In the preceding diagram, the end application using the UDP stream between PC1 (10.1.100.101) and PC3 (10.1.200.101) is not functioning properly:

1. Ensure that the UDP ports are allowed on Firewalls or other security settings. A firewall in the transit path or on the endpoint that is not allowing the UDP port may drop the packets.
2. Get the UDP destination port to which PC1 is sending the data and check whether the relevant UDP port is opened on PC3 to receive data. This can be done by checking the process on PC3 or by performing a port scan.

3. When PC3 can be accessed, netstat can be used on the host directly and can check whether the destination port is opened.
4. When PC3 cannot be accessed, the port scanning mechanism can be used to do the check. There are various port scanning tools available that can be used for this purpose. If the port is not opened on PC3, it will drop the packet and send an ICMP error message (Destination Port Unreachable).
5. If the port is opened, the next step is to perform Wireshark capture and packet analysis. Since UDP is connection-less, it is recommended to simultaneously capture the packet as close as possible to both the endpoints.

In the preceding screenshot, check whether the UDP checksum is right. If the checksum is not verified, the destination host will drop the packet. Since UDP is connection-less, there will not be any error message or acknowledgment sent about the checksum error. By default, Wireshark may not validate the checksum in the capture. This needs to be enabled in the tool as follows:

1. Go to Edit and click on Preference.
2. Click on Protocols and then select UDP.
3. Set Validate the UDP checksum if possible.

4. If the UDP checksum is fine, compare the UDP streams from both the captures to ensure that the packets are making it towards the destination:

5. Wireshark allows us to follow a specific UDP stream that can be used to compare between captures. Each capture will have a UDP stream index number, as shown in the preceding screenshot. This can be applied as a filter to follow the UDP stream. It basically lists all the packets with the same source/destination IP and source/destination UDP ports in the received order.
6. If there are no issues observed in the capture compared, it could be an issue in the host stack.

The following are a few useful UDP filters: