This week in my #SysAdmin class, we continue with networking.
We start on our box and strace/ktrace a simple telnet command to see how we even get to the point of #DNS resolution (/etc/nsswitch.conf, /etc/hosts, /etc/resolv.conf), then #tcpdump a simple HTTP request to observe:
#ARP / #NDP calls to find the default route and local resolver
It's week 07 of my #SysAdmin class, high time we talk about the cause of (and solution to) all problems: the #DNS.
We look at the history of the DNS and how we used to copy giant hosts file around, trace DNS packets from resolvers to the root servers and the various authoritative NS using our good friend #tcpdump, talk about #TLDs, fetch the root zone from InterNIC to bootstrap our resolver, look at different RRs, reverse lookups, and touch upon #dnssec.
Don't take the unnecessary risk of running #Wireshark as #root. Instead, create your capture file (.cap, .pcap) with #tcpdump (sudo tcpdump -i eth0 -w file.pcap), then open it for analysis in Wireshark as your regular non-root user. 👍 #networking#cybersecurity#soc#gnu#linux#cli