How to catch DNS packages

How to catch DNS packages

DNS packages are transferred from the user's computer to the DNS server and back, providing the correct comparison of the domain address of the website and its IP address. It is possible to intercept and analyze these packages by means of special programs.

It is required to you

  • - Wireshark program.


1. When the user gathers a domain name of a resource in the browser, information on it on the UDP protocol goes to the DNS server. The server looks for in the IP-adres base, corresponding to the domain, finds it and returns to the browser. After that the browser connects to the found IP address. Thus, the DNS server acts as a peculiar address bureau, providing comparison of domains and the IP addresses.

2. This scheme has one shortcoming: it is rather vulnerable. Namely, the DNS package has rather defective means of identification, unlike a TCP package. It means that such package can be changed by another. As a result of nothing not suspecting user gathers one address, and gets on absolutely another. Knowledge of the mechanism of interception allows to undertake also measures of counteraction to it, increasing safety of use of the Internet.

3. As interception and the analysis of others DNS packages is illegal action, it is the best of all to train on the computer. For the analysis of traffic you need the remarkable Wireshark program, you can download it from the website of vendor. Having downloaded the program, install it and start. Find the Capture point in the menu – Interfaces. The window with information on your network interface card will appear. Put a birdie in the left corner and click Start.

4. You started the analysis of network traffic. Open the browser and pass to some address. In a Wireshark program window you will see the list of all packages of the indication of their protocols. For convenience of a line are highlighted in the different colors. DNS packages will be marked in the blue color. Click with a mouse a line of any package – in the lower part of the screen information on it and also its contents in 16-richny coding will appear. You can analyze this package, change, supplement, etc. For a stop of the analysis of traffic open Capture again – Interfaces and click Stop.

Author: «MirrorInfo» Dream Team