DNS request with netcat

Ovion · 2013-09-25 23:55:22

Hi,

I would like to do a DNS request via netcat, especially writing my Request on my own and just use netcat to send it out.

This is how a DNS-Request looks like as a Network dump (via wireshark, tcpdump looks the same if I remember correctly):

0000  00 00 00 00 00 00 00 00  00 00 00 00 08 00 45 00   ........ ......E.
0010  00 3c 51 e3 40 00 40 11  ea cb 7f 00 00 01 7f 00   .<Q.@.@. ........
0020  00 01 ec ed 00 35 00 28  fe 3b 24 1a 01 00 00 01   .....5.( .;$.....
0030  00 00 00 00 00 00 03 77  77 77 06 67 6f 6f 67 6c   .......w ww.googl
0040  65 03 63 6f 6d 00 00 01  00 01                     e.com... ..

But what of this do I have to use to pipe into "nc -vu 8.8.8.8 53"? Is this even the right command? I'm new to netcat and would like to work on my network-skills, that's why I'm trying this (so please no "you could use host" )

Thanks for help!

Last edited by Ovion (2013-09-25 23:55:42)

Vain · 2013-09-26 05:43:54

It looks like you've not only included the DNS request in your data but also the UDP packet itself. That won't work since you're telling netcat to build (yet another) UDP packet.

If you captured your packet using wireshark, make sure to only copy the "DNS (query)" part -- not the entire packet.

Try:

0000: 064f 0120 0001 0000 0000 0001 0667 6f6f  .O. .........goo
0010: 676c 6503 636f 6d00 0001 0001 0000 2910  gle.com.......).
0020: 0000 0000 0000 00                        .......

I've also slightly adjusted the format so it can be reverted to binary format using xxd. Now you can do this:

$ xxd -r my-packet.hex | nc -nu 8.8.8.8 53 | xxd
0000000: 064f 8180 0001 0006 0000 0001 0667 6f6f  .O...........goo
0000010: 676c 6503 636f 6d00 0001 0001 c00c 0001  gle.com.........
0000020: 0001 0000 0042 0004 adc2 4666 c00c 0001  .....B....Ff....
0000030: 0001 0000 0042 0004 adc2 4665 c00c 0001  .....B....Fe....
0000040: 0001 0000 0042 0004 adc2 4664 c00c 0001  .....B....Fd....
0000050: 0001 0000 0042 0004 adc2 4671 c00c 0001  .....B....Fq....
0000060: 0001 0000 0042 0004 adc2 468a c00c 0001  .....B....F.....
0000070: 0001 0000 0042 0004 adc2 468b 0000 2902  .....B....F...).
^C

What you see is a hex dump of Google's response. You have to quit netcat using control-c because it knows nothing about DNS -- netcat just waits for data.

Ovion · 2013-09-26 18:57:03

Cool, thanks. I wasn't aware that netcat builds the package. Unfortunately I don't get a response, whereas host works*. Can this be related to the network I'm in (not mine)? Shouldn't, should it?

And is there a tool I can use to write the entire Packet myself and send it somewhere?

*) Edit: I just copied your first codeblock into a file (to get a definite working setup before doing anything else) which you named my-packet.hex and xxd -r packetfile returns a binary-seeming string.

Last edited by Ovion (2013-09-26 19:06:13)

Vain · 2013-09-27 05:33:18

No idea what's going wrong.

You can always write it in C. Scapy might be easier for a start but its documentation isn't that good: http://www.secdev.org/projects/scapy/

Ovion · 2013-09-28 17:20:08

Ok, thanks a lot!

Maybe it's a network-issue, I'll try again when I'm in a network I can control. And I think I'll go the C-way, all or nothing.^^

Arch Linux

#1 2013-09-25 23:55:22

DNS request with netcat

#2 2013-09-26 05:43:54

Re: DNS request with netcat

#3 2013-09-26 18:57:03

Re: DNS request with netcat

#4 2013-09-27 05:33:18

Re: DNS request with netcat

#5 2013-09-28 17:20:08

Re: DNS request with netcat

Board footer