计网实验DNSDataEncapsulationandFrameExamination.docx
- 文档编号:13021786
- 上传时间:2023-06-10
- 格式:DOCX
- 页数:11
- 大小:487.44KB
计网实验DNSDataEncapsulationandFrameExamination.docx
《计网实验DNSDataEncapsulationandFrameExamination.docx》由会员分享,可在线阅读,更多相关《计网实验DNSDataEncapsulationandFrameExamination.docx(11页珍藏版)》请在冰点文库上搜索。
计网实验DNSDataEncapsulationandFrameExamination
ComputernetowrksLabs
DNS,DataEncapsulationandFrameExamination
DNS,DataEncapsulationandFrameExamination
LearningObjectives
Atcompletionofthislab,youwillbeableto:
1.UseWiresharktocaptureandanalyzeDNSmessage
2.UnderstandhowDNSworks
3.usenslookupandipconfigcommands
4.ExplaintheheaderfieldsinanEthernetIIframe.
5.understanddataencapsulation
6.ReportandFeedbackonthislab
Answerallquestionswithsupportingscreenshots.Pleasefillinthefollowingfeedbackformandappendittothereport.Yourfeedbackisvaluabletoussothatwecanimprovethislab,andmakethecoursewelcome.
Foreachtask,pleaseratethefollowinginthescaleof1through5:
∙Thedegreeofdifficulty:
1=tooeasy;5=toodifficult
∙Thelearningexperience:
1=learnednothing;5=learnedalot
∙Yourinterest:
1=nointerest;5=highinterest
∙Timeusedforthetask:
inminutes
Task
Difficulty(1—5)
Learning(1—5)
Interest(1—5)
Time(min)
Task0
Task1
Task2
Task3
Task4
Yoursuggestion/comment:
Background
Whenupperlayerprotocolscommunicatewitheachother,dataatthesendinghost flowsdowntheTCP/IPprotocollayersandisencapsulatedintoaprotocoldataunitatlowerlayer,andfinallyencapsulatedinaLayer2frame.Forexample,DNSmessageisoftentransportedbyUDPprotocolonlayer4.SoDNSmessageatthesendinghostisencapsulatedinaUDPsegment; theUDPsegmentisthenencapsulatedinanIPpacket,andtheIPpacketisencapsulatedfinallyinalayer2frame.Theframecompositionisdependentonthemediaaccesstype,orthenetwork.Forexample,ifthemediaaccessisEthernet,thentheLayer2frameencapsulationwillbeEthernetII.
Whenlearningaboutdataencapsulationandprotocoloperations,itishelpfultoanalyzetheheaderinformationfoundintheprotocoldataunits.TheDNSprotocoloperation,ipconfigcommand,andEthernetIIframeheaderwillbeexaminedinthislab.EthernetIIframescansupportvariousupperlayerprotocols.
Formorebackgroundinformation,pleasereadthelectures02,04-05,10,11.
Tasks
Task0 ProtocolLayersandDataEncapsulation
AswehavediscussedinLecture02,Internetisinter-connectednetworksbasedonTCP/IPprotocols.Readtheslidesortextbooktolearnhowdatagoesthroughprotocollayersandhowdataisencapsulatedintheprotocoldataunits.Thereareconventionalnamesfortheprotocoldataunitsfordifferentlayerprotocols.
Question1. Whatarenamesfortheprotocoldataunits(PDUs)forlayer4,layer3,andlayer2protocolsinTCP/IPreferencemodelbyfillingthefollowform:
nameforPDUoflayer4protocols:
segment
nameforPDUoflayer3protocol:
packet
nameforPDUoflayer2protocol:
frame
Task1 DNSandnslookup
Aswediscussed,IPaddressisusedtoidentifyahostuniquelyontheInternet.ButIPaddressisnotuser-friendlyandthatiswhydomainnamewasintroduced.TheDomainNameSystem(DNS)translateshostnamestoIPaddresses,providingacriticalroleintheInternetinfrastructure.
Inthistask,wepracticethenslookuptool,whichisavailablebothinLinux/UnixandMSWindows.TorunnslookupinMSWindows,youneedtoopenthecommandlinewindowbystartingthecommand"cmd.exe". Withnslookup,youcanqueryanyspecifiedDNSserver(bydefault,yourlocalconfiguredDNSserver)foraDNSrecord.Toaccomplishthistask,nslookupsendsaDNSquerytothespecifiedDNSserver,receivesaDNSreplyfromthatsameDNSserver,anddisplaystheresult.
Typethecommand"nslookup www.MIT.edu",andcapturetheoutput,asIdidandshowedbelow:
Question2:
WhatistheDNSserverIPaddressthatisusedtoqueryandfindIPaddressforwww.MIT.edu?
AndIPaddressforwww.MIT.edu?
Typethecommand“nslookup-type=NS”,andcapturetheoutput,asIdidandshowedbelow:
Question3:
WhataredomainnameserversforandtheirIPaddresses?
Typethecommand“nslookup”,andcapturetheoutput,asIdidandshowedbelow:
Question4:
WhichDNSserverisusedtoqueryandfornameresolution?
YoucanalsousenslookuptofindthemappingfromIPaddressestothehostnames.Typethecommands“nslookup192.168.156.101”and“nslookup”,andcapturetheoutput,asIdidandshowedbelow:
Question5:
Canahosthavemultiplehostnames?
WhatistheIPaddressformoodle.tec.hkr.se?
HowmanynamesdoyoufindforthisIPaddress?
Task2DNSandipconfig
ipconfig(forWindows)andifconfig(forLinux/Unix,interfaceconfiguration)areamongthemostusefultoolsfordebuggingnetworkissues.
ipconfigcanbeusedtoshowyourcurrentTCP/IPinformation,includingyouraddress,DNSserveraddresses,adapter(networkinterfacecard)typeandsoon.Forexample,ifyouwanttofindallthisinformationaboutyourhost,simplyenterthecommand“ipconfig/all”inthecommandline.
Readmoreon“usingipconfig”at
Question6:
WhatistheIPaddressforyourcomputer,andwhatisthelocalDNSserverIPaddress?
答:
IP:
192.168.1.143
DNS:
210.32.32.10 210.32.32.11
ipconfigisalsoveryusefulformanagingtheDNSinformationstoredinyourhost.Toimprovethenetworkingperformance,ahostcancacheDNSrecordsitrecentlyobtained.Toviewthesecachedrecords,youcanusethecommand“ipconfig/displaydns”.EachentryshowstheremainingTimetoLive(TTL)inseconds.Toclearthecache,enterthecommand“ipconfig/flushdns”.FlushingtheDNScacheclearsallentriesandreloadstheentriesfromthehostsfile.
Task3DNSProtocolAnalysiswithWireShark
NowitistimetocaptureDNSprotocoldataanddotheanalysiswithWireShark.FollowthestepstocapturetheDNSpackets:
∙closeallotherInternetapplicationstoreducethecaptureddata
∙startawebbrowser
∙useipconfigtoemptytheDNScacheinyourcomputer
∙startWireSharkprogram,andenterthedisplayfilter“ip.addr==192.168.0.100anddns”,wheretheIPaddress192.168.0.100shouldbetheIPaddressforyourcomputer.Youfinditinquestion6.
∙StartpacketcaptureinWireShark
∙Entertheurladdresshttp:
//www.ietf.orgtoyourwebbrowsertoviewthepage.
∙Stopthepacketcapture.
Igotthefollowingscreenshotforthisoperation:
Answerthefollowingquestions:
Question7:
LocatetheDNSqueryandresponseforresolvingwww.ietf.org.AretheysentoverUDPorTCP?
UDP
Question8:
WhatisthedestinationportfortheDNSquerymessage?
Whatisthesourceport
ofDNSresponsemessage?
