Scribd
Upload
24 views53 pages

Wireshark 1

The document details a series of experiments conducted by Bhavesh Prajapati as part of a Computer Networks course, focusing on packet analysis using Wireshark. It includes tasks such as capturing HTTP packets, analyzing GET requests and responses, and identifying IP and MAC addresses. The document also discusses the use of display filters and the significance of HTTP status codes and headers.

Uploaded by

Danny Prajapati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views53 pages

Wireshark 1

The document details a series of experiments conducted by Bhavesh Prajapati as part of a Computer Networks course, focusing on packet analysis using Wireshark. It includes tasks such as capturing HTTP packets, analyzing GET requests and responses, and identifying IP and MAC addresses. The document also discusses the use of display filters and the significance of HTTP status codes and headers.

Uploaded by

Danny Prajapati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 53

Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Experiment – 1
1. List up to IO different protocols that appear in the protocol column in the unfiltered packet

listing window.

1 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was
received? (By default, the value of the Time column in the packet listing window is the
amount of time, in seconds, since Wireshark tracing began. To display the Time field in
timeof-day format, select the Wireshark View pull down menu, then select Time Display
Format, then select Time-of-day. For now you don’t need to understand HTTP GET and OK,
but reading the textbook may be helpful if you are curious on how they work.).
> 0.161 sec

2 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

3. What is the Internet address of the www.google.com? What is the Internet address of your
computer? Include a screenshot and describe where you got the data to answer this
question

PRIVATE ADDRESS :- 172.20.10.2

PUBLIC ADDRESS :- 2409:40c1:35:6a90:1555:6e0d:63f8:1c83

4. Provide a screenshot showing http protocol only with Wireshark running on your computer.

5. How many packets did you capture (total of all protocols, not just HTTP)? Now, use display
filters to determine how many packets contain your ip address (hint: Use ip.addr instead of
the clumsy ip.src or ip.dst format). What is this filter you used? Now, reverse the filter to

3 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

determine how many packets don’t contain your ip address. See any problems here? If not,
you've already figured out the point of this question, so explain how you did so. If so, how
can this problem be fixed? What are the appropriate display filters to use? How does
Wireshark warn you of such a problem?

1. PACKETS:-18924

2. PACKETS :-6468/20054(32.3%)

3. PACKETS :-224/20170(1.1%)

Now, use display filters to determine how many packets contain your ip address. What is this filter
you used?

4 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Now, reverse the filter to determine how many packets don’t contain your ip address.

6. Use your newly acquired Wireshark skills to capture the process when your browser loads
the front page of INI's website (i.e. http://www.ini.cmu.edu). How many packets did you
capture? Were all of them HTTP? How many HTTP requests did you make? Were all the
replies "200 OK"? Did you find anything else interesting? Please ensure you have examined
this packet capture in detail, using appropriate Wireshark functionality. Please include screen
captures where you think they are necessary.

5 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

How many HTTP requests did you make? Were all the replies "200 OK"? Did you find anything else
interesting?

1 request on device all were “200 ok” on wifi enabled devices,it was 301 moved Permanently.

It was interesting to find out the source port was 56327.

6 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

7 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

8 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

9 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

7. What is the IP address of your computer? Of the gtu.ac.in server?

8. What HTTP version is your browser running? What version of HTTP is the server running?

10 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Request version = 1.1


Response version = 1.1

11 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

9. What is the status code and phrase returned from the server to your browser?
Status code: 200
Response Phrase: OK

10. What languages does your browser indicate to the server that it can accept? Which header
line is used to indicate this information?

12 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

11. When was the HTML-file, that you have retrieved, last modified at the server? Which header
line is used to indicate this information?

13 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

12. How many bytes of content (size of file) are returned to your browser? Which header line
is used to indicate this information?

13. We know that most web browsers perform object caching and thus perform the
conditional GET when retrieving HTTP objects. Before performing the steps below, make sure
that your browser’s cache is empty.

14 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

14. Start up your web browser, and make sure your browser’s cache is cleared.
15. Start up the Wireshark packet sniffer, and make sure that “http” is in the displayfilter, so
that only captured HTTP messages will be displayed in the packet-list pane.
16. Enter the following URL into your browser:
http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html Your browser should
display a very simple HTML file.
17. Quickly enter the same URL into your browser again (or simply select the refresh button
on your browser).
18. Stop Wireshark packet capture

19. Inspect the contents of the first HTTP GET request from your browser to the server. Is
there an “IF-MODIFIED-SINCE” header line in the HTTP GET message? Why or why not?

15 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

It is not present in first request because it loads the webpage for the first time, but for the next
time, it will try to check if the last requested webpage was modified and only load the new one if
some changes were detected.

