CompTIA Pentest+ PT0-002 – Section 5: Active Reconnaissance Part 5

45. Wardriving (OBJ 2.2)

Another form of active reconnaissance is known as wardriving. Now, wardriving is specifically focused against wireless networks. Wardriving involves driving around near a facility to detect if there are any wireless networks that you might be able to attack as part of your attack and exploitation phrase. Now often, wardriving was originally done from a car or a vehicle, but we also have something known as war walking, where somebody uses a backpack and can walk around a facility to collect the information about what SSIDs and wireless networks might be around.

Now, the idea is for you to be able to actively search for open wireless access points that could be a way into the building. But in addition to that, you might also find closed or encrypted access points that are in that area, because those may be subject to attack as well depending on what type of encryption they’re using to protect the network. For example, if you find any that are encrypted using WEP, that is very easy to crack and you’ll be able to do that very quickly if you’re conducting a wireless exploitation.

Now in general, wireless networks are much less secure than their wired counterparts. This is changing as wireless networks are becoming more secure all the time including the recent update to WPA3, making them much more secure than they were previously. That said, every time wireless networks are upgraded to a more secure version, attackers and hackers and penetration testers are finding ways to overcome those new protections.

This happened when WEP came out and then WPA and then WPA2, and I’m sure it’s going to happen again with WPA3. That said, wired networks are always going to be more secure than a wireless network, simply because of the fact that a wired network has a physical cable that you’d have to connect into, whereas wireless networks have the data transmitting through the airwaves that anyone can pluck out of the air as long as they have a good antenna and they’re within range.

When you’re conducting wardriving or war walking, your job is to try to find out what access points are in an area, and then show them on a floor plan or other geographical style map. During a wardriving or war walking exercise, you’re going to be looking around for any access points you can find, especially open access points. Often, you’ll come across rogue access points that were put there by an attacker or another penetration tester.

If you find these access points, whether they’re authorized or unauthorized, you should document their location and notify the organization. In addition to this, another thing you’ll be testing for is if the devices themselves have been properly locked down. Some organizations have multiple wireless networks, including a guest network and a business network. That guest network can be used for anybody who is visiting the building. For example, when you go to a coffee shop, there’s usually Wi-Fi in that coffee shop. That is part of their guest network.

Their point of sale system that runs their cast registers may be on a wireless network too, but it’s going to be on a different wireless network that is better protected. Your goal as you conduct wardriving and war walking and a wireless assessment is to verify where those devices are, what type of protections are in place and are they adequately secured? Now, wardriving is not something that is only done by penetration testers.

Attackers do this as well. Oftentimes, attackers will look for open wireless access points that they can use to run their attacks from. That way, if somebody traces back the source of the attack, they’re not finding the attacker’s location, but instead they’re finding yours ’cause it’s your wireless access point. Because of this, there’s actually a website that is dedicated to the mapping and indexing of all the open access points that could be found. It’s known as Wigle, W-I-G-L-E.

Wigle first came on the scene in the early 2000s when WiFi was just starting up, and at the time, WiFi was a very open thing and people didn’t really understand how to secure it. So wardrivers would share the information about all the open access points they found, that way people could use them as free internet when they were out and about, because at that time we didn’t have mobile data on our cell phones to the extent we do today.

Now, Wigle is considered an opensource intelligence tool and you can use it during the reconnaissance phase. One of the things you may want to use Wigle for is to verify if the target organization you’re going to be looking at has already been listed inside of Wigle, because maybe they already have open access points that other people have found and that can become your way into the network during your exploit and attack phase.

Now, when it comes to conducting wardriving and scanning of the networks, you’re going to want to make sure you have a good antenna. And when you look at antennas, they’re going to be classified based on the number of bBi. Now, dBi stands for the decibels per isotropic. This means, how strong is that antenna? How good can it listen and collect information?

If you have a 2 dBi antenna, it is much weaker than having a 5 dBi antenna. Similarly, if you have a 9 dBi antenna, that’s going to be even stronger than a 5 dBi antenna. For example, in my wireless hacking kit, I have a 2 dBi antenna that came with my wireless networking card. I have an additional 5 dBi antenna that I use for mid-range hacking, and then I have a 9 dBi antenna that I use for longer distances.

Now, additionally, think back to your network plus days when you learned about antennas. Antennas can be classified as unidirectional, bidirectional, or omnidirectional. If you have an omnidirectional antenna, which is what most wireless cards are going to have by default, even with a higher dBi, you’re going to get less distance. The reason is you’re having to send out that signal in all directions. If you have a bidirectional antenna or a dipole antenna, you’re only going to be going out in two directions.

And that means you can focus more strength in those two directions. But the best is a directional antenna. If you have a unidirectional antenna, you can look directly at your target organization, focus in on them and get really good distance with an antenna of 5 or 9 dBi. For example, when I’m conducting a wireless penetration test, I’ll often use a 9 dBi antenna using unidirectional mode where I can sit across the street and still access the building without anybody being able to see me.

Another key measurement when you’re talking about a WiFi signal is your SNR, which is your signal to noise ratio. This is simply a measurement of how strong the wireless signal level is in relation to your background noise. If you see you have a very low number for your SNR, meaning you have a weak signal and a high amount of noise, that means you’re going to need a stronger antenna or you’re going to need to get closer to the source of that wireless network. Maybe you’re 500 feet away and you need to be 250 feet away, or you need to move from a 5 dBi antenna to a 9 dBi antenna. These are all things you need to consider as you’re preparing for wireless attacks, especially when you’re doing them at a distance. If you’re doing war walking or wardriving though, you’re going to want to be using an omnidirectional antenna because you won’t know the source of that wireless network as you’re walking around the building, because you don’t know yet where all those access points are.

And by using a omnidirectional antenna, you’ll be able to pick it up from any direction. Finally, one other thing to consider when we’re talking about war walking and wardriving and figuring out what wireless networks there are is to realize that there are more networks out there than just WiFi. For example, at my offices, I have a microwave link that provides our internet. That microwave link uses a parabolic antenna. It has a curved surface with a fixed pattern that points to our internet service provider and connects a point-to-point link between their building and ours to provide us with fast internet speeds because we don’t have fiber optic networks where our office is.

Now, if you are doing an assessment of our organization and you could get between the path of their office and our office, you could collect all of the data going to or from our offices through that microwave link, but you have to be very careful not to break the link completely because then the organization, in this case, us, would notice our internet went down and we’d send somebody to fix it. But when you’re dealing with a microwave link or a satellite link, and both of these are considered wireless wide area networks, they do have a rather large area and you could get an antenna in between the signal and conduct packet capture or packet sniffing of the data being sent.

46. DNS and ARP Analysis (OBJ 2.3)

In this lesson, I’m going to show you how DNS and ARP works so you can understand how to analyze both of these protocols. This is important to understand because as you start doing a lot of your attacks and exploits later on, you need to be able to think through what is going to be happening with DNS and ARP and be able to understand what those things are when you capture things in packet captures, or logs that you’re going to later do analysis on. I’m going to take you a little bit inside of the network and we’re going to use a tool called Packet Tracer from Cisco so we can actually watch the packets and then see exactly what’s going to happen as packets go across the network when we do our DNS resolution to be able to pull up a website. When we go in the environment, you can see on my left side, I have a sample network. I have a client and I have a local DNS server both attached to switch zero.

Then, those attached to that company’s router. That company’s router has a serial connection indicated in red that’s connecting to an internet router and this would usually be shown as a big cloud with a lot of different routers and switches in the real world because the internet’s a big place but in this case, I’m just going to use one router, so I can use that as my sample internet. In that internet router or in that internet cloud, if you will, there’s also a DNS server there. This is the root DNS server. So you think about something like the .com domain or the .net domain, that’s what we’re talking about here. Now off to the right, you’ll see there’s the Dion Training router. Now this is our border gateway router that’s connected to the internet. So when your company tries to access our company, it goes over the internet and goes from your company’s router through a bunch of internet routers and eventually to the Dion Training router. Now the Dion Training router is then connected to our internal switch known as switch one and that has two devices hanging off of it that you can see.

One is at the bottom of the screen called authority.diontraining.com. This is our internal DNS server and then up top, you have server.diontraining.com which is acting as a web server in this example. All right, the first thing I want to show you is that all of these DNS servers right now have empty caches because I haven’t done anything and it’s a brand new network. So if I click in here and go to services, you can see under DNS that I have a couple of records here and under my cache, it is completely empty. If it had something in there, I could clear the cache from here. Next, we’re going to look at the root DNS server and I’m going to look at its DNS cache as well and see that it is also clear. Finally, I want to look at the Dion Training authority DNS server and I’m going to look at that and see again that it’s clear. All right, so what happens when you, as a client, want to go to diontraining.com?

Well, you’re going to go onto your client and you are going to end up hitting desktop and go to your web browser. Just like you would at home, you’d open up Google Chrome or Safari or something like that and we’re just going to type in what we want to go to, in this case, diontraining.com and then hit go. Now, because this is a packet tracer, I’m going to step by step through each and every packet as it moves across the network, you can see when I hit go, two packets showed up, one with that brownish color and one with the green. So what I’m going to do is I’m going to minimize the client right now because it’s going to take a lot of packets going back and forth before we actually see anything in this web browser and I want you to see what I have on the right side of the screen. This is a list of all of the different clients and the different packets going back and forth.

So at time 0.0, you can see there was no last device, but the first device here is at the client. So it created these new packets. We have a DNS packet and an ARP packet. Now, why does this happen? Well, when the client wants to look up something through DNS, what does it do? It first checks its internal DNS cache and here we can see that this one has no internal DNS cache, but we do have a DNS server of 10.0.0.3 that we want to go to. Now, our default gateway is 10.0.0.1 and this particular client, it has an IP address of 10.0.0.2. So when it says, I want to go to diontraining.com, it’s first going to say, hey, I need to look this up in DNS.

So I’m going to go to my DNS server, which is shown here as 10.0.0.3 which is this DNS server down at the bottom of the diagram and you can see here, it’s on fast ethernet zero, it’s link is up and it’s 10.0.0.3/24 which is this particular DNS server but my client doesn’t know where that is yet because it only talks to things using MAC addresses and since I’ve never talked to that DNS server before ’cause this is a brand new network I just created, it doesn’t know where to go. So it’s going to send out an ARP packet and that’s why you see that green ARP packet. Now, as you could expect, that ARP packet is going to go from the MAC address of my client and it’s going to go to F-F-F-F F-F-F-F F-F-F-F which is the broadcast at layer two.

So when that packet goes to the switch which we’re going to see here in a second, what is the switch going to do? It’s going to broadcast it out to everybody. So we see their ARP ARP packet going from the client to the switch. Once it gets to the switch, the switch is going to look at it and it’s going to say, do I know who F-F-F-F F-F-F-F F-F-F-F is, in this case, they do. It knows that it goes to the broadcast. So it’s going to send out every other switchboard it has. In this case, it’s going to go to the company router and the local DNS server. They’re going to receive that and inside that ARP packet, they’re going to see, hey, is this for me? So if I look at this ARP packet, you can see the inside of it is asking, do you know where the 10.0.0.3 address is? And it’s going to say, yes, I do. I’m that guy and so local DNS is going to answer up back to the switch and say, I’m the device you’re looking for.

Now on the company router side, it’s going to look at that and go, you’re looking for 10.0.0.3, that’s not me. I’m a router and I host the 10.0.0.0/24 network but that means I don’t need to take this traffic and pass it outward because it’s in my network. So I’m just going to drop this packet ’cause that’s not really meant for me. All right, once we do that, we’re going to go to the next packet that happens. This time, the DNS server’s going to send the message back to the switch and say, yes, I’m the guy you’re looking for. I am 10.0.0.3 and the switch says, okay, let me tell that back to the client. So the client now knows what the MAC address is for that local DNS server because it reports it inside of that ARP message. Now, the client, when it receives that goes great, now I know who to send my DNS traffic to. So I’m going to create a new DNS message which you can see here in brown and I’m going to send that back to the switch and the switch is going to send it to the DNS server because it knows that MAC address was addressed from the client to the DNS server. At this point, the DNS server looks at it and it has to see what do I do with this message?

So the first thing we’re going to do when we look at that message is we have to check our own DNS records. So as the DNS server, when I see that, I’m going to say, do I know what to do with diontraining.com? So I check my DNS records and here they are. I have two records. I have one for com and one for root. Now the com one is a name server for the .com domain and it says, if you get something that ends in com, go to the root server here on the right. Well, that then looks in the record and says, okay, where is the root server? I have an A record for that and it’s 10.2.0.2. So where is that device? Well, it’s not on this network because that’s a different local area network. So I’m going to have to send this message to my gateway, which is the company router, which will then forward it out to the appropriate network where 10.2.0.2 is.

Now 10.2.0.2 in this example is simulating the top level domain for .com because we don’t own this name, we don’t know where it goes. So we’re going to go to .com and ask them for the authoritative name server for it. All right, 10.2.0.2 is actually going to be this root DNS server right here and you can see right here, it is 10.2.0.2/24 and it is up and available. So we want to get that message over to this server and then we’re going to check our DNS records on this server. So you’re going to watch that brown packet and it’s going to go up to the switch and the switch is then going to send an ARP message out to the company and out to the client because again, nobody knows where 10.2.0.2 is yet.

Now when it gets to the client, the client says that’s not me and drops the message. The router on the other hand says, hey, I know how to get to 10.2.0.2. So I’ll answer up for that and say any local area of traffic that’s destined for that address comes to me and then I’ll forward it using layer three IP addresses out to the internet to get it over there. So it’s going to send that message back to the switch and the switch sees it and then it sends it back to the local DNS server. The local DS service says great, now I know how to get there, I’m going to send all those requests for 10.2.0.2 over to the company router which is my default gateway.

So that’s what’s going to happen. We see that go up. We see it hit the switch and then it goes from the switch over to the company. Now, once it gets to the company router, we need to get that over to the 10.2.0.2 device. So it’s going to look at it and say, not part to my network, let me send it out my default gateway to the internet. So it does that and sends it over to the ISPs router. The ISPs router looks at it and goes, hmm, where is this thing located? And in this case, we have it directly attached to that router. So it’s going to drop that DNS packet and it’s going to change it into an ARP packet ’cause again, we always send things to the final device using layer two, using ethernet and that’s going to require a MAC address and so we have to use ARP to do the IP and MAC address binding. So the internet routers, then you go down to the DNS server, when it hits there, the DNS server says, oh, I know what that is.

That’s me, I’m 10.2.0.2, so it sends that message back to the internet router and the internet router is going to send that message back over to the company router and in turn, they’re going to say, okay, I know how to get there. Now at this point, the local DNS server hasn’t gotten its message over to that final server yet and it’s going to then send it again to the company. So in this case, it’s sends it up to the switch zero, the switch zero to company and now at this point, the company router knows what to do with it. It sends it over to the internet router and the internet router knows what to do with it as well. It’s going to send it down to the root DNS server. So we’re now going to look at that message, which says, hey, where is this address for www.diontraining.com or diontraining.com like we entered in the browser? Now we’re going to look at our DNS records on this server and see if we have one for it.

So as we go here, we look at our DNS records, we can see there’s nothing in its cache and we see three records. First we have an SOA record or a start of authority. Now the start of authority record is going to have these things about it, like saying, when does it expire? When does it refresh? When do you want to retry? What’s the minimum time to live? And all those details. Now this authority record says, who owns the authority name? Now the next one we have is authority.diontraining.com. We have an A record associated with that, which says this address of authority.diontraining.com goes to 10.4.0.2, that is not the same as diontraining.com, it’s not the same as www.diontraining.com. This is a sub-domain called authority and so authority.diontraining.com would be at that servers IP. Now, if we go to the last thing, we do see that there’s diontraining.com there and this is actually a name server record. So who owns all of the diontraining.com name server records?

Well, it’s owned by what we see on the right, which is authority.diontraining.com. So if somebody wants to look up beta.diontraining.com, www.diontraining.com, support.diontraining.com, they’re going to go from this record to that name server at diontraining.com which is located at the authority.diontraining.com or 10.4.0.2. So let’s look and see, where is 10.4.0.2 on this diagram? Well, here it is. It’s authority.diontraining.com and you can see it’s 10.4.0.2. So again, this route DNS server is now going to send the traffic over there and to do that, it’s going to have to do that at layer three. So first we’re going to have to go through the ARP process again because we just found a new IP address that nobody knew of before and we have to figure out where it’s going to be located. So up we go with the DNS to the internet router and then that’s going to get sent over to the next router which is diontraining.com. Now, once it’s there, it’s now going to have to get delivered to that final leg to that server and this is where we have to again, use ARP.

So the routers going to drop that message because it doesn’t know what to do with it and instead it’s going to start sending out the ARP broadcast again. So out goes the broadcast to the switch, the switch then broadcasts it up and it goes to server.diontraining.com, which is my web server and authority.diontraining.com which is my name server. Now, at this case, we were looking for 10.4.0.2 which happened to be the authority.diontraining.com server, so, server.diontraining.com is going to drop that ARP packet and not respond to it because it’s not meant for them. Instead, the DNS server is going to respond back to the switch and say, I’m who you’re looking for and the switch is going to send that back to the router at Dion Training. Now the Dion Training router knows where the authority.diontraining.com server is and it knows how to address it using its MAC address because we just did this ARP broadcast.

So, the next time we get the retransmit of that DNS request, it’s going to go and it’s going to come from the client to the switch. The switch says, I know what to do with that. I’m going to send it over to the DNS server ’cause I always use my local DNS server first. Now my local DNS server is going to check its cache. Again, do we have anything in our cache yet? Let’s take a look. Right now, we don’t because we never got a message back to this server yet to know where the final destination is. So what is it going to do? Well, it’s not in my cache, I’m going to send it to the next higher DNS server which happens to be the root DNS server. So off it goes, it transfers it up to the switch, over to the company router, that’s going to say, and take it over to the internet. The Internet’s then going to deliver it down to the root DNS server. So the root DNS server is now going to send that message up to the internet router.

The internet router is going to send it over to Dion Training and then Dion Training is going to send it over to the switch. The switch knows where to send it now because of that ARP broadcast we just did and so it’s going to send it down to the authority.diontraining.com. Everything we did so far was just to establish that initial connection and get that first DNS request over to the name server who is the authority for this diontraining.com name. So now that we’re there, what is this server going to do? It’s going to take it and it looks at the request and the request said, I want to know where diontraining.com is. So it’s going to check its DNS records and in its DNS records, does it have an A record for diontraining.com or a CNAME record for diontraining.com? Well, yes it does. You could see that record number two is diontraining.com and it’s an A record that points to 10.4.0.3. Now that same IP address is also going to be used for server.diontraining.com and there’s an A record for that and then finally, you see a CNAME record at the end which says www.diontraining.com and that is going to be pointing to server.diontraining.com. So if I went in my web browser and asked for www.diontraining.com, it’s going to use the CNAME record and point me to server.diontraining.com which points me to this A record which points me to this IP address and you can see how these things link together but when I typed it in, I just typed in directly, diontraining.com. So I’m only going to be looking at record number two here, which is the A record with the IP address we want to go to.

So the question is, where is 10.4.0.3? Well, if we look at that, it’s up here and it’s server.diontraining.com. So now what we want to happen is once the client finds out where the server is located, it’s going to start sending all its traffic to the IP address of server.diontraining.com and we’re going to go from the client to the switch, across the network to the other switch and then up to server.diontraining.com. So let’s see what happens as this DNS message goes back. So it’s going to go back to the switch. It’s going to give the reply and say, here’s the IP address you were looking for. Then it’s going to go over to the Dion Training router, from the Dion Training router, it’s going to go back to the internet router and now it’s going to send it back to the route DNS server because we want them, that lower level server, to know where is diontraining.com so if anybody else asks in the future, they can just tell them where it is using that .com domain name, instead of having to go all the way back to my individual DNS server. So when I do this, you’re going to see that we’re going to actually get a cache happening inside this root DNS server. So there we go.

Now we’ve got the root DNS server and it knows where it is. So if I go to services and look at my DNS cache, you’re going to see that it now knows that there is an A record for diontraining.com at this timestamp and it’s going to be going to 10.4.0.3. Now, depending on the time to live for this DNS record, it’s going to stay in this cache and then once that cache is going to expire, it’s going to go back and ask again directly from the server instead of using its cache in the future. All right, once we have that, you can see though it did not add that as an A record in its DNS. The reason for this is that this A record is not owned by this route server. It’s owned by the authoritative name server, authority.diontraining.com over on the right side of our screen. So it only can cache it, it can’t add the A record automatically. All right, once it gets that, we still need to go and tell the lower level DNS server what’s going on.

So it’s now going to send a message up to the internet router, over to the company router which sends it over to the switch, the switch knows where it needs to go, so it sends it down to the local DNS server and now if we check the local DNS server, we’re going to see that its cache now has that same A record in it and so, again, we didn’t add it as an A record here, we added it as a cache and you can see now that we now have the cache name for the name server on the way over and now we have the cache name for the IP address for diontraining.com. So at this point, our local DNS server can now answer up for anybody who’s asking where diontraining.com is and we don’t have to go through all those packets we just did to get that information again because we already have it. Now once the time to expire happens, we’re going to have to have that cache invalidated and that happens automatically. So then we would have to go all the way back to the server and get a new copy because maybe I changed my IP address or moved that server. All right, so now that the DNS server has it, it can answer that back to the original requester which was our client. So now our client knows where to go. So now the client can actually start sending traffic and we want to send an HTTP traffic because that’s what we were trying to do by going to a website. Now, first you’re seeing this ARP again, this ARP is going to the switch and then that’s going over to the company and the DNS server because we now know what the IP address we want to go to is and that IP address was the IP address for server.diontraining.com but our switch doesn’t know that and our router doesn’t know that.

So we again have to ARP to say, hey, we, what is the MAC address for this IP address? Both these things are going to get it and both of them are going to say, it’s not me. The company router on the other hand is going to say, it’s not me but I know where to send it. So you can send that to me and I’ll send it out my default gateway. So that’s what’s going to happen. We get that ARP request going back to the switch. The switch now knows, anytime somebody’s asking for that server.diontraining.com IP that we were talking about, it’s going to go over to the company router because that is considered the default gateway. All right, now that we see that, what’s the next thing that’s going to happen? Well, the Dion Training router is also going to be doing an ARP request on its side of the connection ’cause it needs to know how to do that final delivery to that server. So it’s doing an ARP broadcast. It goes out to the switch, the switch sends it to both the servers and then the one that it is, is going to respond back to the switch, in this case, server.diontraining.com.

Now, as we do that, the switch now gets that message and it sends it back to Dion Training using ARP to say, hey, I know where to send messages for the server.diontraining.com. So go ahead and send it to me as a switch and I’ll deliver it on the local area network. All right, so now that we did all of that, our client knows where to go. It’s going to go to its local DNS server for that address resolution. Now that it knows the IP name, anytime it wants to do things to go to server.diontraining.com or diontraining.com, it can do that using the IP using its local cache on the client. If its client has expired on that cache, it can then go to its local DNS server. If the local DNS server has expired, it’s going to go back to the root server. If the root servers expired, it’s going to go all the way back to the authority.diontraining.com name server and we do this whole process again. All right, so now I want to go ahead and look at my browser and make sure we can get traffic going back and forth now that we’ve done the DNS part of this. So I’m going to go to diontraining.com and I’m going to hit go.

Off it goes with a message and there we go, DNS, DNS, we’re going to go all through that process again so you can see what it looks like, going through, getting to the root DNS server, back to the router, back over to Dion Trainings router, back to the switch, down to the authority.DNS and up to the server.DNS. It drops it in the server because there’s no DNS record there and then the authority one sends back its message and says, here is what we have and so when it does that, it goes back through to one router, to the second router, to the root DNS, back to the internet router, over to the company router, over to the company switch and then down to the local DNS server and then that goes all the way back up to our client. All right, that is the DNS process as we’re looking at using hierarchies, we’re going from our local to our root DNS and then over to our authoritative name servers.

So at this point, we want to send out a request back to that HTTP server which is holding diontraining.com and at this point, we will be able to send our get message using HTTP and we’ll receive the webpage back. So we create our packet. We address it with the MAC address of our default gateway and that way our company router will send it out to the Dion Training router across the internet. So here we go. We’re going to send that HTTP traffic. It goes over to switch zero, from switch zero it’s going to send it to the company router, the company router’s going to then readdress it using the IP address that we want to go to which happens to be the IP address for server.diontraining.com and it sends it out to the internet. The internet then says, where does this belong? Finds the right network as it passes it from router to router and eventually getting to the Dion Training router which hosts the network for server.diontraining.com. Once it gets to that router, it’s going to strip it down to layer two and start using ethernet as it goes to the switch and using MAC addresses.

So it does the IP to MAC address conversion using ARP. Once it does that, it hits the switch, the switch knows where it goes and sends it up to the server. Notice it only went from the client to the server. It never touched those DNS servers again ’cause we already did the DNS part. We know what the IP address is. Now once it gets to the server, the server’s going to process that message, in this case, it was a get message saying, give me the website and so it’s going to send back the website in a series of packets. In this case, it’s only one packet because it’s a very small website I’m sending and it goes back across the internet to the company, over to the switch and then up to our client. Now once I do that, we can go and look at what page it was that we received. This would happen all in the background and you’d see it on your web browser and there it is.

So in this case I have server.diontraining.com, also known as www.diontraining.com and this is used to simulate the Dion Training homepage within my lab environment. Now, if I actually put pictures on there and things like that, it would make this a much bigger website, it would be a lot of different packets and this purple packet going back and forth would just keep on happening. I would send the one packet over and say, give me the website and then I would get a whole series of packets back from the web server with the videos and images and texts that I need to build that website at layer seven, the presentation layer, on my client and that’s how you get to see the webpage once you go to something like diontraining.com. Hopefully this explanation helped you understand a little bit more about how DNS works in the background and how these things layer upon each other from the local to the top level domain and to the authoritative servers.

• Category: Uncategorized