Exploring DNS Request and DNS Response

In this chapter, we talked about address resolution. This activity will help you see how your computer sends a DNS request for a website you never visited, before it can create a HTTP request packet to display the website on your browser. We will use Wireshark for this activity. Use of Wireshark was explained in Chapter 2.

  1. Use ipconfig/all command to find the IP address of your computer and your DNS server.
  2. So that we can explore the DNS request and response properly, the first step is to empty your DNS cache. Use ipconfig/flushdns * command in the command prompt window to empty the DNS of your computer.
  3. Open Wireshark and enter “ip.addr==your IP address” into the filter to only capture packets that either originate or are destined for your computer.
  4. Start packet capture in Wireshark.
  5. With your browser, visit
  6. Stop packet capture after webpage is loaded.
* On Linux use the following commands to clear DNS:
  1. sudo /etc/init.d/dns-clean restart
  2. sudo /etc/init.d/networking force-reload


  1. Locate the DNS query and response message for In Figure 1, they are packets 45 and 46. Are these packets sent over UDP or TCP?
  2. What is the destination port for the DNS query message? What is the source port of the DNE response message?
  3. To what IP address is the DNS query message sent? Compare this IP address to your local DNS server IP address. Are these two IP addresses the same?
  4. The contains several images. Before retrieving each image, does your host issue a new DNS query? Why or why not?
  5. Now locate the HTTP Get message. What is the source and destination IP address? Compare the source to your IP address. Are these the same?
  6. Approximately how many HTTP GET request messages did your browser send? Why was there a need to send additional HTTP GET messages?
DNSWireShark.png Figure 1
