Hello ladies and gentlemen, welcome back to the Part 2 of our UDP & Wireshark adventure as I promised. Last time we discussed about what DNS is and how it uses UDP as its transport protocol but we left some unexplained parts behind and I'm about to investigate those with you. I would advice you to go back to Part 1 so you can have a clear understanding in case you don't feel comfortable with the topic.
So our computer made its request to the DNS server and asked "Hey, I want to find out what is the IP address for hmpg.net.forthnet.lan?" Wait what? Where did that come from? I typed in the DNS prompt hmpg.net , right? Why on earth did it do that? Well, if I go back to my terminal and type ipconfig /all there is some info about the "DNS Suffix".
One of the things you can do with DNS is to assign to computers a default DNS Suffix. Suffix, where does that go, at the end, right? That would allow somebody to say, if they assign the forthnet.lan or whatever suffix, "I want to ping server". Then it's going to automatically ping server.forthnet.lan. Maybe that's my DNS domain that I have for my house or something like that. So immediately when I try to ping hmpg.net or any website domain our computer says "Well, I'm going to try and look up hmpg.net.forthnet.lan" and the DNS replies "I don't know about hmpg.net.forthnet.lan, there's no such name." as you can see on the picture.
Let's see the communication as a whole. So our computer says "Who is hmpg.net.forthnet.lan?", DNS replies "No such thing.". Did you notice the "A" in the A hmpg.net.forthnet.lan? That's our computer asking for an A record. In DNS language that's the address. Our computer comes back and says "Oh well, I would like an AAAA record for hmpg.forthnet.lan. Do you know what that is now?" and DNS replies "No such name.". So what's the different between A and AAAA you may be asking. The A record is looking for the IPv4 address of hmpg.net.forthnet.lan, while the AAAA record is actually the IPv6 address. Since our computer didn't get an answer for the IPv4 address, it thought "That didn't go well, maybe the webpage is on TCP/IPv6.".
Our computer keeps asking, but this time it's asking "Ok, do you have an A(IPv4) record(address) for hmpg.net?" and DNS replies "Actually, I do!".
Let's go back to the bad boy Wireshark. I'll go back to the capture file, select the 35th packet as shown in the picture above and expand the Domain Name System(response);
You can see the "Queries" section showing our query/request for an A record for hmpg.net and the answer from the DNS server being the IP address of hmpg.net.
Do you see how Wireshark can be really handy? With Wireshark you can have a full in-depth look about what's going on behind the scenes and explore all kinds of communications across the network. What I want you to do now is play around with Wireshark. Install it, type the commands ipconfig /all and see your MAC address, your DNS server, your LAN IP. Type nslookup in the command promt, change the primary DNS server and filter your network traffic with it.
That's been it for now. With this part we finish our discussion about UDP. I hope the Wireshark demo made you excited and helped you understand more than just the UDP concept. I hope the article has been informative for you and I would like to thank you for taking the time to read it. Have an amazing day and stay awesome.
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: