版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、Computer netowrks LabsDNS, Data Encapsulation and Frame ExaminationDNS, Data Encapsulation and Frame ExaminationLearning ObjectivesAt completion of this lab, you will be able to:1. Use Wireshark to capture and analyze DNS message2. Understand how DNS works3. use nslookup and ipconfig commands 4
2、. Explain the header fields in an Ethernet II frame.5. understand data encapsulation6. Report and Feedback on this labAnswer all questions with supporting screenshots. Please fill in the following feedback form and append it to the report. Your feedback is valuable to us so that we can improve this
3、lab, and make the course welcome.For each task, please rate the following in the scale of 1 through 5:· The degree of difficulty: 1 = too easy; 5 = too difficult· The learning experience: 1 = learned nothing; 5 = learned a lot· Your interest: 1 = no interest; 5= high interest· Ti
4、me used for the task: in minutes Task Difficulty (15)Learning (15)Interest (15)Time ( min)Task 0Task 1Task 2Task 3Task 4Your suggestion/comment: BackgroundWhen upper layer protocols communicate with each other, data at the sending host flows down the TCP/IP protocol layers and is encapsulated
5、into a protocol data unit at lower layer, and finally encapsulated in a Layer 2 frame. For example, DNS message is often transported by UDP protocol on layer 4. So DNS message at the sending host is encapsulated in a UDP segment; the UDP segment is then encapsulated in an IP packet, and the IP
6、 packet is encapsulated finally in a layer 2 frame. The frame composition is dependent on the media access type, or the network. For example, if the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II. When learning about data encapsulation and protocol operations, it
7、is helpful to analyze the header information found in the protocol data units. The DNS protocol operation, ipconfig command, and Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols.For more background information, please read the lectur
8、es 02, 04-05, 10, 11. TasksTask 0 Protocol Layers and Data EncapsulationAs we have discussed in Lecture 02, Internet is inter-connected networks based on TCP/IP protocols. Read the slides or textbook to learn how data goes through protocol layers and how data is encapsulated in the protocol da
9、ta units. There are conventional names for the protocol data units for different layer protocols.Question 1. What are names for the protocol data units (PDUs) for layer 4, layer 3, and layer 2 protocols in TCP/IP reference model by filling the follow form: name for
10、PDU of layer 4 protocols: segment name for PDU of layer 3 protocol: packet
11、; name for PDU of layer 2 protocol: frame Task 1 DNS and nslookupAs we discussed, IP address is used to identify a host uniquely on the Internet. But IP address is not user-friendly and that
12、 is why domain name was introduced. The Domain Name System (DNS) translates host names to IP addresses, providing a critical role in the Internet infrastructure. In this task, we practice the nslookup tool, which is available both in Linux/Unix and MS Windows. To run nslookup in MS Windows, yo
13、u need to open the command line window by starting the command "cmd.exe". With nslookup, you can query any specified DNS server (by default, your local configured DNS server) for a DNS record. To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a
14、 DNS reply from that same DNS server, and displays the result.Type the command "nslookup www.MIT.edu", and capture the output, as I did and showed below:Question 2: What is the DNS server IP address that is used to query and find IP address for ? And IP address for ?Type the command
15、“nslookup -type=NS ”, and capture the output, as I did and showed below:Question 3: What are domain name servers for and their IP addresses?Type the command “nslookup ”, and capture the output, as I did and showed below:Question 4: Which DNS server is used to query and for name resolution?You can al
16、so use nslookup to find the mapping from IP addresses to the host names. Type the commands “nslookup 01” and “nslookup ”, and capture the output, as I did and showed below:Question 5: Can a host have multiple host names? What is the IP address for moodle.tec.hkr.se? How many names do yo
