Lab3-Wireshark_DNS - Instructor Luong Duy Hieu Contact [email protected] 2016 Wireshark Lab DNS The Domain Name System(DNS translates hostnames to IP

Lab3-Wireshark_DNS - Instructor Luong Duy Hieu Contact...

This preview shows page 1 - 4 out of 12 pages.

Hacking [email protected] 1 /11 Wireshark Lab: DNS The Domain Name System (DNS) translates hostnames to IP addresses, fulfilling a critical role in the Internet infrastructure. In this lab, we’ll take a closer look at the client side of DNS. Recall that the client’s role in the DNS is relatively simple – a client sends a query to its local DNS server, and receives a response back. Much can go on “under the covers,” invisible to the DNS clients, as the hierarchical DNS servers communicate with each other to either recursively or iteratively resolve the client’s DNS query. From the DNS client’s standpoint, however, the protocol is quite simple – a query is formulated to the local DNS server and a response is received from that server. Objectives Lab1 – nslookup Lab2 – ipconfig Lab3 – Tracing DNS with Wireshark Important Note Provide snapshots to all your work. Disclaimer All the Wireshark labs are from the “ Computer Networking - A Top Down Approach, 6 th edition ”, a book I highly recommend if you want to understand how the TCP/IP and other protocols work.
Image of page 1
Lab1 – nslookup In this lab, we’ll make extensive use of the nslookup tool, which is available in most Linux/Unix and Microsof platforms today. To run nslookup in Linux/Unix, you just type the nslookup command on the command line. To run it in Windows, open the Command Prompt and run nslookup on the command line. In it is most basic operation, nslookup tool allows the host running the tool to query any specified DNS server for a DNS record. The queried DNS server can be a root DNS server, a top-level-domain DNS server, an authoritative DNS server, or an intermediate DNS server (see the textbook for definitions of these terms). To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a DNS reply from that same DNS server, and displays the result. The above screenshot shows the results of three independent nslookup commands (displayed in the Windows Command Prompt). In this example, the client host is located on the campus of Polytechnic University in Brooklyn, where the default local DNS server is dns-prime.poly.edu . When running nslookup , if no DNS server is specified, then nslookup sends the query to the default DNS server, which in this case is dns- prime.poly.edu . Consider the first command: > nslookup
Image of page 2
In words, this command is saying “ please send me the IP address for the host ”. As shown in the screenshot, the response from this command provides two pieces of information: (1) The name and IP address of the DNS server that provides the answer; and (2) The answer itself, which is the host name and IP address of .
Image of page 3
Image of page 4

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture