L

T
O
B
R
P
P
2013 Cisco and
Lab - Us
Topology
Objectives
Part 1: Re
Part 2: Us
Part 3: An
Backgroun
If you hav
network o
you type a
Your PCs
as the tra
DNS quer
In this lab
protocol. Y
Note: This
Required R
1 PC (Win
Part 1: R
In Part 1,
addresses
DNS serv
be used in
Part 2: U
In Part 2,
UDP trans
d/or its affiliates.
sing Wir

ecord a PCs
se Wireshark
nalyze Captu
nd / Scenar
ve ever used t
of servers that
a website UR
s DNS server
nsport layer p
ries and respo
b, you will com
You will use W
s lab cannot b
Resources
ndows 7, Vist
Record a
you will use t
s of your PCs
ver IP address
n the following
IP ad
MAC
Defau
DNS
Use Wires
you will set u
sport protoco
All rights reserve
eshark t
s IP Configur
k to Capture
ured DNS or
rio
the Internet, y
t translates us
RL into your br
query and th
protocol. UDP
onses are ver
mmunicate wit
Wireshark to e
be completed
a, or XP with
PCs IP C
the ipconfig /
s network inte
s specified for
g parts of this
dress
address
ult gateway IP
server IP add
shark to C
up Wireshark
l while comm
ed. This docume
to Exam
ration Inform
DNS Querie
UDP Packet
you have use
ser-friendly do
rowser, your P
he DNS serve
P is connectio
ry small and d
th a DNS serv
examine the
d using Netlab
a command
Configura
/all command
erface card (N
r the PC. Rec
s lab with pac
P address
dress
Capture D
to capture DN
unicating with
ent is Cisco Publi
mine a UD
mation
s and Respo
s
d the Domain
omain names
PC performs
ers response
onless and do
do not require
ver by sendin
DNS query a
b. This lab ass
prompt acces
ation Info
d on your loca
NIC), the IP a
cord this infor
cket analysis.




DNS Que
NS query and
h a DNS serv
ic.
DP DNS
onses
n Name Syste
s like www.go
a DNS query
make use of
es not require
e the overhea
ng a DNS que
nd response
sumes that yo
ss, Internet ac
ormation
al PC to find a
ddress of the
mation in the
eries and
d response pa
ver.
S Captur
em (DNS). DN
oogle.com to a
y to the DNS s
the User Dat
e a session s
ad of TCP.
ery using the U
exchanges w
ou have Inter
ccess, and W
and record the
e specified de
table provide
Respons
ackets to dem
re

NS is a distrib
an IP address
servers IP ad
tagram Protoc
etup as does
UDP transpor
with the name
rnet access.
Wireshark insta
e MAC and IP
fault gateway
ed. The inform
ses
monstrate the
Page 1 of 6
buted
s. When
ddress.
col (UDP)
TCP.
rt
server.
alled)
P
y, and the
mation will
use of
192.168.1.5
00-24-21-A2-E3-52
192.168.1.1
200.107.10.52
L

P
S
Lab - Using W
2013 Cisco and
a. Click
Note:
b. Selec
that is
c. After s
d. Open
e. Click
Part 3: A
In Part 3,
the IP add
Step 1: Filt
a. In the
Note:
comm
Wires
comm
brows
b. In the
and A
Wireshark to
d/or its affiliates.
the Windows
If Wireshark
ct an interface
s associated w
selecting the
a web brows
Stop to stop
Analyze C
you will exam
dresses for ww
ter DNS pac
e Wireshark m
If you do not
mand prompt w
shark capture
mand prompt w
ser.
e packet list pa
A www.googl
Examine a U
All rights reserve
Start button
is not yet ins
e for Wireshar
with the recor
desired interf
ser and type w
the Wireshar
Captured
mine the UDP
ww.google.co
ckets.
main window,
t see any resu
window, type
and repeat th
window, you c
ane (top sect
e.com. See f
UDP DNS Ca
ed. This docume
and navigate
stalled, it can
rk for capturin
rded PCs IP a
face, click Sta
www.google.
rk capture whe
DNS or U
packets that
om.
type dns in th
ults after the D
ipconfig /flu
he instruction
can type nslo
ion) of the ma
frame 4 as an
apture
ent is Cisco Publi
e to the Wires
be downloade
ng packets. U
and Media Ac
art to capture
.com. Press E
en you see G
UDP Pack
were genera
he entry area
DNS filter wa
ushdns to rem
s in Part 2b
ookup www.g
ain window, lo
n example.
ic.
shark program
ed at http://ww
se the Interfa
ccess Contro
e the packets.
Enter to conti
Googles home
kets
ated when com
a of the Filter
as applied, clo
move all prev
2e. If this do
google.com
ocate the pac
m.
ww.wireshark
ace List to ch
l (MAC) addr
.
inue.
e page.
mmunicating
toolbar. Click
ose the web b
ious DNS res
es not resolv
as an alterna
cket that inclu
k.org/downloa
hoose the inte
esses in Part
with a DNS s
k Apply or pre
browser and in
sults. Restart
e the issue, in
ative to the we
des standard
Page 2 of 6
ad.html.
erface
t 1.
server for
ess Enter.
n the
the
n the
eb

d query
L

S
Lab - Using W
2013 Cisco and
Step 2: Ex
Examine
Wireshark
displayed
in gray.
a. In the
the nu
www.
b. The E
from y
from t
Is the
c. In the
addre
exam
Can y
Loca
Defa
The IP
as the
d. A UD
heade
Expan
there
rando
Port 5
from c
Wireshark to
d/or its affiliates.
amine UDP
UDP by using
k capture fram
in the packet
e packet detai
umber of byte
google.com.
Ethernet II line
your local PC
the default ga
source MAC
e Internet Prot
ess of this DN
ple, the desti
you pair up th
Device
al PC
ault Gateway
P packet and
e data.
P header only
er is only 16 b
nd the User D
are only four
omly generate
53 is a well-kn
clients.
Examine a U
All rights reserve
P segment u
g a DNS quer
me 4 in the pa
t details pane
ls pane, fram
es to send a D
e displays the
C because you
ateway, becau
C address the
tocol Version
S query is 19
nation addres
e IP and MAC


header enca
y has four fiel
bits as depicte
Datagram Pro
fields. The so
ed by the loca
nown port res
UDP DNS Ca
ed. This docume
using DNS q
ry for www.go
acket list pane
e (middle sect
me 4 had 74 by
DNS query to
e source and d
ur local PC or
use this is the
same as reco
4 line, the IP
92.168.1.11, a
ss is the defa
C addresses f
IP Address
apsulates the
lds: source po
ed below.
otocol in the p
ource port nu
al PC using po
served for use
apture
ent is Cisco Publi
query.
oogle.com as
e is selected f
tion) of the ma
ytes of data o
a name serve
destination M
riginated the D
e last stop bef
orded from Pa
packet Wires
and the destin
ult gateway. T
for the source
UDP segmen
ort, destinatio
acket details
mber in this e
ort numbers t
e with DNS. D
ic.
captured by W
for analysis. T
ain window. T
on the wire as
er requesting
MAC addresse
DNS query. T
fore this quer
art 1 for the lo
shark capture
nation IP add
The router is
e and destina
M
nt. The UDP s
on port, length
pane by click
example is 52
hat are not re
DNS servers l
Wireshark. In
The protocols
The protocol e
s displayed on
g the IP addre
es. The sourc
The destinatio
ry exits the loc
ocal PC?
e indicates tha
ress is 192.16
the default ga
ation devices?
MAC Address
segment cont
h, and checks
king the plus (
2110. The sou
eserved. The
isten on port
n this example
s in this query
entries are hi
n the first line
esses of
ce MAC addre
on MAC addre
cal network.
at the source
68.1.1. In this
ateway in this
?
s
tains the DNS
sum. Each fie

(+) sign. Notic
urce port was
destination p
53 for DNS q
Page 3 of 6
e,
y are
ghlighted

e. This is
ess is
ess is
IP
s
s network.
S query
eld in UDP
ce that
s
port is 53.
queries
Si
192.168.15 00-24-21-A2-E3-52
192.168.1.1 a0-f3-c1-65-84-14
L

