Overview

The goal of this assignment is to demonstrate how DNS uses both TCP and UDP. This can be shown with tools such as nslookup and WireShark.

Useful Commands and Instructions

nmap can be run against both TCP and UDP simultaneously:

sudo nmap -sU -sS 10.0.5.22 -p U:53,T:53

In the command above, -sU specifies to run the command against UDP. -sS (a default flag but I've specified here) is used to specify running the command against TCP. After this is the target IP, and the -p denotes a specific port. U:53 means run against UDP port 53, and ,T:53 means "also run against TCP port 53".

nslookup can also use TCP by specifying the -vc flag:

nslookup -vc [HOST_IP] [DNS_SERVER]

Also remember that when setting a capture filter in WireShark, specify in the entry field before clicking on the desired interface.

When analyzing a WireShark capture, you can view streams such as TCP and UDP streams by selecting the "Analyze" tab and hovering over "Follow" and then selecting your stream of choice.

Issues and Troubleshooting

Initially I didn't see the TCP stream when viewing the last WireShark capture. It wasn't until I selected a TCP packet (and used this filter: tcp.stream eq 0) that I was able to select "TCP Stream".

Questions and Reflections

There are a couple of good things to remember in this quick assignment, so I'll link this page to the nmap guide.