Hacking [email protected]1/11Wireshark Lab: DNSThe Domain Name System (DNS) translates hostnames to IP addresses, fulfilling acriticalrole in the Internet infrastructure. In this lab, we’ll take a closer look at theclient side ofDNS. Recall that the client’s role in the DNS is relatively simple – a clientsends a queryto its local DNS server, and receives a response back. Much can go on“under thecovers,” invisible to the DNS clients, as the hierarchical DNS serverscommunicate witheach other to either recursively or iteratively resolve the client’sDNS query. From theDNS client’s standpoint, however, the protocol is quite simple – aquery is formulated tothe local DNS server and a response is received from thatserver.ObjectivesLab1 – nslookupLab2 – ipconfigLab3 – Tracing DNS with WiresharkImportant NoteProvide snapshots to all your work.DisclaimerAll the Wireshark labs are from the “Computer Networking - A Top Down Approach, 6thedition”, a book I highly recommend if you want to understand how the TCP/IP andotherprotocols work.
Lab1 – nslookupIn this lab, we’ll make extensive use of the nslookup tool, which is available in mostLinux/Unix and Microsof platforms today. To run nslookup in Linux/Unix, you just typethe nslookup command on the command line. To run it in Windows, open theCommandPrompt and run nslookup on the command line.In it is most basic operation, nslookup tool allows the host running the tool to queryanyspecified DNS server for a DNS record. The queried DNS server can be a root DNSserver,a top-level-domain DNS server, an authoritative DNS server, or an intermediateDNSserver (see the textbook for definitions of these terms). To accomplish this task,nslookup sends a DNS query to the specified DNS server, receives a DNS reply from thatsame DNS server, and displays the result.The above screenshot shows the results of three independent nslookup commands(displayed in the Windows Command Prompt). In this example, the client host islocatedon the campus of Polytechnic University in Brooklyn, where the default localDNS serveris dns-prime.poly.edu. When running nslookup, if no DNS server isspecified, thennslookup sends the query to the default DNS server, which in this caseis dns-prime.poly.edu. Consider the first command:> nslookup
In words, this command is saying “please send me the IP address for the host”. As shown in the screenshot, the response from this command providestwo pieces of information:(1)The name and IP address of the DNS server that provides the answer; and(2)The answer itself, which is the host name and IP address of .