Solved: "46" is the length of the

CiscoNutt · ‎12-12-2016

I have a packet capture output and am wondering about the number (46) that comes after udp. What does this indicate? I can find no reference to it in wireshark.

1: 08:35:39.635251 802.1Q vlan#9 P0 10.3.2.7.63325 > 146.112.61.107.53: udp 46

Karsten Iwen · ‎12-12-2016

"46" is the length of the packet that got captured.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Vishnu Sharma · ‎12-12-2016

What are these two Ip addresses " 10.3.2.7 & 146.112.61.107"?

The traffic is going on UDP port 53. It can be DNS server or traffic from Xbox Live.

Thanks,

Vishnu

CiscoNutt · ‎12-13-2016

I know what the traffic is I was just curious as to the number after UDP which Karsten has answered for me.

Just FYI, the traffic is generated by a trojan (torrentlocker)

Karsten Iwen · ‎12-12-2016

"46" is the length of the packet that got captured.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

CiscoNutt · ‎12-13-2016

Ok. Thanks, odd thing is that in Wireshark the length is shown as 54, so I can only assume that wireshark shows an 8 bit header aswell?

ASA packet capture query