Java DNS Packet creation

Question

Full disclosure: this is a project for my Cyber Security class in college, I'm not looking for handouts or someone to write my code for me, but I do need a nudge/shove in the right direction. I thank you for your time in advance.

Setup: The project is to build a DNS poisoning system with some Java code that's been given to us, this is being done on a virtual network with all virtual machines, so no legit network or machines should be affected. My issue is that I don't understand how to create the packet that's sent to the DNS server. I've searched in my book, the lectures and online for a while and I can't find how to put it into code. I've seen various pictograms on how it works, and I understand that, but I'm having a hard time writing the code for it.

Here is the code for the program:

    public class Main {

    /*
     * This method calls the various other functions to accomplish the poisoning
     * after handling the command line arguments.
     */
    public static void main(String[] args) {
        System.out.println("DNS Poisoner");
        if (args.length != 3)
        {
            System.out.println("Invalid quantity of arguments.");
            System.out.println
            ("dnsServer: IP address of the DNS server to poison\n"
                    + "hostname: URL to hijack\n"
                    + "poisonIP: IP address to inject as the poisoning attempt.\n");
            System.exit(-1);
        }

        String dnsAddressString = args[0];
        String hostname = args[1];
        String poisonIPstring = args[2];

        //Get the byte representation of the IP addresses.
        byte[] dnsAddress = ip4StringToByte(dnsAddressString);
        byte[] poisonIP = ip4StringToByte(poisonIPstring);

        //Spam the poisoned DNS replies until reply.
        while (true)
        {
            //Set port and ID distribution here.
            int destPort = 0;
            int transactionID = 0;
            System.out.println("STUBBED PORT AND ID - IMPLEMENT!");
            //Otherwise, your code is essentially doing this: http://xkcd.com/221/

            launchPoisonPacket(dnsAddress, poisonIP, hostname, destPort,
                    transactionID);
        }
    }

    /*
     * This method converts an IPv4 address from a string representation
     * to a byte array.
     * ipAddress: The string representation of an IPv4 address.
     */
    public static byte[] ip4StringToByte(String ipAddress)
    {       
        //Parse IP address.
        InetAddress ip = null;
        try {
            ip = InetAddress.getByName(ipAddress);
        } catch (UnknownHostException e) {
            System.out.println("Unknown Host Error: " + e.getMessage());
            e.printStackTrace();
            System.exit(-1);
        }

        byte[] ipByte = ip.getAddress();

        return ipByte;
    }

    public static void launchPoisonPacket(byte[] dnsAddress, 
            byte[] poisonIP, String hostname, 
            int destinationPort, int transactionID)
    {
        //Get a record to add to the packet.
        byte[] packet = null;

        System.out.println("STUBBED POISON PACKET GENERATION - IMPLEMENT!");

        //Open a socket to send it on.
        DatagramSocket socket = null;
        try {
            socket = new DatagramSocket();
        } catch (SocketException e) {
            // TODO Auto-generated catch block
            System.out.println("Failed to grab socket for port.");
            System.out.println(e.getMessage());
            return;
        } catch (IllegalArgumentException e) {
            System.out.println("Port out of range");
            System.out.println(e.getMessage());
        }

        //Craft a datagram to send.
        DatagramPacket dPacket = new DatagramPacket(packet, packet.length);
        try {
            dPacket.setAddress(InetAddress.getByAddress(dnsAddress));
            dPacket.setPort(destinationPort);
        } catch (UnknownHostException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
            socket.close();
            return;
        }

        //Send it.
        try {
            socket.send(dPacket);
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
            socket.close();
            return;
        }
        socket.close();
    }
}

I believe our job is to specify the port number, transaction id and the packet. I think the port should be 53, the transaction id should be a random int from 0-65535 (inclusive) but the packet has me at a loss. It's the payload for the UDP datagram, but how do I specify it? It's of type byte array, but I'm at a loss for what parts should be specified and how they should be put in the array. If I've asked too much or posted too much please let me know and I'll make amends. Thanks again for your time.

Answer 1

The UDP payload is the DNS datagram. The DNS datagram format is detailed all over the place. The UDP segment is encapsulated in the IP packet. The application layer datagram is technically not a packet. Start with the DNS datagram header, and then the DNS messages. http://www.tcpipguide.com/free/t_DNSMessageHeaderandQuestionSectionFormat.htm