Here’s the screenshot of second request:

20. Inspect the contents of the server response. Has the server explicitly returned the contents of the
file? How can you tell?

16 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Yes, the server has returned the content of HTTP-wireshark-file2.html file which can be confirmed by
the Content-Type: text/html header.

21. Now inspect the contents of the second HTTP GET request from your browser to the server. Is
there an “IF-MODIFIED-SINCE:” header line in the HTTP GET message? If so, what information follows
the “IF-MODIFIED-SINCE:” header line?

It indicates that the server should return new file only if it was modified after the given date & time
which is 25th Feb 6:58 pm GMT in this case.

22. What is the HTTP status code and phrase returned from the server in response to this second
HTTP GET? Has the server explicitly returned the contents of the file? Explain.

17 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

23. How many HTTP GET request messages has your browser sent? Which packet in the trace
contains the request for the Bill of Rights?

24. Which packet in the trace contains the status code and phrase associated with the response to
the HTTP GET request? What is the status code and phrase in the response?

-> The following packet contains the response from gaia.cs.umass.edu to my local PC DESKTOP-
0UI17VP.LOCAL
The STATUS CODE is 200 and RESPONSE PHRASE is OK.

18 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

25. How many TCP segments are needed to carry the single HTTP response and the text of the Bill of
Rights? What is the number of bytes (of the text) in each segment?

19 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Experiment – 2
1. Start up the Wireshark program (select an interface and press start to capture packets).

2. Start up your favorite browser.

3. In your browser, go to Gujarat Technological University homepage by typing www.gtu.ac.in

4. After your browser has displayed the http://https://svgu.ac.inpage, stop Wireshark packet capture
by selecting stop in the Wireshark capture window. This will cause the Wireshark capture window to
disappear and the main Wireshark window to display all packets captured since you began packet
capture, new window will appear:

20 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

5. Color Coding: You’ll probably see packets highlighted in green, blue, and black. Wireshark uses
colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is
DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example,
they could have been delivered out-of-order.

->DNS

->TCP

->TCP(BLACK)

->UDP

21 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

6. You now have live packet data that contains all protocol messages exchanged between your
computer and other network entities! However, as you will notice the HTTP messages are not clearly
shown because there are many other packets included in the packet capture. Even though the only
action you took was to open your browser, there are many other programs in your computer that
communicate via the network in the background. To filter the connections to the ones we want to
focus on, we have to use the filtering functionality of Wireshark by typing “http” in the filtering field,
new window will appaer:

Notice that we now view only the packets that are of protocol HTTP. However, we also still do not
have the exact communication we want to focus on because using HTTP as a filter is not descriptive
enough to allow us to find our connection to http://www.gtu.ac.in. We need to be more precise if we
want to capture the correct set of packets.

-> IP_ADDRESS :- 3.108.72.164

-> http.host :- gtu.ac.in

22 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

-> ip.addr == 3.108.72.164 || http.host == "gtu.ac.in"

7. To further filter packets in Wireshark, we need to use a more precise filter. By setting the
http.host==https://svgu.ac.in or http.host==www.facebook.com , we are restricting the view to
packets that have as an http host the www.gtu.ac.in website or www.facebook.comweb site. Notice
that we need two equal signs to perform the match “==” not just one. new screenshot will appear.

->http.host == facebook.com || http.host == svgu.ac.in

23 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

8. Discuss http GET and RESPONSE.

HTTP GET Request:

The HTTP GET method is one of the most commonly used methods in HTTP (Hypertext
Transfer Protocol) for requesting data from a server. When a client (like a browser) sends a

24 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

GET request, it asks the server to send back specific information. It doesn't modify the data
or have any side effects; it’s all about retrieving data.

GET / HTTP/1.1

HOST:gtu.ac.in

HTTP Response:-
Status Line: This includes the HTTP version, a status code, and a status message.

Headers: Headers provide metadata about the response, such as content type, caching instructions,
or server information.

25 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Body: The actual content of the response, which can be HTML, JSON, an image, or any other type of
data, depending on the request. For a GET request for a webpage.

26 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Experiment – 3
1. Count the total number of HTTP GET requests.

