LAB 10.1 UDP Traffic Capture and Analysis - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objective: Analyze traffic captures to decode UDP headers and observe UDP network communications.

Lab Steps:

  • On your Windows 10 Workstation, start a traffic capture on your wired connection (Ethernet)
  • Perform some nslookups on different web servers

image

image

image

  • run ipconfig /renew to renew your IP address lease

image

  • Stop the capture

  • Enter "UDP" in the display filter:

image

  • Find the DNS packets for your nslookup These are short "request/response"

Submit Screenshot of UDP header in a DNS request with source and destination UDP ports visible

image

  • UDP header (src port: 61817 and des port: 53)

image

Submit Screenshot of UDP header in a DHCP request with source and destination UDP ports visible

Find the DHCP Request packet associated with your lease renewal

image

  • UDP header (src port: 68 and des port: 67)

image

Network Time Protocol Example

  • Start a new capture
  • From command prompt, you will use the w32tm command to query a remote "time" server

w32tm /stripchart /computer:time.nist.gov /samples:5

This command will compare (stripchart) your workstation's time with that of the NIST server 5 (samples) times

image

  • Stop capture and analyze the NTP (Network Time Protocol Packets)

NTP is another example of a "request/response" protocol using the low overhead of UDP

image

Submit Screenshot of UDP header in a NTP request with source and destination UDP ports visible

image

  • UDP header (src port: 51609 and des port: 123)

image