Module 02 - C-Crawford/connor-tj-sys GitHub Wiki

1:

Screenshot 2024-09-08 174227

The highlighted portions of the above screenshot show the protocol, destination address, and destination port.

2: DNS always uses UDP as default, but can use TCP if UDP is unavailable. (ex: A packet is too large for UDP)

3:

dns The above screenshot shows 4 DNS packets. Two from case 1, and two from case 2.

For unknown reasons, pinging the firewall resulted in a number of ICMP packets followed by 2 ARP packets (shown below). As such, there are only 4 DNS packets. arp

4:

auns

The above screenshot shows the authoritative name server for the .edu top level domain.

5:

reply

The highlighted portion of the above screenshot shows the reply code of the case 1 .edu lookup.

6: As case 2 did not produce any DNS packets, I cannot provide this. Here is the answers section from case 3 as a substitute. answers

7:

Screenshot 2024-09-08 174524

The above screenshot shows the source (responding server) as VMware_a1:00:31, and that it is not authoritative.

8:

  • A (Address): Most common type, they take domain names and return their IPv4 address.
  • AAAA: IPv6 equivalent of A.
  • PTR (Pointer): Opposite of A / AAAA. Takes in IPv4 / IPv6 addresses and returns a domain name.
  • CNAME (Canonical Name): Used to redirect users from a similarly named domain to the main domain.
  • NS (Name Server): Gives a list of authoritative name servers that preside over whichever domain you're asking for.
  • TXT (Text): Stores text.
  • MX (Mail Exchanger): Passes along received emails to another mail server.