Expand Internet Protocol Version 4 to view IP details.You can use ipconfig /all and arp -a to confirm. The destination should be either your local DNS server's MAC address or your default gateway's MAC address and the source should be your MAC address. Observe the Destination and Source fields.Expand Ethernet II to view Ethernet details.Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Domain Name System (query) frame. Observe the packet details in the middle Wireshark packet details pane.Select the DNS packet labeled Standard query A en.To view only DNS traffic, type udp.port = 53 (lower case) in the Filter box and press Enter. Observe the traffic captured in the top Wireshark packet list pane.Notice there is an entry in the cache for en.Īctivity 2 - Analyze DNS Query Traffic Notice the only records currently displayed come from the hosts file. Type ipconfig /displaydns and press Enter to display the DNS cache. ![]() Type ipconfig /flushdns and press Enter to clear the DNS cache.YouTube: Wireshark 101: The Domain Name System, HakTip 129Īctivity 1 - Capture DNS Traffic.These activities will show you how to use Wireshark to capture and analyze Domain Name System (DNS) traffic. Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |