Wireshark 101: User Datagram Protocol and Internet Control Message Protocol, Haktip 127
ฝัง
- เผยแพร่เมื่อ 15 ม.ค. 2015
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Today on HakTip, Shannon Morse explains the User Datagram Protocol and the Internet Control Message Protocol with Wireshark.
UDP stands for User Datagram Protocol. This is another layer 4 protocol, commonly called a 'connectionless protocol', that is used on lots of modern networks to make the transmission of data fast! The weird thing about UDP is it doesn't have a start handshake and a cutoff process like with TCP. Since UDP doesn't have the whole packet handshake that TCP does, you'd think that it wouldn't work right, but it actually HELPS other protocols streamline data in a fast pace.
A UDP header packet is super small and only has four parts. First you have the Bit Offset, the source port / destination port, the packet length, and the checksum.. The source and destination are self-explanatory. The packet length is in bytes and the checksum ensures the data is intact when it arrives.
Next we have ICMP. This stands for the Internet Control Message Protocol. This protocol works with TCP/IP, and tells you if a device, service or route is available on a TCP/IP network. ICMP packet headers have a Type, a Code, a Checksum, and a Variable. The Type is the type of ICMP message based on RFC code. The Code is the subclass of ICMP message, also part of the RFC code. Checksum makes sure the content is intact, and Variable is a bit that changes depending on the type and code. This IANA website shows you all the known types and codes you might run into when dealing with an ICMP packet. If there is a problem with a connection, it may have to do with this packet. Using the Type and the Code, you can determine what went wrong and where.
I also wanted to mention a bit about why ICMP exists for other reasons. First, it's great for the ping utility. In command prompt, type ping 10.71.31.1 (your target) to see an echo/ping request and response. You can also see what happens when you run Ping and check it in Wireshark.
ICMP packets are also a part of trace routing. Trace routing is when you ID the path that some data takes from one device to another. It'll tell you how many routers it had to go through to get to it's destination. If you find an ICMP packet that has a TTL value is set to 1 (that's time to live), that means it only had to travel through one router. In a traceroute, the packet will return to the original source with a type of 11 and a code of 0. This means the destination was unreachable due to the TTL being exceeded during transit. You might find some people call this a double-headed packet because there is an extra IP header inside it. This data is from the original echo request. You'll see this pattern continue until the destination host is reached by the packet. The route can also be seen in CMD with tracert 8.8.8.8.
Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5,org for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
![โกหกเธอทั้งนั้น (Pinocchio) - SERIOUS BACON [Official MV]](http://i.ytimg.com/vi/P1HhTYwrR5A/mqdefault.jpg)
Showing your video to my networking class- they are preparing for the N+ certification.
Thank you so much Shannon , that series of videos explained so much. You're a good teacher. I guess you can teach an old dog new tricks!! S
Thank you shannon for this very helpful
nice vid Q: what is the music in the first 3 min ? thx ^^
nice
g and it fails i can see what failed without any wireshark or error codes if it works its good if not its not, i tend to retry and if that fails i restart my router, if it fails again i reset my pc, its not hard to diagnose issues without needing to know all these protocals and error codes and shit! lol this goes for everything internet related!
beautiful woman!
"SEO MAN", ***** ? x)
who say mask dont stop viruses Should I wear a mask while exercising?
Even when you’re in an area of COVID-19 transmission, masks should not be worn during vigorous physical activity because of the risk of reducing your breathing capacity. No matter how intensely you exercise, keep at least 1 meter away from others, and if you’re indoors, make sure there is adequate ventilation.
you are at a bigger risk of contracting a respiratory infection from wearing a mask just ask the health minister
people a fainting from lack of oxygen and the police are charging people for mask