Scribd Logo
Upload

Welcome to Scribd!

  • Digital Forensics Lab Report on DNS, HTTP Protocols

    Uploaded by

    T R
    12 views15 pages

    Original Title

    19BCE0493_LABDA3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views15 pages

    Digital Forensics Lab Report on DNS, HTTP Protocols

    Uploaded by

    T R

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    DIGITAL FORENSICS

    LAB DA 3
    Name: Trinav Rattan

    Reg. No.: 19BCE0493

    1. Gather IP address of 5 unique websites, the website should not be in the top 100 websites.

    a. Gather the status code, HTTP version

    b. Which language is used in the server?

    c. When was the HTML-file, that you have retrieved, last modified at the server?

    d. How many bytes of content (size of file) is returned to your browser? Which header line is
    used to indicate this information?

    e. Inspect the contents of the first HTTP GET request from your browser to the server. Is
    there an “IF-MODIFIED-SINCE” header line in the HTTP GET message?

    1st website: (http://barc.gov.in/)


    IP Address: 172.16.176.70

    Server Lang: en-US

    Status Code: 200

    HTTP version: HTTP/1.1

    Last Modified: Wed, 16 Mar 2022 09:23:50 GMT

    Content Size: 48779

    If-modified-since: No
    2nd website: (http://go.com/)

    IP Address: 172.16.176.70

    Server Lang: en-US

    Status Code: 302

    HTTP version: HTTP/1.1

    Last Modified: Not mentioned

    Content Size: 187

    If-modified-since: No
    3rd website: (http://delhijalboard.nic.in/home/delhi-jal-board-djb)

    IP Address: 172.16.176.70

    Server Lang: en-US

    Status Code: 302

    HTTP version: HTTP/1.1

    Last Modified: Not mentioned

    Content Size: Not mentioned

    If-modified-since: No
    4th website: (http://www.jkpsc.nic.in/)

    IP Address: 164.100.239.146

    Server Lang: en-US

    Status Code: 200

    HTTP version: HTTP/1.1

    Last Modified: Not mentioned

    Content Size: 182369 bytes

    If-modified-since: No
    5th website: (http://www.wbpolice.gov.in/)

    IP Address: 172.17.61.167

    Server Lang: en-US

    Status Code: 200

    HTTP version: HTTP/1.1

    Last Modified: Not mentioned

    Content Size: 130473

    If-modified-since: No
    2. What is the IP address of the host?

    IP address of the host: 172.16.176.70

    3. What is the IP address of the router?

    IP address of the router: 172.16.181.228


    4. What protocol is used to resolve the website domain name?

    Protocol used: DNS

    Instead of numeric IP addresses, the Domain Network System (DNS) protocol allows Internet users
    and network devices to find websites by utilising human-readable hostnames.

    5. Which transport layer protocol is used by DNS?

    DNS queries are either normal (primary) or reverse (reverse) and use TCP for zone transfer and UDP
    for name.
    6. Which well-known port is used when contacting the DNS server?

    For all of its UDP actions and as its TCP server port, a DNS server uses the well-known port 53. TCP
    requests are sent to a random port above 1023.

    7. If a packet is highlighted by black, what does it mean for the packet?


    The packets that are marked in black exhibit some sort of problem, such as being out of
    order(error!).

    8. What is the filter command for listing all outgoing http traffic?

    http && ip.src == 172.16.176.70

    The command above initially filters out all http packets before checking their source address, which
    is referred to as host IP in this case. This enables us to monitor incoming http traffic.
    9. Why does DNS use Follow UDP Stream while HTTP use Follow TCP Stream?

    • UDP is far faster than TCP. TCP is slow because it necessitates a three-way handshake. The
    load on DNS servers is also a significant consideration. DNS servers do not need to maintain
    connections because they use UDP.
    • DNS requests are often short and fit nicely into UDP segments.
    • Although UDP is unreliable, application layer reliability can be introduced. By employing a
    timeout and resend at the application layer, an application can use UDP and be dependable.
    DNS uses UDP because it is substantially quicker than TCP because the payload size of the DNS
    protocol is small enough to fit in UDP segments.

    HTTP uses TCP stream because HTTP payloads are substantially larger than DNS payloads, and to
    assure the security of the data delivered.

    10. Using Wireshark, how to capture the password.

    Step 1: Open Wireshark -> start capturing packets

    Step 2: Next, try to login to an unsecure website. The packet capture should be on.

    Step 3: Click on login button.

    Step 4: Type “tcp contains <site name>” or “tcp contains <username>”.

    Step 5: click on packet -> find the username and the password.

    Step 6: Alternate approach- right click on the packet -> select follow > HTTP Stream -> View login
    information.

    You might also like