Jae Sook Lee FA16 CSIT 340 01 Dr. Constantine Coutras Wire Shark Lab1 Intro 1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above. : 1) TCP 2) ARP 3) DNS 2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packetlisting window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.) GET: 02:48:24.634645 OK: 02:48:24.934043 It took 02:48:24.299398 HTTP GET message was sent until the HTTP OK reply was received 3. What is the Internet address of the gaia.cs.umass.edu (also known as wwwnet. cs.umass.edu)? What is the Internet address of your computer? Destination: 130.68.2.66 Source: 192.168.47.15 4. Print the two HTTP messages (GET and OK) referred to in question 2 above. To do so, select Print from the Wireshark File command menu, and select the Selected Packet Only and Print as displayed radial buttons, and then click OK.
GET 16 02:48:24.634645 192.168.47.15 130.68.2.66 HTTP 660 GET / HTTP/1.1 Frame 16: 660 bytes on wire (5280 bits), 660 bytes captured (5280 bits) on interface 0 Ethernet II, Src: Giga Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 130.68.2.66 Transmission Control Protocol, Src Port: 57766, Dst Port: 80, Seq: 1, Ack: 1, Len: 606 Hypertext Transfer Protocol GET / HTTP/1.1\r\n Host: www.montclair.edu\r\n User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept Language: en US,en;q=0.5\r\n Accept Encoding: gzip, deflate\r\n [truncated]cookie: utma=265379475.550499873.1468870056.1475300668.1475304408.61; utmz=265379475.1473372632.47.4.utmcsr=google utmccn=(organic) utmcmd=organic utmctr=(not%20provided); l2_pv11724=3; _ga=ga1.2.550499873.1468870056; utm Connection: keep alive\r\n Upgrade Insecure Requests: 1\r\n \r\n [Full request URI: http://www.montclair.edu/] [HTTP request 1/3] [Response in frame: 28] [Next request in frame: 39] OK 28 02:48:24.934043 130.68.2.66 192.168.47.15 HTTP 60 HTTP/1.1 200 OK (text/html) Frame 28: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Tp LinkT_e6:67:2c (10:fe:ed:e6:67:2c), Dst: Giga Byt_52:49:84 (40:8d:5c:52:49:84) Internet Protocol Version 4, Src: 130.68.2.66, Dst: 192.168.47.15 Transmission Control Protocol, Src Port: 80, Dst Port: 57766, Seq: 9209, Ack: 607, Len: 1 [8 Reassembled TCP Segments (9209 bytes): #19(448), #20(1460), #21(1460), #23(1460), #24(1460), #26(1460), #27(1460), #28(1)] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Date: Sat, 01 Oct 2016 06:48:27 GMT\r\n Server: Apache/2.2.15 (Red Hat)\r\n X Powered By: PHP/5.3.3\r\n X Pingback: http://www.montclair.edu/xmlrpc.php\r\n Link: <http://www.montclair.edu/wp json/>; rel="https://api.w.org/"\r\n Link: <http://www.montclair.edu/>; rel=shortlink\r\n Keep Alive: timeout=15, max=100\r\n Connection: Keep Alive\r\n Content Type: text/html; charset=utf 8\r\n Vary: Accept Encoding\r\n Content Encoding: gzip\r\n Content Length: 8761\r\n \r\n [HTTP response 1/3] [Time since request: 0.299398000 seconds] [Request in frame: 16] [Next request in frame: 39] [Next response in frame: 54] Content encoded entity body (gzip): 8761 bytes > 23002 bytes File Data: 23002 bytes Line based text data: text/html
Jae Sook Lee FA16 CSIT 340 01 Dr. Constantine Coutras Lab#1 Wire Shark HTTP Wire Shark Lab1 HTTP 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? : It is running HTTP browser version 1.1 2. What languages (if any) does your browser indicate that it can accept to the server? : Accept-Language is en-us, en;q=0.5\r\n 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? Computer IP address: 192.168.47.15 gaia.cs.umass.edu IP address: 128.119.245.12 4. What is the status code returned from the server to your browser? : 200 OK 5. When was the HTML file that you are retrieving last modified at the server? : Last-Modified: Sat, 01 Oct 2016 05:59:01 GMT\r\n (I had cleaned cache right before I this answer this question and reload the website. Due to Intro Lab assignment, I already visit the website several times It was 304 Not Modified.)
6. How many bytes of content are being returned to your browser? Content-Length: 128\r\n Content-Type: text\html; charset=utf-8\r\n 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. : Host, User-Agent and etc. 8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IF-MODIFIED-SINCE line in the HTTP GET? : No. After cleaned up cache, it doesn t have IF-MODIFIED-SINCE 9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell? : Yes. Server response correctly. 1) HTTP /1.1 200 OK received 2) Content-Length and type of data information included. 10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what information follows the IF-MODIFIED-SINCE: header? : Yes. If-Modified-Since: Sat, 01 Oct 2016 05:59:01 GMT\r\n 11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain. : HTTP/1.1 304 Not Modified In order to refreshed the browser, 2 nd times, cache already stored destination file. In this case, GET request is allowed, but the browser hasn t been modified which means already in exist in my computer server.
12. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights? 3 HTTP GET messages send to destination browser HTTP/1.1 200 OK contains GET message for the Bill or Rights 13. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request? HTTP/1.1 200 OK contain the status code and Response phrase 14. What is the status code and phrase in the response? Status code: 200 Response Phrase: OK 15. How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights? It contains 3 Reassembled Segments (4863 bytes) [Frame: 6, payload: 0-1459 (1460 bytes)] [Frame: 7, payload: 1460-2919 (1460 bytes]] [Frame: 9, payload: 2920-4379 (1460 bytes)] [Frame: 10, payload: 4380-4862 (483 bytes)] 16. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent? 4 HTTP GET request messages 1) GET /wireshark-labs/http-wireshark-file4.html HTTP/1.1\r\n (Host: gaia.cs.umass.edu\r\n) 2) GET /pearson.png HTTP/1.1\r\n (Host: gaia.cs.umass.edu\r\n) 3) GET /~kurose/cover_5th_ed.jpg HTTP/1.1\r\n (Host: manic.cs.umass.edu\r\n) 4) GET /~kurose/cover_5th_ed.jpg HTTP/1.1\r\n (Host: caite.cs.umass.edu\r\n)
17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain. The browsers download serially downloaded 1) GET peasron.png file requested (23:23:13.272405), HTTP/1.1 200 OK (PNG) responded (23:23:13.294136) 2) GET /~kurose/cover_5th_ed.jpg(23:23:13.344633), HTTP/1.1 200 OK (JPEG JFIF image) responded (23:23:13.460734) 18. What is the server s response (status code and phrase) in response to the initial HTTP GET message from your browser? 1) Initial GET: GET /wireshark-labs/protected_pages/http-wireshark-file5.html HTTP/1.1\r\n 2) Status code: 401 Unauthorized 19. When your browser s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message? Authorization: Basic d2lyzxnoyxjrlxn0dwrlbnq6bmv0d29yaw==\r\n Credentials: wireshark-student:network