DNS

I. Nslookup:
1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of
that server?

2. Run nslookup to determine the authoritative DNS servers for a university in Europe.

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the
mail servers for Yahoo! mail. What is its IP address?
II. Trace-file
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
Sent over UDP( User Datagram Protocol)

5. What is the destination port for the DNS query message? What is the source port of DNS
response message?
Src port: 51255 Dst Port: 53

6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP
address of your local DNS server. Are these two IP addresses the same?
Dst IP address: 192.168.224.191
IP od Local DNS server: 192.168.224.191
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?

8. Examine the DNS response message. How many “answers” are provided? What do each
of these answers contain?

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP
address of the SYN packet correspond to any of the IP addresses provided in the DNS
response message?
 10. This web page contains images. Before retrieving each image, does your host issue
new DNS queries?

III. Nslookup Trace-files

9.What is the destination port for the DNS query message? What is the source port of DNS
response message?
Dst port: 53
Src port: 53

12. To what IP address is the DNS query message sent? Is this the IP address of your default
local DNS server?
Ip address: 192.168.224.191

13. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?
Contains only 1 question, type is A
Query message contains no answers

14. Examine the DNS response message. How many “answers” are provided? What do each
of these answers contain?
15. Provide a screenshot.

16. To what IP address is the DNS query message sent? Is this the IP address of your default
local DNS server?
Yes, all request to local dns server

17. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?
No, query does not contain any answers, its type is Authoritative name server

18. Examine the DNS response message. What MIT nameservers does the response message
provide? Does this response message also provide the IP addresses of the MIT namesers?

19. Provide a screenshot.

 20. To what IP address is the DNS query message sent? Is this the IP address of your default
local DNS server? If not, what does the IP address correspond to?

IP address where DNS query message sent-192.168.231.224 (www. bitsy.mit.edu)

IP address where DNS query message sent-18.0.72.3 (www.aiit.or.kr)

21. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?

Type: AAAA, match a domain name to IPV6 address (same as A type)

22. Examine the DNS response message. How many “answers” are provided? What does
each of these answers contain?
0 RRs

IV. User Datagram Protocol (UDP)

1.Select one UDP packet from your trace. From this packet, determine how many fields there
are in the UDP header. (You shouldn’t look in the textbook! Answer these questions directly
from what you observe in the packet trace.) Name these fields.
2. By consulting the displayed information in Wireshark’s packet content field for this packet,
determine the length (in bytes) of each of the UDP header fields.

Total 8 Bytes of data for header

Payload=29 bytes

3. The value in the Length field is the length of what? (You can consult the text for this
answer). Verify your claim with your captured UDP packet.
The value of the length filed is tha value of the header and the UDP data payload: 37
Bytes( payload=29 bytes and header=8 bytes)
 4. What is the maximum number of bytes that can be included in a UDP payload? (Hint: the
answer to this question can be determined by your answer to 2. above)
Maximum size of payload= Maximum size of Length field-20 (IPV4 header)-8(UDP header)

5. What is the largest possible source port number? (Hint: see the hint in 4.)
Largest possible source port number is 2^16 i.e 65535

6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal
notation. To answer this question, you’ll need to look into the Protocol field of the IP
datagram containing this UDP segment (see Figure 4.13 in the text, and the discussion of IP
header fields).

7. Examine a pair of UDP packets in which your host sends the first UDP packet and the
second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in
response to a first packet, the sender of the first packet should be the destination of the
second packet). Describe the relationship between the port numbers in the two packets.

Source and destination ports get interchanged in response and request

V. Transmission Control Protocol

1. What is the IP address and TCP port number used by the client computer (source) that is
transferring the file to gaia.cs.umass.edu? To answer this question, it’s probably easiest to
select an HTTP message and explore the details of the TCP packet used to carry this HTTP
message, using the “details of the selected packet header window” (refer to Figure 2 in the
“Getting Started with Wireshark” Lab if you’re uncertain about the Wireshark windows.
 2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and
receiving TCP segments for this connection? If you have been able to create your own trace,
answer the following question:

3. What is the IP address and TCP port number used by your client computer (source) to
transfer the file to gaia.cs.umass.edu?

4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP
connection between the client computer and gaia.cs.umass.edu? What is it in the segment
that identifies the segment as a SYN segment?
 5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the
client computer in reply to the SYN? What is the value of the Acknowledgement field in the
SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the
segment that identifies the segment as a SYNACK segment?

6. What is the sequence number of the TCP segment containing the HTTP POST command?
Note that in order to find the POST command, you’ll need to dig into the packet content field
at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA
field.
7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP
connection. What are the sequence numbers of the first six segments in the TCP connection
(including the segment containing the HTTP POST)? At what time was each segment sent?
When was the ACK for each segment received? Given the difference between when each
TCP segment was sent, and when its acknowledgement was received, what is the RTT value
for each of the six segments? What is the EstimatedRTT value (see Section 3.5.3, page 242 in
text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to
the measured RTT for the first segment, and then is computed using the EstimatedRTT
equation on page 242 for all subsequent segments. Note: Wireshark has a nice feature that
allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the
“listing of captured packets” window that is being sent from the client to the
gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph- >Round Trip Time
Graph.
Sequence Number (raw): 3706328342
Time:0.0

Sequence Number (raw): 3706328996

[Time since first frame in this TCP stream: 0.001075000 seconds]
[Time since previous frame in this TCP stream: 0.001075000 seconds]
8. What is the length of each of the first six TCP segments?

9. What is the minimum amount of available buffer space advertised at the received for the
entire trace? Does the lack of receiver buffer space ever throttle the sender?

NO, sender is not throttled

10. Are there any retransmitted segments in the trace file? What did you check for (in the
trace) in order to answer this question?

No, repeated sequence number shows retransmission

11. How much data does the receiver typically acknowledge in an ACK? Can you identify
cases where the receiver is ACKing every other received segment (see Table 3.2 on page 250
in the text).
12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain
how you calculated this value.

13.Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number

versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can
you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance
takes over? Comment on ways in which the measured data differs from the idealized
behavior of TCP that we’ve studied in the text.
14. Answer each of two questions above for the trace that you have gathered when you
transferred a file from your computer to gaia.cs.umass.edu