Destination:
210.32.32.10
Source:
192.168.1.143
Question9:
TowhatIPaddressistheDNSquerymessagesent?
UseipconfigtodeterminetheIPaddressofyourlocalDNSserver.ArethesetwoIPaddressesthesame?
IP:
210.32.32.10
same
Question10:
ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?
Doesthe
querymessagecontainany“answers”?
(1) The “Type”of DNS query is A。
(2) No
Question11:
ExaminetheDNSresponsemessage.Howmany“answers”areprovided?
What
doeachoftheseanswerscontain?
(1)The “answers”is 0;
(2) 无
Task4EthernetFrameExamination
TheformatforanEthernetframeisshownbelow:
ForinfoonMACaddresses,readslide26(Lecture10).ForfindingNICmanufacturer,usetheonlineserverat.
InWireSharkwiththecapturedDNSpacketsdoneinthelasttask,expandtheframeinformation,asyoucouldseemyexample:
ItshowsthatdatacontainedintheEthernetframeisanIPpacket;thedatacontainedintheIPpacketisaUDPsegment,anddataintheUDPsegmentisDNSmessage!
Thetotalframelengthis72bytes(excludingCRCparitybits).
FortheEthernetframecontainingDNSquerymessageforresolvingwww.ietf.org,answerthefollowingquestions:
Question12:
WhatisthedestinationMACaddress?
WhatisitsNICmanufacturer,andwhatistheNICserialnumber?
MAC address:
9c:
21:
6a:
6a:
b6:
ac
NIC manufacturer:
9c:
21:
6a
NIC serial number:
6a:
b6:
ac
Question13:
WhatisthesourceMACaddress?
WhatisitsNICmanufacturer,andwhatistheNICserialnumber?
MAC address:
60:
36:
dd:
9a:
be:
88
NIC manufacturer:
60:
36:
dd
NIC serial number:
9a:
be:
88
Question14:
whatisthevalueinthetypefield?
Whatdoesthisvaluemean?
MAC(Media Access Control,介质访问控制)地址,也叫硬件地址,长度是48比特(6字节),由16进制的数字组成,分为前24位和后24位:
前24位(也就是前3个字节)叫做组织唯一标志符(Organizationally Unique Identifier,即OUI),是由IEEE的注册管理机构给不同厂家分配的代码,区分了不同的厂家。
后24(后三个字节)位是由厂家自己分配的,称为扩展标识符。
同一个厂家生产的网卡中MAC地址后24位是不同的。
Now,changethedisplayfilterto“arp”inWireShark,sothatonlyARPpacketsaredisplayed,forexample,Igot:
LocateabroadcastARPmessage,andexaminetheEthernetframeheader,answerthequestions:
Question15:
WhatisthedestinationMACaddress?
Isthisaddressspecial?
Whatdoesitmean?
TargetMACaddress:
00:
00:
00:
00:
00:
00
The address is special,all number is 0.
All 0 refers to the local network, is broadcast packets .
Question16:
WhatisthesourceMACaddress?
WhatisitsNICmanufacturer,andwhatistheNICserialnumber?
Isitauni-castaddress?
Why?
All 0 refers to the local network, is broadcast packets .
(1)
MAC:
64:
76:
ba:
a6:
b0:
e8
(2)
NIC manufacturer:
64:
76:
ba NIC serial number:
a6:
b0:
e8
(3)
IEEE 802.3规定:
以太网的第48bit用于表示这个地址是组播地址还是单播地址。
如果这一位是0,表示此MAC地址是单播地址,如果这位是1,表示此MAC地址是多播地址。
Question17:
whatisthevalueinthetypefield?
Whatdoesthisvaluemean?
结构ether_header定义了以太网帧首部;结构arphdr定义了其后的5个字段,其信息
用于在任何类型的介质上传送ARP请求和回答;ether_arp结构除了包含arphdr结构外,
还包含源主机和目的主机的地址。
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 实验 DNSDataEncapsulationandFrameExamination