Wireshark數據包分析之DNS協議包解讀

*此篇博客僅作爲個人筆記和學習參考

DNS協議包格式

DNS資源記錄類型

DNS數據包分析(查詢)

Domain Name System (query)
[Response In: 16]
Transaction ID: 0x0002 #DNS ID號#
Flags: 0x0100 Standard query #標誌#
0... .... .... .... = Response: Message is a query ##響應信息,該值爲0,表示一個DNS查詢
.000 0... .... .... = Opcode: Standard query (0) #操作代碼#
.... ..0. .... .... = Truncated: Message is not truncated #截斷#
.... ...1 .... .... = Recursion desired: Do query recursively #期望遞歸#
.... .... .0.. .... = Z: reserved (0) #保留#
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1 #問題計數#
Answer RRs: 0 #回答計數#
Authority RRs: 0 #域名服務器計數#
Additional RRs: 0 #額外計數#
Queries
www.baidu.com: type A, class IN
Name: www.baidu.com #請求的域名#
Type: A (Host Address) (1) #域名類型#
Class: IN (0x0001) #地址類型#

DNS數據包分析(響應)

Domain Name System (response)
[Request In: 15]
[Time: 0.003787000 seconds] #響應時間#
Transaction ID: 0x0002 #DNS ID號#
Flags: 0x8180 Standard query response, No error #標誌#
1... .... .... .... = Response: Message is a response #響應信息,該值爲1,所以這是DNS響應#
.000 0... .... .... = Opcode: Standard query (0) #操作碼#
.... .0.. .... .... = Authoritative: Server is not an authority for domain #權威應答#
.... ..0. .... .... = Truncated: Message is not truncated #截斷#
.... ...1 .... .... = Recursion desired: Do query recursively #期望遞歸#
.... .... 1... .... = Recursion available: Server can do recursive queries #可用遞歸#
.... .... .0.. .... = Z: reserved (0) #保留#
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0) #響應代碼#
Questions: 1 #問題計數#
Answer RRs: 3 #回答計數#
Authority RRs: 5 #域名服務器計數#
Additional RRs: 5 #額外記錄計數#
Queries #問題#
www.baidu.com: type A, class IN
Name: www.baidu.com #請求的域名#
Type: A (Host Address) (1) #域名類型#
Class: IN (0x0001) #請求類型#
Answers #回答#
www.baidu.com: type CNAME, class IN, cname www.a.shifen.com
www.a.shifen.com: type A, class IN, addr 119.75.217.109
www.a.shifen.com: type A, class IN, addr 119.75.218.70
Authoritative nameservers #權威名稱服務器#
a.shifen.com: type NS, class IN, ns ns2.a.shifen.com
a.shifen.com: type NS, class IN, ns ns4.a.shifen.com
a.shifen.com: type NS, class IN, ns ns1.a.shifen.com
a.shifen.com: type NS, class IN, ns ns3.a.shifen.com
a.shifen.com: type NS, class IN, ns ns5.a.shifen.com
Additional records #附加記錄#
ns4.a.shifen.com: type A, class IN, addr 115.239.210.176
ns1.a.shifen.com: type A, class IN, addr 61.135.165.224
ns3.a.shifen.com: type A, class IN, addr 61.135.162.215
ns5.a.shifen.com: type A, class IN, addr 119.75.222.17
ns2.a.shifen.com: type A, class IN, addr 180.149.133.241