Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 654 views

    Wireshark - HTTP - v6.1 Solution

    Uploaded by

    Ahmed Nasser
    The document contains packet captures of HTTP traffic between a browser and a web server. It shows two GET requests for two different files. For the first file, the server returns the full content. For the second file on a subsequent GET request, the server returns a 304 status code since the file was not modified, and only the cached content is shown by the browser. The document examines various details of the requests and responses.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Wireshark - HTTP - v6.1 Solution

    Uploaded by

    Ahmed Nasser
    654 views6 pages
    The document contains packet captures of HTTP traffic between a browser and a web server. It shows two GET requests for two different files. For the first file, the server returns the full content. For the second file on a subsequent GET request, the server returns a 304 status code since the file was not modified, and only the cached content is shown by the browser. The document examines various details of the requests and responses.

    Original Description:

    solution for the HTTP lab with wireshark from Computer Networking book by Kurose & Ross

    Original Title

    Wireshark_HTTP_v6.1 solution

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains packet captures of HTTP traffic between a browser and a web server. It shows two GET requests for two different files. For the first file, the server returns the full content. For the second file on a subsequent GET request, the server returns a 304 status code since the file was not modified, and only the cached content is shown by the browser. The document examines various details of the requests and responses.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    654 views6 pages

    Wireshark - HTTP - v6.1 Solution

    Uploaded by

    Ahmed Nasser
    The document contains packet captures of HTTP traffic between a browser and a web server. It shows two GET requests for two different files. For the first file, the server returns the full content. For the second file on a subsequent GET request, the server returns a 304 status code since the file was not modified, and only the cached content is shown by the browser. The document examines various details of the requests and responses.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 6

    Part 1

    262 18:05:05.616617 192.168.1.108 128.119.245.12 HTTP 480 GET /wireshark-labs/HTTP-wireshark-file1.html


    HTTP/1.1
    Frame 262: 480 bytes on wire (3840 bits), 480 bytes captured (3840 bits) on interface 0
    Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
    Internet Protocol Version 4, Src: 192.168.1.108, Dst: 128.119.245.12
    Transmission Control Protocol, Src Port: 3278, Dst Port: 80, Seq: 1, Ack: 1, Len: 426
    Hypertext Transfer Protocol
    GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n
    [Expert Info (Chat/Sequence): GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n]
    Request Method: GET
    Request URI: /wireshark-labs/HTTP-wireshark-file1.html
    Request Version: HTTP/1.1
    Host: gaia.cs.umass.edu\r\n
    Connection: keep-alive\r\n
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
    Safari/537.36\r\n
    Upgrade-Insecure-Requests: 1\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: en-US,en;q=0.8\r\n
    \r\n
    [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html]
    [HTTP request 1/1]
    [Response in frame: 266]

    266 18:05:05.932070 128.119.245.12 192.168.1.108 HTTP 516 HTTP/1.1 200 OK (text/html)


    Frame 266: 516 bytes on wire (4128 bits), 516 bytes captured (4128 bits) on interface 0
    Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
    Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.1.108
    Transmission Control Protocol, Src Port: 80, Dst Port: 3278, Seq: 1, Ack: 427, Len: 462
    Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
    [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
    Request Version: HTTP/1.1
    Status Code: 200
    [Status Code Description: OK]
    Response Phrase: OK
    Date: Fri, 20 Oct 2017 18:05:06 GMT\r\n
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
    Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
    ETag: "80-55bf42b5c5bb9"\r\n
    Accept-Ranges: bytes\r\n
    Content-Type: text/html; charset=UTF-8\r\n
    Content-Length: 128\r\n
    Connection: Keep-Alive\r\n
    Age: 0\r\n
    \r\n
    [HTTP response 1/1]
    [Time since request: 0.315453000 seconds]
    [Request in frame: 262]
    File Data: 128 bytes
    Line-based text data: text/html
    <html>\n
    Congratulations. You've downloaded the file \n
    http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html!\n
    </html>\n

    1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?

    Browser: HTTP 1.1

    Server: HTTP 1.1

    2. What languages (if any) does your browser indicate that it can accept to the server?

    English
    3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?

