In the top Wireshark packet list pane, select the next DNS packet, labeled Standard query response CNAME wikiversity.Observe the query for en.Īctivity 3 - Analyze DNS Response Traffic.Notice that a recursive query is requested. Expand Domain Name System (query) to view DNS details.Notice that it is domain (53), the DNS server port.
Notice that it is a dynamic port selected for this DNS query. Expand User Datagram Protocol to view UDP details.Notice that the destination address is the IP address of the DNS server. Notice that the source address is your IP address. Expand Internet Protocol Version 4 to view IP details.You can use ipconfig /all and arp -a to confirm. The destination should be either your local DNS server's MAC address or your default gateway's MAC address and the source should be your MAC address. Expand Ethernet II to view Ethernet details.Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Domain Name System (query) frame. Select the DNS packet labeled Standard query A en.To view only DNS traffic, type udp.port = 53 (lower case) in the Filter box and press Enter. Observe the traffic captured in the top Wireshark packet list pane.Notice there is an entry in the cache for en.Īctivity 2 - Analyze DNS Query Traffic Notice the only records currently displayed come from the hosts file. Type ipconfig /displaydns and press Enter to display the DNS cache.Type ipconfig /flushdns and press Enter to clear the DNS cache.YouTube: Wireshark 101: The Domain Name System, HakTip 129Īctivity 1 - Capture DNS Traffic.These activities will show you how to use Wireshark to capture and analyze Domain Name System (DNS) traffic. Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. 6 Activity 3 - Analyze DNS Response Traffic.5 Activity 2 - Analyze DNS Query Traffic.
0 kommentar(er)
