I am making an attempt to seize DNS requests from a specific iPhone machine. The iPhone is related to a mac mini by usb, and web sharing is enabled so that each one the iPhone’s visitors passes by the mac mini.
I used Wireshark to seize connection requests made throughout all interfaces on the mac mini. I discovered the next sample:
- Machine (192.168.2.8) makes a HTTP connection request for
www.bbc.com - Mac mini (123.456.789.123) makes DNS request for
www.bbc.com - DNS server (8.8.8.8) returns IP
- Machine connects to the returned IP.
16865 15.041563 192.168.2.8 123.456.789.123 HTTP 175 CONNECT www.bbc.com:443 HTTP/1.1
17187 15.044637 123.456.789.123 8.8.8.8 DNS 71 Customary question 0x121a A www.bbc.com
17209 15.100623 8.8.8.8 123.456.789.123 DNS 149 Customary question response 0x121a A www.bbc.com CNAME www.bbc.com.pri.bbc.com CNAME bbc.map.fastly.internet A 146.75.44.81
16891 15.118605 123.456.789.123 192.168.2.8 HTTP 105 HTTP/1.1 200 Connection established
What confuses me right here is:
- The DNS request needs to be made by the machine, however as an alternative it seems to be made by the mac mini.
- The DNS request is returned to the mac mini and by no means handed to the machine, but in some way the machine is aware of which IP to connect with.
Any concepts?
