1.1.f Explain UDP Operations

Everything you need to know regarding section 1.1.f Explain UDP Operations is here.

To better understand UDP we need to understand the header and its operations.


img 5a18bdce339cf


src port = socket open in the source of this UDP packet for this connection
dst port = socket open in the destination of this UDP packet for this connection
length= total size in bytes of this UDP header and UDP payload
checksum = a checksum of the pseudo ipv4 header, udp header, and udp payload

Remember the above header/memorize it.

It’s important to note how UDP is handled from the perspective of a stateful device like a zone based firewall (router) or a cisco ASA.

These devices can only track UDP based on their source + dst IP, and source + dst ports. This can be a major security issue because it allows for packet injection within UDP to the destination (granted limited capabilities)

Firewalls keep pseudo connections for UDP flows based on how long the last packet was seen, and it will close these connections based on standard timeouts. These timeouts are not perfect and sometimes require tuning.

1.1.f Explain UDP Operations

Leave a comment