 | 1 | initial version |
Since UDP is a connectionless transport protocol it is impossible to determine the beginning and end of a packet flow between endpoints from the packet flow itself, without looking into the higher layer protocols. It might be even that the required info is not there either, but signalled in a separate protocol (have a look at SIP/SDP and RTP).
So for simple UDP stream tracking all it can do is look at the IP/port tuples and match that to streams. The time when these packets flow does not mean anything to UDP.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
