lab 4 answer

8/18/2019 Lab 4 Answer

1/17


2/17

MTN3023

Computer Networking

LAB ,HEET 3 IRE,HAR8 9DN,

Prepared by

NAZRE BIN ABDUL RASHID

SALMAN FIRDAUS BIN HJ. SIDEK

1

Objectives:1. To into!"ce st"!ent #it$ %ies$&' so(t#&e too) (o

*&c'et &n&)+,e.

2. To &n&)+,e DNS *otoco) "se! in &**)ic&tion )&+e

Inst"ction:

In t$is )&b &ctivit+ st"!ents #i)) "se %ies$&' so(t#&e

too) to st"!+ t$e &**)ic&tion )&+e *otoco) o( DNS.


3/17

So(t#&e Use!:%ies$&'

NAZRE BIN ABDUL RASHID

SALMAN FIRDAUS BIN HJ. SIDEK

-! A*i) /01

2

Wireshark Lab: DNS

Version: 2.0

© 2007 J.F. Kurose, K.W. Ross. All Rih!s Reser"e#


4/17

Computer Networking: A Topdown Approach, 4th edition.

As described in Section 2.5 of the textbook, the Domain Name System (DNS) translates

hostnames to IP addresses, flfillin! a critical role in the Internet infrastrctre. In this lab, "e#ll

take a closer look at the client side of DNS. $ecall that the client#s role in the DNS is relati%ely

sim&le ' a client sends a query to its local DNS ser%er, and recei%es a response back. As sho"n

in i!res 2.2 and 2.22 in the textbook, mch can !o on *nder the co%ers,+ in%isible to the

DNS clients, as the hierarchical DNS ser%ers commnicate "ith each other to either recrsi%ely

or iterati%ely resol%e the client#s DNS ery. rom the DNS client#s stand&oint, ho"e%er, the

&rotocol is ite sim&le ' a ery is formlated to the local DNS ser%er and a res&onse is

recei%ed from that ser%er.

-efore be!innin! this lab, yo#ll &robably "ant to re%ie" DNS by readin! Section 2.5 of the

text. In &articlar, yo may "ant to re%ie" the material on local DNS servers, DNS caching,

DNS records and messages, and the TYPE field in the DNS record.

$. nslooku%

In this lab, "e#ll make extensi%e se of the nslookup tool, "hich is a%ailable in most inx/0nix

and 1icrosoft &latforms today. o rn nslookup in inx/0nix, yo 3st ty&e the nslookup

command on the command line. o rn it in 4indo"s, o&en the ommand Prom&t and rn

nslookup on the command line.

In it is most basic o&eration, nslookup tool allo"s the host rnnin! the tool to ery any s&ecified

DNS ser%er for a DNS record. he eried DNS ser%er can be a root DNS ser%er, a to&6le%el6

domain DNS ser%er, an athoritati%e DNS ser%er, or an intermediate DNS ser%er (see the

textbook for definitions of these terms). o accom&lish this task, nslookup sends a DNS ery to

the s&ecified DNS ser%er, recei%es a DNS re&ly from that same DNS ser%er, and dis&lays thereslt.


5/17

he abo%e screenshot sho"s the reslts of three inde&endent nslookup commands (dis&layed in

the 4indo"s ommand Prom&t). In this exam&le, the client host is located on the cam&s of

Polytechnic 0ni%ersity in -rooklyn, "here the defalt local DNS ser%er is dns6&rime.&oly.ed.

4hen rnnin! nslookup, if no DNS ser%er is s&ecified, then nslookup sends the ery to the

defalt DNS ser%er, "hich in this case is dns&rime.&oly.ed. onsider the first command7

nslookup www.mit.edu

In "ords, this command is sayin! *Please send me the IP address for the host """.mit.ed.+ As

sho"n in the screenshot, the res&onse from this command &ro%ides t"o &ieces of information7

() the name and IP address of the DNS ser%er that &ro%ides the ans"er8 and (2) the ans"er

itself, "hich is the host name and IP address of """.mit.ed. Altho!h the res&onse came from

the local DNS ser%er at Polytechnic 0ni%ersity, it is ite &ossible that this local DNS ser%er

iterati%ely contacted se%eral other DNS ser%ers to !et the ans"er, as described in Section 2.5 of

the textbook.

No" consider the second command7

nslookup –type=NS mit.edu

In this exam&le, "e ha%e &ro%ided the o&tion *6ty&e9NS+ and the domain *mit.ed+. his cases

nslookup to send a ery for a ty&e6NS record to the defalt local DNS ser%er. In "ords, the

ery is sayin!, *Please send me the host names of the athoritati%e DNS for mit.ed.+ (4hen

the 'ty&e o&tion is not sed, nslookup ses the defalt, "hich is to ery for ty&e A records8 see

Section 2.5.: in the text.) he ans"er, dis&layed in the abo%e screenshot, first indicates the DNS

ser%er that is &ro%idin! the ans"er ("hich is the defalt local DNS ser%er) alon! "ith three 1I


6/17

name ser%ers. ;ach of these ser%ers is indeed an athoritati%e DNS ser%er for the hosts on the

1I cam&s.


