Lab ‐ UDP Traffic Capture and Analysis - Dleifnesor/NET-215 GitHub Wiki

Lab: Analyzing UDP Headers in Network Traffic

Objective

Analyze traffic captures to decode UDP headers and observe UDP network communications.

Lab Steps

DNS and DHCP

  1. Start Packet Capture
    On your Windows Workstation, start a traffic capture on your wired connection (likely Ethernet 6).

  2. Perform DNS Lookups and DHCP Renewal
    Open Command Prompt and run the following commands:

    nslookup www.burlingtonvt.gov
nslookup www.google.com
nslookup www.microsoft.com
ipconfig /renew

  3. Stop the Capture

  4. Analyze the Capture
    Observe that your computer is handling multiple simultaneous communications.

  5. Filter and Examine UDP Traffic

    • Use the display filter udp to isolate relevant traffic.

    • Locate the DNS packets from your nslookup commands:

      • DNS uses UDP for quick request/response exchanges.
      • screenshot showing the UDP header in a DNS request image

    • Locate the DHCP Request associated with your ipconfig /renew:

      • screenshot showing the UDP header in the DHCP request image

Network Time Protocol (NTP)

  1. Start a New Packet Capture

  2. Query an NTP Server In Command Prompt, enter:

    w32tm /stripchart /computer:time.nist.gov /samples:5

    This compares your workstation's time with the NIST server's time using 5 samples.

  3. Stop Capture and Analyze NTP Traffic

    • Find NTP packets in your capture using the udp filter.
    • NTP, like DNS and DHCP, uses UDP for efficient time synchronization.
    • screenshot showing the UDP header in an NTP request image