Differences for page UDP -- hping network security tool

hping wiki

Differences for page UDP

Current version compared with version Sun May 30 09:31:30 GMT 2004

...

The following is the old page content

*User Datagram Protocol* ([link http://ietf.org/rfc/rfc0768.txt RFC768]).
The UDP protocol is very similar to the [IP] itself, because it's just able to send datagrams from an host to another, without
to try to make the link reliable. As [IP], [UDP] datagrams can get lost, duplicated, or delivered out of order. Protocols using [UDP] that need
to be reliable have to implement retrasmission after a timeout on top of [UDP]. For instance the [DNS] protocol, that implements a request/reply
protocol on top of [UDP] retry to send the query after some time if no response was received from the [DNS] server.

The main abstraction that [UDP] adds to [IP] is the concept of [port]. With [IP address]es it's possible to send data to a specific host,
but with [port]s it's possible to send data to a specific process of a specific host.

===UDP header===
[img udp-hdr.png]

This is the C structure for the UDP header:

struct udphdr {
         __u16   source;
         __u16   dest;
         __u16   len;
         __u16   check;
 };

===IP spoofing and UDP===

Being [UDP] a datagram protocol there is no state, different UDP packets are not about the same connection.
If the application level protocol is not designed for security it's often very simple to do [spoofing] against protocols
implemented on top of [UDP]: it's as simple as to do spoofing with [IP] itself, the destination host can't tell what's
the real source of the packet, there is nothing of similar to the [TCP] sequence numbers (that often the attacker
can't guess, so it's not able to forge a valid packet).

===See also===
[IP], [TCP], [ICMP]