Observe the source and destination fields.
Expand Ethernet II to view the details. Select the DNS packet labeled Standard query 0x0002 A In the Packet Details pane, notice this packet has Ethernet II, Internet Protocol Version 4, User Datagram Protocol and Domain Name System (query). Enter udp.port = 53 in the filter box and click the arrow (or press enter) to display only DNS packets. 
Observe the traffic captured in the Wireshark Packet List pane. Click Stop capturing packets to stop the Wireshark capture. Enter exit when finished to exit the nslookup interactive mode. Enter nslookup at the prompt to enter the nslookup interactive mode. Successfully flushed the DNS Resolver Cache. At the Command Prompt, enter ipconfig / flushdns clear the DNS cache. Open Wireshark and start a Wireshark capture by double clicking a network interface with traffic. Instructions Step 1: Capture DNS traffic. 
If using a packet sniffer such as Wireshark is an issue, the instructor may wish to assign the lab as homework or perform a walk-through demonstration.
It is recommended that permission is obtained before running Wireshark for this lab.
1 Windows PC with i nternet access and Wireshark installedĪnswers Note : Using a packet sniffer such as Wireshark may be considered a breach of the security policy of the school. In this lab, you will install Wireshark on a Windows system and use Wireshark to filter for DNS packets and view the details of both DNS query and response packets. Because Wireshark allows you to view the packet details, it can be used as a reconnaissance tool for an attacker. 
Wireshark allows you to filter traffic for network troubleshooting, investigate security issues, and analyze network protocols. Wireshark gives a detailed breakdown of the network protocol stack. Wireshark is an open source packet capture and analysis tool. Part 3: Explore DNS Response Traffic Background / Scenario Lab – Explore DNS Traffic (Answers Version)Īnswers Note : Red font color or g ray highlights indicate text that appears in the instructor copy only.
0 kommentar(er)
