Scribd
Upload
8 views11 pages

22bit028 CCN Exp3

The document details an experiment on understanding the DNS protocol using Wireshark, explaining how DNS translates domain names to IP addresses through various server types. It outlines the process of capturing and analyzing DNS traffic, including troubleshooting techniques and applications of DNS analysis. Additionally, it includes tasks demonstrating DNS lookups for specific domains, showcasing the results and relevant server information.

Uploaded by

Mit Shah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views11 pages

22bit028 CCN Exp3

The document details an experiment on understanding the DNS protocol using Wireshark, explaining how DNS translates domain names to IP addresses through various server types. It outlines the process of capturing and analyzing DNS traffic, including troubleshooting techniques and applications of DNS analysis. Additionally, it includes tasks demonstrating DNS lookups for specific domains, showcasing the results and relevant server information.

Uploaded by

Mit Shah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Experiment No.

–3
EXPERIMENT TITLE: Understanding DNS protocol using Wireshark.

BRIEF THEORY:

The Domain Name System (DNS) is a hierarchical and decentralized naming system used
to resolve human-readable domain names (e.g., www.google.com) into numerical IP
addresses (e.g., 142.250.190.14). This translation is crucial for computers to communicate
over the internet or private networks.
1. How DNS Works
1. User Request → When a user enters a domain name in a web browser, the computer
sends a DNS query.
2. Recursive and Iterative Queries → The request is forwarded through various DNS
servers:
o Recursive Resolver (queries different DNS servers until an IP is found).
o Root DNS Servers (direct queries to the correct Top-Level Domain (TLD)
server).
o TLD Servers (handle domains like .com, .org, .edu).
o Authoritative DNS Servers (provide the actual IP address for the requested
domain).
3. Response → The IP address is sent back to the user's device, which then establishes
a connection with the target website.
2. DNS Protocol Basics
• Port Numbers → DNS primarily uses UDP port 53 for fast queries and TCP port 53
for large responses (e.g., zone transfers).
• Message Format → A DNS message consists of:
o Header (Transaction ID, flags, query/response info).
o Question Section (requested domain).
o Answer Section (resolved IP address).
o Authority Section (authoritative name servers).
o Additional Section (extra data such as IPs of authoritative servers).

15
3. Capturing DNS Traffic Using Wireshark
Wireshark is a network packet analyzer that captures real-time DNS queries and
responses.
Steps to Capture and Analyze DNS Traffic:
1. Install Wireshark on your system.
2. Start Capturing → Select the active network interface and start capturing packets.
3. Filter DNS Traffic → Apply the dns filter in Wireshark to isolate DNS packets.
4. Generate DNS Queries → Visit websites or use nslookup commands to trigger DNS
requests.
5. Analyze Packets → Check:
o Standard query → DNS request.
o Standard query response → DNS reply containing IP addresses.
4. Key Fields in DNS Packet Analysis
• Transaction ID → Unique identifier linking queries to responses.
• Flags → Indicate recursion, authoritative responses, etc.
• Questions → Domain name being queried.
• Answer Section → Provides the resolved IP address.
• Authority Section → Shows the authoritative name servers.
• Additional Section → Extra data like alternative server IPs.
5. Troubleshooting DNS Issues Using Wireshark
• Check Delays → Identify response times to detect slow queries.
• Identify Errors → Look for error response codes (e.g., NXDOMAIN for non-
existent domains).
• Validate Configuration → Ensure queries are reaching the correct DNS servers.
6. Applications of DNS Analysis
• Understanding domain resolution and network behavior.
• Detecting DNS hijacking or unauthorized queries.
• Diagnosing slow website loading issues due to DNS delays.

16
Tasks & Output:-
TASK 1: IPv4 AND IPv6 ADDRESS FOR www.google.com
SS-1:

This shows the result of a non-authoritative lookup for www.google.com, providing the IPv6 address.

