Question

Cyber Security

EXERCISE 1:

One very simple tool to figure out if a “host” (any device with an address on a network) is turned on and communicating over the network is “PING.” Of course, system administrators can prevent hosts from responding to pings.

DO:

1. Check out the website: In Kali, open up the browser (Iceweasel). In the address bar type the URL http://www.foo.com to notice that there is a site configured with that domain.
2. Open up the command line on Kali and ping (ping domainname i.e. ping www.foo.com) the above domain.
   1. After a few echoes hit “CTRL+C” to cancel the ping process. Obviously, this website is running on a server and if the site is on we did not really need to ping it to find if “it is up.” The ping does give us some basic information.
   2. Alternatively type ping -c 4 www.foo.com to send only four echo requests or change 4 to another number you desire.

Exercise 1 Questions

Q 1.1) Is the computer corresponding to the domain name on and communicating? (YES/NO)

Q 1.2) What is the IP version 4 address of this computer?

Q 1.3) What did we “attackers” learn from this simple procedure? (Be sure to read about ping, what it reveals (beyond the IP address), whether it is good or bad to enable ping responses or whether it doesn’t matter. Hint: start with finding out what underlying protocol is used for pings. Note: When reading you will find a wide variety of opinions on pings. I am not looking for the right answer. I am interested in how much you research this topic and what you learn about it)

EXERCISE 2:

In this exercise, we will use a tool available on most *nix platforms for obtaining DNS information, called DIG. Similar functionality is available through tools such as “NSLOOKUP” (also available on Windows) and “HOST”. Here we focus on “DIG”.

DO: (if you haven’t watched the videos on DIG mentioned above, please do so)

At the command line in Kali, issue a simple dig command for the above domain:
dig www.foo.com

Exercise 2 Questions

Q 2.1) Examine the Question Section in the output of the above command. What “question” (precisely in DNS terminology) did we ask in this query?

Q 2.2) Examine the Answer Section.

1. What is the IP (version 4) address associated with that name?

Q 2.3) Examine the Authority Section. What type of record is returned here? What is the name of the name server associated with this domain? (Don’t be confused with its name, it does not matter what it is called, simply report the name in the record type NS)

Q 2.4) Examine the Additional Section. What is the IP address of the name server?

Answer 1

Q 1.1) Is the computer corresponding to the domain name on and communicating? (YES/NO)
Yes but in my kali its not configured so i have used www.google.com rather concept is same if xampp server or any website was running in my kali then ip would be 127.0.0.1 with whatever hostname.

Q 1.2) What is the IP version 4 address of this computer?
10.0.2.15

Q 1.3) What did we “attackers” learn from this simple procedure?
to know any website's ip address we can ping to that website and get to know the ip

Q 2.1) Examine the Question Section in the output of the above command. What “question” (precisely in DNS terminology) did we ask in this query?

;; QUESTION SECTION:
;www.google.com.           IN   A

its asking to google for return the A address of the site
Q 2.2) Examine the Answer Section.

;; ANSWER SECTION:
www.google.com.       203   IN   A   172.217.31.4

its replies to question which was asking for ip and in answer section replies with demand

We are allowed to do only 4 exercise out of any given.

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)