On Apr 27, 9:55pm, "Danny Rising II" wrote:
}
} OK guys, I am running into a little problem in my CCIE Written study. I
have
} two different testing Engines and they have both gave me the same question
} but different answers on both tests. Does anyone know what the correct
} answer should be, here is the question they are asking.
}
} Which statement is true when a UDP packet has to be fragmented?
} A. only the first fragment has the UDP header
} B. All fragments hold the UDP header, so that access lists that look at the
} port would be usable
} C. The first fragment holds only the UDP header, not the UDP data. The UDP
} data is transmitted in the subsequent fragments.
} D. None of the Above.
}
} One testing software says A, while the other says B.
}
} please let me know.
To answer this question, you should read RFC 768 -- User Datagram
Protocol and RFC 791 -- Internet Protocol. I've read both of them,
amongst many others, and can say that they are some of the shorter and
easier ones to read. A CCIE candidate should be able to easily digest
them. Heck, the UDP one is only three pages long and ranks as one of
the shortest RFCs that exists. The IP one is somewhat longer at 45
pages. Anyways, you should poke around at http://www.rfc-editor.org/
. When you have problems like the one above, the best solution is to
go to the source...
Anyways, my answer to the question would be "D. None of the
Above". For any given packet, A. or C. may be right, but B. is flat
out wrong (this could easily be seen by reading the RFCs I mentioned).
The reason for my answer is that there is no such thing as a "UDP
packet". What goes on the wire is an IP packet. Indeed, there is no
provision for fragmentation at the UDP level, that happens at IP level
(or, at layer 2 in the case of Frame Relay, ATM, etc.). Every packet
must have an IP header to tell where it is going and what fragments to
put together. The data portion of the packet is the "UDP packet"
mentioned above. Each packet can contain as little as one byte of the
data portion (the UDP header is eight bytes) or as much as can be
stuffed into the packet allowed by the MTU. Because the UDP header is
so short, it will normally be fully included in the first fragment.
Also, normally there is no overlap or repetition of any of the data
portion. Based, on what I know about certification tests, I would
probably answer A. for this question, even though the real answer is
D. This just points to the need to keep in mind the difference between
the fantasy world of test writers and the real world.
Bad guys have been known to not stick the UDP header completely in
the first fragment in order to sneak past ACLs. This means that
anything using ACLs must either drop short frags or put the packet back
together. Bad guys have also been known to overlap fragments again to
trick devices or to crash them. They have also been known to send many
fragmented packets with missing fragments in order to overflow buffers
and crash devices. This, of course, gets into the need for resiliency
in the face of protocol violations.
Note to Rick Lowe. How many of your CCNA weenies can do an
analysis like this? Heck, how many of them even know what an RFC is?
When it comes to the tough stuff, I'd pit myself against the average
(people like Leigh Anne would probably give me a run for my money) CCNA
any day.
}-- End of excerpt from "Danny Rising II"
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28278&t=28263
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
