acknowledgment field. It is the responsibility of the upper-layer protocol, in this case TFTP, to manage data transfer and receipt information. This will be shown during the UDP datagram examination.