220.127.116.11 Lab – Using Wireshark to Examine a UDP DNS Capture Answers
Fear not: Mac OS X is really using DNS information provided by the DHCP server. Press Command+Q to quit System Preferences and save your settings. If you ever make a network change that screws things up, such as entering the wrong subnet mask or an IP address that isn’t in the same range as others on your LAN, you can always click the Revert. Apr 25, 2016 In the left-hand pane, choose the network connection you want to check. Select the Advanced button and the DNS tab. If you have manually entered settings, the MIT DNS servers will be listed in black font as shown below. If this is the case, use the minus (-) button to remove them. This lookup tool will query the IEEE database and present the assigned information in realtime. It is possible to lookup by MAC address and see the assigned organisation or to lookup an organisation and see all the assigned MAC addresses.
Lab – Using Wireshark to Examine a UDP DNS Capture (Answers Version)
Click the DNS tab Click the little + sign at the lower left to add a new DNS server Type in the numbers of a public DNS server (see our suggestions in the Windows section above).
Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Part 1: Record the IP Configuration Information of a PC
Dragon speech recognition software is better than ever. Speak and your words appear on the screen. Say commands and your computer obeys. Dragon is 3x faster than typing and it's 99% accurate. Master Dragon right out of the box and start experiencing big productivity gains immediately. Dragon NaturallySpeaking Home 13.0 Download for PC & Mac, Windows, OSX, and Linux. Dragon NaturallySpeaking Home 13.0, English Dictate, edit and control directly in Gmail in your browser, all by voice!View larger Full dictation, editing and control capabilities. Download Dragon Naturally Speaking - Free - USA & UK. Comprehensive support for your Dragon products. Imagine you could talk to the computer and it would transcribe your words or execute commands for you. With a microphone and a voice recognition program, this is not only possible, but it is increasingly simple. The leader in this type of. Dragon speech recognition software is better than ever. Talk and your words appear on the screen. Say commands and your computer obeys. Dragon is 3x faster than typing and it's 99% accurate. Master Dragon right out of the box, and start experiencing big productivity gains immediately. Dragon Naturally Speaking has text-to-speech feature. You follow the steps below： Open dragon naturally speaking software by double-clicking its icon. Open the text document and select the required text content that is to be spoken out. On the opened interface, click the Audio menu. From the displayed list, click the “Read That” option.
How To Find Dns Information For A Mac Pro
Part 2: Use Wireshark to Capture DNS Queries and Responses
Part 3: Analyze Captured DNS or UDP Packets
Background / Scenario
If you have ever used the internet, you have used the Domain Name System (DNS). DNS is a distributed network of servers that translates user-friendly domain names like www.google.com to an IP address. When you type a website URL into your browser, your PC performs a DNS query to the DNS server IP address. Your PC DNS server query and the DNS server response make use of the User Datagram Protocol (UDP) as the transport layer protocol. UDP is connectionless and does not require a session setup as does TCP. DNS queries and responses are very small and do not require the overhead of TCP.
In this lab, you will communicate with a DNS server by sending a DNS query using the UDP transport protocol. You will use Wireshark to examine the DNS query and response exchanges with the same server.
Note: This lab cannot be completed using Netlab. This lab assumes that you have internet access.
Answers Note: Using a packet sniffer, such as Wireshark, may be considered a breach of the security policy of the school. It is recommended that permission be obtained before running Wireshark for this lab. If using a packet sniffer is an issue, the instructor may wish to assign the lab as homework or perform a walk-through demonstration.
1 PC (Windows 7, 8, or 10 with command prompt access, internet access, and Wireshark installed)
Part 1: Record a PC’s IP Configuration Information
In Part 1, you will use the ipconfig /all command on your local PC to find and record the MAC and IP addresses of your PC network interface card (NIC), the IP address of the specified default gateway, and the DNS server IP address specified for the PC. Record this information in the table provided. The information will be used in parts of this lab with packet analysis.
|IP address||Answers will vary. 192.168.1.146|
|MAC address||Answers will vary. 00:24:D7:1C:50:44|
|Default gateway IP address||Answers will vary. 192.168.1.1|
|DNS server IP address||Answers will vary. 192.168.1.1|
Part 2: Use Wireshark to Capture DNS Queries and Responses
In Part 2, you will set up Wireshark to capture DNS query and response packets to demonstrate the use of the UDP transport protocol while communicating with a DNS server.
- Click the Windows Start button and navigate to the Wireshark program.
- Select an interface for Wireshark to capture packets. Select (highlight) the active capturing interface.
- After selecting the desired interface, click Start to capture the packets.
- Open a web browser and type www.google.com. Press Enter to continue.
- Click Stop to stop the Wireshark capture when you see the Google home page.
Part 3: Analyze Captured DNS or UDP Packets
In Part 3, you will examine the UDP packets that were generated when communicating with a DNS server for the IP addresses for www.google.com.
Step 1: Filter DNS packets.
- In the Wireshark main window, type dns in the entry area of the Filter toolbar and press Enter.
Note: If you do not see any results after the DNS filter was applied, close the web browser. In the command prompt window, type ipconfig /flushdns to remove all previous DNS results. Restart the Wireshark capture and repeat the instructions in Part 2b –2e. If this does not resolve the issue, type nslookup www.google.com in the command prompt window as an alternative to the web browser.
- In the packet list pane (top section) of the main window, locate the packet that includes Standard query and A www.google.com. See frame 15 as an example.
Step 2: Examine a UDP segment using DNS query.
Examine the UDP by using a DNS query for www.google.com as captured by Wireshark. In this example, Wireshark capture frame 15 in the packet list pane is selected for analysis. The protocols in this query are displayed in the packet details pane (middle section) of the main window. The protocol entries are highlighted in gray.
- In the first line in the packet details pane, frame 15 had 74 bytes of data on the wire. This is the number of bytes to send a DNS query to a name server requesting the IP addresses of www.google.com.
- The Ethernet II line displays the source and destination MAC addresses. The source MAC address is from your local PC because your local PC originated the DNS query. The destination MAC address is from the default gateway because this is the last stop before this query exits the local network.
Is the source MAC address the same as the one recorded from Part 1 for the local PC? _________________
The answer should be yes. If not, please verify that Wireshark is using the same interface for capturing the packets.
- In the Internet Protocol Version 4 line, the IP packet Wireshark capture indicates that the source IP address of this DNS query is 192.168.1.146 and the destination IP address is 192.168.1.1. In this example, the destination address is the default gateway. The router is the default gateway in this network.
Can you identify the IP and MAC addresses for the source and destination devices?
Device IP Address MAC Address Local PC Answers will vary. 192.168.1.146 Answers will vary. 00:24:D7:1C:50:44 Default Gateway Answers will vary. 192.168.1.1 Answers will vary. 14:91:82:9F:6B:8C
The IP packet and header encapsulates the UDP segment. The UDP segment contains the DNS query as the data.
- A UDP header only has four fields: source port, destination port, length, and checksum. Each field in a UDP header is only 16 bits as depicted below.Expand the User Datagram Protocol in the packet details pane by clicking the plus (+) sign. Notice that there are only four fields. The source port number in this example is 60868. The source port was randomly generated by the local PC using port numbers that are not reserved. The destination port is 53. Port 53 is a well-known port reserved for use with DNS. DNS servers listen on port 53 for DNS queries from clients.In this example, the length of the UDP segment is 40 bytes. Out of 40 bytes, 8 bytes are used as the header. The other 32 bytes are used by DNS query data. The 32 bytes of DNS query data is highlighted in the following illustration in the packet bytes pane (lower section) of the Wireshark main window.The checksum is used to determine the integrity of the packet after it has traversed the internet.The UDP header has low overhead because UDP does not have fields that are associated with the three-way handshake in TCP. Any data transfer reliability issues that occur must be handled by the application layer.Record your Wireshark results in the table below:
Frame size Source MAC address Destination MAC address Source IP address Destination IP address Source port Destination port
Is the source IP address the same as the local PC IP address you recorded in Part 1? _____________ Yes
Is the destination IP address the same as the default gateway noted in Part 1? _____________
Yes, if the default gateway is also performing DNS.
Step 3: Examine a UDP using DNS response.
In this step, you will examine the DNS response packet and verify that the DNS response packet also uses the UDP.
- In this example, frame 16 is the corresponding DNS response packet. Notice the number of bytes on the wire is 90. It is a larger packet compared to the DNS query packet.
- In the Ethernet II frame for the DNS response, what device is the source MAC address and what device is the destination MAC address?____________________________________________________________________________________
The source MAC address is the default gateway and the destination MAC address is the local host.
- Notice the source and destination IP addresses in the IP packet. What is the destination IP address? What is the source IP address?
Destination IP address: _______________________Source IP address: ________________________
The answer will vary. In this example, the destination is 192.168.1.146 and the source is 192.168.1.1.
What happened to the roles of source and destination for the local host and default gateway?____________________________________________________________________________________
The local host and the default gateway have reversed their roles in DNS query and response packets.
- In the UDP segment, the role of the port numbers has also reversed. The destination port number is 62921. Port number 62921 is the same port that was generated by the local PC when the DNS query was sent to the DNS server. Your local PC listens for a DNS response on this port.
The source port number is 53. The DNS server listens for a DNS query on port 53 and then sends a DNS response with a source port number of 53 back to the originator of the DNS query.
When the DNS response is expanded, notice the resolved IP addresses for www.google.com in the Answers section.
What are the benefits of using UDP instead of TCP as a transport protocol for DNS?
How To Find Dns Information For A Mac Computer
UDP as a transport protocol provides quick session establishment, quick response, minimal overhead, no need for retries, segment reassembly, and acknowledgment of received packets.