SS-2:

This shows a sequence of DNS queries and responses, likely tracing the lookup process for
www.google.com. It includes standard query responses with IP addresses.

SS-3:

This continues the sequence of DNS queries and responses, including more standard query responses with
IP addresses for various google.com subdomains.

17
SS-4:

This provides additional details on the authoritative nameservers for the google.com domain, including
the primary name server, responsible authority's mailbox, and various time-to-live, refresh, and retry
parameters.

SS-5:

This shows a similar set of authoritative nameserver details, but for the pdeu.local domain instead of
google.com.

SS-6:

This shows the results of a DNS query for www.google.com, including the IPv6 address and other details.
It shows a standard query response with no errors.

18
TASK 2: NO SUCH NAME(NS) FOR www.google.com

SS-1:

The nslookup command is used to query the DNS for www.google.com. The primary name server
(ns1.google.com) and other metadata such as responsible email (dns-admin.google.com), refresh time
(900 seconds), and TTL (60 seconds) are shown.

SS-2:

Displays DNS queries to resolve www.google.com.pdeu.local and www.google.com.


The authoritative nameserver for pdeu.local is pdcpdeu.pdeu.local.
The query includes the Start of Authority (SOA) details for pdeu.local.

19
TASK 3: IPv4 AND IPv6 ADDRESS FOR ALL NAME SERVER RECORDS FOR
www.google.com

SS-1:

The server at IP address 10.30.1.13 is named "pdpudc.pdpu.ac.in"


The DNS servers for google.com are:
• ns2.google.com
• ns1.google.com
• ns4.google.com
• ns3.google.com
The IPv4 addresses for those google.com DNS servers are:
• 216.239.34.10
• 216.239.32.10
• 216.239.38.10
• 216.239.36.10
The AAAA (IPv6) address for the ns3.google.com DNS server is 2001:4860:4802:32::a

SS-2:

20
Standard query responses for www.google.com with name servers like ns1.google.com are listed.
The Time-To-Live (TTL) for the record is approximately 3 days (344,430 seconds).

SS-3:

Additional details about Google's nameservers: ns1.google.com, ns2.google.com, ns3.google.com, and


ns4.google.com.
TTL and class information are provided.

SS-4:

21
Includes A (IPv4) and AAAA (IPv6) records for Google's name servers.
For example, ns1.google.com resolves to 216.239.32.10 (IPv4) and 2001:4860:4802:32::a (IPv6).
TTL values for these records are shown.

22
TASK 4: IPv4 AND IPv6 ADDRESS FOR www.mit.edu

SS-1:

This is a network lookup for the domain "www.mit.edu". The key information it provides is:
• The server address is "pdpudc.pdpu.ac.in" at IP 10.30.1.13
• The name of the entity is "e9566.dseb.akamaiednge.net"
• The IP address is 2600:140f:5:208c::255e

SS-2:

This is a DNS lookup providing details about various .mit.edu subdomains and addresses, including:
• IP addresses for dns servers like www.mit.edu
• PTR records mapping IP addresses to domain names

23
SS-3:

This continues the DNS lookup, providing more details on the CNAME and AAAA records for
www.mit.edu, edgekey.net, and e9566.dseb.akamaiednge.net.

SS-4:

This shows a DNS lookup for the domain "config.edge.skype.com", including the HTTPS-specific
service endpoints.

24
TASK 5: IPv4 AND IPv6 ADDRESS FOR uidai.gov.in
SS-1:

Server: pdpupdc.pdpu.ac.in (10.30.1.13)


Domain IPs: 103.57.226.101 and 103.58.114.101

SS-2:

Multiple DNS queries for uidai.gov.in subdomains


Standard query responses showing IP resolution
SOA record points to ns3.uidai.net.in

SS-3:

Primary nameserver: ns3.uidai.net.in


TTL: 86400 (1 day)
Refresh: 300 seconds (5 minutes)
Retry: 900 seconds (15 minutes)
Expire: 604800 seconds (7 days)

25

You might also like