Wire Shark Lab1. Intro

Similar documents
Lab 2. All datagrams related to favicon.ico had been ignored. Diagram 1. Diagram 2

Wireshark Lab: HTTP SOLUTION

Wireshark HTTP. Introduction. The Basic HTTP GET/response interaction

Sirindhorn International Institute of Technology Thammasat University

CS 43: Computer Networks. HTTP September 10, 2018

DATA COMMUNICATOIN NETWORKING

Project points. CSE422 Computer Networking Spring 2018

Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement

CS 43: Computer Networks. Layering & HTTP September 7, 2018

Wireshark Lab: HTTP v6.1

Wireshark Lab: HTTP. 1. The Basic HTTP GET/response interaction

CSE 333 Lecture HTTP

Application Layer: The Web and HTTP Sec 2.2 Prof Lina Battestilli Fall 2017

Wireshark Lab: Getting Started v7.0

CSE4344 Project 2 (Spring 2017) Wireshark Lab: HTTP

Wireshark Lab: Getting Started

Department Of Computer Science

CSE 333 Lecture HTTP

/tmp/dump/dump02_arp_dns-weather_syn_fin complete-session - Ethereal Page 1

Wireshark Lab: Getting Started v6.0

Wireshark Lab: Getting Started v6.0

Lecture 7b: HTTP. Feb. 24, Internet and Intranet Protocols and Applications

TCP/IP Networking Basics

Chapter 2: outline. 2.6 P2P applications 2.7 socket programming with UDP and TCP

Lecture 04: Application Layer (Part 01) Principles and the World Wide Web (HTTP) Dr. Anis Koubaa

Muhammad Farooq-i-Azam CHASE-2006 Lahore

Wireshark Lab: Ethernet and ARP v6.01

Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.

Ethereal Lab: Getting Started

Wireshark Lab: Getting Started v7.0

Lab: 2. Wireshark Getting Started

CSC358 Week 2. Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved

Computer communication EDA343/DIT420 Lab 1

Chapter 2 Application Layer

Getting Started. 1 Earlier versions of these labs used the Ethereal packet analyzer. In May 2006, the developer of Ethereal

9. Wireshark I: Protocol Stack and Ethernet

University of Maryland Baltimore County Department of Information Systems Spring 2015

Lab Assignment 3 for ECE374

Wireshark Lab: Getting Started v6.0 Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross

TCP/IP Networking An Example

Homework 2 50 points. CSE422 Computer Networking Spring 2018

Introduction to Internet, Web, and TCP/IP Protocols SEEM

Chapter 2: outline. 2.6 P2P applications 2.7 socket programming with UDP and TCP

4. What is the sequence number of the SYNACK segment sent by spinlab.wpi.edu to the client computer in reply to the SYN? Also Seq=0 (relative

Computer Systems and Networks

COSC4377. Chapter 2: Outline

Problem Set 9 Due: Start of class, December 4

Ethereal Lab: Getting Started

Application Layer. Pure P2P architecture. Client-server architecture. Processes communicating. Hybrid of client-server and P2P. Creating a network app

Chapter 2 Application Layer

Submit your captured trace file from the TCP lab exercise (Section 1 describes how this can be done).

Wireshark Lab: Getting Started

Browser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.

EECS 3214: Computer Network Protocols and Applications

Chapter 2: Application layer

Name Student ID Department/Year. Midterm Examination. Introduction to Computer Networks Class#: 901 E31110 Fall 2015

Lab Exercise Protocol Layers

Application Layer. Pure P2P architecture. Client-server architecture. Processes communicating. Hybrid of client-server and P2P. Creating a network app

Wireshark intro. Introduction. Packet sniffer

The HTTP protocol. Fulvio Corno, Dario Bonino. 08/10/09 http 1

Computer Network Midterm Explain Internet protocol stack (1% each layer s name, 1% each layer s functions, 10% total)

Lab 2: Network Troubleshooting NET311 - Computer Networks Management

Wireshark Lab: Getting Started

Exploring TCP and UDP based on Kurose and Ross (Computer Networking: A Top-Down Approach) May 15, 2018

New York University Computer Science Department Courant Institute of Mathematical Sciences

Web Architecture and Technologies

Kaazing Gateway: An Open Source

15-441: Computer Networks Homework 3

Hypertext Transport Protocol

162 HW2. David Culler, Arka Bhattacharya, William Liu. September 2014

How to work with HTTP requests and responses

Problem Set 7 Due: Start of Class, November 2

Wireshark Lab: TCP v7.0

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

CS 457 Lecture 11 More IP Networking. Fall 2011

Application layer. Some network apps. Client-server architecture. Hybrid of client-server and P2P. Pure P2P architecture. Creating a network app

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

Before beginning this lab, you ll probably want to review sections 3.5 and 3.7 in the text. 1

Homework 4 assignment for ECE374 Posted: 04/06/15 Due: 04/13/15

Networking. INFO/CSE 100, Spring 2006 Fluency in Information Technology.

Notes beforehand... For more details: See the (online) presentation program.

Applications & Application-Layer Protocols: The Web & HTTP

UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12

Chapter II: Application Layer

2- Application Level Protocols HTTP 1.0/1.1/2

CSE434 Computer Networks (FALL, 2009) Programming Assignment 2 Due: Wed, October 7, 2009

Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark

Goals - to become acquainted with Wireshark, and make some simple packet captures and observations

ECE697AA Lecture 2. Today s lecture

Application Layer: HTTP

Protocols. Application Layer FTP, HTTP, SSH, IMAP. Transport Layer TCP, UDP. Internet Layer IP. Link Layer Ethernet, WiFi

The key networking element that are typically used in an analysis of network traffic are:

Web, HTTP and Web Caching

HTTP Reading: Section and COS 461: Computer Networks Spring 2013

Lecture 3. HTTP v1.0 application layer protocol. into details. HTTP 1.0: RFC 1945, T. Berners-Lee HTTP 1.1: RFC 2068, 2616

Network concepts introduction & wireshark

WEB TECHNOLOGIES CHAPTER 1

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

KTH ROYAL INSTITUTE OF TECHNOLOGY. Remote Invocation. Vladimir Vlassov and Johan Montelius

Networking Fundamentals

Transcription:

Jae Sook Lee FA16 CSIT 340 01 Dr. Constantine Coutras Wire Shark Lab1 Intro 1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above. : 1) TCP 2) ARP 3) DNS 2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packetlisting window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.) GET: 02:48:24.634645 OK: 02:48:24.934043 It took 02:48:24.299398 HTTP GET message was sent until the HTTP OK reply was received 3. What is the Internet address of the gaia.cs.umass.edu (also known as wwwnet. cs.umass.edu)? What is the Internet address of your computer? Destination: 130.68.2.66 Source: 192.168.47.15 4. Print the two HTTP messages (GET and OK) referred to in question 2 above. To do so, select Print from the Wireshark File command menu, and select the Selected Packet Only and Print as displayed radial buttons, and then click OK.

GET 16 02:48:24.634645 192.168.47.15 130.68.2.66 HTTP 660 GET / HTTP/1.1 Frame 16: 660 bytes on wire (5280 bits), 660 bytes captured (5280 bits) on interface 0 Ethernet II, Src: Giga Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 130.68.2.66 Transmission Control Protocol, Src Port: 57766, Dst Port: 80, Seq: 1, Ack: 1, Len: 606 Hypertext Transfer Protocol GET / HTTP/1.1\r\n Host: www.montclair.edu\r\n User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept Language: en US,en;q=0.5\r\n Accept Encoding: gzip, deflate\r\n [truncated]cookie: utma=265379475.550499873.1468870056.1475300668.1475304408.61; utmz=265379475.1473372632.47.4.utmcsr=google utmccn=(organic) utmcmd=organic utmctr=(not%20provided); l2_pv11724=3; _ga=ga1.2.550499873.1468870056; utm Connection: keep alive\r\n Upgrade Insecure Requests: 1\r\n \r\n [Full request URI: http://www.montclair.edu/] [HTTP request 1/3] [Response in frame: 28] [Next request in frame: 39] OK 28 02:48:24.934043 130.68.2.66 192.168.47.15 HTTP 60 HTTP/1.1 200 OK (text/html) Frame 28: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Tp LinkT_e6:67:2c (10:fe:ed:e6:67:2c), Dst: Giga Byt_52:49:84 (40:8d:5c:52:49:84) Internet Protocol Version 4, Src: 130.68.2.66, Dst: 192.168.47.15 Transmission Control Protocol, Src Port: 80, Dst Port: 57766, Seq: 9209, Ack: 607, Len: 1 [8 Reassembled TCP Segments (9209 bytes): #19(448), #20(1460), #21(1460), #23(1460), #24(1460), #26(1460), #27(1460), #28(1)] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Date: Sat, 01 Oct 2016 06:48:27 GMT\r\n Server: Apache/2.2.15 (Red Hat)\r\n X Powered By: PHP/5.3.3\r\n X Pingback: http://www.montclair.edu/xmlrpc.php\r\n Link: <http://www.montclair.edu/wp json/>; rel="https://api.w.org/"\r\n Link: <http://www.montclair.edu/>; rel=shortlink\r\n Keep Alive: timeout=15, max=100\r\n Connection: Keep Alive\r\n Content Type: text/html; charset=utf 8\r\n Vary: Accept Encoding\r\n Content Encoding: gzip\r\n Content Length: 8761\r\n \r\n [HTTP response 1/3] [Time since request: 0.299398000 seconds] [Request in frame: 16] [Next request in frame: 39] [Next response in frame: 54] Content encoded entity body (gzip): 8761 bytes > 23002 bytes File Data: 23002 bytes Line based text data: text/html

