10.2.7 Lab Using Wireshark to Examine a UDP DNS Capture - PanamaP/KEST3CO05DU GitHub Wiki

Part 1: Record VM's IP Configuration Information In Part 1, you will use commands on your CyberOps Workstation VM to find and record the MAC and IP addresses of your VM’s virtual network interface card (NIC), the IP address of the specified default gateway, and the DNS server IP address specified for the PC. Record this information in the table provided. The information will be used in parts of this lab with packet analysis.

Description Settings IP address 10.0.2.15

MAC address 08:00:27:7e:73:aa

Default gateway IP address 192.168.1.254

DNS server IP address 8.8.4.4

Step 2: Examine the fields in a DNS query packet. The protocol fields, highlighted in gray, are displayed in the packet details pane (middle section) of the main window. a. In the first line in the packet details pane, frame 429 had 74 bytes of data on the wire. This is the number of bytes it took to send a DNS query to a named server requesting the IP addresses of www.google.com. If you used a different web address, such as www.cisco.com, the byte count might be different. b. The Ethernet II line displays the source and destination MAC addresses. The source MAC address is from your VM because your VM originated the DNS query. The destination MAC address is from the default gateway because this is the last stop before this query exits the local network. Question: Is the source MAC address the same as the one recorded from Part 1 for the VM?

Já

c. In the Internet Protocol Version 4 line, the IP packet Wireshark capture indicates that the source IP address of this DNS query is 192.168.8.10 and the destination IP address is 8.8.4.4. In this example, the destination address is the DNS server. Can you identify the IP and MAC addresses for the source and destinations of this packet? Device IP Address MAC Address

Source Workstation 10.0.2.15 08:00:27:7e:73:aa

Destination DNS Server/ 8.8.4.4 52:54:00:12:35:02 Default Gateway

Description Wireshark Results Frame size 74 bytes

Source MAC address 08:00:27:7e:73:aa

Destination MAC address 52:54:00:00:12:35:02

Source IP address 10.0.2.15

Destination IP address 8.8.4.4

Source port 50227

Destination port 53

Is the source IP address the same as the local PC’s IP address you recorded in Part 1?

já

Is the destination IP address the same as the default gateway noted in Part 1?

Nei

b. In the Ethernet II frame for the DNS response, what device is the source MAC address and what device is the destination MAC address?

source er default gateway og destination er tölvan(vm cyberops)

c. Notice the source and destination IP addresses in the IP packet. Questions: What is the destination IP address?

10.0.2.15

What is the source IP address?

8.8.4.4

What happened to the roles of source and destination for the VM and default gateway?

þeir skiptu um hlutverk, eru að svara tölvunni með gögnunum

Reflection Question

What are the benefits of using UDP instead of TCP as a transport protocol for DNS?

UDP er fljótara og minna