Assignment 3.2: DNS Uses Both UDP and TCP

Run Nmap scan Using TCP and UDP

• I ran an nmap scan using the command sudo nmap -sU -sT -p 53 10.0.5.22 -sV
• The command runs ascan on port 53 on the host 10.0.5.22, using TCP and UDP
• -sU specifies UDP
• -sT specifies TCP

Nslookup and UDP

• Nslookup uses UDP by default
• I ran the command nslookup 10.0.4.21 10.0.5.22
• Using Wireshark with a display filter for UDP port 53, I saw that two UDP packets were sent using the DNS protocol.

Force Nslookup to use TCP

• Nslookup can be forced to use TCP using the flag -vc
• I ran the command nslookup -vc 10.0.4.21 10.0.5.22, and used Wireshark to confirm that TCP packets were used

Viewing TCP Stream in Wireshark

• I ran the commands, dig @8.8.8.8 +short NS zonetransfer.me, dig axfr @nsztm1.gigi.ninja zonetransfer.me, and dig axfr @nsztm2.gigi.ninja zonetransfer.me, while running a wireshark capture on port 53.
• I then followed the TCP stream in Wireshark and viewed the contents