RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATIONĭomain names in messages are expressed in terms of a sequence of labels.Įach label is represented as a one octet length field followed by that = Answer authenticated: Answer/authority portion was not = Recursion available: Server can do recursive queries = Recursion desired: Do query recursively = Authoritative: Server is not an authority for domain Look for response with no errors Flags: 0x8180 Standard query response, No errorġ. (udp & 0x0f = 0) 8 bytes (0-7) of UDP header + 4th byte in to UDP data = DNS flags low byte (udp & 0x80 != 0) 8 bytes (0-7) of UDP header + 3rd byte in to UDP data = DNS flags high byte (udp port 53) - DNS typically responds from port 53 With a little math, you can do the same thing for UDP. Quit without Saving to discard the captured traffic.There is a Wireshark tool for making TCP capture filters: String-Matching Capture Filter Generator Close Wireshark to complete this activity.Observe the CNAME and A records returned in response to this DNS query.Notice that this is a recursive response. Notice that it is the same dynamic port used to make the DNS query in the first packet. Notice that it is domain (53), the DNS server port. Notice that the destination address is your IP address. Notice that the source address is the DNS server IP address. The destination should be your MAC address and the source should be your local DNS server's MAC address or your default gateway's MAC address. Observe the Destination and Source fields.Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Domain Name System (response) frame. Observe the packet details in the middle Wireshark packet details pane.In the top Wireshark packet list pane, select the next DNS packet, labeled Standard query response CNAME wikiversity.Observe the query for en.Īctivity 3 - Analyze DNS Response Traffic.Notice that a recursive query is requested. Expand Domain Name System (query) to view DNS details.Notice that it is a dynamic port selected for this DNS query. Expand User Datagram Protocol to view UDP details. ![]() ![]() Notice that the destination address is the IP address of the DNS server. Notice that the source address is your IP address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |