Họ và tên: Nguyễn Thị Huyễn Nhi

MSSV: B1606827
Nhóm 01, TH sáng thứ 3

Footprinting and Reconnaissance

Lab 1.
1. Type ping elcit.ctu.edu.vn

-> IP address of elcit.ctu.edu.vn is 172.18.63.203

2. Find out the maximum frame size on the network.

Type ping elcit.ctu.edu.vn -f -l 1500

For instance, use parameter 1472 and 1473. We can see elcit.ctu.edu.vn -f -l 1472
replies with a successful ping => 1472 bytes is the maximum frame size on this
machine network

1
3. Find out TTL (time to live value):
Type ping elcit.ctu.edu.vn -i 3

But when we type ping elcit.ctu.edu.vn -i 1:

-> Result: Reply from 172.30.101.1: TTL expired in transit. It means the router
discarded the frame bacause its TTL has expired.
And when we type ping elcit.ctu.edu.vn -i 2: Request timed out. It means Routers
are turned off or destination address turned off or banned,..

4. Type ping elcit.ctu.edu.vn -i 1 -n 1:

-> TTL expired in transit

ping elcit.ctu.edu.vn -i 2 -n 1:

-> Request timed out

2
 ping elcit.ctu.edu.vn -i 3 -n 1:

->success

ping elcit.ctu.edu.vn -i 4 -n 1:

->success

Lab Analysis:

Tool/Utility Information Collected/ Objective

IP Address:172.18.63.203
Packet Statistics:
 Packet sent: 4
Ping  Packet received: 4
 Packet Lost: 0
 Approcimate Round Trip
Time: 0ms
Maximum Frame Size: 1472
TTL Respones: 3hops

3
Questions:
1. How does tracert (trace route) find the route that the trace packets
are (probably) using?
-> Tracert finds its way to the destination by sending Echo Request (signaling)
Internet Control Message Protocol (ICMP) messages to each destination. After
meeting a destination, the Time to Live (TTL) value, the time it takes to send,
will be increased until it reaches the correct destination.

2. Is there any other answer ping could give us (except those few we
saw before)?
-> Destination host unreachable
The message indicates that the destination computer cannot be connected.
The cause of this error may be due to the network cable is broken, do not
attach the cable to the network card, the network card is turned off, the
network card driver is damaged ...

3. We saw before:
Request timed out
Packet needs to be fragmented but DF set
Reply from XXX.XXX.XXX.XX: T I L expired 111 transit
What ICMP type and code are used for the ICMP Echo request?
->Type = 15, code = 0 -> ICMP Information Request

4. Why does traceroute give different results on different networks

(and sometimes on the same network)?
-> the result depends on whether the connection from Your computer to the
server containing website data is fast or not. whether through many stations or
not.

4
LAB 2. NSLOOKUP

1. Type nslookup on CMD:

Continue type: set type=a

Elcit.ctu.edu.vn, We will receive result as this picture:

Set type=cname
Elcit.ctu.edu.vn
->Result:

Type server 172.18.63.203

set type=a

5
 set type=mx

Tool/Utility Information Collected/Objectives

Achieved
Nslookup DNS Server Name: 172.18.27.2
Non-Authoritative Answer: (don’t have)
CNAME (Canonical Name of an alias)
 Alias: ctu.edu.vn
 Canonical name:
CTUAD2.ctu.edu.vn
MX (Mail Exchange):

Aspmx.l.google.com
Alt1.aspmx.l.google.com
Aspmx4.googlemail.com
Alt4.aspmx.l.google.com
Alt3.aspmx.l.google.com
Alt2.aspmx.l.google.com
Aspmx5.l.googlemail.com

6
ARIN find elcit.ctu.edu.vn, We wil receive result as these
pictures:

7
Questions:

1. Analyze and determine each of the following DNS resource records:

■ SOA: Determine the DNS Server is responsible domain information.

■ NS: define another name Server for the domain

■ A: Map hostname to IP address.

■ PTR: Map the IP address to the host name

■ CNAME: Provide a name or alias for address.

8
■ MX:Define mail server for the domain

■ SRV: Define services such as directory services

2. Evaluate the difference between an authoritative and non-audioritative

answer.
-> Non-authoritative name servers do not contain original source files of domain’s
zone. They have a cache file for the domains that is constructed from all the DNS
lookups done previously. If a DNS server responded for a DNS query which doesn’t
have original file is known as a Non-authoritative answer.
An authoritative name server is a name server that has the original source files of a
domain zone files. The is where the domain administrator has configured the DNS
records for a domain. Authoritative DNS server can be master DNS server or its slaves.

3.Determine when you will receive request time out in nslookup.

-> It means NSLookup submitted the query to the DNS server, but did not get a
response.Because of the DNS server you queried was having a problem and
couldn't reply, network errors, DNS lookup was blocked by the network's
firewall,..

-------------------------------------------.-----------------------------------------------