Scribd
Upload
96 views13 pages

Wireshark Lab 2b: I Used Nslookup On

The document contains the answers to questions from a student's (Trương Anh Bảo, MSSV: 1811550) Wireshark lab. The student ran nslookup commands to find: - The IP address 202.214.115.96 for a web server in Asia (www.gundam.jp) - The authoritative DNS server primary.dns.cam.ac.uk for the University of Cambridge in Europe - The IP address 119.161.8.12 for Yahoo mail servers when querying one of the Cambridge DNS servers - DNS queries and responses are sent via UDP - Destination port 53 for queries and source port 53 for responses

Uploaded by

Truonganh Bao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
96 views13 pages

Wireshark Lab 2b: I Used Nslookup On

The document contains the answers to questions from a student's (Trương Anh Bảo, MSSV: 1811550) Wireshark lab. The student ran nslookup commands to find: - The IP address 202.214.115.96 for a web server in Asia (www.gundam.jp) - The authoritative DNS server primary.dns.cam.ac.uk for the University of Cambridge in Europe - The IP address 119.161.8.12 for Yahoo mail servers when querying one of the Cambridge DNS servers - DNS queries and responses are sent via UDP - Destination port 53 for queries and source port 53 for responses

Uploaded by

Truonganh Bao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Tên:Trương Anh Bảo

MSSV:1811550

Wireshark Lab 2b
1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that
server?
Answer: I used nslookup on http://www.gundam.jp.

The IP address of the server is 202.214.115.96.


2. Run nslookup to determine the authoritative DNS servers for a university in Europe.

Answer: University of Cambridge was the target of this nslookup at http://www.cam.ac.uk.

The authoritative DNS server for Cambridge is primary.dns.cam.ac.uk.

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail
servers for Yahoo! mail. What is its IP address?

Answer: The IP address is 119.161.8.12.


4. Locate the DNS query and response messages. Are then sent over UDP or TCP?

Answer: DNS query:

DNS respone message:


Both are sent via UDP.
5. What is the destination port for the DNS query message? What is the source port of DNS
response message?
Answer: The destination port for the DNS query message and source port of DNS respone
message is 53
6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of
your local DNS server. Are these two IP addresses the same?

Answer: The DNS query message was sent to 10.40.4.44. This is the same IP address as the local
DNS server.
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
Answer: This query was a type A query. It did not contain any “answers”.

8. Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?
Answer: There were 2 answers. The first one contains information about the canonical name,
type, class, TTL, data length, cname. The second one contains information about the name of
the host, the type of address, class, the TTL, the data length and the IP address.

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of
the SYN packet correspond to any of the IP addresses provided in the DNS response message?
Answer: The destination of the SYN packet is 4.31.198.44, the same address that was provided
in the DNS response message as the type “A” address of the webpage.

10. This web page contains images. Before retrieving each image, does your host issue new DNS
queries?
Answer: No, my your host doesn’t issue new DNS queries before retrieving each image.
11. What is the destination port for the DNS query message? What is the source port of DNS
response message?
Answer: The destination port for the DNS query message is port 53. The source port of the DNS
response message is also port 53.
12. To what IP address is the DNS query message sent? Is this the IP address of your default local
DNS server?
Answer: The DNS query message is sent to IP 27.0.12.186. This is the same IP address of my local
DNS server.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
Answer: The DNS query message is a type “A” query, containing only one question and not
containing any answers.
14. Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?
Answer: The response message contains 3 answers: the first 2 answers contain information on 2
authoritative nameservers , the last answer contains type “A” address of http://www.mit.edu or
184.26.196.231.

15. Provide a screenshot


Answer:

16. To what IP address is the DNS query message sent? Is this the IP address of your default local
DNS server?
Answer: The IP address that the DNS query message is sent to 27.0.12.186, which is the same as
my local DNS server.
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
Answer: The DNS query is a type “NS” message including one question. The query message did
not contain any answers.

18. Examine the DNS response message. What MIT nameservers does the response message
provide? Does this response message also provide the IP addresses of the MIT namesers?
Answer: The response message provides 6 MIT nameservers with 9 addresses (include AAAA
IPv6 addresses): eur5.akam.net [23.74.25.64], asia1.akam.net [95.100.175.64], use5.akam.net
[2.16.40.64], use5.akam.net (AAAA IPv6 address) [2600:1403:a::40],
usw2.akam.net[184.26.161.64], ns1-173.akam.net[193.108.91.173], ns1-173.akam.net (AAAA
IPv6 address) [2600:1401:2::ad], ns1-37.akam.net[193.108.91.37], ns1-37.akam.net (AAAA IPv6
address) [2600:1401:2::25]. The IP addresses for the nameservers was included under the
additional records category sent back as part of the response message.

19. Provide a screenshot


Answer:

20. To what IP address is the DNS query message sent? Is this the IP address of your default local
DNS server? If not, what does the IP address correspond to?

Answer: This DNS query message is sent to 18.0.72.3, which is the IP address of the MIT DNS
response sender.
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
Answer: This DNS query is a type “A” query. The message does not contain any answers.

22. Examine the DNS response message. How many “answers” are provided? What does each of
these answers contain?
Answer: It only provided one “answer” containing the servers IP address.
23. Provide a screenshot.
Answer:

You might also like