Scribd Logo
Upload

Welcome to Scribd!

  • Lab DNS CS411 Computer Networking

    Uploaded by

    mednour
    2 views4 pages
    This document describes a DNS lab to analyze DNS messages captured during web browsing. The objectives are to familiarize students with tools like nslookup and Wireshark, understand the DNS query and response process, and explore the impact of DNS caching. Students will clear caches, capture DNS traffic for a website using Wireshark, analyze the queries and responses, and use nslookup to make DNS queries.

    Original Description:

    Network

    Original Title

    Lab DNS CS411 Computer Networking (3)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document describes a DNS lab to analyze DNS messages captured during web browsing. The objectives are to familiarize students with tools like nslookup and Wireshark, understand the DNS query and response process, and explore the impact of DNS caching. Students will clear caches, capture DNS traffic for a website using Wireshark, analyze the queries and responses, and use nslookup to make DNS queries.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views4 pages

    Lab DNS CS411 Computer Networking

    Uploaded by

    mednour
    This document describes a DNS lab to analyze DNS messages captured during web browsing. The objectives are to familiarize students with tools like nslookup and Wireshark, understand the DNS query and response process, and explore the impact of DNS caching. Students will clear caches, capture DNS traffic for a website using Wireshark, analyze the queries and responses, and use nslookup to make DNS queries.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    DNS Lab: Capturing DNS Messages

    Labed Abdeldjalil
    October 5, 2023

    Objectives
    The objectives of this lab are:

    • To familiarize yourself with the use of tools like nslookup and Wireshark
    for DNS analysis.
    • To understand the process of capturing and analyzing DNS messages gen-
    erated during web-surfing activities.
    • To explore the structure of DNS queries and responses and identify key
    information within them.

    • To investigate the impact of DNS caching on web page retrieval.

    1 Overview
    nslookup is command line, which will invoke the underlying DNS services to
    implement its functionality. The nslookup command is available in most Mi-
    crosoft, Apple IOS, and Linux operating systems. To run nslookup you just
    type the nslookup command on the command line in a DOS window, Mac IOS
    terminal window, or Linux shell.
    In its most basic operation, nslookup allows the host running nslookup to
    query any specified DNS server for a DNS record. The queried DNS server can
    be a root DNS server, a top-level-domain (TLD) DNS server, an authoritative
    DNS server, or an intermediate DNS server. For example, nslookup can be used
    to retrieve a “Type=A” DNS record that maps a hostname (e.g., www.nyu.edu)
    to its IP address. To accomplish this task, nslookup sends a DNS query to the
    specified DNS server (or the default local DNS server for the host on which
    nslookup is run, if no specific DNS server is specified), receives a DNS response
    from that DNS server, and displays the result.

    1
    1.1 The DNS cache on your computer
    Most hosts (e.g., your personal computer) keep a cache of recently retrieved DNS
    records (sometimes called a DNS resolver cache), just like many Web browsers
    keep a cache of objects recently retrieved by HTTP. When DNS services need
    to be invoked by a host, that host will first check if the DNS record needed is
    resident in this host’s DNS cache; if the record is found, the host will not even
    bother to contact the local DNS server and will instead use this cached DNS
    record.
    You can also explicitly clear the records in your DNS cache. There’s no
    harm in doing so – it will just mean that your computer will need to invoke
    the distributed DNS service next time it needs to use the DNS name resolution
    service, since it will find no records in the cache. On a Mac computer, you can
    enter the following command into a terminal window to clear your DNS resolver
    cache: sudo killall -HUP mDNSResponder On Windows computer you can enter
    the following command at the command prompt: ipconfig /flushdns and on a
    Linux computer, enter: sudo systemd-resolve –flush-caches

    DNS Lab
    Part 1: Capturing DNS Messages from Web-Surfing Activ-
    ity
    1. Clear DNS Cache and Browser Cache:
    • Clear the DNS cache on your host.
    • Clear your browser cache.
    2. Capture DNS Messages:
    • Open Wireshark.
    • Enter in the filter ip.addr == <your IP address> into the display
    filter.
    • Start packet capture.
    • Visit the Web page: https://smu.tn.
    • Stop packet capture.

    Questions:
    1. DNS Query Message:
    • Locate the first DNS query for smu.tn.
    • Packet number in the trace.
    • Sent over UDP or TCP?
    2. DNS Response:

    2
    • Locate the corresponding DNS response.
    • Packet number in the trace.
    • Received via UDP or TCP?

    3. DNS Ports:
    • Destination port for the DNS query.
    • Source port of the DNS response.
    4. DNS Query Destination IP:

    • To what IP address is the DNS query message sent?


    5. DNS Query Message:
    • Number of ”questions.”
    • Number of ”answers.”

    6. DNS Response Message:


    • Number of ”questions.”
    • Number of ”answers.”
    7. HTTP Requests:

    • Packet number for the initial HTTP GET request.


    • Packet number for DNS query resolving smu.tn.
    • Packet number for the received DNS response.
    • Discuss DNS caching.

    Part 2: Playing with nslookup


    1. Start Packet Capture:
    • Start packet capture.

    2. nslookup on www.smu.tn:
    • Perform an nslookup on www.smu.tn.
    3. Stop Packet Capture:

    • Stop packet capture.

    3
    Questions:
    1. DNS Query Ports:

    • Destination port for the DNS query.


    • Source port of the DNS response.
    2. DNS Query IP:
    • To what IP address is the DNS query message sent?
    • Is this the IP address of your default local DNS server?
    3. DNS Query Type A:
    • Type of DNS query.
    • Does the query message contain any ”answers”?

    4. DNS Response:
    • Number of ”questions.”
    • Number of ”answers.”

    Part 3: nslookup for Type NS DNS Record


    1. Execute nslookup Command:
    • Enter the following command: nslookup {type=NS smu.tn.

    Questions:
    1. DNS Query IP:
    • To what IP address is the DNS query message sent?
    • Is this the IP address of your default local DNS server?

    2. DNS Query Message:


    • Number of questions.
    • Does the query message contain any ”answers”?
    3. DNS Response:

    • Number of answers.
    • Information in the answers.
    • Number of additional resource records.
    • Information in additional resource records.

    You might also like