Sniffing UDP Packets (IP Header Identification Field)

kfarrington · ‎01-19-2004

All,

If I want to monitor a UDP stream and ensure that packets being sent from a source are getting to a receiver, as UDP has no sequence numbers etc etc and is "fire and forget", is the ID field for frangmentation a good way to ensure that the packets tally up from source to the receiver?

I have read on the www, this this could be a dangerous practice?

Can anyone tell me why? It seems to be logical to me, as the TCP stack sets the frag ID and I dont think this has the potential to get overwritten during transmission?

Please can someone confirm this point for me?

Kind regards,

Ken

benhur.p · ‎01-26-2004

Not sure though, I guess there are lot of legal aspects involved as well.

gleithner · ‎01-26-2004

If you are talking about the Identifier field in the IP header, then it's only useful if you somehow could log all of the id's on the sending side and match them up with the id's on the receiving side.

There's no hard and fast rule that id's must be in sequential order(for instance, if I ping an OpenBSD box from Windows, my side sents sequential ID's but the replies are random id's). And even then, other protocols(TCP, ICMP) would get in the way of the sequentiality by stealing the id's for their own use. If you're counting on this, you're out of luck.

kfarrington · ‎01-27-2004

Thx, no its not the seqeunce ordering but just ensuring that when a packet is sent from a source with a seq number, that same seq number arrives on the receiving LAN.

This is the only way I can see if ensure multicast packets are being received by a receiver client :)

Many thx indeed,

Ken