计网实验DNS--Data-Encapsulation-and-Frame-Examination电子版本.doc

1、 计网实验DNS, Data Encapsulation and Frame Examination 精品资料 Computer netowrks Labs DNS, Data Encapsulation and Frame Examination DNS, Data Encapsulation and Frame Examination Learning Objectives At completion of this lab, you will be able to: 1. Use Wireshark to c

2、apture and analyze DNS message 2. Understand how DNS works 3. use nslookup and ipconfig commands  4. Explain the header fields in an Ethernet II frame. 5. understand data encapsulation 6. Report and Feedback on this lab Answer all questions with supporting screenshots. Please fill in the foll

3、owing feedback form and append it to the report. Your feedback is valuable to us so that we can improve this lab, and make the course welcome. For each task, please rate the following in the scale of 1 through 5: · The degree of difficulty: 1 = too easy; 5 = too difficult · The learning exper

4、ience: 1 = learned nothing; 5 = learned a lot · Your interest: 1 = no interest; 5= high interest · Time used for the task: in minutes Task Difficulty (1—5) Learning (1—5) Interest (1—5) Time ( min) Task 0 Task 1 Task 2 Task 3 Task 4 Your s

5、uggestion/comment: Background When upper layer protocols communicate with each other, data at the sending host  flows down the TCP/IP protocol layers and is encapsulated into a protocol data unit at lower layer, and finally encapsulated in a Layer 2 frame. For example, DNS message is often tr

6、ansported by UDP protocol on layer 4. So DNS message at the sending host is encapsulated in a UDP segment;  the UDP segment is then encapsulated in an IP packet, and the IP packet is encapsulated finally in a layer 2 frame. The frame composition is dependent on the media access type, or the network.

7、 For example, if the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II. When learning about data encapsulation and protocol operations, it is helpful to analyze the header information found in the protocol data units. The DNS protocol operation, ipconfig command, a

8、nd Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols. For more background information, please read the lectures 02, 04-05, 10, 11. Tasks Task 0  Protocol Layers and Data Encapsulation As we have discussed in Lecture 02, Internet

9、is inter-connected networks based on TCP/IP protocols. Read the slides or textbook to learn how data goes through protocol layers and how data is encapsulated in the protocol data units. There are conventional names for the protocol data units for different layer protocols. Question 1.   What are n

10、ames for the protocol data units (PDUs) for layer 4, layer 3, and layer 2 protocols in TCP/IP reference model by filling the follow form:         name for PDU of layer 4 protocols:    segment                             name for PDU of layer 3 protocol:     packet                                nam

11、e for PDU of layer 2 protocol:     frame                        Task 1  DNS and nslookup As we discussed, IP address is used to identify a host uniquely on the Internet. But IP address is not user-friendly and that is why domain name was introduced. The Domain Name System (DNS) translates host

12、names to IP addresses, providing a critical role in the Internet infrastructure.   In this task, we practice the nslookup tool, which is available both in Linux/Unix and MS Windows. To run nslookup in MS Windows, you need to open the command line window by starting the command "cmd.exe".  With nslo

13、okup, you can query any specified DNS server (by default, your local configured DNS server) for a DNS record. To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a DNS reply from that same DNS server, and displays the result. Type the command "nslookup  www.MI

14、T.edu", and capture the output, as I did and showed below: Question 2: What is the DNS server IP address that is used to query and find IP address for www.MIT.edu? And IP address for www.MIT.edu ? Type the command “nslookup -type=NS ”, and capture the output, as I did and showed below:

15、 Question 3: What are domain name servers for and their IP addresses? Type the command “nslookup ”, and capture the output, as I did and showed below: Question 4: Which DNS server is used to query and for name resolution? You can also use nslookup to find the mapping from IP addresses to the

16、host names. Type the commands “nslookup 192.168.156.101” and “nslookup ”, and capture the output, as I did and showed below: Question 5: Can a host have multiple host names? What is the IP address for moodle.tec.hkr.se? How many names do you find for this IP address?

