Big thank you to Infoblox for sponsoring this video. For more information on Infoblox have a look at their website: https://www.infoblox.com/

// Get Wireshark Certified //

Check out the official training course

📘 GET TRAINING:

https://courses.davidbombal.com/l/pdp...

Use code "WiresharkHack" to get a $50 discount

🔗 Learn more: https://wireshark.org/certifications

In this deep dive, David Bombal is joined by Wireshark expert Chris Greer to

strip down the most critical protocol on the internet: DNS. We move beyond the

theory to show you exactly what DNS looks like "on the wire." Chris reveals why a staggering 92% of malware uses DNS for Command and Control (C2) and how you can use packet analysis to detect these breaches before they spread. We also debunk common myths about DNS only using UDP, explore the "Librarian" analogy for Root Servers, and walk through a live capture of a request to a real website.

What You Will Learn:

•Malware Detection: Why 92% of malware relies on DNS and how to spot C2 traffic.

• Packet Anatomy: A line-by-line breakdown of DNS headers, Transaction IDs, and Flags in Wireshark.

• The TCP Myth: Why blocking TCP port 53 on your firewall can break yournetwork (and why DNS needs it).

• Troubleshooting: How to measure DNS latency (response time) to pinpoint

slow network performance.

• Recursive Lookups: Understanding the chain from your PC to the Root Servers and back.

// Chris Greer’s SOCIAL //

YouTube: / chrisgreer

Official WCA training: https://courses.davidbombal.com/l/pdp...

Use code "WiresharkHack" to get a $50 discount

LinkedIn: / cgreer

Website: https://packetpioneer.com/

// Download Wireshark pcaps from here //

https://github.com/packetpioneer/yout...

https://github.com/packetpioneer/yout...

https://www.wireshark.org/certificati...

https://packetschool.teachable.com/

// WCA Course REFERENCE//

Official WCA training: https://courses.davidbombal.com/l/pdp...

Use code "WiresharkHack" to get a $50 discount

// Chris’ DNS Series on YouTube ‘’

• Your First DNS Lookup—Captured and Explained

// Link to YouTube VIDEO:

• Video

// David's SOCIAL //

Discord: discord.com/invite/usKSyzb

Twitter: www.twitter.com/davidbombal

Instagram: www.instagram.com/davidbombal

LinkedIn: www.linkedin.com/in/davidbombal

Facebook: www.facebook.com/davidbombal.co

TikTok: tiktok.com/@davidbombal

YouTube: / @davidbombal

Spotify: open.spotify.com/show/3f6k6gE...

SoundCloud: / davidbombal

Apple Podcast: podcasts.apple.com/us/podcast...

// MY STUFF //

https://www.amazon.com/shop/davidbombal

// SPONSORS //

Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //

0:00 - Coming up

0:52 - More Wireshark! // It's always DNS

02:45 - Infoblox sponsored segment

03:37 - DNS basics in Wireshark // How DNS works

06:52 - Analysing the DNS packet capture

08:32 - Destination address explained

10:09 - Transaction ID explained

11:13 - Flags explained

13:26 - Questions, Answer RRs & Additional RRs explained

15:39 - Additional records explained

17:07 - Response walkthrough

19:24 - Real DNS packet capture walkthrough

21:17 - Quick Wireshark tip

22:32 - Walkthrough continued

25:55 - Going deeper // How DNS resolver works

32:41 - More on Chris Greer YouTube channel and more to come

35:36 - Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage

/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#dns #infoblox #wireshark