Scribd
Upload
207 views

Lab - 2b - Wireshark - DNS - v8.0.pdf: Www. Baomoi

This document summarizes the results of running various nslookup commands to explore DNS queries and responses. It shows: 1. The IP address returned for www.baomoi.com is 118.102.1.125. The authoritative DNS servers for the University of Valencia are listed but no mail servers were returned for Yahoo Mail. 2. A DNS query for www.ietf.org was sent over UDP, with destination port 53 and response source port 53. The response included 3 IP addresses. 3. Nslookups for www.mit.edu and with type=NS mit.edu were examined, showing destination servers and response contents.

Uploaded by

Nguyễn Văn Quốc
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
207 views

Lab - 2b - Wireshark - DNS - v8.0.pdf: Www. Baomoi

This document summarizes the results of running various nslookup commands to explore DNS queries and responses. It shows: 1. The IP address returned for www.baomoi.com is 118.102.1.125. The authoritative DNS servers for the University of Valencia are listed but no mail servers were returned for Yahoo Mail. 2. A DNS query for www.ietf.org was sent over UDP, with destination port 53 and response source port 53. The response included 3 IP addresses. 3. Nslookups for www.mit.edu and with type=NS mit.edu were examined, showing destination servers and response contents.

Uploaded by

Nguyễn Văn Quốc
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

MSSV: 1914864

Name: Nguyễn Văn Quốc


Lab_2b_Wireshark_DNS_v8.0.pdf
1. Part 1:nslookup
Question 1: Run nslookup to obtain the IP address of a Web server in Asia.
What is the IP address of that server?
I use nslookup command to obtain the www.baomoi.com.

The IP address of www.baomoi.com. server is 118.102.1.125


Question 2: Run nslookup to determine the authoriative DNS servers for a
university in Europe.
I used nslookup to find out the University of Valencia in Spain. Its IP address is
2001:ee0:23::23

Question 3: Run nslookup so that one of the DNS servers obtained in Question
2 is queried for the mail servers for Yahoo! Mail. What is its IP address?

The list of website did’t indicate the IP address of the mail servers for Yahoo!
Mail.
2. Part 2:http://www.ietf.org
Query

Response:

Question 4: Locate the DNS query and response messages. Are then sent over
UDP or TCP?
They are sent over UDP.

Question 5: What is the destination port for the DNS query message? What is
the source port of DNS response message?
The destination port for the DNS query is 53 and the source port of the DNS
response is 53.

Question 6: To what IP address is the DNS query message sent? Use ipconfig
to determine the IP address of your local DNS server. Are these two IP
addresses the same?
It’s sent to 123.23.23.23, which is the IP address of one of my local DNS
servers

Question 7. Examine the DNS query message. What “Type” of DNS query is
it? Does the query message contain any “answers”?
It’s a type A Standard Query and it doesn’t contain any answers.

Question 8. Examine the DNS response message. How many “answers” are
provided? What do each of these answers contain?
There were 3 answers containing information about the name of the host, the
type of address, class, the TTL, the data length and the IP address.
Question 9. Consider the subsequent TCP SYN packet sent by your host. Does
the destination IP address of the SYN packet correspond to any of the IP
addresses provided in the DNS response message?
The first SYN packet was sent to 104.16.45.99 which corresponds to the first
IP address provided in the DNS response message.
Question 10. This web page contains images. Before retrieving each image,
does your host issue new DNS queries?
No.
3. Part 3:nslookup www.mit.edu
Query

Respone query
Question 11. What is the destination port for the DNS query message? What is
the source port of DNS response message?
The destination port of the DNS query is 53 and the source port of the DNS
response is 53.

Question 12. To what IP address is the DNS query message sent? Is this the IP
address of your default local DNS server?
It’s sent to 2001:ee0:23::23 which as we can see from the ipconfig –all
screenshot, is the default local DNS server.

Question 13. Examine the DNS query message. What “Type” of DNS query is
it? Does the query message contain any “answers”?
The query is of type A and it doesn’t contain any answers.
Question 14. Examine the DNS response message. How many “answers” are
provided? What do each of these answers contain?
The response DNS message contains 3 answer containing the name of the host,
the type of address, the class, and the IP address.
4. Part 4:nslookup –type=NS mit.edu
Query

Respone query

Question 16. To what IP address is the DNS query message sent? Is this the IP
address of your default local DNS server?
It was sent to 2001:ee0:23::23 which is my default DNS server.

Question 17: Examine the DNS query message. What “Type” of DNS query is
it? Does the query message contain “answer”?
It’s a type NS DNS query that doesn’t contain any answer.
Question 18. Examine the DNS response message. What MIT nameservers
does the response message provide? Does this response message also provide
the IP addresses 7 of the MIT nameservers?
Answer: The nameservers are usw2, use2, eur5, ns1-173, ns1-37, use5, asia1,
aisa2. We can’t find their IP addresses.
5. Part 5: nslookup www.aiit.or.kr bitsy.mit.edu
I am unable to run Wireshark and capture a trace file, use the trace file dns-
ethereal-trace-4
Query

Respone query

Question 20: To what IP address is the DNS query message sent? Is this the IP
address of your default local DNS server? If not, what does the IP address
correspond to?
The query is sent to 18.0.72.3 which corresponds to bitsy.mit.edu
Question 21. Examine the DNS query message. What “Type” of DNS query is
it? Does the query message contain any “answers”?
It’s a standard type A query that doesn’t contain any answers

Question 22. Examine the DNS response message. How many “answers” are
provided? What does each of these answers contain?
One answer s provided in the DNS response message. It contains the following:

You might also like