In one of the first few practicals in the Wireshark Analysis book, there's this file called gen-googlemaps.pcapng which we are supposed to analyse. I realised that the 1st packet refers to the Asus client broadcasting an ARP request to find out who is the DNS server . But when I did my own simple scan after flushing my DNS cache, my laptop doesn't seem to broadcast any ARP request to find out who the DNS server is. All ARP requests in my simple scan comes from the router itself trying to find out the hosts which are connected to it. asked 24 Mar '13, 20:49 Dinged |
2 Answers:
Clearing the DNS cache does not clear the ARP cache. DNS maps domain names to IP addresses. ARP maps IP addresses to MAC addresses. The two processes are independent of each other. After you clear the DNS cache, the MAC address of the DNS server (or the default gateway, if the DNS server is on another network) can still be in the ARP cache, in which case, no ARP is necessary in order for your PC to communicate with the DNS server. answered 24 Mar '13, 23:38 Jim Aragon |
Generally ARP is used to find target MAC Address.If your router needs to send a packet to your PC and it is not having mac address of your PC then it will trigger an ARP Request.It can be other way round too.If you want to send a packet to other hosts and not having MAC of your default gateway then your PC will trigger an ARP Request to find out the MAC of your Default router. Now the DNS Part: Assume a case where your DNS server resides in other network? ARP is a protocol works with in your broadcast domain.So it is not always necessary to expect an ARP request initiated to DNS Server. Let us take this example: My Laptop-------->Home router----------->ISP Network My home network is in private IP Range(192.168.1.x) and DNS Server IP is (75.75.75.75). In this case my laptop can't send any ARP Request to DNS Server as both are in different domain.Instead,it will send the packet to it's default gateway(home router) and for that reason it should know the MAC of default gateway and that is why it will trigger an ARP to find mac address of default gateway. answered 24 Mar '13, 22:21 krishnayeddula edited 24 Mar '13, 23:05 |