This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why don’t we get UDP header when we capture IGMP queries and responses ?

0

Hello everybody,

We all know that multicast is based on UDP. IGMP works on multicast.

Having said that, we don't get UDP header when we capture IGMP queries or responses.

Just wanted to know what am I missing in my understanding ?

Thanks

asked 16 May '17, 11:52

Inquisitive's gravatar image

Inquisitive
6112
accept rate: 0%


2 Answers:

1

"We all know that multicast is based on UDP". I'm sorry, but that assumption is wrong. You're confusing IP multicast with the most common transport protocol on top of it (UDP). The UDP protocol (IP protocol #17) is not the only protocol riding on top of IP. IGMP is its own protocol (IP protocol #2) on top of IP. Have a look here at IANA for all assigned IP protocol numbers.

answered 16 May '17, 12:17

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks a lot. That helps. Now, I understand the difference between IP Multicast and UDP based Multicast.

  • IGMP represents multicast traffic but these packets may either get transported within UDP packets or without them.
  • UDP can carry multicast traffic but multicast traffic doesn't necessarily need to be transported via UDP only.
  • IGMP and IP work in layer 3 , so none of them encapsulates the packets of the other.
  • When Multicast (not IP Multicast as on Internet )is implemented via UDP, we get UDP header.
  • When IP Multicast ( on Internet ) is used, we do not get UDP header as IP Multicast

Just wanted to check if I am correct in my understanding.

(16 May '17, 17:12) Inquisitive

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(16 May '17, 23:38) Jaap ♦
1
  • IGMP manages group membership amongst IP peers. It uses IP protocol #2 to be carried on top of IP between them. This has nothing to do with UDP
  • UDP carries datagrams between IP peers. That may either be Unicast, Multicast or even Broadcast transport. It is the IP layer (and datalink layer below that) that makes the Unicast/Multicast distinction. Other protocols can sit on top of IP, so these too can be Unicast or Multicast to their destination(s).
  • IGMP is a control protocol running alongside and makes use of IP as network protocol.
  • If we transport datagrams using UDP we get a UDP header, independent of whether the IP layer provides a Unicast or Multicast service.
(16 May '17, 23:49) Jaap ♦

1
  1. Multicast is a way to deliver traffic only to particular group of hosts.
  2. Multicast traffic is destined to IPv4 or IPv6 multicast addresses (224.0.0.0/4; FF00::/8) on L3 and is destined to MAC adresses 01:00:5E:xx:xx:xx or 33-33-xx-xx-xx-xx on L2.
  3. Many protocols use multicast type of delivery (OSPF, EIGRP, mDNS and others). Some of them use UDP (mDNS), some of them do not (OSPF).
  4. IGMP is used to control multicast groups in one brodcast domain; it's built on top of IP with no use of UDP. IGMP represents multicast control, it doesn't intended to carry streams. IGMP is built on top of IP so actually it's encapsulated within IP.

answered 16 May '17, 21:46

Packet_vlad's gravatar image

Packet_vlad
4361613
accept rate: 20%