I agree that CCIE candidates should read RFCs. If you answer D, however, it's because your job should really be to be an editor, not a CCIE. ;-)
Seriously, the question is worded stranged mainly because of the use of passive voice. A good editor would have told the author to fix that and the question would have said: "Which statement is true when IP needs to fragment a UDP packet?" Answer C couldn't be right unless the MTU were 28 bytes! That's so unlikely that a good test taker would not answer C. The answer is A. Priscilla At 08:20 AM 12/6/01, [EMAIL PROTECTED] (John Nemeth) wrote: >On Apr 27, 9:55pm, "Danny Rising II" wrote: >} >} OK guys, I am running into a little problem in my CCIE Written study. I >have >} two different testing Engines and they have both gave me the same question >} but different answers on both tests. Does anyone know what the correct >} answer should be, here is the question they are asking. >} >} Which statement is true when a UDP packet has to be fragmented? >} A. only the first fragment has the UDP header >} B. All fragments hold the UDP header, so that access lists that look at the >} port would be usable >} C. The first fragment holds only the UDP header, not the UDP data. The UDP >} data is transmitted in the subsequent fragments. >} D. None of the Above. >} >} One testing software says A, while the other says B. >} >} please let me know. > > To answer this question, you should read RFC 768 -- User Datagram >Protocol and RFC 791 -- Internet Protocol. I've read both of them, >amongst many others, and can say that they are some of the shorter and >easier ones to read. A CCIE candidate should be able to easily digest >them. Heck, the UDP one is only three pages long and ranks as one of >the shortest RFCs that exists. The IP one is somewhat longer at 45 >pages. Anyways, you should poke around at http://www.rfc-editor.org/ >. When you have problems like the one above, the best solution is to >go to the source... > > Anyways, my answer to the question would be "D. None of the >Above". For any given packet, A. or C. may be right, but B. is flat >out wrong (this could easily be seen by reading the RFCs I mentioned). >The reason for my answer is that there is no such thing as a "UDP >packet". What goes on the wire is an IP packet. Indeed, there is no >provision for fragmentation at the UDP level, that happens at IP level >(or, at layer 2 in the case of Frame Relay, ATM, etc.). Every packet >must have an IP header to tell where it is going and what fragments to >put together. The data portion of the packet is the "UDP packet" >mentioned above. Each packet can contain as little as one byte of the >data portion (the UDP header is eight bytes) or as much as can be >stuffed into the packet allowed by the MTU. Because the UDP header is >so short, it will normally be fully included in the first fragment. >Also, normally there is no overlap or repetition of any of the data >portion. Based, on what I know about certification tests, I would >probably answer A. for this question, even though the real answer is >D. This just points to the need to keep in mind the difference between >the fantasy world of test writers and the real world. > > Bad guys have been known to not stick the UDP header completely in >the first fragment in order to sneak past ACLs. This means that >anything using ACLs must either drop short frags or put the packet back >together. Bad guys have also been known to overlap fragments again to >trick devices or to crash them. They have also been known to send many >fragmented packets with missing fragments in order to overflow buffers >and crash devices. This, of course, gets into the need for resiliency >in the face of protocol violations. > > Note to Rick Lowe. How many of your CCNA weenies can do an >analysis like this? Heck, how many of them even know what an RFC is? >When it comes to the tough stuff, I'd pit myself against the average >(people like Leigh Anne would probably give me a run for my money) CCNA >any day. > >}-- End of excerpt from "Danny Rising II" ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28310&t=28263 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]