I’m trying to find all the websites visited along with their IP srs and destination addresses but all I’m getting is a “No response found!”.
PS: I am given the .pcap file so I can’t modify it.
Also using the ICMP protocol, any help?
-
i.sstatic.net/EqaYQ.png– user3633211Commented Mar 21, 2017 at 19:26
-
Are you trying to get the URLs that go along with those IP addresses, or is there some other content you're pulling from? Also, have you tried reverse DNS searches?– music2myearCommented Mar 21, 2017 at 19:29
-
Yes I'm trying to get the URLs that match those IP addresses or requests! I'm a newbie so sorry for my beginner-like questions! Please help :/– user3633211Commented Mar 21, 2017 at 19:36
-
And no I haven't tried reverse DNS searches , will that help?– user3633211Commented Mar 21, 2017 at 19:36
-
Then you need to use reverse DNS. DNS normally takes a web address and gives you the IP address that it points to. Reverse DNS just does the reverse: It takes an IP address and gives you the site (or sites) that are hosted there.– music2myearCommented Mar 21, 2017 at 19:37
|
Show 3 more comments
1 Answer
Your issue is the use of the ICMP protocol - that is really only used for ping and connectivity checking type things.
In order to check what websites are visited, you need to enable TCP (particularly on port 80), then inspect each packet for the "host:" header which will tell you the address.
Another partial solution (which can help with HTTPS sites, but also inject other unrelated sites) would be to monitor port 53 (UDP + TCP, mainly UDP) to get the DNS requests which will tell you what hosts are being asked for.
