杭 州 電 子 科 技 大 學實 驗 報 告學生姓名：金雨鑫 學 號：12081220 指導教師：吳端坡 實驗地點：第1教研樓108 實驗時間：第10~12

杭 州 電 子 科 技 大 學

實 驗 報 告

學生姓名：金雨鑫 學 號：12081220 指導教師：吳端坡 實驗地點：第1教研樓108 實驗時間：第10~12節(jié)

一、實驗室名稱： 計算機通信與網絡實驗室

二、實驗項目名稱：DNS, Data Encapsulation and Frame

三、實驗學時：3學時

四、 實驗原理：

1. 什么是DNS(域名系統(tǒng)) ？

DNS （Domain Name System，域名系統(tǒng)），因特網上作為域名和IP 地址相互映射的一個分布式數據庫，能夠使用戶更方便的訪問互聯網，而不用去記住能夠被機器直接讀取的IP 數串。通過主機名，最終得到該主機名對應的IP 地址的過程叫做域名解析（或主機名解析）。DNS 協議運行在UDP 協議之上，使用端口號53。在RFC 文檔中RFC 2181對DNS 有規(guī)范說明，RFC 2136對DNS 的動態(tài)更新進行說明，RFC 2308對DNS 查詢的反向緩存進行說明。

2. DNS 有什么功能？

每個IP 地址都可以有一個主機名，主機名由一個或多個字符串組成，字符串之間用小數點隔開。有了主機名，就不要死記硬背每臺IP 設備的IP 地址，只要記住相對直觀有意義的主機名就行了。這就是DNS 協議所要完成的功能。

主機名到IP 地址的映射有兩種方式：

1）靜態(tài)映射，每臺設備上都配置主機到IP 地址的映射，各設備獨立維護自己的映射表，而且只供本設備使用；

2）動態(tài)映射，建立一套域名解析系統(tǒng)（DNS ），只在專門的DNS 服務器上配置主機到IP 地址的映射，網絡上需要使用主機名通信的設備，首先需要到DNS 服務器查詢主機所對應的IP 地址。

通過主機名，最終得到該主機名對應的IP 地址的過程叫做域名解析（或主機名解析）。在解析域名時，可以首先采用靜態(tài)域名解析的方法，如果靜態(tài)域名解析不成功，再采用動態(tài)域名解析的方法?？梢詫⒁恍┏Ｓ玫挠蛎湃腱o態(tài)域名解析表中，這樣可以大大提高域名解析效率。

3. 什么是數據封裝？

數據封裝（Data Encapsulation），籠統(tǒng)地講，就是把業(yè)務數據映射到某個封裝協議的凈荷中，然后填充對應協議的包頭，形成封裝協議的數據包，并完成速率適配。

4.Wireshark （前稱Ethereal ）是一個網絡封包分析軟件。網絡封包分析軟件的功能是擷取網絡封包，并盡可能顯示出最為詳細的網絡封包資料。Wireshark 使用WinPCAP 作為接口，

直接與網卡進行數據報文交換。

五、實驗目的：

1.Use Wireshark to capture and analyze DNS message;

2.Understand how DNS works;

3.Use nslookup and ipconfig commands;

4.Explain the header fields in an Ethernet II frame;

5.Understand data encapsulation;

6.Report and Feedback on this lab.

六、實驗內容：

1.Protocol Layers and Data Encapsulation;

2.DNS and nslookup;

3.DNS and ipconfig;

4.DNS Protocol Analysis with WireShark;

5.Ethernet Frame Examination.

七、實驗器材（設備、元器件）：

PC, Wireshark

八、實驗步驟及結果

Background

When upper layer protocols communicate with each other, data at the sending host flows down the TCP/IP protocol layers and is encapsulated into a protocol data unit at lower layer, and finally encapsulated in a Layer 2 frame. For example, DNS message is often transported by UDP protocol on layer 4. So DNS message at the sending host is encapsulated in a UDP segment; the UDP segment is then encapsulated in an IP packet, and the IP packet is encapsulated finally in a layer 2 frame. The frame composition is dependent on the media access type, or the network. For example, if the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II.

When learning about data encapsulation and protocol operations, it is helpful to analyze the header information found in the protocol data units. The DNS protocol operation, ipconfig command, and Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols.

For more background information, please read the lectures 02, 04-05, 10, 11.

Tasks

Task 0 Protocol Layers and Data Encapsulation

As we have discussed in Lecture 02, Internet is inter-connected networks based on TCP/IP protocols. Read the slides or textbook to learn how data goes through protocol layers and how data is encapsulated in the protocol data units. There are conventional names for the protocol data units for different layer protocols.

Question 1. What are names for the protocol data units (PDUs) for layer 4, layer 3, and layer 2 protocols in TCP/IP reference model by filling the follow form:

name for PDU of layer 4 protocol:

name for PDU of layer 3 protocol:

name for PDU of layer 2 protocol:

Task 1 DNS and nslookup

As we discussed, IP address is used to identify a host uniquely on the Internet. But IP address is not user-friendly and that is why domain name was introduced. The Domain Name System (DNS) translates host names to IP addresses, providing a critical role in the Internet infrastructure.

