Explore DNS Response Traffic

Wireshark is an open source packet capture and analysis tool. Wireshark gives a detailed breakdown of the network protocol stack. Wireshark allows you to filter traffic for network troubleshooting, investigate security issues, and analyze network protocols. Because Wireshark allows you to view the packet details, it can be used as a reconnaissance tool for an attacker.
In this lab, you will install Wireshark on a Windows system and use Wireshark to filter for DNS packets and view the details of both DNS query and response packets.
Required Resources
? 1 Windows PC with Internet access and Wireshark installed
Instructor Note: Using a packet sniffer such as Wireshark may be considered a breach of the security policy of the school. It is recommended that permission is obtained before running Wireshark for this lab. If using a packet sniffer such as Wireshark is an issue,

a. Select the corresponding response DNS packet labeled Standard query response
0x000# A www.cisco.com.

What are the source and destination MAC and IP addresses and port numbers? How
do they compare to the addresses in the DNS query packets?
The source IP, MAC address, and port number in the query packet are now destination
addresses. The destination IP, MAC address, and port number in the query packet are
now source addresses.
b. Expand Domain Name System (response). Then expand the Flags, Queries, and
Answers.
c. Observe the results. Can the DNS server do recursive queries?
Yes, the DNS can handle recursive queries.

d. Observe the CNAME and A records in the Answers details. How do the results compare
to nslookup results?
The results in the Wireshark should be the same as the results from nslookup in the
Command Prompt.