HakTip 127 – Wireshark 101: User Datagram Protocol and Internet Control Message Protocol
Today on HakTip, Shannon Morse explains the User Datagram Protocol and the Internet Control Message Protocol with Wireshark.
UDP stands for User Datagram Protocol. This is another layer 4 protocol, commonly called a ‘connectionless protocol’, that is used on lots of modern networks to make the transmission of data fast! The weird thing about UDP is it doesn’t have a start handshake and a cutoff process like with TCP. Since UDP doesn’t have the whole packet handshake that TCP does, you’d think that it wouldn’t work right, but it actually HELPS other protocols streamline data in a fast pace.
A UDP header packet is super small and only has four parts. First you have the Bit Offset, the source port / destination port, the packet length, and the checksum.. The source and destination are self-explanatory. The packet length is in bytes and the checksum ensures the data is intact when it arrives.
Next we have ICMP. This stands for the Internet Control Message Protocol. This protocol works with TCP/IP, and tells you if a device, service or route is available on a TCP/IP network. ICMP packet headers have a Type, a Code, a Checksum, and a Variable. The Type is the type of ICMP message based on RFC code. The Code is the subclass of ICMP message, also part of the RFC code. Checksum makes sure the content is intact, and Variable is a bit that changes depending on the type and code. This IANA website shows you all the known types and codes you might run into when dealing with an ICMP packet. If there is a problem with a connection, it may have to do with this packet. Using the Type and the Code, you can determine what went wrong and where.
I also wanted to mention a bit about why ICMP exists for other reasons. First, it’s great for the ping utility. In command prompt, type ping 10.71.31.1 (your target) to see an echo/ping request and response. You can also see what happens when you run Ping and check it in Wireshark.
ICMP packets are also a part of trace routing. Trace routing is when you ID the path that some data takes from one device to another. It’ll tell you how many routers it had to go through to get to it’s destination. If you find an ICMP packet that has a TTL value is set to 1 (that’s time to live), that means it only had to travel through one router. In a traceroute, the packet will return to the original source with a type of 11 and a code of 0. This means the destination was unreachable due to the TTL being exceeded during transit. You might find some people call this a double-headed packet because there is an extra IP header inside it. This data is from the original echo request. You’ll see this pattern continue until the destination host is reached by the packet. The route can also be seen in CMD with tracert 8.8.8.8.
Let me know what you think. Send me a comment below or email us at [email protected]. And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to trust your technolust.
David Moore
This is a topic that is close to my heart… Take care!
Exactly where are your contact details though?
Wonderful beat ! I would like to apprentice whilst
you amend your site, how can i subscribe for a blog web site?
The account helped me a appropriate deal. I have been a little bit acquainted of this your broadcast
provided brilliant clear idea
of course like your website but you have to take a look at the spelling on several
of your posts. Several of them are rife with spelling issues and I find
it very bothersome to tell the truth on the other hand I’ll certainly come back again.
Hi there, just wanted to say, I liked this
article. It was funny. Keep on posting!
Awesome site you have here but I was wondering if you knew of any community forums
that cover the same topics discussed in this article?
I’d really like to be a part of community where I can get suggestions from
other knowledgeable individuals that share the same interest.
If you have any suggestions, please let me know. Cheers!
Hey are using WordPress for your site platform?
I’m new to the blog world but I’m trying to get started and set up my own. Do you need any html coding
knowledge to make your own blog? Any help would be greatly appreciated!
Have you ever thought about including a little bit more
than just your articles? I mean, what you say is important
and everything. However just imagine if you added some
great visuals or videos to give your posts more,
“pop”! Your content is excellent but with images and clips,
this blog could definitely be one of the most beneficial in its field.
Terrific blog!
Hi there i am kavin, its my first time to commenting
anyplace, when i read this article i thought i could also
create comment due to this good article.
It is perfect time to make some plans for the future and it is time
to be happy. I have read this post and if I could I wish
to suggest you some interesting things or tips. Maybe you could write
next articles referring to this article. I desire to read even more things about it!
Remarkable! Its really awesome post, I have got much clear
idea about from this article.
What’s up it’s me, I am also visiting this web page regularly, this website is truly good and the viewers are in fact sharing fastidious thoughts.
My partner and I stumbled over here by a different page and thought I may as well check things out.
I like what I see so now i am following you.
Look forward to looking into your web page yet again.
hi!,I really like your writing very so much! percentage we communicate extra approximately your post on AOL?
I require an expert on this space to unravel my problem. May be that’s you!
Looking ahead to see you.
It’s actually very complex in this busy life to listen news on TV, thus
I simply use world wide web for that reason, and get the
newest information.
Why people still make use of to read news papers when in this technological
world all is accessible on web?
I really like your blog.. very nice colors & theme. Did you create this website yourself or did
you hire someone to do it for you? Plz reply as I’m looking to construct my own blog and would like to know where
u got this from. thanks a lot
I am actually thankful to the owner of this site who has shared this wonderful paragraph at at this place.