Wireshark DNS
This activity is not essential for the exam.
You may want to play with Wireshark (a tool for capturing and analyzing network traffic) only if you are really interested in this stuff.
Introduction to Wireshark
-
Two presentations of mine on Wireshark, one very short and the other slightly longer.
-
Intro to Wireshark: Basics + Packet Analysis An excellent and focused video introduction. Warmly suggested (up to minute 8:10; at that point it starts discussing TCP Congestion, excellent discussion but far beyond this course).
Questions
Download network capture dns_recursivequery_client.pcapng and try to answer the following questions with Wireshark.
- How long is this capture in seconds?
- What is the IP address of the DNS server?
- What is the IP address associated with the first name being asked?
- How many names are resolved?
- How long did it take, on the average?
Suppose you have the ability to modify the DNS response to the first DNS request; you want to drive the requesting client to 131.114.9.252.
- Write the byte sequence corresponding to the DNS response that you should send.
- Emphasize the portions of the DNS response that can be constructed in advance and those that depend on the matching request and thus must be constructed on the fly.
Suggestions (not to be executed in sequence...just suggestions):
- Statistics--> DNS
- Statistics-->Flow graph
- Display filters:
dns.flags.rcode != 0Indicates which dns requests could not be correctly resolved - Select DNS response in middle window / Right click / Copy byte as HEX dump or as HEX stream
Other analyses
- You may analyze the above network capture also by writing some Python code that uses the Scapy library. Here you can find an interaction with ChatGPT for obtaining the code that answers the questions below. I have not checked it for correctness but I think it more or less works.
- You may try to answer the same questions as above for this capture, containing the interaction between a browser and a few web servers.