1 Assigned 12th Sep 2022 Due 22nd Sept 2022 University of Missouri – St. Louis Department Computer Science (Fall 2021: CMP_SCI 4730) Lab Assignment 2A Max Points: XXXXXXXXXX) Lab assignment based on...

see attachment


1 Assigned 12th Sep 2022 Due 22nd Sept 2022 University of Missouri – St. Louis Department Computer Science (Fall 2021: CMP_SCI 4730) Lab Assignment 2A Max Points: 70 (20+20+30) Lab assignment based on Application Layer protocols 1. This exercise involves querying the specified DNS servers and obtaining the resource records using nslookup tool. NSlookup (Name Server lookup): Description: This command can be used to display information about the Domain Name System (DNS). Improperly configured or missing DNS (Domain Name Service) records are a common cause of Internet routing issues. NSLookup is a utility for evaluating whether DNS records are properly configured. This utility can be used to query DNS servers and get DNS resource records. It can be used both on Unix/Windows platforms from command line. It works in both interactive and non-interactive modes. The latter is useful when issuing different types of DNS queries for information about various hosts and domains. Study the details with >nslookup/help (Windows) or >man nslookup (Mac). Experiment with this command and answer the following questions. Exercises: i) Explain different types of DNS records, in one sentence each. ii) Give the general syntax of the nslookup command. iii) If no –type option is specified in the command, then which type of DNS is queried by default? iv) A canonical name (CNAME) record gives the true name of a server as against the alias that is easier to remember. Find the canonical name of www.microsoft.com. Also, give the canonical name and the name and address of the server that provided the answer? v) Query www.microsoft.com with type MX. What is the canonical name of the mail server? Was the answer authoritative? What does it mean? vi) Look up www.fcc.gov. If you get a non-authoritative answer, explain what it means. vii) Nslookup www.cisco.com and cisco.com for default DNS records. What is the difference in the output of the two queries? viii) To what IP address is the DNS query message sent in part vi)? Is this the IP address of your default local DNS server? ix) Find NS record of www.google.com. How may DNSs are listed? What are their IPv4 and IPv6 addresses? 2 x) Use Google server 8.8.8.8 to query DNS record of www.microsoft.com. Provide a screenshot of the output. 2. This exercise involves use of Wireshark analytical tool to analyze DNS functionality. Information on Wireshark display filters Display filters can be used to filter out packets for display. They do not alter the capture properties. Some useful examples are: ip.addr == 192.168.1.51 displays all packets where the source or destination address is 192.168.1.51 ip.src == 192.168.1.51 displays all packets for all destinations where the source address is 192.168.1.51 ip.dst == 192.168.1.51 displays all packets destined for 192.168.1.51 from any source address. ip.addr in {10.0.0.5 .. 10.0.0.9} displays all packets in the range of ip addresses given tcp.port == 80 display http or port 80 traffic tcp.port in {80 443 8080} displays all packets with any of the mentioned tcp ports. tcp.port == 80 and ip.src == 192.168.1.51 the ‘and’ operator can be used to narrow the search dns only packets of dns protocol are displayed dns.flags.recavail == 1 if recursive search is available for DNS query dns.flags.rcode == 0 if there is no error in the DNS query response http.request.method == "GET" to display all packets containing GET method http contains https://www.umsl.edu searches for a given url If you click find a packet option on the main toolbar, you can use string search to locate packets with a string of characters in any of the fields (For more details, please see Wireshark man pages https://www.wireshark.org/docs/man-pages/wireshark-filter.html) Answer the following questions a) Download/clone the DNS_Lab.pcap file from https://github.com/lgyn6/4730 repository. Double click the file to open it in Wireshark and answer the following questions: i) Locate the DNS standard query to sdc.itu.int (use string search). Which transport protocol does it use and what is the source and destination port numbers. The destination port shown is one of the standard ports. What is the normally used for? https://www.umsl.edu/ https://github.com/lgyn6/4730 3 ii) Double click on the response number in the DNS Query. How many answer RRs can you see in the response packet? How much time it has taken to get this response? Is the response coming from the port number to which query was sent? What are the answers? iii) Locate the DNS query to www.itu.int and check the IP address. Find the city of this address through ‘who is’ look up tool from IANA. iv) From the response to the query in iii) give all the DNS addresses returned. v) Which DNS has been queried in line 2362? What is the type of DNS in the response and what is its IP address? b) Run Wireshark. Start packet capture. On your browser type www.itu.int and click the ‘about’ menu option. Wait a few seconds and stop capture. Answer the following: i) What is your IP address? You can find this by using ifconfig (Mac) or ipconfig (Windows) on the command window. You can also crosscheck from https://whatismyipaddress.com/ or network setting. Submit one relevant snapshot. ii) In Wireshark, filter the packets that are originating or arriving in your computer by using ip.addr== your_IP_address. Take a snapshot of the window and submit. iii) Look at any of the DNS packets. Which transport protocol do they use? iv) Locate the response of the DNS query. Where does the response come from? (hint: use whois IP address lookup) v) In which layer do you find the destination and source port numbers? Click the corresponding tab and give these numbers. Submit a snapshot. vi) Look at the response. How many answers are provided? What are these? vii) How much time has the response taken? viii) Select any DNS record and from the details find whether recursive query method was allowed. ix) Select a DNS response packet. In the DNS tab in the packet details pane, right click on the response time and add it as a column. Now you can see all the DNS response times in the column. Change the name of the column to DNS_Time. Submit a snapshot x) Access a few random websites while capturing packets in Wireshark. In the DNS responses you will find a Reply code (rcode) flag set to 0, if there is no DNS error. Do you have any responses where this code is not 0 i.e. there is a DNS error? What is the ‘rcode’ value and type of error? [If you do not have any erroneous DNS record download the DNSerror.pcap file from https://github.com/lgyn6/4730 and answer these questions based on the records in that file] http://www.itu.int/ https://whatismyipaddress.com/ https://github.com/lgyn6/4730