1、Computer netowrks LabsDNS, Data Encapsulation and Frame ExaminationDNS, Data Encapsulation and Frame ExaminationLearning ObjectivesAt completion of this lab, you will be able to:1. Use Wireshark to capture and analyze DNS message2. Understand how DNS works3. use nslookup and ipconfig commands4. Expl

2、ain the header fields in an Ethernet II frame.5. understand data encapsulation6. Report and Feedback on this labAnswer all questions with supporting screenshots. Please fill in the following feedback form and append it to the report. Your feedback is valuable to us so that we can improve this lab, a

3、nd make the course welcome.For each task, please rate the following in the scale of 1 through 5: The degree of difficulty: 1 = too easy; 5 = too difficult The learning experience: 1 = learned nothing; 5 = learned a lot Your interest: 1 = no interest; 5= high interest Time used for the task: in minut

4、es Task Difficulty (15)Learning (15)Interest (15)Time ( min)Task 0Task 1Task 2Task 3Task 4Your suggestion/comment: BackgroundWhen upper layer protocols communicate with each other, data at the sending host flows down the TCP/IP protocol layers and is encapsulated into a protocol data unit at lower l

5、ayer, and finally encapsulated in a Layer 2 frame. For example, DNS message is often transported by UDP protocol on layer 4. So DNS message at the sending host is encapsulated in a UDP segment; the UDP segment is then encapsulated in an IP packet, and the IP packet is encapsulated finally in a layer

6、 2 frame. The frame composition is dependent on the media access type, or the network. For example, if the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II. When learning about data encapsulation and protocol operations, it is helpful to analyze the header informati

7、on found in the protocol data units. The DNS protocol operation, ipconfig command, and Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols.For more background information, please read the lectures 02, 04-05, 10, 11. TasksTask 0 Protocol

8、 Layers and Data EncapsulationAs we have discussed in Lecture 02, Internet is inter-connected networks based on TCP/IP protocols. Read the slides or textbook to learn how data goes through protocol layers and how data is encapsulated in the protocol data units. There are conventional names for the p

9、rotocol data units for different layer protocols.Question 1. What are names for the protocol data units (PDUs) for layer 4, layer 3, and layer 2 protocols in TCP/IP reference model by filling the follow form: name for PDU of layer 4 protocols: segment name for PDU of layer 3 protocol: packet name fo

10、r PDU of layer 2 protocol: frame Task 1 DNS and nslookupAs we discussed, IP address is used to identify a host uniquely on the Internet. But IP address is not user-friendly and that is why domain name was introduced. The Domain Name System (DNS) translates host names to IP addresses, providing a cri

11、tical role in the Internet infrastructure. In this task, we practice the nslookup tool, which is available both in Linux/Unix and MS Windows. To run nslookup in MS Windows, you need to open the command line window by starting the command cmd.exe. With nslookup, you can query any specified DNS server

12、 (by default, your local configured DNS server) for a DNS record. To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a DNS reply from that same DNS server, and displays the result.Type the command nslookup www.MIT.edu, and capture the output, as I did and showe

13、d below:Question 2: What is the DNS server IP address that is used to query and find IP address for www.MIT.edu? And IP address for www.MIT.edu ?Type the command “nslookup -type=NS ”, and capture the output, as I did and showed below:Question 3: What are domain name servers for

14、and their IP addresses?Type the command “nslookup ”, and capture the output, as I did and showed below:Question 4: Which DNS server is used to query and for name resolution?You can also use nslookup to find the mapping from IP addresses to the host names. Type the comma

15、nds “nslookup 01” and “nslookup ”, and capture the output, as I did and showed below:Question 5: Can a host have multiple host names? What is the IP address for moodle.tec.hkr.se? How many names do you find for this IP address? Task 2 DNS and ipconfigipconfig (for

16、Windows) and ifconfig (for Linux/Unix, interface configuration) are among the most useful tools for debugging network issues. ipconfig can be used to show your current TCP/IP information, including your address, DNS server addresses, adapter (network interface card) type and so on. For example, if y

17、ou want to find all this information about your host, simply enter the command “ipconfig /all” in the command line. Read more on “using ipconfig” at /kb/314850. Question 6: What is the IP address for your computer, and what is the local DNS server IP address?答:IP:192.168.1

18、.143DNS:01ipconfig is also very useful for managing the DNS information stored in your host. To improve the networking performance, a host can cache DNS records it recently obtained. To view these cached records, you can use the command “ipconfig /displaydns”. Each entry shows

19、the remaining Time to Live (TTL) in seconds. To clear the cache, enter the command “ipconfig /flushdns”. Flushing the DNS cache clears all entries and reloads the entries from the hosts file.Task 3 DNS Protocol Analysis with WireSharkNow it is time to capture DNS protocol data and do the analysis wi

20、th WireShark. Follow the steps to capture the DNS packets: close all other Internet applications to reduce the captured data start a web browser use ipconfig to empty the DNS cache in your computer start WireShark program, and enter the display filter “ip.addr=00 and dns”, where the IP ad

21、dress 00 should be the IP address for your computer. You find it in question 6. Start packet capture in WireShark Enter the url address to your web browser to view the page. Stop the packet capture.I got the following screenshot for this operation:Answer the following q

22、uestions:Question 7: Locate the DNS query and response for resolving . Are they sent over UDP or TCP?UDPQuestion 8: What is the destination port for the DNS query message? What is the source portof DNS response message?Destination:0Source:43Question 9: To what IP ad

23、dress is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?IP:0sameQuestion 10: Examine the DNS query message. What “Type” of DNS query is it? Does thequery message contain any “answers”?(1)The“Type”ofDNSquer

24、yisA。(2)NoQuestion 11: Examine the DNS response message. How many “answers” are provided? Whatdo each of these answers contain?(1) The“answers”is0;(2)無Task 4 Ethernet Frame ExaminationThe format for an Ethernet frame is shown below:For info on MAC addresses, read slide 26 (Lecture 10). For finding N

25、IC manufacturer, use the online server at /mac/mac.py .In WireShark with the captured DNS packets done in the last task, expand the frame information, as you could see my example:It shows that data contained in the Ethernet frame is an IP packet; the data contained in the IP

26、 packet is a UDP segment, and data in the UDP segment is DNS message! The total frame length is 72 bytes (excluding CRC parity bits). For the Ethernet frame containing DNS query message for resolving , answer the following questions:Question 12: What is the destination MAC address? What

27、is its NIC manufacturer, and what is the NIC serial number?MACaddress:9c:21:6a:6a:b6:acNICmanufacturer：9c:21:6aNICserialnumber:6a:b6:acQuestion 13: What is the source MAC address? What is its NIC manufacturer, and what is the NIC serial number?MACaddress:60:36:dd:9a:be:88NICmanufacturer：60:36:ddNICs

28、erialnumber:9a:be:88Question 14: what is the value in the type field? What does this value mean?MAC（MediaAccessControl，介質(zhì)訪問控制）地址，也叫硬件地址，長度是48比特（6字節(jié)），由16進制的數(shù)字組成，分為前24位和后24位：前24位(也就是前3個字節(jié))叫做組織唯一標志符（OrganizationallyUniqueIdentifier，即OUI），是由IEEE的注冊管理機構(gòu)給不同廠家分配的代碼，區(qū)分了不同的廠家。后24（后三個字節(jié)）位是由廠家自己分配的，稱為擴展標識符。同一個廠家生產(chǎn)的網(wǎng)卡中MAC地址后24位是不同的。Now, change t