I start a capture with no other applications running on my machine other than chrome and Wireshark, and then I start a capture with Wireshark. And go to a website for about 20 seconds. How can I look at the DNS queries all sent in the capture time?
So for any given website, I need to find the
DNS resolved ip address
DNS server ip (I believe this is the destination ip)
DNS server port
Just enter the word dns in the filter field... simple as that
see more here
Related
I've got a cheap openvz Ubuntu vps and i'm trying to run my own dns server on it for learning purpose.
The dns server works fine in localhost (on the vps through ssh), i can query it using dig google.com #127.0.0.1 and i get the expected result (which is not the IP of google.com but a custom one).
When i try to query the dns server from outside the vps, using the same command, I do get a reply but the IP is not what I expect (it's an actual google.com IP).
After further investigation I found out my dns server is not receiving/sending packets when the query is done from outside the vps. So the answer is sent by something else, it seems like inbound packets with destination port 53 are deviated, they do not even reach my dns server.
I tried to query my dns server, still from outside, but this time while the VPS was SHUTDOWN. Magically i got a reply from god knows who.
Changing port from 53 to 54 everything works perfectly.
The problem is i need it to use port 53.
I don't have iptables rules nor any other firewall doing something related to port 53
I also tried to query some other random vps, from different hosting providers, seems like everyone has a dns server running! Why does everyone reply?
Of course i asked technical support, that's what they said:
Hello,
Sorry but we don't do "software" technical support on VPS.
We deliver the hosting and the operating systems, customers that order VPS are their own admins, and have to know how to manage a linux server.
We don't block any port on our side.
Best regards,
Support
Mybe your dns server is bound to the loopback interface only (so it's only listening on localhost). You can check the current service ports used (udp for DNS) using netstat and filter (grep) udp port used
netstat -an | grep ":53"
Also you can test the same dns query using the nslookup command, and checking the dns server ip that answer your dns query, in the result output:
nslookup google.com [dns_server_ip]
Also test it without dns_server_ip to check if there is a default nameserver when the specified nameserver is not responding.
Problem solved, it's my ISP intercepting and replying to dns queries.
I can do dig google.com #1.2.3.4 and i get a reply :D
Who wants to know more about this:
ISP Intercepting DNS Lookups
I am the proud owner of my very first server(registered with GoDaddy).
This machine, like most, has an IP. Let's pretend my server IP is 255.255.255.255.
I wish to host multiple servers on this tower: Minecraft, TeamSpeak, Feed the Beast, Garry's Mod, and my website. (Don't worry, I don't get much traffic.)
What I would like is a setup as such:
-------------------------------------------------------
|Service |Subdomain |Actual IP |
-------------------------------------------------------
|Website |digiduncan.com |255.255.255.255:80 |
|Minecraft |mc.digiduncan.com |255.255.255.255:25565|
|FTB |ftb.digiduncan.com |255.255.255.255:9001 |
|TeamSpeak |ts3.digiduncan.com |255.255.255.255:9987 |
|Garrys Mod|gmod.digiduncan.com |255.255.255.255:27015|
-------------------------------------------------------
How would I do this with DNS, or other GoDaddy domain manager options?
BLUF: You can't manipulate port traffic like that through DNS
As far as I know, you can not do this with DNS. DNS is for name to ip mapping. To specify a port like you are trying to do, that happens on the application that are trying to connect to your server. For example, someone connecting to your minecraft server would have to know to connect on port 25565 at that IP address (which can be set on the minecraft client connecting in). If you are going to want to do this through DNS, then you are going to have to have multiple IP addresses (which I'm assuming you are not wanting to do this).
I'm not a boundary device guy but maybe, MAYBE some kind of port redirection on your end with your firewall to your server (network firewall, not host) based on the provided URL. Or have a web service on the server to create a connection back to the client based on URL provide. Just spit balling here. I'm not sure how that would (if it would) work.
So, I am using CloudFlare at the moment for my DNS records. I have my team speak server A-Record at ts.servername.net and pointing to my ip 100.100.100.100, and all my other A-Records are pointing to exactly where they should be and activated.
They were working previously but all of a sudden for the last week or so, we have had to use our IPv4 ts server ip in order to connect instead of our server name, why is it doing this even though everything is setup and was already working?
I would recommend opening a support ticket with specific details & we can help.
Please note that we can only proxy web traffic records going over certain ports like 80 and 443.
I have a question in Cisco Packet Tracer.
I have a Router and a Dns server and my Config from Dns is blocked. How can I start the DNS server using the Router?
ip dns server ... doesn't work
Thank you
Unfortunately Cisco Packet Tracer does not support command "ip dns server" hence you can not use Router like Dns server.
All supported commands you can see in Program_Root_Dir\help\default\index.html or push a question mark in the program.
First, you need to attach "WIC 1ENET" in Router to connect it with DNS server
Second, you need an IP address in DNS server For example (192.168.3.2)
Third, enter Gateway like this (192.168.3.1), and DNS server (192.168.3.2)
fourth, Enter the DNS server and go to Services and enter Name and address like this Figure, and then ADD.
Finally, Go to the end Host (PC), then Desktop and then IP Configuration, and Enter the DNS server (192.168.3.2).
I hope that's helpful for you to understand and make it work.
You need enable any routing protocol and add the network where is the DNS Server.
I've been developing locally on a little ubuntu netbook with xampp for about 7 months. Two weeks ago I got a computer I'd like to use as a server. I've installed the latest Ubuntu distribution and xampp, moved all my files over, and forwarded port 80. I've also got a domain name from dyndns.com which is being updated by a client which runs in my router (a Netgear WGR6154 v8).
Now, when I try to access my server by typing in the address I got from dyndns.com the browser loads until it timesout. I can access everything locally using localhost as the address so I believe xampp is running, just unable to connect with the internet.
In order to be able to view my files over the internet what should I do next?
Thanks to all in advance...
[I'm starting a bounty for the first person to help me get my files successfully online]
You have a combination of issues here, and that is something of a problem. Each issue is complex in an of itself. Here is what I would recommend to get you going for certain.
First verify that you can surf the web from your server. This will confirm that you have a working ethernet interface.
Step 1 make sure that XAMPP, and your files are viewable from your home network. I assume you are using something like 192.168.1.X for your network and perhaps your server is 192.168.1.10
Go to another computer in your house and type http://192.168.1.10/ and see if you can see your files. If you can then you know that the server is properly configured and XAMPP is working.
Then add an entry to your hosts file to resolve yourdnsrecord.com (or whatever your dyndns record is) to your private ip address. Then when you type yourdnsrecord.com into a browser from that computer you should still get your files. This will rule out your server being improperly configured to listen for that domain name.
Next you need to test to see if there is a firewall problem. To simplify this, first remove your home router from the equation. Instead, place your new server directly onto your internet connection. (assuming you can). This way, you do not need to have NAT or firewalls properly configured. Your dyndns name should map to a public IP and your server should then have that IP and be connected directly to the Internet. If you have your server directly connected, and the command ifconfig from the root prompt returns the same public IP address that your dynamic dns record is point to, then it should work.
It will make your life easier if you have an iphone or some other way to test how your network is seen from the Internet.
If your public IP as shown by ifconfig is different than the IP record in your dyndns account, then your dynamic dns update script is broken. manually set the IP, and see if things work.
It is very possible that this will not work. Some ISPs firewall port 80 preventing their subscribers from hosting servers. Once you have your server directly connected to the internet you can test this (even if your dns is not working) by using the public IP address. As root, type ifconfig from the command prompt to get your public ip address. Then type the command tcpdump -i eth? port 80 from the root prompt. eth? needs to be the same interface that you saw had a public IP address from the ifconfig command. usually this is eth0 but it might be wire0 or something like that.
This command will show you all traffic coming on port 80 to your server.
From an iphone (or whatever second Internet connection you have) browse to the IP address that you got from your ifconfig command. If you see something on your server (and it is directly connected to your ISP) then your ISP is not firewalling you.
If you can get to your server, when it is directly connected to the Internet, either by IP address or by DynDNS address, then your ISP is OK and it is time to debug your firewall.
Two things need to work for your firewall to be configured NAT, where the public address that your router gets from your ISP is converted into your private network and a firewall rule which permits that traffic. If you get this far, then you know your firewall is the problem and then it is just a matter of getting its configuration correct. There are far to many home routers to document here, but you usually can find how-to instructions for your router for this task from the manufacturers website (usually it is part of the manual)
If you follow these instructions exactly you will get your system working. Make comments on the process and I will be happy to modify this to make it clearer.
HTH,
-FT
You should make sure your xampp is not listening to only the localhost.
to do so edit your apache configuration file and check and search for Listen directive
you should be able to know also by analysing the output of netstat -a.
After that make sure your router is forwarding properly, using tcpdump would help.
drop me a comment if you need more help.
Cheers