12-12-2016 05:45 AM - edited 03-12-2019 01:39 AM
I have a packet capture output and am wondering about the number (46) that comes after udp. What does this indicate? I can find no reference to it in wireshark.
1: 08:35:39.635251 802.1Q vlan#9 P0 10.3.2.7.63325 > 146.112.61.107.53: udp 46
Solved! Go to Solution.
12-12-2016 07:45 AM
"46" is the length of the packet that got captured.
12-12-2016 07:31 AM
What are these two Ip addresses " 10.3.2.7 & 146.112.61.107"?
The traffic is going on UDP port 53. It can be DNS server or traffic from Xbox Live.
Thanks,
Vishnu
12-13-2016 03:24 AM
I know what the traffic is I was just curious as to the number after UDP which Karsten has answered for me.
Just FYI, the traffic is generated by a trojan (torrentlocker)
12-12-2016 07:45 AM
"46" is the length of the packet that got captured.
12-13-2016 03:22 AM
Ok. Thanks, odd thing is that in Wireshark the length is shown as 54, so I can only assume that wireshark shows an 8 bit header aswell?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide