Unable to capture a UDP protocol packet with Wireshark by visiting any website

0
votes

I am using wireshark, and for an exercise we need to capture a UDP packet with wireshark by visiting any website, and then analyze the information within that packet.

I have tried numerous times and all websites appear to send packets with TCP protocol. I have looked at Wireshark documentation, as well as looked online and am stumped.

What am I doing wrong, and how can I get a UDP packet by visiting a website?

Thats the main question. A side question is: how do I filter the captured packets to only those packets referring to requests and responses from websites over the network? Currently there appear to be a bunch of low-level captured packets that I need to scroll through.

Thanks in advance!

2
networkingudpwireshark
Why do you expect "websites" to use UDP? What's that based on? See for instance this very basic description of how HTTP sessions typically work.unwind
The only time you will really see UDP in this scenario is in the DNS hostname lookup, and that will be cached so you'll need to capture it the first time.user207421

2 Answers

1
votes

Because websockets/HTTP is over TCP.

And in Wireshark,if you are intending to see packets corresponding to a particular client/server, click on the packet and do "Follow TCP/UDP stream"

1
votes

You will never see a UDP packet in a WEB connection. Never never never. The Web's connection is in HTTP protocol and HTTP is encapsulated in TCP.

If you need see UDP packets en wireshark you can generate UDP sockets from your host. You can:

  • Make a connection with a TFTP server.
  • Renew your IP you will see the DHCP protocol.
  • You search, what protocols are encapsulated in UDP and use it.
  • Make a program with UDP sokects.