DNS协议抓包分析

Wireshark抓包

    只需通过浏览器访问一个网页,然后在Wireshark里过滤DNS协议。

解析解析

    DNS有两种报文,分别是查询报文和回答报文。它们的格式相同。

查询数据包
Domain Name System (query)
Transaction ID: 0xfe27
Flags: 0x0100 Standard query
0… … … … = Response: Message is a query
.000 0… … … = Opcode: Standard query (0)
… …0. … … = Truncated: Message is not truncated
… …1 … … = Recursion desired: Do query recursively
… … .0… … = Z: reserved (0)
… … …0 … = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
mrchen.love: type A, class IN
Name: mrchen.love
[Name Length: 11]
[Label Count: 2]
Type: A (Host Address) (1)
Class: IN (0x0001)
[Response In: 1767]

    事务ID(Transaction ID)字段由客户端设置,由服务器返回;QR位为0代表是查询消息;操作码 0000 代表正常查询;TC位为1表示没有截断;RD位为1表示期望递归查询;AD位为0代表包含的信息没有授权。只有一个查询段:请求的域名为mrchen.love,域名类型为A(主机类型),地址类型为IN(互联网地址)。


回答报文
Domain Name System (response)
Transaction ID: 0xfe27
Flags: 0x8180 Standard query response, No error
1… … … … = Response: Message is a response
.000 0… … … = Opcode: Standard query (0)
… .0… … … = Authoritative: Server is not an authority for domain
… …0. … … = Truncated: Message is not truncated
… …1 … … = Recursion desired: Do query recursively
… … 1… … = Recursion available: Server can do recursive queries
… … .0… … = Z: reserved (0)
… … …0. … = Answer authenticated: Answer/authority portion was not authenticated by the server
… … …0 … = Non-authenticated data: Unacceptable
… … … 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 5
Authority RRs: 0
Additional RRs: 0
Queries
Answers
mrchen.love: type CNAME, class IN, cname doubletongtong.github.io
Name: mrchen.love
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 14400
Data length: 26
CNAME: doubletongtong.github.io
doubletongtong.github.io: type A, class IN, addr 185.199.109.153
doubletongtong.github.io: type A, class IN, addr 185.199.111.153
doubletongtong.github.io: type A, class IN, addr 185.199.110.153
doubletongtong.github.io: type A, class IN, addr 185.199.108.153
[Request In: 804]
[Time: 0.419012000 seconds]

    服务器返回的事务ID与查询的事务ID相对应;AA位(Authoritative answer)为0,表示缓存回答;回答数有五条,第一条是一条指定别名域名的记录。

你可能感兴趣的:(网络)