• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

DNS域名解析抓包分析


JieGe

Recommended Posts

  • Members

一、抓包

场景:本机向域名服务器查找connc.gj.qq.com的域名

本机IP地址:192.168.3.139

本地DNS服务器IP地址:192.168.3.1

wireshark抓包

737467-20210215170345493-1648891932.png

可以看到使用了DNS协议

二、包数据分析

2.1 request分析

737467-20210215170725852-1828110199.png

首先看到传输层的协议使用了UDP,并且使用DNS的默认端口号53

DNS的query节点携带了要查询的域名(connc.gj.qq.com)

下图展示了flags节点

737467-20210215171020911-1988973845.png

可以看到设置了recursion desired字段,设置为1,do query recursively代表递归查询,意思是要求请求的域名服务器一次性递归查出最终的ip地址。

2.2 response分析

737467-20210215174656446-1872898455.png

在同时返回了queries节点的同时,返回了Answers节点,answers节点主要包含域名对应的ip信息。

737467-20210215174805803-1056968327.png

可以看到总共返回了5个ip地址可用。

再来看看flags节点

737467-20210215174949224-307832096.png

server can do recursive queries。代表dns服务器支持递归查询。

DNS工作原理

 
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now