You are on page 1of 9

Lab 3 Wireshark DNS Questions and Answers

COMP400
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
UDP
5. What is the destination port for the DNS query message? What is the source port of
DNS response message?
Destination port is 53
Source port is 57808
6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP
address of your local DNS server. Are these two IP addresses the same?
IP address DNS query message sent to is 104.8.150.75
Address of local DNS servers

Therefore, the two IP addresses is the same
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?
It is a standard query, type A query
8. Examine the DNS response message. How many “answers” are provided? What do
each of these answers contain?
3 answers were provided.

It contains the address of the website that was queried.
9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP
address of the SYN packet correspond to any of the IP addresses provided in the DNS
response message?

Destination IP address is 104.20.1.85 and it does correspond to the address provided by the
DNS response.

10. This web page contains images. Before retrieving each image, does your host issue new
DNS queries?
Yes
11. What is the destination port for the DNS query message? What is the source port of
DNS response message?
Destination port for the DNS query message is 53

12. To what IP address is the DNS query message sent? Is this the IP address of your
default local DNS server?

The IP address in the DNS query message is 10.8.150.75 which is the IP address of the local
DNS server.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?

It contained no answers. It is a type A DNS query
14. Examine the DNS response message. How many “answers” are provided? What do
each of these answers contain?
There are three answers provided

It contains information on the name and ip addresses, TOL and data length
15. Provide a screenshot. Now repeat the previous experiment, but instead issue the
command:
nslookup –type=NS mit.edu Answer the following questions5 :

16. To what IP address is the DNS query message sent? Is this the IP address of your
default local DNS server?

IP address is 10.8.150.75 , which is the IP address for the local DNS server
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?
This is s type NS DNS query. It contains 8 answers.

18. What MIT nameservers does the response message provide? Does this response
message also provide the IP addresses of the MIT namesers?

It provides the following nameservers:
1.
2.
3.
4.
5.
6.
7.
8.

use5.akam.net
eur5.akam.net
ns1-173.akam.net
ns1-37.akam.net
use2.akam.net
asia2.akam.net
asia1.akam.net
usw2.akam.net

it does not provide IP addresses.
19. Provide a screenshot. Now repeat the previous experiment, but instead issue the
command:
nslookup www.aiit.or.kr bitsy.mit.edu
Answer the following questions6:
20. To what IP address is the DNS query message sent? Is this the IP address of your
default local DNS server? If not, what does the IP address correspond to?
The destination IP address of the DNS query is 18.72.0.3, which is not the local DNS server. It
probably corresponds to bitsy.mit.edu.
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?
This is s type PTR query

22. Examine the DNS response message. How many “answers” are provided? What does
each of these answers contain?
There were no responses received.
23. Provide a screenshot.

5