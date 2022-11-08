Let's actually watch that happen. I'm going to try to go to infosecinstitute.com. But in the process of doing that, I'm going to have Wireshark running. This is a tool that captures traffic. So now with this virtual machine up, what I'm going to do is run Wireshark as my sniffer and I'll use that to show you that DNS process happening and further we'll use it to show you the rest of the process happening of connecting to a website. Now, one of the other things that I want you to get out of this is you should definitely be using or get yourself used to using Wireshark. Look, I don't want to over-complicate it and I don't want to bog your brain down trying to remember too much. What I want you to do is get Wireshark and use it to do nothing but prove to yourself how you visit websites. That's all I want you to do, is practice figuring out how to build, see how you're visiting a website. So I'm going to do a filter for DNS so that I can only see DNS traffic. I'm going to open my browser, and in here I'm going to type www.infosecinstitute.com. As a result of that, I get the infosecinstitute.com website to come up. Now, how did that happen? Well, the first thing that happened was when we told it that we wanted to go to infosecinstitute.com, our machine actually sent a request and here that is happening here. Now my machine's IP address or phone number is 192168248.187. It actually sent a message to this DNS server saying, give me the A record for infosecinstitute.com. Now, what is an A record? Well, an A record is a little text file that says, infosecinstitute.com is that this IP address. So it's telling me how to get to infosecinstitute.com. Now, I don't have that file yet because this is just me requesting it. Now, what you eventually see is as a result of me requesting that particular file, you will see that there is a response where the DNS server responded back and says, look, if you want to go to infosecinstitute.com, here's where you have to go. If we drill down into that, we'll see that it's telling us to get the Infosec, you have to go to this particular IP address. And it's telling us all the ways you get there. Now, as a result of that, our machine will then do something called a TCP connection. So let's clear this and look at what happened right after this. Our machine will do a three-way handshake or it will reach out to the IP address that came back and the DNS query and say, Hey, I want to communicate with you on port 80 or port 443, which are common web ports. So what ends up happening then is once we connect to that port, then we can actually ask the web server for the web page, that web server serving out. All of that that I just described happens in literally less than a second, in a split second. So you say I want to go to Facebook. You tell your DNS server that your DNS server says, well, to get to Facebook, you have to go to this IP address, and then you go to that IP address, which is again like a phone number. You connect to it, and then once you've connected, now you can ask, can I have a copy of the page that you're serving out? As a result of that, you get the page to pop up in your browser.