List the major disadvantages with the layered approach to protocols.

2. Let us assume that an application generates a video stream to be sent. The video data consist of multiple period data – each datum will be delivered periodically. Which services (i.e.,
TCP or UDP) are appropriate to send the video data? Explain why.

Part 2:
In part 2, you will study the Domain Name Service (DNS) and analyze DNS traffic using
Wiresharki. Provide answers for Questions 1 through 19.

Analyzing DNS
I. nslookup
In this lab, we’ll make extensive use of the nslookuptool, which is available in most Linux/Unix and Microsoft platforms today. To run nslookupin Linux/Unix, you just type the nslookupcommand on the command line. In it is most basic operation, nslookup tool allows the host running the tool to query any specified DNS server for a DNS record. The queried DNS server can be a root DNS server, a top-level-domain DNS server, an authoritative DNS server, or an intermediate DNS server (see the textbook for definitions of these terms). To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a DNS reply from that same DNS server, and displays the result.

1. Run nslookupto obtain the IP address of a Web server in USA. Provide a screenshot.

2. Run nslookupto determine the authoritative DNS servers for a university in Europe. Provide a screen shot.

II. ipconfig(for Windows) and ifconfig(for Linux/Unix) are among the most useful little utilities in your host, especially for debugging network issues. ipconfigis also very useful for managing the DNS information stored in your host. We learned that a host can cache DNS records it recently obtained. To see these cached records, provide the following command:

ipconfig /displaydns

Each entry shows the remaining Time to Live (TTL) in seconds. To clear the cache, enter

ipconfig /flushdns

Note: Ubuntu does not include DNS caching by default.

Flushing the DNS cache clears all entries and reloads the entries from the hosts file.
Let’s first capture the DNS packets that are generated by ordinary Websurfing activity.

• Use ipconfigto empty the DNS cache in your host. (For windows users)
• Open your browser and empty your browser cache. (With Internet Explorer, go to Tools menu and select Internet Options; then in the General tab select Delete Files.)
• Open Wiresharkand enter “ip.addr == your_IP_address” into the filter, where you obtain
• your_IP_address (the IP address for the computer on which you are running Wireshark) with ipconfig (or ifconfig). This filter removes all packets that neither originate nor are destined to your host.
• Start packet capture in Wireshark.
• With your browser, visit the Web page: http://www.ietf.org
• Stop packet capture.

Answer the following questions:

3. Locate the DNS query and response messages. Are they sent over UDP or TCP? Provide a screen shot.

4. What is the destination port for the DNS query message? What is the source port of DNS response message? Provide a screen shot.

6. To what IP address is the DNS query message sent? Use ipconfigto determine the IP address of your local DNS server. Are these two IP addresses the same?

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

8. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?

10. This web page contains images. Before retrieving each image, does your host issue new DNS queries?

Now let’s play with nslookup.

• Start packet capture.
• Do an nslookupon www.udc.edu
• Stop packet capture.

11. What is the destination port for the DNS query message? What is the source port of DNS response message?

12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?

13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

14. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?

15. Provide a screenshot.

Now repeat the previous experiment, but instead issue the command:
nslookup –type=NS udc.edu

Answer the following questions

16. To what IP address is the DNS query message sent? Is this the IP address of your defaultlocal DNS server?

17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

18. Examine the DNS response message. What UDC name servers does the response message provide? Does this response message also provide the IP addresses of the UDC name servers?

19. Provide a screenshot.

Submission:
Use fonts no smaller than 11 points. Use a single-column format.

Create your written submission using a word processor and submit your written solution as a single Adobe Acrobat PDF file (preferred), Microsoft Word file, or PostScript file.

Due: Feb 3 2014

ihttp://www.cse.nd.edu/~cpoellab/teaching/cse30264/Wireshark_INTRO.pdf

 

Leave a Reply

Your email address will not be published. Required fields are marked *