So now let’s analyze!
Please note that we will be able to trace traffic running on IP address 192.168.0.2 which belongs to the CLIENT and this traffic includes tracing the commands we entered in the Command Prompt using Wireshark in the previous page.
In this case, however, we are interested in only looking at DNS traffic. Therefore, we type DNS in Wireshark’s Filter Box and click apply. Now let’s look at Wireshark’s results to see what happened:
Wow! What does that all mean? I am glad you asked! 🙂
Frame 1350 appeared right after you typed the ping server command in the command prompt and frame 1353 appeared as the response.
The ping command when followed by a Target Name will send echo request messages to the Target Name. In this case, the Target Name is “server”. Therefore, the command ping server, will initiate an echo request from CLIENT to a DNS server.
In the middle pane, we can dig deeper into Frame 1350 and trace how our ping reached the DNS Server. Right away we can see that the UDP protocol and the Destination Port 53 were used.
For this example, the DNS server role is only available in SERVER, therefore, CLIENT will query the DNS server in SERVER using UDP port 53. CLIENT will ask the DNS server to return us the IP address associated to CLIENT.
You can see this IP address by looking at the Server Manager and navigating to the DNS server record.
(Click image below to enlarge and open in new tab)
As a result the ping server command on the CLIENT device queried the DNS server in the SERVER device and looked up at the server record using the UDP protocol port 53, DNS returned the IP address 192.168.0.1 in the Forward Lookup Zones folder back to the command prompt on the CLIENT device
Are you curious how we can manipulate devices names and ip addresses? Click Next to find out….