CS615A -- Aspects of System Administration - HW#4

HW4: monitoring DNS and HTTP traffic


The objective of this assignment is for you to observe and understand DNS and HTTP traffic on the wire. As in the previous assignment, you will use the tcpdump(8) utility for this task.

Note: in this assignment, you must use tcpdump. Graphical helper applications such as "wireshark" or similar tools are explicitly prohibited. You need to be able to read the flat text tcpdump output yourself and not rely on other tools to highlight things for you.


Please carefully read the assignment in full before you begin.

This assignment is worth 30 points.


Create two EC2 instances of your choice. One will act as the DNS server and one to act as the client. Make sure that the firewall rules between the server and client allow for all the required traffic.

Set up a caching only DNS server (a ``resolver'') on one instance. You may consult any online documentation available, such as this document or any others you prefer. You may use bind or any other DNS server software you like. The only restriction is that in the end your host must be able to function as a caching DNS server.

Set up your client host to use your newly created DNS server for host lookups.

On your DNS resolver, start tcpdump(8). Then, start tcpdump(8) on your client. Capturing traffic on both ends, make an HTTP 1.1 request over TLS on the client using the following command:

printf "HEAD / HTTP/1.1\r\nHost: www.yahoo.com\r\n\r\n" | \
        openssl s_client -quiet -ign_eof -connect www.yahoo.com:443

Next, look up the forward and reverse mappings for www.cs.stevens-tech.edu. You should find that those match one to one: the name resolves to an IP address and the IP address resolves back to that same name. Repeat this lookup for www.facebook.com. You should find that that is not the case here - why not? Explain.

Keep your tcpdump running for a while. Do you see other queries that you did not actively initiate? What are they, and what is causing them?

Now process the output:

  • identify the HTTP headers provided by Yahoo's server in its response and briefly annotate their purpose
  • using the packet capture from your client host, identify the DNS query for the HTTP request from your client host to your DNS server as well as the response
  • using the packet capture from your server, identify -- for the HTTP request -- the query from your DNS server to one of the root servers, then to the various other DNS servers before the DNS information is returned to your server by one of Yahoo's authoritative DNS servers and which your DNS server then returns to your client
  • using the packet capture from your server, identify and explain the DNS queries performed for the lookup relating to www.facebook.com

Note: in order to be able to capture the query from your DNS server to the root servers, you may have to clear the DNS server's cache. This ensures that it is not using cached information from any previous lookups.

Deliverables & Due Date

You will submit a single tar(1) archive. The file to submit will be called "$USER-hw4.tar" (where "$USER" is your username). The archive will extract all files and subdirectories into a directory named $USER. Your archive will contain the following files:

  • http.txt - the HTTP header explanation
  • dns-client.txt - a text file containing the annotated output of tcpdump -r of the relevant DNS packets captured on the client relating to the HTTP request
  • dns-server.txt - a text file containing the annotated output of tcpdump -r of the relevant DNS packets captured on the server relating to the HTTP request
  • facebook.txt - a text file containing the annotated output of the relevant DNS packets as well as your discussion of the lookup
  • README - commentary on what you learned, what you found difficult, what you found surprising

Creating a valid submission might look as follows:

$ mkdir $USER
$ cd $USER
$ vi http.txt dns-client.txt dns-server.txt facebook.txt README
$ cd ..
$ tar cf ${USER}-hw4.tar ${USER}

Please attach the file to an email sent from your @stevens.edu email address to jschauma@stevens.edu with a subject of "[CS615] HW4".

The due date for this assignment is 2020-03-30 16:00 EDT.

[Course Website]