You're reading from Learn Wireshark A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark

Product type Paperback

Published in Aug 2022

Publisher Packt

ISBN-13 9781803231679

Length 606 pages

Edition 2nd Edition

Languages

TCP

Tools

Wireshark

Concepts

Networking

Author (1):

Lisa Bock

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1 Traffic Capture Overview

2. Chapter 1: Appreciating Traffic Analysis FREE CHAPTER

3. Chapter 2: Using Wireshark

4. Chapter 3: Installing Wireshark

5. Chapter 4: Exploring the Wireshark Interface

6. Part 2 Getting Started with Wireshark

7. Chapter 5: Tapping into the Data Stream

8. Chapter 6: Personalizing the Interface

9. Chapter 7: Using Display and Capture Filters

10. Chapter 8: Outlining the OSI Model

11. Part 3 The Internet Suite TCP/IP

12. Chapter 9: Decoding TCP and UDP

13. Chapter 10: Managing TCP Connections

14. Chapter 11: Analyzing IPv4 and IPv6

15. Chapter 12: Discovering ICMP

16. Part 4 Deep Packet Analysis of Common Protocols

17. Chapter 13: Diving into DNS

18. Chapter 14: Examining DHCP

19. Chapter 15: Decoding HTTP

20. Chapter 16: Understanding ARP

21. Part 5 Working with Packet Captures

22. Chapter 17: Determining Network Latency Issues

23. Chapter 18: Subsetting, Saving, and Exporting Captures

24. Chapter 19: Discovering I/O and Stream Graphs

25. Chapter 20: Using CloudShark for Packet Analysis

26. Assessments

27. Other Books You May Enjoy

Discovering the four-field UDP header

UDP has a four-field header that holds the values that keep track of the conversation, as shown in the following diagram:

Figure 9.25 – The UDP header

Now, let's take a look at each of the four UDP headers.

Analyzing the UDP header fields

Starting at the top of the UDP header, we can see User Datagram Protocol, followed by a summary of what the header represents. Below the header and summary are the UDP header fields, as shown here:

Figure 9.26 – The UDP header as shown in Wireshark

Unlike TCP, UDP has a simple header, with no additional communication details listed, such as Timestamps or SEQ/ACK analysis.

After the header, you will see the following:

Source Port 16-bit: The source port field is the port on the sender's side. In Frame 1, the sender is a DNS client, using Source Port: 54585, which is not associated with any application; it is an ephemeral...