17、 Task 2 DNS and ipconfig ipconfig (for Windows) and ifconfig (for Linux/Unix, interface configuration) are among the most useful tools for debugging network issues. ipconfig can be used to show your current TCP/IP information, including your address, DNS server addresses, adap

18、ter (network interface card) type and so on. For example, if you want to find all this information about your host, simply enter the command “ipconfig /all” in the command line. Read more on “using ipconfig” at Question 6: What is the IP address for your computer, and what is the local DNS s

19、erver IP address? 答:IP:192.168.1.143  DNS: 210.32.32.10      210.32.32.11 ipconfig is also very useful for managing the DNS information stored in your host. To improve the networking performance, a host can cache DNS records it recently obtained. To view these cached records, you can use the comm

20、and “ipconfig /displaydns”. Each entry shows the remaining Time to Live (TTL) in seconds. To clear the cache, enter the command “ipconfig /flushdns”. Flushing the DNS cache clears all entries and reloads the entries from the hosts file. Task 3 DNS Protocol Analysis with WireShark Now it is time

21、 to capture DNS protocol data and do the analysis with WireShark. Follow the steps to capture the DNS packets: · close all other Internet applications to reduce the captured data · start a web browser · use ipconfig to empty the DNS cache in your computer · start WireShark program, and enter the

22、 display filter “ip.addr==192.168.0.100 and dns”, where the IP address 192.168.0.100 should be the IP address for your computer. You find it in question 6. · Start packet capture in WireShark · Enter the url address http://www.ietf.org to your web browser to view the page. · Stop the packet capt

23、ure. I got the following screenshot for this operation: Answer the following questions: Question 7: Locate the DNS query and response for resolving www.ietf.org. Are they sent over UDP or TCP? UDP Question 8: What is the destination port for the DNS query message? What is the source port of

24、 DNS response message? Destination:210.32.32.10 Source:192.168.1.143 Question 9: To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same? IP:210.32.32.10 same Question 10: Examine the DNS query mes

25、sage. What “Type” of DNS query is it? Does the query message contain any “answers”? (1) The “Type”of DNS query is A。  (2) No Question 11: Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? (1) The “answers”is 0;  (2) 无 Task 4 Ethernet

26、 Frame Examination The format for an Ethernet frame is shown below: For info on MAC addresses, read slide 26 (Lecture 10). For finding NIC manufacturer, use the online server at . In WireShark with the captured DNS packets done in the last task, expand the frame information, as you could see

27、 my example: It shows that data contained in the Ethernet frame is an IP packet; the data contained in the IP packet is a UDP segment, and data in the UDP segment is DNS message! The total frame length is 72 bytes (excluding CRC parity bits). For the Ethernet frame containing DNS quer

28、y message for resolving www.ietf.org, answer the following questions: Question 12: What is the destination MAC address? What is its NIC manufacturer, and what is the NIC serial number? MAC address: 9c:21:6a:6a:b6:ac  NIC manufacturer：9c:21:6a  NIC serial number:  6a:b6:ac Question 13: What is

29、 the source MAC address? What is its NIC manufacturer, and what is the NIC serial number? MAC address: 60:36:dd:9a:be:88  NIC manufacturer：60:36:dd  NIC serial number:  9a:be:88  Question 14: what is the value in the type field? What does this value mean? MAC（Media Access Control，介质访问控制）地址，也叫硬

30、件地址，长度是48比特（6字节），由16进制的数字组成，分为前24位和后24位：  前24位(也就是前3个字节)叫做组织唯一标志符（Organizationally Unique Identifier，即OUI），是由IEEE的注册管理机构给不同厂家分配的代码，区分了不同的厂家。  后24（后三个字节）位是由厂家自己分配的，称为扩展标识符。同一个厂家生产的网卡中MAC地址后24位是不同的。 Now, change the display filter to “arp” in WireShark, so that only ARP packets are displayed, for ex

31、ample, I got: Locate a broadcast ARP message, and examine the Ethernet frame header, answer the questions: Question 15: What is the destination MAC address? Is this address special? What does it mean? Target MAC address: 00:00:00:00:00:00 The address is special,all number is 0.  All 0 

32、refers to the local network, is broadcast packets .  Question 16: What is the source MAC address? What is its NIC manufacturer, and what is the NIC serial number? Is it a uni-cast address? Why? All 0 refers to the local network, is broadcast packets .   (1) MAC:64:76:ba:a6:b0:e8  (2)  NI

33、C manufacturer:64:76:ba NIC serial number:a6:b0:e8   (3)  IEEE 802.3规定：以太网的第48bit用于表示这个地址是组播地址还是单播地址。如果这一位是0，表示此MAC地址是单播地址，如果这位是1，表示此MAC地址是多播地址。 Question 17: what is the value in the type field? What does this value mean? 结构ether_header定义了以太网帧首部；结构arphdr定义了其后的5个字段，其信息 用于在任何类型的介质上传送ARP请求和回答；ether_arp结构除了包含arphdr结构外， 还包含源主机和目的主机的地址。 仅供学习与交流，如有侵权请联系网站删除 谢谢10