Section 3: Tracing DNS with Wireshark

Now that we are familiar with nslookup and ipconfig, were ready to get down to some serious business. Lets capture the DNS packets that are generated by nslookup.

9. Open and start Wireshark. Enter dns into the display-filter window, so that only DNS messages will be displayed in the packet-listing window.

10. In the Command Prompt type: nslookup www.mit.edu

11. Stop packet capture.

Answer the following questions in your lab report:

12. Check your Wireshark result. Locate the DNS query and response messages about www.mit.edu. Are they sent over UDP or TCP?

13. What is the destination port for the DNS query message? What is the source port of DNS response message?

14. To what IP address is the DNS query message sent? Compare it with the IP address of your local DNS server obtained at step 7. Are these two IP addresses the same?

15. Examine the DNS query message (NOT the query response message). Does the query message contain any answers? Submit a screenshot of DNS message.

16. Examine the DNS query response message. Does the message contain any answers? Submit a screenshot of DNS message.