Nt1330 Unit 3 Exercise 1 Case Analysis
Bozhidar Mochev
LAB1
NSLOOKUP
1. Run nslookup to obtain the IP address of a Web server in Asia.
2. Run nslookup to determine the authoritative DNS servers for a university in
Europe.
3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail.
I assume that taking screens of IPConfig section 2 of the LAB is pointless, because that’s just too easy and time wasting. Better to skip onto the next one.
Tracing DNS with Wireshark
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
TCP
5. What is the destination port for the DNS query message? What is the source port of DNS response message?
Destination port for the DNS query message is 8080 . …show more content…
Source port of DNS response message is 2636 .
6. To what IP address is the DNS query message sent? Use ipconfig to determine the
IP address of your local DNS server. Are these two IP addresses the same?
12.22.58.30 is IP address the DNS query message sent. But local DNS server is 192.168.0.12
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
It is GET from HTTP request the page of http://www.ietf.org/ , not contain any answer.
8. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
One answer is provided, the answer contain the HTML code of http://www.ietf.org/ webpage.
9. Consider the subsequent TCP SYN packet sent by your host. Does the destination
IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
Yes.
10. This web page contains images. Before retrieving each image, does your
host issue new DNS queries?
Yes.
Now let’s play with nslookup2.
Start packet capture.
Do an nslookup on www.mit.edu
Stop packet capture.
11. What is the destination port for the DNS query message? What is the source port of DNS response message?
The destination port for the DNS query message is 53.
The source port of DNS response message is 2656.
12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
192.168.0.12 is IP address the DNS query message sent. Yes.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: PTR (Domain name pointer) , no.
14. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
4 answers are provided, each contain Authoritative name server of mit.edu .
15. Screenshot above.
nslookup –type=NS mit.edu
16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
209.18.47.61 is IP address the DNS query message sent. Default local DNS server is 192.168.0.12
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: A (Host address), no.
18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the
MIT namesers?
Yes, and Yes.
19. Screenshot above.
nslookup www.aiit.or.kr bitsy.mit.edu
20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If not, what does the IP address correspond to?
18.72.0.3 IP address is the DNS query message sent. The IP address of your default local DNS server is 18.72.0.3
That IP address correspond to BITSY.MIT.EDU .
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: A (Host address), no.
22. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?
2 answer, the answers contain the Authoritative nameserver of www.aiit.or.kr
23. Screenshot above.
LAB1
NSLOOKUP
1. Run nslookup to obtain the IP address of a Web server in Asia.
2. Run nslookup to determine the authoritative DNS servers for a university in
Europe.
3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail.
I assume that taking screens of IPConfig section 2 of the LAB is pointless, because that’s just too easy and time wasting. Better to skip onto the next one.
Tracing DNS with Wireshark
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
TCP
5. What is the destination port for the DNS query message? What is the source port of DNS response message?
Destination port for the DNS query message is 8080 . …show more content…
Source port of DNS response message is 2636 .
6. To what IP address is the DNS query message sent? Use ipconfig to determine the
IP address of your local DNS server. Are these two IP addresses the same?
12.22.58.30 is IP address the DNS query message sent. But local DNS server is 192.168.0.12
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
It is GET from HTTP request the page of http://www.ietf.org/ , not contain any answer.
8. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
One answer is provided, the answer contain the HTML code of http://www.ietf.org/ webpage.
9. Consider the subsequent TCP SYN packet sent by your host. Does the destination
IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
Yes.
10. This web page contains images. Before retrieving each image, does your
host issue new DNS queries?
Yes.
Now let’s play with nslookup2.
Start packet capture.
Do an nslookup on www.mit.edu
Stop packet capture.
11. What is the destination port for the DNS query message? What is the source port of DNS response message?
The destination port for the DNS query message is 53.
The source port of DNS response message is 2656.
12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
192.168.0.12 is IP address the DNS query message sent. Yes.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: PTR (Domain name pointer) , no.
14. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
4 answers are provided, each contain Authoritative name server of mit.edu .
15. Screenshot above.
nslookup –type=NS mit.edu
16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
209.18.47.61 is IP address the DNS query message sent. Default local DNS server is 192.168.0.12
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: A (Host address), no.
18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the
MIT namesers?
Yes, and Yes.
19. Screenshot above.
nslookup www.aiit.or.kr bitsy.mit.edu
20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If not, what does the IP address correspond to?
18.72.0.3 IP address is the DNS query message sent. The IP address of your default local DNS server is 18.72.0.3
That IP address correspond to BITSY.MIT.EDU .
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: A (Host address), no.
22. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?
2 answer, the answers contain the Authoritative nameserver of www.aiit.or.kr
23. Screenshot above.