S
Lab - Using W
2013 Cisco and
In this
The o
follow
The c
The U
hands
layer.
Recor
Is the
Is the
Step 3: Ex
In this ste
Wireshark to
d/or its affiliates.
s example, the
other 32 bytes
wing illustratio
checksum is u
UDP header h
shake in TCP

rd your Wires
Frame Size
Source MA
Destination
Source IP
Destination
Source Po
Destination
source IP ad
destination I
amine UDP
ep, you will ex
Examine a U
All rights reserve
e length of th
s are used by
n in the packe
used to determ
has low overh
P. Any data tra
shark results i
e
AC address
n MAC addre
address
n IP address
rt
n Port
ddress the sam
P address the
P using DNS
xamine the DN
UDP DNS Ca
ed. This docume
is UDP segm
DNS query d
et bytes pane
mine the integ
ead because
ansfer reliabil
n the table be
ess
s
me as the loc
e same as the
S response.
NS response
apture
ent is Cisco Publi
ment is 40 byte
data. The 32 b
e (lower sectio
grity of the pa
e UDP does n
ity issues tha
elow:
cal PCs IP ad
e default gate
packet and v
ic.
es. Out of 40
bytes of DNS
on) of the Wir
acket after it h
ot have fields
at occur must
ddress record
eway noted in
verify that DNS
bytes, 8 byte
S query data is
reshark main
has traversed
s that are ass
be handled b
ded in Part 1?
n Part 1?
S response p
es are used as
s highlighted
window.
the Internet.
sociated with t
by the applica

packet also us
Page 4 of 6

s header.
in the

three-way
ation
ses UDP.
Si
No
L

Lab - Using W
2013 Cisco and
a. In this
wire is
b. In the
device

c. Notice
What
Destin
What

d. In the
52110
sent t
The s
respo
When
Answ
Wireshark to
d/or its affiliates.
s example, fra
s 290 bytes. I
e Ethernet II fr
e is the destin
e the source a
is the source
nation IP add
happened to
e UDP segme
0. Port numbe
to the DNS se
source port nu
onse with a so
n the DNS res
wers section.
Examine a U
All rights reserve
ame 5 is the c
It is a larger p
rame for the D
nation MAC a
and destinatio
e IP address?
ress:
the roles of s
nt, the role of
er 52110 is th
erver. Your loc
umber is 53. T
ource port num
sponse is exp
UDP DNS Ca
ed. This docume
corresponding
packet as com
DNS response
address?
on IP address


source and de
f the port num
he same port t
cal PC listens
The DNS serv
mber of 53 ba
panded, notice
apture
ent is Cisco Publi
g DNS respon
mpared to the
e, from what
ses in the IP p
S
estination for
mbers has also
that was gene
s for a DNS re
ver listens for
ack to originat
e the resolved
ic.
nse packet. N
DNS query p
device is the
packet. What
Source IP ad
the local hos
o reversed. T
erated by the
esponse on th
r a DNS query
tor of the DNS
d IP addresse
Notice the num
packet.
source MAC
t is the destina
dress:
st and default
The destinatio
e local PC whe
his port.
y on port 53 a
S query.
es for www.go
mber of bytes
address and
ation IP addre
gateway?
on port numbe
en the DNS q
and then send
oogle.com in
Page 5 of 6
s on the

what
ess?
er is
query was
ds a DNS
the
Del servidor DNS y de la mquina local
192.168.1.5 200.107.10.52
Se invirtieron
L

R
Lab - Using W
2013 Cisco and
Reflection
What are
Wireshark to
d/or its affiliates.
the benefits o
Examine a U
All rights reserve
of using UDP
UDP DNS Ca
ed. This docume
instead of TC
apture
ent is Cisco Publi
CP as a trans
ic.
sport protocol for DNS?
Page 6 of 6

El tamao de segmentos disminuye al no usar bytes de control ya que es un protocolo sin estado, lo que
incrementa la velocidad de transmisin y el menor uso de recursos.