7/17

2. $n nslookup to determine the athoritati%e DNS ser%ers for a ni%ersity in ;ro&e.

:. $n nslookup so that one of the DNS ser%ers obtained in ?estion 2 is eried for the

mail ser%ers for @ahoo mail.


8/17

2. i%&on'i

ipconfig (for 4indo"s) and ifconfig (for inx/0nix) are amon! the most sefl little tilities in

yor host, es&ecially for deb!!in! net"ork isses.


9/17


10/17


11/17

This DNS response message provided only one answer. The answer contains

the address of the website that it was queried for.

L. onsider the sbseent P S@N &acket sent by yor host. Does the destination IP

address of the S@N &acket corres&ond to any of the IP addresses &ro%ided in the DNS

res&onse messa!eH

The destination IP address of the SYN packet corresponds to the address

provided by the DNS response, 12.22.58.30.

M. his "eb &a!e contains ima!es. -efore retrie%in! each ima!e, does yor host isse ne"

DNS eriesH

Yes, the host issues new DNS queries for each image.


12/17

No" let#s &lay "ith nslookup2.

+ Start &acket ca&tre.

+ Do an nslookup on """.mit.ed

+ Sto& &acket ca&tre.

@o shold !et a trace that looks somethin! like the follo"in!7

4e see from the abo%e screenshot that nslookup actally sent three DNS eries and recei%ed

three DNS res&onses. or the &r&ose of this assi!nment, in ans"erin! the follo"in! estions,

i!nore the first t"o sets of eries/res&onses, as they are s&ecific to nslookup and are not

normally !enerated by standard Internet a&&lications. @o shold instead focs on the last ery

and res&onse messa!es.

. 4hat is the destination &ort for the DNS ery messa!eH 4hat is the sorce &ort of DNS

res&onse messa!eH

2 If yo are nable to rn 4ireshark and ca&tre a trace file, se the trace file dns6ethereal6trace6

2 in the >i& file htt&7//!aia.cs.mass.ed/"ireshark6labs/"ireshark6traces.>i&


13/17

The destination port for the DNS query message is port 53. The source port of

the DNS response message is also port 53.

2. o "hat IP address is the DNS ery messa!e sentH Is this the IP address of yor defalt

local DNS ser%erH

The DNS query message is sent to IP 10.40.4.44. This is the same IP address ofmy local DNS server.

:. ;xamine the DNS ery messa!e. 4hat *y&e+ of DNS ery is itH Does the ery

messa!e contain any *ans"ers+H

This message is of type PTR. This query contains no answers.

G. ;xamine the DNS res&onse messa!e.


14/17

No" re&eat the &re%ios ex&eriment, bt instead isse the command7

nslookup –type=NS mit.edu

Ans"er the follo"in! estions: 7

. o "hat IP address is the DNS ery messa!e sentH Is this the IP address of yor defalt

local DNS ser%erH

The IP address that the DNS query message is sent to 10.40.4.44, which is the

same as my local DNS server.

J. ;xamine the DNS ery messa!e. 4hat *y&e+ of DNS ery is itH Does the ery


: If yo are nable to rn 4ireshark and ca&tre a trace file, se the trace file dns6ethereal6trace6

: in the >i& file htt&7//!aia.cs.mass.ed/"ireshark6labs/"ireshark6traces.>i&


15/17

There is also two type NS DNS queries that contain no answers.

K. ;xamine the DNS res&onse messa!e. 4hat 1I name ser%ers does the res&onse messa!e

&ro%ideH Does this res&onse messa!e also &ro%ide the IP addresses of the 1I name

ser%ersH

It provideshttp://www.mit.edu andhttp://www.mit.edu.edgekey.net. This response

message does not include IP addresses.

L. Pro%ide a screenshot.

http://www.mit.edu/http://www.mit.edu.edgekey.net/http://www.mit.edu/http://www.mit.edu.edgekey.net/


16/17

No" re&eat the &re%ios ex&eriment, bt instead isse the command7

nslookup www.aiit.or.kr bitsy.mit.edu

Ans"er the follo"in! estionsG7

2M. o "hat IP address is the DNS ery messa!e sentH Is this the IP address of yor defaltlocal DNS ser%erH If not, "hat does the IP address corres&ond toH

The DNS query message is sent to 18.72.0.3 which is not the same as my

local DNS server. This IP address corresponds towww.aiit.or.kr.

G If yo are nable to rn 4ireshark and ca&tre a trace file, se the trace file dns6ethereal6trace6

G in the >i& file htt&7//!aia.cs.mass.ed/"ireshark6labs/"ireshark6traces.>i&

http://www.aiit.or.kr/http://www.aiit.or.kr/


17/17

2. ;xamine the DNS ery messa!e. 4hat *y&e+ of DNS ery is itH Does the ery


The DNS query message is a Domain name pointer, type PTR, and does not

contain any answers

22. ;xamine the DNS res&onse messa!e.

lab 4 answer

Documents