Scribd
Upload
24 views12 pages

2252280 - Nguyễn Tiến Hưng - lab3c

The report details a series of DNS queries and responses conducted using nslookup and Wireshark. Key findings include the IP addresses of various servers, the types of DNS queries, and the nature of the responses received. The document also highlights the use of specific trace files for analysis and the consistency of local DNS server addresses.

Uploaded by

nguyentrieuhanh275
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views12 pages

2252280 - Nguyễn Tiến Hưng - lab3c

The report details a series of DNS queries and responses conducted using nslookup and Wireshark. Key findings include the IP addresses of various servers, the types of DNS queries, and the nature of the responses received. The document also highlights the use of specific trace files for analysis and the consistency of local DNS server addresses.

Uploaded by

nguyentrieuhanh275
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Report Lab 3b Wireshark DNS V8

Computer Network
Student’s name: Nguyễn Tiến Hưng; ID: 2252280

I. nslookup.
1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that
server?

- The IP address of Tuoi Tre server is: 14.225.199.147

2. Run nslookup to determine the authoritative DNS servers for a university in Europe.

- Since it return 2 authoritative answer. We query one of them 1 more times to ensure it really
authoritative answer.
3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail
servers for Yahoo! mail. What is its IP address?

- I do all 2 address that it returned. And both of them don’t provide me the answer.

II. Ipconfig
III. Tracing DNS with Wireshark

First thing when doing this section, because the network I use are running for a lot of
devices. It sends a lot of messages also, so I cannot catch the right moment to do this
section exercise. So that I will use the wireshark pcap of the author.

I will use the dns-ethereal-trace-1 file which is provided from the author.

4. Locate the DNS query and response messages. Are then sent over UDP or TCP?

- They were sent by: User Datagram Protocol (UDP)


5. What is the destination port for the DNS query message? What is the source port of DNS
response message?

- Destination Port DNS query: 53

- Source Port DNS response: 53

6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address
of your local DNS server. Are these two IP addresses the same?
(this section I will use my network and specific for dns, but please remember I cannot catch the
whole Network why The ACK TCP later, so I just do this exercise 6 with my local tracer)

- IPv6 address DNS query message: 2001:ee0:23::23


- IPv6 address in local DNS server: 2001:ee0:23::23

- So that they are the same.

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?

- The Type of DNS query: A


- The query does not contain any answer.
8. Examine the DNS response message. How many “answers” are provided? What
do each of these answers contain?

- There are 2 answers.


- Each of them contains the address for the www.ietf.org (Which is 132.151.6.75 and 65.246.255.51)

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address
of the SYN packet correspond to any of the IP addresses provided in the DNS response
message?

- Yes, the destination IP address does correspond to 132.151.6.75 (Which is 1 of 2 IP address


provided in the DNS response message).

10. This web page contains images. Before retrieving each image, does your host issue new DNS
queries

- No because when you have the IP address of the www.ietf.org . Your computer just communicates
directly to the webpage to get the image.
- We can see that there is no DNS protocol later.
IV/ Nslookup:

This section I will use the trace file dns-ethereal-trace-2 from the author

11. What is the destination port for the DNS query message? What is the source port of DNS
response message?

- The destination port for the DNS query message: 53


- The source port of DNS response message: 53

12. To what IP address is the DNS query message sent? Is this the IP address of your
default local DNS server
(this section I will use my network and specific for dns, but please remember I cannot catch the
whole Network why The ACK TCP later, so I just do this exercise 12 with my local tracer)

- The source IP address DNS query message sent is: 2001:ee0:23::23 and is the same with my default
local DNS server.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
- The Type of DNS query: type A.
- The query message does not contain any answer.

14. Examine the DNS response message. How many “answers” are provided? What do each of
these answers contain?
- There is 1 answer provided. It contains the IP address answer for www.mit.edu . Which is
18.7.22.83
15. Provide a screenshot.

- I have already given the screenshot and highlight the important part in the image above.

IV/ Nslookup –type=NS mit.edu

This section I will use the trace file dns-ethereal-trace-3 from the author

16. To what IP address is the DNS query message sent? Is this the IP address of your
default local DNS server?
(this section I will use my network and specific for dns, but please remember I cannot catch the
whole Network why The ACK TCP later, so I just do this exercise 16 with my local tracer)

- The IP address the DNS query message sent is: 2001:ee0:23::23.


- And that also the IP address of my default local DNS server.
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
- The Type of DNS query is: Type NS
- The query message does not contain any answer.

18. Examine the DNS response message. What MIT nameservers does the response message
provide? Does this response message also provide the IP addresses of the MIT namesers?

- MIT nameservers does response 3 message provide: bitsy.mit.edu; strawb.mit.edu; w20ns.mit.edu.


- This response does not provide nay IP address.
19. Provide a screenshot.

- I have already given the screenshot and highlight the important part in the image above.

V/ Nslookup www.aiit.or.kr bitsy.mit.edu.

This section I will use the trace file dns-ethereal-trace-4 from the author

20. To what IP address is the DNS query message sent? Is this the IP address of your default
local DNS server? If not, what does the IP address correspond to?
(this section I will use my network and specific for dns, but please remember I cannot catch the
whole Network why The ACK TCP later, so I just do this exercise 20 with my local tracer)

- The IP address that the DNS query message sent is: 18.0.72.3.
- And that is not the same with the IP address of my default local DNS server. (Since no IP address
from the 4 DNS server of my local the same with it)
- The IP address corresponds to bitsy.mit.edu.
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contains any “answers”?
- The Type of the DNS query is: Type A.
- It does not contains any answer.

22. Examine the DNS response message. How many “answers” are provided? What does each of
these answers contain?

- There is 1 answer provided.


- That is the IP address of www.aiit.or.kr .Which is 218.36.94.200
23. Provide a screenshot.

- I have already given the screenshot and highlight the important part in the image above.

You might also like