Experiment 2: DNS and FTP

Experiment Procedure
This lab will use the nslookup, ping. ifcong tools which are available in most Linux/Unix and Microsoft platforms today. To run nslookup, ping in Linux, just type the nslookup command on the command line. To run it in Windows, open the Command Prompt and run nslookup/ping on the command line. The ifcong command under Windows is replaced by ipcong

Domain Name Service (DNS) In its most basic operation, nslookup tool allows the host running the tool to query any specied DNS server for a DNS record. The queried DNS server can be a root DNS server, a top-level-domain DNS server, an authoritative DNS server, or an intermediate DNS server (see the textbook for denitions of these terms). To accomplish this task, nslookup sends a DNS query to the specied DNS server (if not specied, the default server is queried), receives a DNS reply and displays it.
Start up Wireshark software and start sning.Go to the shell and type:

sudo wireshark.
Type the following command:

nslookup met.guc.edu.eg In words, this command is saying please send me the IP address for the host met.guc.edu.eg. The response from this command should provide two pieces of information: the name and IP address of the DNS server that provides the answer; and the answer itself which is the host name and IP address of met.guc.edu.eg.Filter out the DNS packets. Answer the following: 1. What is the destination port for the DNS query message? What is the source port of DNS response message? 2. To what IP address is the DNS query message sent? Determine the IP address of your local DNS server. Are these two IP addresses the same? To determine the address of your local DNS server open the le /etc/resolv.conf (open the shell and type less /etc/resolv.conf 3. Examine the DNS query message. What Type of DNS query is it? 1

4. Describe the process of name resolving. What data is transfered during a DNS-inquiry and what information is sent back by the servername? 5. Describe the DNS response message.Are the answers provided authoritative?Why?
Now take a look at the hierarchical structure of DNS. With the tool dig you can inquiry any DNS server.Type the following:

ssh gucstud@sdf.lonestar.org and enter the password as: HelloGUC. dig guc.edu.eg What are the names of the authoritative name servers of the domain guc.edu.eg?. Are the replies authoritative or non-authoritative?
MX records (Mail Exchanger record) is a type of resource record in the DNS that species a mail server responsible for accepting email messages on a certain domain.To issue a DNS query of type MX type :

dig student.guc.edu.eg mx List the mail servers that accepts the e-mails, that are addreressed to rstname.lastname@student.guc.edu.eg and their corresponding ip-addresses?
A PTR record (sometimes called a host PTR record) is what lets someone do a reverse DNS lookup - that is, they have your IP address and want to know what your host/domain is. At any Unix/Linux command line, you can use dig -x to do a reverse lookup. Use dig to maps the IP address 196.204.161.5 in a domain name (Hint: use dig -x IPAddress).

What is/are the hostname/s of the ipaddress 196.204.161.5. Detailed Analysis of an FTP session
Start wireshark and start sning. Establish an FTP connection to the FTP server of the lab server as follows :

1. Open a shell and type (ftp netwserver). 2. Use anonymous as a username and put your email address as a password. 3. Now load the le called Hello.txt from the server (type get hello.txt. 4. When the download is complete, stop sning.
From the ltered packets use Follow TCPstream to nd: 2

1. The user name and the password you entered. 2. The content of the le.

Hint: To lter the DATA packets of the FTP session, type ftp-data into the diplay lterspecication window at the top of the main wireshark window, then select Apply. And to lter the ftp packets carrying the control info type ftp instead
How does the ftp transmission look like?