利用wireshark分析DNS.docx
《利用wireshark分析DNS.docx》由会员分享,可在线阅读,更多相关《利用wireshark分析DNS.docx(14页珍藏版)》请在冰点文库上搜索。
利用wireshark分析DNS
1、实验目的
1、学会使用nslookup工具查询并分析Internet域名信息或诊断DNS服务器。
学会使用ipconfig工具进行分析。
2、会用wireshark分析DNS协议。
对DNS协议有个全面的学习与了解。
2、实验器材
1、接入Internet的计算机主机;
2、抓包工具wireshark和截图工具snagit。
三、实验内容
1.RunnslookuptoobtaintheIPaddressofaWebserverinAsia.
theIPaddressof:
166.111.4.100
2.RunnslookuptodeterminetheauthoritativeDNSserversforauniversityinEurope.
实验结果如下图:
3.RunnslookupsothatoneoftheDNSserversobtainedinQuestion2isqueriedfor
themailserversforYahoo!
mail.
实验结果如下图:
4.LocatetheDNSqueryandresponsemessages.ArethensentoverUDPorTCP?
答:
DNSqueryandresponsemessages如下图标注,
TheyatesentoverUDP;
5.WhatisthedestinationportfortheDNSquerymessage?
Whatisthesourceport
ofDNSresponsemessage?
答:
thedestinationportis:
64211(64211)
thesourceportis:
domain(53)
6.TowhatIPaddressistheDNSquerymessagesent?
Useipconfigtodeterminethe
IPaddressofyourlocalDNSserver.ArethesetwoIPaddressesthesame?
答:
ip地址10.0.163.199,这两个IP地址是一样的。
试验截图如下
7.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?
Doesthe
querymessagecontainany“answers”?
答:
“Type”ofDNSqueryis(hostaddress)
没有包含“answer”;
8.ExaminetheDNSresponsemessage.Howmany“answers”areprovided?
What
doeachoftheseanswerscontain?
答:
“answers”如下图:
9.ConsiderthesubsequentTCPSYNpacketsentbyyourhost.Doesthedestination
IPaddressoftheSYNpacketcorrespondtoanyoftheIPaddressesprovidedin
theDNSresponsemessage?
答:
10.Thiswebpagecontainsimages.Beforeretrievingeachimage,doesyourhost
issuenewDNSqueries?
答:
myhostissuedon’tissuenewDNSqueries。
11.WhatisthedestinationportfortheDNSquerymessage?
Whatisthesourceport
ofDNSresponsemessage?
答:
thedestinationportfortheDNSquerymessage:
thesourceportofDNSresponsemessage:
他们是相同的。
12.TowhatIPaddressistheDNSquerymessagesent?
IsthistheIPaddressofyour
defaultlocalDNSserver?
IPaddress:
202.117.144.2
ThisistheIPaddressofmydefaultlocalDNSserver(202.117.144.2)
13.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?
Doesthe
querymessagecontainany“answers”?
答:
“Type”ofDNSquery
“answers”:
14.ExaminetheDNSresponsemessage.Howmany“answers”areprovided?
What
doeachoftheseanswerscontain?
答:
15.Provideascreenshot.
16.TowhatIPaddressistheDNSquerymessagesent?
IsthistheIPaddressofyour
defaultlocalDNSserver?
IPaddress:
202.117.144.2
他们是相同的。
17.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?
Doesthe
querymessagecontainany“answers”?
18.ExaminetheDNSresponsemessage.WhatMITnameserversdoestheresponse
messageprovide?
DoesthisresponsemessagealsoprovidetheIPaddressesofthe
MITnamesers?
答:
MITnameservers如下划线
thisresponsemessagedon’tprovidetheIPaddressesoftheMITnamesers。
19.Provideascreenshot.
20.TowhatIPaddressistheDNSquerymessagesent?
IsthistheIPaddressofyour
defaultlocalDNSserver?
Ifnot,whatdoestheIPaddresscorrespondto?
Ipaddress:
18.72.0.3
ThisisnottheIPaddressofmydefaultlocalDNSserver。
theIPaddresscorrespondtobit.mit.edu
21.ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?
Doesthe
querymessagecontainany“answers”?
type如下图:
Answer如下图:
22.ExaminetheDNSresponsemessage.Howmany“answers”areprovided?
What
doeseachoftheseanswerscontain?
答:
3个answer
23.Provideascreenshot.
四、实验总结
1、通过实验学会了对DNS协议的分析,能借助于nslookup和ipconfig对DNS进行分析。
2、通过实验让自己更清楚的认识了域名的定义。
3、学会了ipconfig的相关操作,能熟练的运用ipconfig进行操作。