The User Datagram Protocol (UDP) is the other layer 4 protocol commonly used on modern networks. While TCP is designed for reliable data delivery with built-in error checking, UDP aims to provide speedy transmission. For this
reason, UDP is a best-effort service, commonly referred to as a connectionless protocol. A connectionless protocol does not formally establish and terminate a connection between hosts, unlike TCP with its handshake and teardown
processes.
With a connectionless protocol, which doesnât provide reliable services, it would seem that UDP traffic would be flaky at best. That would be true, except that the protocols that rely on UDP typically have their own built-in reliability services, or use certain features of ICMP to make the connection somewhat more reliable. For example, the application-layer protocols DNS and DHCP, which are highly dependent on the speed of packet transmission across a network, use UDP as their transport layer protocol, but they handle error checking and retransmission timers themselves.
The UDP Header
The UDP header is much smaller and simpler than the TCP header. As shown in Figure 6-27, the following are the UDP header fields:
Source Port The port used to transmit the packet
Destination Port The port to which the packet will be transmitted
Packet Length The length of the packet in bytes
Checksum Used to ensure that the contents of the UDP header and data are intact upon arrival
Figure 6-27: The UDP header
The file udp_dnsrequest.pcap contains one packet. This packet represents a DNS request, which uses UDP. When you expand the packetâs UDP header, youâll see four fields (see Figure 6-28).
Figure 6-28: The contents of a UDP packet are very simple.