2. The first HTTP GET request was sent by the client to access the................. webpage

->HOST_ADDRESS :- 172.20.10.2

->REQUEST WEBPAGE :- http://gtu.ac.in/

27 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

3. What server software is running on the server side ?

4. How much time elapsed between the first HTTP GET request from client and the HTTP
response (OK) from server?

28 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

5. Identify the source and destination ports used to transfer the first HTTP GET request.

SOURCE PORT :- 57781 and DESTINATION PORT :- 80

6. Identify the client and server ip address in the first HTTP GET request?

-> CLIENT IP_ADDRESS :- 172.20.10.2


-> DESTINATION IP ADRESS :- 3.108.0.139

7. Identify the client and server MAC address in the first HTTP GET request?
->CLIENT’S MAC ADDRESS :- 90-0F-0C-DA-87-35
->SERVER’S MAC ADRESS :- FE-9C-A7-A3-03-64

29 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Experiment – 4
1. Use the filtering functionality of Wireshark by typing “dns” in the filtering field, new window
will appear:

2. Let’s try now to find out what are those packets contain by following one of the
conversations (also called network flows), select one of the packets and press the right
mouse button, you should see another screen appear:

30 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

3. Click on Follow UDP Stream, and then you will see another screen showing content gtu.ac.in

4. If we close this window and change the filter back to “http.host==www.gtu.ac.in” and then
follow a packet from the list of packets that match that filter, we should get the something
similar to the following screens. Note that we click on Follow TCP Stream this time.

31 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

5. Locate the DNS Query and Response message, Are they sent on UDP or TCP

-> Some are for UDP and others are for TCP

6. What is the destination port for the DNS query message ? What is the source port of DNS response
message?

-> The Destination Port of DNS Query is 53

32 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

The Source Port of DNS Response is also 53 (since it’s coming from the same server)

8. To what IP address is the DNS query message sent ? Is this the IP address of your default local
DNS server ? Use ipconfig to determine the IP address of your local DNS server. Are these
two IP address the same ?

33 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

8. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
It’s a type A Standard Query and it doesn’t contain any answers.

9. Examine the DNS response message. How many “answers” are provided? What do each of
these answers contain?

34 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

-> There are two answers, each one with a different IP address (3.108.72.164 and 3.108.0.139)

10. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of
the SYN packet correspond to any of the IP addresses provided in the DNS response message?

-> Yes, the TCP SYN packet is sent to the first IP address that was received as DNS response message.

35 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

11. Why does DNS use UDP?

>> This is referring to the advantages of certain protocols or technologies, such as


HTTP/2 or serverless architectures, which do not require a handshake before sending a
response and are stateless, making them faster and more scalable. Here is a new
sentence:
These characteristics are particularly beneficial in high-traffic environments where
speed and efficiency are crucial for maintaining user satisfaction and system reliability.

Experiment – 5
Start packet capture
Do an nslookup on www.sandesh.com
At Command prompt > Nslookup www.sandesh.com
Stop packet capture
Filter : ip.address== IP address of sandesh.com
We see from the screenshot that nslookup actually sent certain number of DNS queries and received
certain number of DNS responses too. Ignose the first few sets of queries/response, as they are
specific to nslookup and are not normally generated by standard Internet applications. You should
instead focus on the last query and response message. And find:

36 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

1. What is the destination port for the DNS query message ? What is the source port of of DNS
response message?

-> Destination port of DNS query message is 53 and source port of DNS response is also 53 (since
they represent the same server)

37 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

2. To what IP address is the DNS query message sent ? Is this the IP address of your default local
DNS server ?

-> It’s sent to fe80:fc9c:a7ff:fea3:364 which is the IP address of my local router functioning as a
DNS server.

38 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

3. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?

-> It is an AAAA type DNS query. It doesn’t contains any answers since it’s a request to the server.

4. Examine the DNS response message. How many “answers” are provided? What does each of these
answers contain?

-> There are 3 answers provided by the DNS server. Each answer contains a unique IP address
corresponding to each server.

39 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Repeat the following steps:


Start packet capture
At Command prompt > Nslookup –type=NS www.sandesh.com
Stop packet capture
Filter : ip.address == IP address of sandesh.com
Also you can enter: ip.addr==IP address of sandesh.com && tcp.port==53 or 502 (TCP Ethernet
device)

-> No response was sent from Sandesh.com’s server directly, the NS query was resolved locally by my
local DNS server (my router).

40 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

1. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS
server?

-> It is sent to fe80:fc9c:a7ff:fea3:364 which is my default local DNS server.

2. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?

41 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

-> The “Type” of DNS query is NS (Name Server).


No answers were found in the query message.

3. Examine the DNS response message. What does sandesh.com name servers response message
provide? Does this response message also provide the IP addresses of the Sandesh name servers?

