1
I'm using Wireshark to analyze network traffic. I'm a bit confused by what's displayed under the "Protocol" column.
If I'm not mistaken, DNS and HTTP are Application layer protocols while TCP is Transport (Layer 4) protocol. Is the way the information displayed by Wireshark not misleading?
How can I find which Layer 4 Protocol is used for DNS traffic?
user2018084
Posted 2014-03-03T16:04:20.163
Reputation: 1 604
1
DNS primarily uses UDP or TCP on port 53 as its transport protocol (Layer 4). DNS uses TCP for zone transfer and UDP for DNS queries. Also, if the response data size exceeds 512 bytes, TCP will be used instead of UDP.
Gal
Posted 2014-03-03T16:04:20.163
Reputation: 46
1
Is the way the information displayed by Wireshark not misleading?
It is not misleading. Some TCP traffic contains no protocol data, just acknowledgments, and is marked as such; ACK-only frames contain no DNS or HTTP requests or responses.
How can I find which Layer 4 Protocol is used for DNS traffic?
By selecting one of the DNS packets and looking at the packet details; the packet details will show all the protocol layers.