Wireshark-DNS-Solution-July-22-2007

WiresharkLab:DNSPART11.RunnslookuptoobtaintheIPaddressofaWebserverinAsia.Iperformednslookupfor!mail.Screenshottakenafterquestion3PART3aScreenshotforDNSqueryScreenshotforDNSresponse4.LocatetheDNSqueryandresponsemessages.ArethensentoverUDPorTCP?TheyaresentoverUDP5.WhatisthedestinationportfortheDNSquerymessage?WhatisthesourceportofDNSresponsemessage?ThedestinationportfortheDNSqueryis53andthesourceportoftheDNSresponseis53.Screenshotforipconfig–all6.TowhatIPaddressistheDNSquerymessagesent?UseipconfigtodeterminetheIPaddressofyourlocalDNSserver.ArethesetwoIPaddressesthesame?It’ssentto192.168.1.1whichistheIPaddressofoneofmylocalDNSservers.7.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?Doesthequerymessagecontainany“answers”?It’satypeAStandardQueryanditdoesn’tcontainanyanswers.8.ExaminetheDNSresponsemessage.Howmany“answers”areprovided?Whatdoeachoftheseanswerscontain?Therewere2answerscontaininginformationaboutthenameofthehost,thetypeofaddress,class,theTTL,thedatalengthandtheIPaddress.Answers:(Hostaddress)Class:IN(0x0001)Timetolive:30minutesDatalength:4Addr:209.173.57.180:(Hostaddress)Class:IN(0x0001)Timetolive:30minutesDatalength:4Addr:209.173.53.1809.ConsiderthesubsequentTCPSYNpacketsentbyyourhost.DoesthedestinationIPaddressoftheSYNpacketcorrespondtoanyoftheIPaddressesprovidedintheDNSresponsemessage?ThefirstSYNpacketwassentto209.173.57.180whichcorrespondstothefirstIPaddressprovidedintheDNSresponsemessage.10.Thiswebpagecontainsimages.Beforeretrievingeachimage,doesyourhostissuenewDNSqueries?NoPART3bScreenshotforDNSqueryScreenshotforDNSresponse11.WhatisthedestinationportfortheDNSquerymessage?WhatisthesourceportofDNSresponsemessage?ThedestinationportoftheDNSqueryis53andthesourceportoftheDNSresponseis53.12.TowhatIPaddressistheDNSquerymessagesent?IsthistheIPaddressofyourdefaultlocalDNSserver?It’ssentto192.168.1.1whichaswecanseefromtheipconfig–allscreenshot,isthedefaultlocalDNSserver.13.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?Doesthequerymessagecontainany“answers”?ThequeryisoftypeAanditdoesn’tcontainanyanswers.14.ExaminetheDNSresponsemessage.Howmany“answers”areprovided?Whatdoeachoftheseanswerscontain?TheresponseDNSmessagecontainsoneanswercontainingthenameofthehost,thetypeofaddress,theclass,andtheIPaddress.Answers:(Hostaddress)Class:IN(0x0001)Timetolive:1minuteDatalength:4Addr:18.7.22.8315.Provideascreenshot.PART3cScreenshotforDNSresponse16.TowhatIPaddressistheDNSquerymessagesent?IsthistheIPaddressofyourdefaultlocalDNSserver?Itwassentto128.238.29.22whichismydefaultDNSserver.17.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?Doesthequerymessagecontainany“answers”?It’satypeNSDNSquerythatdoesn’tcontainanyanswers.18.ExaminetheDNSresponsemessage.WhatMITnameserversdoestheresponsemessageprovide?DoesthisresponsemessagealsoprovidetheIPaddressesoftheMITnameservers?Thenameserversarebitsy,strawbandw20ns.WecanfindtheirIPaddressesifweexpandtheAdditionalrecordsfieldinWiresharkasseenbelow.Answersmit.edu:typeNS,classinet,nsbitsy.mit.edumit.edu:typeNS,classinet,nsstrawb.mit.edumit.edu:typeNS,classinet,nsw20ns.mit.eduAdditionalrecordsbitsy.mit.edu:typeA,classinet,addr18.72.0.3strawb.mit.edu:typeA,classinet,addr18.71.0.151w20ns.mit.edu:typeA,classinet,addr18.70.0.16019.Provideascreenshot.PART3dScreenshotforDNSresponse20.TowhatIPaddressistheDNSquerymessagesent?IsthistheIPaddressofyourdefaultlocalDNSserver?Ifnot,whatdoestheIPaddresscorrespondto?Thequeryissentto18.72.0.3whichcorrespondstobitsy.mit.edu.21.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?Doesthequerymessagecontainany“answers”?It’sastandardtypeAquerythatdoesn’tcontainanyanswers.22.ExaminetheDNSresponsemessage.Howmany“answers”areprovided?Whatdoeseachoftheseanswerscontain?OneanswerisprovidedintheDNSresponsemessage.Itcontainsthefollowing:Answers::inetTimetolive:1hourDatalength:4Addr:222.106.36.10223.Provideascreenshot.