In this task, we practice the nslookup tool, which is available both in Linux/Unix and MS Windows. To run nslookup in MS Windows, you need to open the command line window by starting the command "cmd.exe". With nslookup, you can query any specified DNS server (by default, your local configured DNS server) for a DNS record. To accomplish this task, nslookup sends a DNS query to the specified DNS server, receives a DNS reply from that same DNS server, and displays the result.

Type the command "nslookup www.MIT.edu", and capture the output, as I did and showed below:

Question 2: What is the DNS server IP address that is used to query and find IP address for ? And IP address for ?

Type the command “nslookup -type=NS hdu.edu.cn”, and capture the output, as I did and showed below:

Question 3: What are domain name servers for hdu.edu.cn and their IP addresses? Type the command “nslookup dns2.hdu.edu.cn”, and capture the output, as I did and showed below:

Question 4: Which DNS server is used to query and for name resolution?

You can also use nslookup to find the mapping from IP addresses to the host names.

Type the commands “nslookup 192.168.156.101” and “nslookup course.comm.hdu.edu.cn”, and capture the output, as I did and showed below:

Question 5: Can a host have multiple host names? What is the IP address for moodle.tec.hkr.se? How many names do you find for this IP address?

答：可以有，IP:194.47.35.25 有且只有moodle.tec.hkr.se

Task 2 DNS and ipconfig

ipconfig (for Windows) and ifconfig (for Linux/Unix, i nter f ace configuration) are among the most useful tools for debugging network issues.

ipconfig can be used to show your current TCP/IP information, including your address, DNS server addresses, adapter (network interface card) type and so on. For example, if you want to find all this information about your host, simply enter the command “ipconfig /all” in the command line.

Read more on “” at .

Question 6: What is the IP address for your computer, and what is the local DNS server IP address?

答

:IP:192.168.1.143

DNS: 210.32.32.10

210.32.32.11

ipconfig is also very useful for managing the DNS information stored in your host. To improve the networking performance, a host can cache DNS records it recently obtained. To view these cached records, you can use the command “ipconfig /displaydns”. Each entry shows the remaining Time to Live (TTL) in seconds. To clear the cache, enter the command “ipconfig /flushdns”. Flushing the DNS cache clears all entries and reloads the entries from the hosts file.

Task 3 DNS Protocol Analysis with WireShark

Now it is time to capture DNS protocol data and do the analysis with WireShark. Follow the steps to capture the DNS packets:

? close all other Internet applications to reduce the captured data

? start a web browser

? use ipconfig to empty the DNS cache in your computer

? start WireShark program, and enter the display filter “ip.addr==192.168.0.100 and dns”, where the IP address 192.168.0.100 should be the IP address for your computer. You find it in question 6.

? Start packet capture in WireShark

? Enter the url address to your web browser to view the page. ? Stop the packet capture.

I got the following screenshot for this operation:

Answer the following questions:

Question 7: Locate the DNS query and response for resolving . Are they sent over UDP or TCP?

答：UDP

Question 8: What is the destination port for the DNS query message? What is the source port

of DNS response message?

答：destination ：

210.32.32.10

Source ：192.168.1.143

Question 9: To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?

IP:210.32.32.10

是一樣的

Question 10: Examine the DNS query message. What “Type” of DNS query is it? Does the

query message contain any “answers”?

(1) The “Type ”of DNS query is A。

(2) No!

Question 11: Examine the DNS response message. How many “answers” are provided? What

do each of these answers contain?

(1) The “answers ”is 0;

(2) 無

Task 4 Ethernet Frame Examination

The format for an Ethernet frame is shown below:

For info on MAC addresses, read slide 26 (Lecture 10). For finding NIC manufacturer, use the online server at

.

In WireShark with the captured DNS packets done in the last task, expand the frame information, as you could see my example:

It shows that data contained in the Ethernet frame is an IP packet; the data contained in

the IP packet is a UDP segment, and data in the UDP segment is DNS message! The total frame length is 72 bytes (excluding CRC parity bits).

For the Ethernet frame containing DNS query message for resolving , answer the following questions:

Question 12: What is the destination MAC address? What is its NIC manufacturer, and what is the NIC serial number?

MAC address: 9c:21:6a:6a:b6:ac

NIC manufacturer：9c:21:6a

NIC serial number: 6a:b6:ac

Question 13: What is the source MAC address? What is its NIC manufacturer, and what is the NIC serial number?

MAC address: 60:36:dd:9a:be:88

NIC manufacturer：60:36:dd

NIC serial number: 9a:be:88

Question 14: what is the value in the type field? What does this value mean?

MAC （Media Access Control ，介質訪問控制）地址，也叫硬件地址，長度是48比特（6字節(jié)），由16進制的數字組成，分為前24位和后24位：

前24位(也就是前3個字節(jié)) 叫做組織唯一標志符（Organizationally Unique Identifier，即OUI ），是由IEEE 的注冊管理機構給不同廠家分配的代碼，區(qū)分了不同的廠家。

后24（后三個字節(jié)）位是由廠家自己分配的，稱為擴展標識符。同一個廠家生產的網卡中MAC 地址后24位是不同的。

Now, change the display filter to “arp” in WireShark, so that only ARP packets are displayed, for example, I got:

Locate a broadcast ARP message, and examine the Ethernet frame header, answer the

questions:

Question 15: What is the destination MAC address? Is this address special? What does it mean?

The address is special,all number is 0.