Assignment 3.2 DNS uses TCP and UDP

NMAP and TCP/UDP

Run Nmap against 10.0.5.22 so that both tcp/53 and udp/53 are checked.

• nmap -Pn -sU -sS -p 53 10.0.5.22

• -Pn no host discovery

• -sU UDP scan

• -sS faster TCP scan

How to retrieve both TCP and UDP ports with Nmap?Stack Overflow

Nslookup and UDP in Wireshark

Deliverable 1. Run nslookup against 10.0.5.21 using the dns server 10.0.5.22. Provide a screenshot showing the traffic similar to the one below that shows your nslookup command and an indication the protocol is UDP.

UDP filter on wireshark showing resolved domain name

Deliverable 2. Figure out how to coax nslookup to use tcp and repeat the lookup, continuing to capture packets to tcp/udp 53. Provide a screenshot similar to the one below that shows the modified nslookup command and the new packets. The illustration is also a reminder of why UDP is so efficient.

• To force nslookup to use tcp do the following command:

  • nslookup -vc 10.0.5.21 10.0.5.21

    • -vc is specifically used for forcing nslookup to use TCP instead of UDP

    • DNS queries are sent by UDP by default because its faster.

TCP packets in wireshark showing resolved domain name

Deliverable 3. Change your capture so that you are monitoring eth0 using the same port 53 capture filter. Repeat the zone transfer from zonetransfer.me from Activity 3.1. Provide a screenshot showing the tcp stream of this transfer. (Yes, zone transfers use TCP)

• dig axfr @nsztm1.digi.ninja zonetransfer.me > zt.txt1

• Go to wireshark

  • left click on the packet that shows the zone transfer and go to Follow > TCP Stream

TCP Stream packet of the Zone transfer