    My computer: 192.168.1.108

    Server: 128.119.245.12
    4. What is the status code returned from the server to your browser?

    200
    5. When was the HTML file that you are retrieving last modified at the server?

    Fri, 20 Oct 2017 05:59:01 GMT


    6. How many bytes of content are being returned to your browser?

    128
    7. By inspecting the raw data in the packet content window, do you see any headers within the data that
    are not displayed in the packet-listing window? If so, name one.

    Content-Type
    Part 2
    7 19:00:31.581401 192.168.1.108 128.119.245.12 HTTP 480 GET /wireshark-labs/HTTP-wireshark-file2.html
    HTTP/1.1
    Frame 7: 480 bytes on wire (3840 bits), 480 bytes captured (3840 bits) on interface 0
    Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
    Internet Protocol Version 4, Src: 192.168.1.108, Dst: 128.119.245.12
    Transmission Control Protocol, Src Port: 7232, Dst Port: 80, Seq: 1, Ack: 1, Len: 426
    Hypertext Transfer Protocol
    GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
    Host: gaia.cs.umass.edu\r\n
    Connection: keep-alive\r\n
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
    Safari/537.36\r\n
    Upgrade-Insecure-Requests: 1\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: en-US,en;q=0.8\r\n
    \r\n
    [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
    [HTTP request 1/2]
    [Response in frame: 9]
    [Next request in frame: 18]

    9 19:00:31.674093 128.119.245.12 192.168.1.108 HTTP 762 HTTP/1.1 200 OK (text/html)


    Frame 9: 762 bytes on wire (6096 bits), 762 bytes captured (6096 bits) on interface 0
    Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
    Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.1.108
    Transmission Control Protocol, Src Port: 80, Dst Port: 7232, Seq: 1, Ack: 427, Len: 708
    Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
    Date: Fri, 20 Oct 2017 18:56:27 GMT\r\n
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
    Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
    ETag: "173-55bf42b5c53e9"\r\n
    Accept-Ranges: bytes\r\n
    Content-Type: text/html; charset=UTF-8\r\n
    Content-Length: 371\r\n
    Connection: Keep-Alive\r\n
    Age: 244\r\n
    \r\n
    [HTTP response 1/2]
    [Time since request: 0.092692000 seconds]
    [Request in frame: 7]
    [Next request in frame: 18]
    [Next response in frame: 22]
    File Data: 371 bytes
    Line-based text data: text/html
    \n
    <html>\n
    \n
    Congratulations again! Now you've downloaded the file lab2-2.html. <br>\n
    This file's last modification date will not change. <p>\n
    Thus if you download this multiple times on your browser, a complete copy <br>\n
    will only be sent once by the server due to the inclusion of the IN-MODIFIED-SINCE<br>\n
    field in your browser's HTTP GET request to the server.\n
    \n
    </html>\n
    18 19:00:41.919239 192.168.1.108 128.119.245.12 HTTP 592 GET /wireshark-labs/HTTP-wireshark-file2.html
    HTTP/1.1
    Frame 18: 592 bytes on wire (4736 bits), 592 bytes captured (4736 bits) on interface 0
    Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
    Internet Protocol Version 4, Src: 192.168.1.108, Dst: 128.119.245.12
    Transmission Control Protocol, Src Port: 7232, Dst Port: 80, Seq: 427, Ack: 709, Len: 538
    Hypertext Transfer Protocol
    GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
    Host: gaia.cs.umass.edu\r\n
    Connection: keep-alive\r\n
    Cache-Control: max-age=0\r\n
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
    Safari/537.36\r\n
    Upgrade-Insecure-Requests: 1\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: en-US,en;q=0.8\r\n
    If-None-Match: "173-55bf42b5c53e9"\r\n
    If-Modified-Since: Fri, 20 Oct 2017 05:59:01 GMT\r\n
    \r\n
    [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
    [HTTP request 2/2]
    [Prev request in frame: 7]
    [Response in frame: 22]