17、u find for this IP address? Task 2 DNS and ipconfigipconfig (for Windows) and ifconfig (for Linux/Unix, interface configuration) are among the most useful tools for debugging network issues. ipconfig can be used to show your current TCP/IP information, including your address, DNS server addresses, a
18、dapter (network interface card) type and so on. For example, if you want to find all this information about your host, simply enter the command “ipconfig /all” in the command line. Read more on “using ipconfig” at . Question 6: What is the IP address for your computer, and what is the local DNS serv
19、er IP address?答 ipconfig is also very useful for managing the DNS information stored in your host. To improve the networking performance, a host can cache DNS records it recently obtained. To view these cached records, you can use the command “ipconfig /displaydns”. Each entry shows the remaini
20、ng Time to Live (TTL) in seconds. To clear the cache, enter the command “ipconfig /flushdns”. Flushing the DNS cache clears all entries and reloads the entries from the hosts file.Task 3 DNS Protocol Analysis with WireSharkNow it is time to capture DNS protocol data and do the analysis with WireShar
21、k. Follow the steps to capture the DNS packets:· close all other Internet applications to reduce the captured data· start a web browser· use ipconfig to empty the DNS cache in your computer· start WireShark program, and enter the display filter “ip.addr=00 and dns”, wh
22、ere the IP address 00 should be the IP address for your computer. You find it in question 6.· Start packet capture in WireShark· Enter the url address to your web browser to view the page.· Stop the packet capture.I got the following screenshot for this operation:Answer the
23、 following questions:Question 7: Locate the DNS query and response for resolving . Are they sent over UDP or TCP?UDPQuestion 8: What is the destination port for the DNS query message? What is the source portof DNS response message?DesQuestion 9: To what IP address is the DNS query message sent? Use
24、ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?sameQuestion 10: Examine the DNS query message. What “Type” of DNS query is it? Does thequery message contain any “answers”?(1) The “Type”of DNS query is A。 (2)
25、NoQuestion 11: Examine the DNS response message. How many “answers” are provided? Whatdo each of these answers contain?(1) The “answers”is 0; (2) 无Task 4 Ethernet Frame ExaminationThe format for an Ethernet frame is shown below:For info on MAC addresses, read slide 26 (Lecture 10
26、). For finding NIC manufacturer, use the online server at .In WireShark with the captured DNS packets done in the last task, expand the frame information, as you could see my example:It shows that data contained in the Ethernet frame is an IP packet; the data contained in the IP packet is a UDP segm
27、ent, and data in the UDP segment is DNS message! The total frame length is 72 bytes (excluding CRC parity bits). For the Ethernet frame containing DNS query message for resolving , answer the following questions:Question 12: What is the destination MAC address? What is its NIC manufacturer, and what
28、 is the NIC serial number?MAC address: 9c:21:6a:6a:b6:ac NIC manufacturer:9c:21:6a NIC serial number: 6a:b6:acQuestion 13: What is the source MAC address? What is its NIC manufacturer, and what is the NIC serial number?MAC address: 60:36:dd:9a:
29、be:88 NIC manufacturer:60:36:dd NIC serial number: 9a:be:88 Question 14: what is the value in the type field? What does this value mean?MAC(Media Access Control,介质访问控制)地址,也叫硬件地址,长度是48比特(6字节),由16进制的数字组成,分为前24位和后24位: 前24位(也就是前3个字节)叫做组织唯一标志符(Organ
30、izationally Unique Identifier,即OUI),是由IEEE的注册管理机构给不同厂家分配的代码,区分了不同的厂家。 后24(后三个字节)位是由厂家自己分配的,称为扩展标识符。同一个厂家生产的网卡中MAC地址后24位是不同的。Now, change the display filter to “arp” in WireShark, so that only ARP packets are displayed, for example, I got: Locate a broadcast ARP message, and examine the Ethernet frame header, ans
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 师德先进学校事迹材料7篇
- 北京市海淀区2024−2025学年高二上学期10月阶段考试数学试题含答案
- 《教育心理学》读后感6篇
- 湖北省鄂州市(2024年-2025年小学五年级语文)统编版摸底考试(下学期)试卷及答案
- 2024年导线剥皮机项目资金需求报告代可行性研究报告
- 2023年辅助功能检测系统资金筹措计划书
- 市政道路路基土方、石方施工规范编制说明
- 七年级历史上册教案集
- 文化产业示范园区及示范基地创建管理工作办法
- 贵州省贵阳市部分校联盟2024-2025学年八年级上学期期中联考物理试题(无答案)
- 2024年高考生物一轮复习特异性免疫课件
- 无人机现场服务方案
- 骨质疏松患者的护理干预与教育
- 述职报告 设备主管述职报告
- 卫生院健康扶贫工作实施方案
- 西部地区中等职业教育发展的现状与对策-以麻江县为例的中期报告
- 中职幼儿保育职业生涯规划书
- 胶质瘤发病机制
- 好看的皮囊千篇一律有趣的灵魂万里挑一
- 某房地产公司项目定位分析
- 部编版三年级上册道德与法治作业设计
评论
0/150
提交评论