0

I am using /dev/udp to send a udp packet. For example, (taken from this answer)

echo -n "This is a test" >/dev/udp/localhost/8000

I opened it up in wireshark to see what kind of packet encapsulation it uses and saw it isn't one I recognise. I haven't been able to identify what header format it's using. The protocol name in wireshark is "data".

enter image description here

I initially thought it was an IPv4 Pseudo header, due to the IP addresses and port numbers.

However, they don't match up exactly and this packet is also wrapped in additional "protocol name" and "end of options" fields. If the packet encapsulation name is "data", it isn't coming up in a google search.

Is there any documentation detailing what this encapsulation format is? Is it possible to change it to a different one (for example, an actual IPv4 pseudo header?)

stanri
  • 996
  • What version of Wireshark are you using? How big is the captured packet? (It should be 56 bytes in length.) – Stephen Kitt May 16 '19 at 14:32
  • @StephenKitt It's 58 Bytes and I'm using version 2.6.8 of wireshark (the version that comes in the ubuntu 18.04 repo) – stanri May 17 '19 at 16:39
  • The /dev/udp mechanism does not create any additional encapsulation. It produces a plain UDP datagram with an IP header, a UDP header and your "This is a test" string as the payload. The presentation in your question is weird. It looks like the datagram was exported into some sort of generic tag-based format and then read back in for display, losing the hierarchy of the IP and UDP headers along the way. The "PDU content protocol name" is not part of the datagram, it just refers to the section name that is used to present the payload of the datagram. – ottomeister May 20 '19 at 01:44

0 Answers0