Jae Sook Lee FA16 CSIT 340 01 Dr. Constantine Coutras Lab#1 Wire Shark HTTP Wire Shark Lab1 HTTP 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? : It is running HTTP browser version 1.1 2. What languages (if any) does your browser indicate that it can accept to the server? : Accept-Language is en-us, en;q=0.5\r\n 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? Computer IP address: 192.168.47.15 gaia.cs.umass.edu IP address: 128.119.245.12 4. What is the status code returned from the server to your browser? : 200 OK 5. When was the HTML file that you are retrieving last modified at the server? : Last-Modified: Sat, 01 Oct 2016 05:59:01 GMT\r\n (I had cleaned cache right before I this answer this question and reload the website. Due to Intro Lab assignment, I already visit the website several times It was 304 Not Modified.)

6. How many bytes of content are being returned to your browser? Content-Length: 128\r\n Content-Type: text\html; charset=utf-8\r\n 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. : Host, User-Agent and etc. 8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IF-MODIFIED-SINCE line in the HTTP GET? : No. After cleaned up cache, it doesn t have IF-MODIFIED-SINCE 9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell? : Yes. Server response correctly. 1) HTTP /1.1 200 OK received 2) Content-Length and type of data information included. 10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what information follows the IF-MODIFIED-SINCE: header? : Yes. If-Modified-Since: Sat, 01 Oct 2016 05:59:01 GMT\r\n 11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain. : HTTP/1.1 304 Not Modified In order to refreshed the browser, 2 nd times, cache already stored destination file. In this case, GET request is allowed, but the browser hasn t been modified which means already in exist in my computer server.

12. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights? 3 HTTP GET messages send to destination browser HTTP/1.1 200 OK contains GET message for the Bill or Rights 13. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request? HTTP/1.1 200 OK contain the status code and Response phrase 14. What is the status code and phrase in the response? Status code: 200 Response Phrase: OK 15. How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights? It contains 3 Reassembled Segments (4863 bytes) [Frame: 6, payload: 0-1459 (1460 bytes)] [Frame: 7, payload: 1460-2919 (1460 bytes]] [Frame: 9, payload: 2920-4379 (1460 bytes)] [Frame: 10, payload: 4380-4862 (483 bytes)] 16. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent? 4 HTTP GET request messages 1) GET /wireshark-labs/http-wireshark-file4.html HTTP/1.1\r\n (Host: gaia.cs.umass.edu\r\n) 2) GET /pearson.png HTTP/1.1\r\n (Host: gaia.cs.umass.edu\r\n) 3) GET /~kurose/cover_5th_ed.jpg HTTP/1.1\r\n (Host: manic.cs.umass.edu\r\n) 4) GET /~kurose/cover_5th_ed.jpg HTTP/1.1\r\n (Host: caite.cs.umass.edu\r\n)

17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain. The browsers download serially downloaded 1) GET peasron.png file requested (23:23:13.272405), HTTP/1.1 200 OK (PNG) responded (23:23:13.294136) 2) GET /~kurose/cover_5th_ed.jpg(23:23:13.344633), HTTP/1.1 200 OK (JPEG JFIF image) responded (23:23:13.460734) 18. What is the server s response (status code and phrase) in response to the initial HTTP GET message from your browser? 1) Initial GET: GET /wireshark-labs/protected_pages/http-wireshark-file5.html HTTP/1.1\r\n 2) Status code: 401 Unauthorized 19. When your browser s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message? Authorization: Basic d2lyzxnoyxjrlxn0dwrlbnq6bmv0d29yaw==\r\n Credentials: wireshark-student:network

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback