版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、Computer netowrks LabsDNS, Data Encapsulation and Frame ExaminationDNS, Data Encapsulation and Frame ExaminationLearning ObjectivesAt completion of this lab, you will be able to:1. Use Wireshark to capture and analyze DNS message2. Understand how DNS works3. use nslookup and ipconfig commands 4
2、. Explain the header fields in an Ethernet II frame.5. understand data encapsulation6. Report and Feedback on this labAnswer all questions with supporting screenshots. Please fill in the following feedback form and append it to the report. Your feedback is valuable to us so that we can improve this
3、lab, and make the course welcome.For each task, please rate the following in the scale of 1 through 5:· The degree of difficulty: 1 = too easy; 5 = too difficult· The learning experience: 1 = learned nothing; 5 = learned a lot· Your interest: 1 = no interest; 5= high interest· Ti
4、me used for the task: in minutes Task Difficulty (15)Learning (15)Interest (15)Time ( min)Task 0Task 1Task 2Task 3Task 4Your suggestion/comment: BackgroundWhen upper layer protocols communicate with each other, data at the sending host flows down the TCP/IP protocol layers and is encapsulated
5、into a protocol data unit at lower layer, and finally encapsulated in a Layer 2 frame. For example, DNS message is often transported by UDP protocol on layer 4. So DNS message at the sending host is encapsulated in a UDP segment; the UDP segment is then encapsulated in an IP packet, and the IP
6、 packet is encapsulated finally in a layer 2 frame. The frame composition is dependent on the media access type, or the network. For example, if the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II. When learning about data encapsulation and protocol operations, it
7、is helpful to analyze the header information found in the protocol data units. The DNS protocol operation, ipconfig command, and Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols.For more background information, please read the lectur
8、es 02, 04-05, 10, 11. TasksTask 0 Protocol Layers and Data EncapsulationAs we have discussed in Lecture 02, Internet is inter-connected networks based on TCP/IP protocols. Read the slides or textbook to learn how data goes through protocol layers and how data is encapsulated in the protocol da
9、ta units. There are conventional names for the protocol data units for different layer protocols.Question 1. What are names for the protocol data units (PDUs) for layer 4, layer 3, and layer 2 protocols in TCP/IP reference model by filling the follow form: name for
10、PDU of layer 4 protocols: segment name for PDU of layer 3 protocol: packet
11、; name for PDU of layer 2 protocol: frame Task 1 DNS and nslookupAs we discussed, IP address is used to identify a host uniquely on the Internet. But IP address is not user-friendly and that
12、 is why domain name was introduced. The Domain Name System (DNS) translates host names to IP addresses, providing a critical role in the Internet infrastructure. In this task, we practice the nslookup tool, which is available both in Linux/Unix and MS Windows. To run nslookup in MS Windows, yo
13、u need to open the command line window by starting the command "cmd.exe". With nslookup, you can query any specified DNS server (by default, your local configured DNS server) for a DNS record. To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a
14、 DNS reply from that same DNS server, and displays the result.Type the command "nslookup www.MIT.edu", and capture the output, as I did and showed below:Question 2: What is the DNS server IP address that is used to query and find IP address for ? And IP address for ?Type the command
15、“nslookup -type=NS ”, and capture the output, as I did and showed below:Question 3: What are domain name servers for and their IP addresses?Type the command “nslookup ”, and capture the output, as I did and showed below:Question 4: Which DNS server is used to query and for name resolution?You can al
16、so use nslookup to find the mapping from IP addresses to the host names. Type the commands “nslookup 01” and “nslookup ”, and capture the output, as I did and showed below:Question 5: Can a host have multiple host names? What is the IP address for moodle.tec.hkr.se? How many names do yo
17、u find for this IP address? Task 2 DNS and ipconfigipconfig (for Windows) and ifconfig (for Linux/Unix, interface configuration) are among the most useful tools for debugging network issues. ipconfig can be used to show your current TCP/IP information, including your address, DNS server addresses, a
18、dapter (network interface card) type and so on. For example, if you want to find all this information about your host, simply enter the command “ipconfig /all” in the command line. Read more on “using ipconfig” at . Question 6: What is the IP address for your computer, and what is the local DNS serv
19、er IP address?答 ipconfig is also very useful for managing the DNS information stored in your host. To improve the networking performance, a host can cache DNS records it recently obtained. To view these cached records, you can use the command “ipconfig /displaydns”. Each entry shows the remaini
20、ng Time to Live (TTL) in seconds. To clear the cache, enter the command “ipconfig /flushdns”. Flushing the DNS cache clears all entries and reloads the entries from the hosts file.Task 3 DNS Protocol Analysis with WireSharkNow it is time to capture DNS protocol data and do the analysis with WireShar
21、k. Follow the steps to capture the DNS packets:· close all other Internet applications to reduce the captured data· start a web browser· use ipconfig to empty the DNS cache in your computer· start WireShark program, and enter the display filter “ip.addr=00 and dns”, wh
22、ere the IP address 00 should be the IP address for your computer. You find it in question 6.· Start packet capture in WireShark· Enter the url address to your web browser to view the page.· Stop the packet capture.I got the following screenshot for this operation:Answer the
23、 following questions:Question 7: Locate the DNS query and response for resolving . Are they sent over UDP or TCP?UDPQuestion 8: What is the destination port for the DNS query message? What is the source portof DNS response message?DesQuestion 9: To what IP address is the DNS query message sent? Use
24、ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?sameQuestion 10: Examine the DNS query message. What “Type” of DNS query is it? Does thequery message contain any “answers”?(1) The “Type”of DNS query is A。 (2)
25、NoQuestion 11: Examine the DNS response message. How many “answers” are provided? Whatdo each of these answers contain?(1) The “answers”is 0; (2) 无Task 4 Ethernet Frame ExaminationThe format for an Ethernet frame is shown below:For info on MAC addresses, read slide 26 (Lecture 10
26、). For finding NIC manufacturer, use the online server at .In WireShark with the captured DNS packets done in the last task, expand the frame information, as you could see my example:It shows that data contained in the Ethernet frame is an IP packet; the data contained in the IP packet is a UDP segm
27、ent, and data in the UDP segment is DNS message! The total frame length is 72 bytes (excluding CRC parity bits). For the Ethernet frame containing DNS query message for resolving , answer the following questions:Question 12: What is the destination MAC address? What is its NIC manufacturer, and what
28、 is the NIC serial number?MAC address: 9c:21:6a:6a:b6:ac NIC manufacturer:9c:21:6a NIC serial number: 6a:b6:acQuestion 13: What is the source MAC address? What is its NIC manufacturer, and what is the NIC serial number?MAC address: 60:36:dd:9a:
29、be:88 NIC manufacturer:60:36:dd NIC serial number: 9a:be:88 Question 14: what is the value in the type field? What does this value mean?MAC(Media Access Control,介质访问控制)地址,也叫硬件地址,长度是48比特(6字节),由16进制的数字组成,分为前24位和后24位: 前24位(也就是前3个字节)叫做组织唯一标志符(Organ
30、izationally Unique Identifier,即OUI),是由IEEE的注册管理机构给不同厂家分配的代码,区分了不同的厂家。 后24(后三个字节)位是由厂家自己分配的,称为扩展标识符。同一个厂家生产的网卡中MAC地址后24位是不同的。Now, change the display filter to “arp” in WireShark, so that only ARP packets are displayed, for example, I got: Locate a broadcast ARP message, and examine the Ethernet frame header, ans
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 《太阳能微型水质监测站的设计与研究》
- 《核心力量训练对拉丁舞选手平转技术影响的运动学研究》
- 《JL电子材料公司存货管理研究》
- 人教版数学一年级下册期末考试试卷含答案
- 2024-2030年中国智慧停车行业运营模式规划研究报告
- 2024-2030年中国文化用品制造行业生产销售模式及发展策略分析报告
- 霍尔位移计课程设计
- 2024-2030年中国教育市场现状规模及未来发展趋势报告版
- 2024-2030年中国摩托车化油器加浓阀项目可行性研究报告
- 2024-2030年中国抗燃液压液产业未来发展趋势及投资策略分析报告
- 2024年NOC初赛-Scratch(小学高年级组)试题及答案
- MOOC 中医体质学-新乡医学院 中国大学慕课答案
- 【课件】丹纳赫DBS-问题解决培训
- 浙江省宁波市小升初数学真题重组卷
- 家庭成员我照顾(第一课时) 劳动技术七年级下册
- 火电厂信息化建设规划方案
- 技改项目报告
- “中信泰富”事件的反思
- 工业机器人系统运维知识竞赛题库及答案(100题)
- 智慧农贸市场解决方案
- 徐州市2023-2024学年九年级上学期期末道德与法治试卷(含答案解析)
评论
0/150
提交评论