flyingscorpio/efrei
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Finish wireshark DNS

Browse source
This commit is contained in:
flyingscorpio@pinebookpro 2021-10-05 11:18:15 +02:00
parent 60abae66b2
commit dff1363cdb
1 changed files with 165 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

165
network-protocols/wireshark-lab_20211005.tex
View file

@ -136,4 +136,169 @@
\section{DNS}
\subsection{nslookup}
\begin{enumerate}
\item Run \texttt{nslookup} to obtain the IP address of a Web server in Asia.
What is the IP address of that server?
The IP addesses of the server is \texttt{58.229.6.225}.
\begin{lstlisting}[gobble=20]
$ nslookup www.aiit.or.kr
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
Name: www.aiit.or.kr
Address: 58.229.6.225
\end{lstlisting}
\item Run \texttt{nslookup} to determine the authoritative DNS servers for a university in Europe.
\begin{lstlisting}[gobble=20]
$ nslookup -type=SOA efrei.net
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
efrei.net
origin = a.dns.gandi.net
mail addr = hostmaster.gandi.net
serial = 1585830728
refresh = 10800
retry = 3600
expire = 604800
minimum = 10800
Authoritative answers can be found from:
a.dns.gandi.net internet address = 173.246.98.1
a.dns.gandi.net has AAAA address 2604:3400:abca::1
\end{lstlisting}
\end{enumerate}
\subsection{ipconfig}
\subsection{Tracing DNS with Wireshark}
\begin{enumerate}\setcounter{enumi}{2}
\item Locate the DNS query and response messages.
Are they sent over UDP or TCP\@?
The DNS queries are sent over UDP\@.
\item What is the destination port for the DNS query message?
What is the source port of the DNS response message?
The destination port of the query and the source port of the response are the same~: UDP port 53.
\item To what IP address is the DNS query message sent?
Use ipconfig to determine the IP addess of your local DNS server.
Are those two IP addresses the same?
\begin{lstlisting}[gobble=20]
$resolvconf -l
# resolv.conf from wlan0.dhcp
# Generated by dhcpcd from wlan0.dhcp
domain campus.villejuif
search campus.villejuif
nameserver 10.0.1.1
nameserver 192.168.32.5
nameserver 192.168.32.6
\end{lstlisting}
The IP addresses are not the same because I am using a wireshark trace.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
The query type is \texttt{A}, so it is an IPv4 query.
It does not contain any answer.
\item Examine the DNS response message.
How many ``answers'' are provided?
What do each of these answers contain?
The response provides 2 answers, each containing an IP address for the query.
\item Consider the subsequent TCP SYN packet sent by your host.
Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
The IP is \texttt{132.151.6.75}, which corresponds to the first answer in the DNS response.
\item This web page contains images.
Before retrieving each image, does your host issue new DNS queries?
The images are in the same domain, so the client does not need to issue new DNS queries.
\item What is the destination port for the DNS query message?
What is the source port of the DNS response message?
Again, the destination port for the query and the source port for the response are UDP port 53.
\item To what IP address is the DNS query message sent?
Is this the IP address of your default local DNS server?
The query is sent to \texttt{128.238.29.22}.
It is an IP address used in the trace, not my local address.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
The query is of PTR type.
It does not contain any answer.
\item Examine the DNS response message.
How many ``answers'' are provided?
What do each of these answers contain?
The response provides 1 answer containing the domain name corresponding the the requested IP address (reverse DNS).
\item Provide a screenshot.
\item To what IP address is the DNS query message sent?
Is this the IP address of your default DNS server?
The query is sent to \texttt{128.238.29.22}.
It is an IP address used in the trace, not my local address.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
It is again a PTR type, and does not contain any answer.
\item Examine the DNS response message.
What MIT nameservers does the response message provide?
Does this response message also provide the IP addresses of the MIT nameservers?
It provides \texttt{dns-prime.poly.edu}.
The IP address if present, backwards, in the \texttt{in-addr.arpa} field.
\item Provide a screenshot.
\item To what IP address is the DNS query message sent?
Is this the IP address of your default DNS server?
If not, what does the IP address correspond to?
The IP is \texttt{18.72.0.3} and corresponds to the IP address in the \texttt{in-addr.arpa} field for the PTR query.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
It is again a PTR type, and does not contain any answer.
\item Examine the DNS response message.
How many ``answers'' are provided?
What do each of these answers contain?
The response contains the \texttt{bitsy.mit.edu}.
\end{enumerate}
\end{document}