    22 19:00:42.569630 128.119.245.12 192.168.1.108 HTTP 378 HTTP/1.1 304 Not Modified


    Frame 22: 378 bytes on wire (3024 bits), 378 bytes captured (3024 bits) on interface 0
    Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
    Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.1.108
    Transmission Control Protocol, Src Port: 80, Dst Port: 7232, Seq: 709, Ack: 965, Len: 324
    Hypertext Transfer Protocol
    HTTP/1.1 304 Not Modified\r\n
    Date: Fri, 20 Oct 2017 19:00:42 GMT\r\n
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
    Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
    ETag: "173-55bf42b5c53e9"\r\n
    Accept-Ranges: bytes\r\n
    Content-Type: text/html; charset=UTF-8\r\n
    Connection: Keep-Alive\r\n
    Age: 0\r\n
    \r\n
    [HTTP response 2/2]
    [Time since request: 0.650391000 seconds]
    [Prev request in frame: 7]
    [Prev response in frame: 9]
    [Request in frame: 18]

    8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IF-
    MODIFIED-SINCE line in the HTTP GET?

    NO
    9. Inspect the contents of the server response. Did the server explicitly return the contents of the file?
    How can you tell?

    Yes. Content-Length header and the actual content.


    10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you
    see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what information follows the IF-MODIFIED-
    SINCE: header?

    Yes. Fri, 20 Oct 2017 05:59:01 GMT


    11. What is the HTTP status code and phrase returned from the server in response to this second HTTP
    GET? Did the server explicitly return the contents of the file? Explain.

    304 Not Modified. The server didnt explicitly return the contents. The file
    wasnt modified so the browser showed the cached contents.
    Part 3

    12. How many HTTP GET request messages did your browser send? Which packet number in the trace
    contains the GET message for the Bill of Rights?

    One HTTP GET request. Packet Number 169.


    13. Which packet number in the trace contains the status code and phrase associated with the response
    to the HTTP GET request?

    Packet Number 187.


    14. What is the status code and phrase in the response?

    200 OK.
    15. How many data-containing TCP segments were needed to carry the single HTTP response and the
    text of the Bill of Rights?

    6 packets.

    Part 4

    16. How many HTTP GET request messages did your browser send? To which Internet addresses were
    these GET requests sent?

    3 GET requests. They were sent to IP: 128.119.245.12


    17. Can you tell whether your browser downloaded the two images serially, or whether they were
    downloaded from the two web sites in parallel? Explain.

    In parallel. The browser sent two GET requests to retrieve the two images then
    received the packets of the two images simultaneously.
    Part 5

    13 21:58:47.463960 192.168.1.100 128.119.245.12 HTTP 581 GET /wireshark-labs/protected_pages/HTTPwireshark-


    file5.html HTTP/1.1
    Frame 13: 581 bytes on wire (4648 bits), 581 bytes captured (4648 bits) on interface 0
    Ethernet II, Src: HonHaiPr_27:6f:65 (b8:76:3f:27:6f:65), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
    Internet Protocol Version 4, Src: 192.168.1.100, Dst: 128.119.245.12
    Transmission Control Protocol, Src Port: 22148, Dst Port: 80, Seq: 469, Ack: 719, Len: 527
    Hypertext Transfer Protocol
    GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n
    [Expert Info (Chat/Sequence): GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n]
    Request Method: GET
    Request URI: /wireshark-labs/protected_pages/HTTP-wireshark-file5.html
    Request Version: HTTP/1.1
    Host: gaia.cs.umass.edu\r\n
    Connection: keep-alive\r\n
    Cache-Control: max-age=0\r\n
    Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
    Safari/537.36\r\n
    Upgrade-Insecure-Requests: 1\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: en-US,en;q=0.8\r\n
    \r\n
    [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
    [HTTP request 2/2]
    [Prev request in frame: 7]
    [Response in frame: 15]

    18. What is the servers response (status code and phrase) in response to the initial HTTP GET message
    from your browser?

    401 Unauthorized.
    19. When your browsers sends the HTTP GET message for the second time, what new field is included in
    the HTTP GET message?

    Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=

    You might also like