-> The response message contained the following details:

● Name: sandesh.com
● Type: SOA (6) (Start Of a zone of Authority)
● Class: IN (0x0001)
● Time to live: 1800 (30 minutes)
● Data length: 49
● Primary name server: ernest.ns.cloudflare.com (Master Name Server – MNAME)
● Responsible authority's mailbox: dns.cloudflare.com
● Serial Number: 2365947894
● Refresh Interval: 10000 (2 hours, 46 minutes, 40 seconds)
● Retry Interval: 2400 (40 minutes)
● Expire limit: 604800 (7 days)
● Minimum TTL: 1800 (30 minutes)

It did not provide the IP addresses of Sandesh Name Servers.

42 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Experiment – 6
1. Start up your favorite web browser, which will display your selected homepage.

2. If you are using a proxy (especially a host-based one), disable it if possible to examine uncached
network traffic.

3. Also better to clear browser cache, cookies if you have previously displayed this page.

43 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

4. You may need to disable anti-virus protection software before your own IP address will show up in
captured data.

5. Start up the Wireshark software, select the Capture pull down menu and select Interfaces.

6. Here we will be using nslookup tool, which is available in most Linux/Unix and Microsoft platforms
today.

7. nslookup tool allows the host running the tool to query any specified DNS server for a DNS record.
8. The queried DNS server can be a root DNS server, a top-level-domain DNS server, an authoritative
DNS server, or an intermediate DNS server. To accomplish this task, nslookup sends a DNS query to
the specified DNS server, receives a DNS reply from that same DNS server, and displays the result.

9. Command Run 1: nslookup www.gtu.ac.in or www.facebook.com or www.google.comnslookup


www.gtu.ac.in, here this command tells please send me the IP address for the host www.gtu.ac.in
the response from this command provides two pieces of information: (1) the name and IP address of
the DNS server that provides the answer; and (2) the answer itself, which is the host name and IP
address of www.gtu.ac.in. response came from the local DNS server; it is quite possible that this local
DNS server iteratively contacted several other DNS servers to get the answer

10. Command Run 2 : nslookup –type =NS www.facebook.com or type nslookup –type =NS
www.gtu.ac.in, here provided the option “-type=NS” and the domain “facebook.com” or “gtu.ac.in”.
This causes nslookup to send a query for a type-NS record to the default local DNS server. In words,
the query is saying, “please send me the host names of the authoritative DNS for facebook.com,
gtu.ac.in

44 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

11. ipconfig (for Windows) and ifconfig (for Linux/Unix) command show your current TCP/IP
information, including your address, DNS server addresses, adapter type and so on.

45 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

12. Ipconfig /all

46 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

13. we learned that a host can cache DNS records it recently obtained. To see these cached records,
after the prompt C:\> provide the following command: ipconfig /displaydns Each entry shows the
remaining Time to Live (TTL) in seconds. To clear the cache, enter ipconfig /flushdns Flushing the DNS
cache clears all entries and reloads the entries from the hosts file.

47 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

Experiment – 7
1. filter packets in Wireshark http.host==www.facebook.com

2. Now, we can try another protocol. Let’s use Domain Name System (DNS) protocol as an example
here.

3. Tracing DNS with Wireshark

Now that we are familiar with nslookup and ipconfig, we’re ready to get down to some serious
business.

Let’s first capture the DNS packets that are generated by ordinary Web-surfing activity.

● Use ipconfig to empty the DNS cache in your host.

48 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

● Open your browser and empty your browser cache. (With Internet Explorer, go to Tools
menu and select Internet Options; then in the General tab select Delete Files.)

● Open Wireshark and enter “ip.addr == your_IP_address” e.g. ip.addr==192.168.0.81 into the
filter, where you obtain your_IP_address with ipconfig. This filter removes all packets that
neither originate nor are destined to your host.

● Start packet capture in Wireshark.


● With your browser, visit the Web page: http://www.ietf.org
● Stop packet capture
● Stop packet capture.

4. Locate the DNS query and response messages. Are then sent over UDP or TCP?

-> DNS Query and Response messages are sent over TCP

5. What is the destination port for the DNS query message? What is the source port of DNS response
message?

-> Destination port for DNS query message is 53. Source port of DNS response is 53.

49 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of
your local DNS server. Are these two IP addresses the same?

-> DNS Query message is sent to 172.20.10.1 which is the same address as that of my local DNS
server.

50 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?

-> The Type of DNS query was “AAAA”. The query message doesn’t contain any “answers” since it’s a
request to the server.

8. Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?

-> There are 2 answers provided. Each answer contains a unique IP address pointing to the server.

51 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

52 | Page
Computer Networks (2321101124) SVG University, MCA Department
Name: Bhavesh Prajapati Enrollment No: 24CI2110074

53 | Page
Computer Networks (2321101124) SVG University, MCA Department

You might also like