Ask Your Question
0

check udp payload in wireshark

asked 2020-09-21 21:46:06 +0000

jordiroquet@hotmail.com gravatar image

Hello, I'm trying to analyze----follow----udp stream a pcap file in order to check the payload but the output of the follow UDP stream is quite unreadable. I'm trying to check if any mising sequence numbers. any ideas on how to make that output more human readable?

thanks in advance for your help cheers

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
1

answered 2020-09-21 22:05:43 +0000

Guy Harris gravatar image

Hello, I'm trying to analyze----follow----udp stream a pcap file in order to check the payload but the output of the follow UDP stream is quite unreadable.

"Follow UDP Stream" was inspired by "Follow TCP Stream"; they both are oriented towards protocols using plain text. Many protocols that run over TCP are plain-text; not as many protocols that run over UDP are plain-text.

I'm trying to check if any mising sequence numbers

UDP has no sequence numbers - each UDP datagram is on its own.

The only sequence numbers you will see are sequence numbers in protocols running above UDP; Wireshark may be able to dissect some of those protocols. What protocol are you trying to analyze?

edit flag offensive delete link more

Comments

Hello, thanks for the quick response, unfortunately I don´t have visibility above the transport layer, my customer is reporting gaps on this market data stream and from a network perspective I could not see packet drops nor interface errors on the network devices throughout the path, that's why we decided to port mirror the demarcation point. I understand that UDP is connectionless, correct me if I'm wrong but I believe that checking inside the payload we could find correlative numbers and see if some are missing. Thing is that I'm not quite sure how to do that.

cheers and thanks again

jordiroquet@hotmail.com gravatar image[email protected] ( 2020-09-22 00:12:44 +0000 )edit

correct me if I'm wrong but I believe that checking inside the payload we could find correlative numbers and see if some are missing

That depends on the protocol. Ask the customer what the protocol is; if Wireshark can dissect it, that might let you see what sequence information that protocol has.

Guy Harris gravatar imageGuy Harris ( 2020-09-22 00:34:30 +0000 )edit

"market data stream" - surprised this stuff isn't encrypted (yes some latency but FPGAs/ASICs .....)
Everything from products to open source Wireshark Lua plugins

Chuckc gravatar imageChuckc ( 2020-09-22 01:33:16 +0000 )edit
0

answered 2022-03-26 18:34:07 +0000

Hi, you may try certain application-layer methods to solve your problem, such as using some bytes of the payload to store a header with a sequence number.

For example, I am using NS3 to do some simulations. In my case, the ns3::OnOffApplication Class has an attribute called "EnableSeqTsSizeHeader". If the attribute "EnableSeqTsSizeHeader" is enabled, the application will use some bytes of the payload to store a header with a sequence number, a timestamp, and the size of the packet sent.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-09-21 21:46:06 +0000

Seen: 3,668 times

Last updated: Sep 22 '20