7. Wireshark & DNS

Packet Level Analysis of DNS Queries

3d97e26c92e9c5d36c977964b5337131.png

A DNS query is sent from the client and the DNS response comes from the DNS server.DNS query and response messages are sent over UDP.

Wireshark Output

Here we can see that DNS is using UDP and asking for freefortskins[.]com and in return it gets an A record (IP address) of the site.

4747d95110b6b1414149eeaa0769b4bf.png

If we expand the DNS packets, we can see that they come in two varieties, Standard Query as and a Standard Query Response.

b1004339546035bfe1789dac7235fd09.png

13c0b30e2190d4e2ade0964b357d0cb2.png