Sunday, March 11, 2012

Wireshark Lab 2: HTTP

Part 1: The Basic HTTP GET/response interaction

1. My browser is running HTTP 1.1. (GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n). The server is running HTTP 1.1. (HTTP/1.1 200 OK\r\n)

2. My web browser accepts HTML, XHTML and XML.
 (Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n)

3. My IP is 10.33.37.39, and the server's IP address is 128.119.245.12.

4. That status code returned by the server is 200, meaning connection is OK.

5. The file was last modified Sunday, March 11th, 2012 at 8:03 PM GMT.    (Last-Modified: Sun, 11 Mar 2012 20:03:01 GMT\r\n)

6. 482 Bytes are being returned to my browser. (Frame 14: 482 bytes on wire (3856 bits), 482 bytes captured (3856 bits))

7. I do not see any differing headers in the packet content window and the packet listing window.

Part 2: The HTTP CONDITIONAL GET/response interaction

8. I do not see an "If Modified since" line.

9. The server doesn't appear to have explicitly returned the contents of the file.

10. There is an IF-MODIFIED-SINCE line. It is as follows: If-Modified-Since: Sun, 11 Mar 2012 20:22:02 GMT\r\n.

11. The response code is 304 Not Modified (HTTP/1.1 304 Not Modified\r\n). Once again, the server does not appear to have explicitly returned the contents of the file.

Part 3: Retrieving Long Documents

12. There were two HTTP GET request messages sent by my browser.

13. There were four TCP segments. (4 Reassembled TCP Segments (4803 bytes): #19(1460), #20(1460), #22(1460), #23(423))

14. The response was 200 OK for the first GET message, and 404 NOT FOUND for the second GET message.

15. There doesn't seem to be any HTTP response messages in the data transmission associated with a TCP induced "continuation"

Part 4: HTML documents with embedded objects

16. There were three GET messages sent out by my browser. One was sent to the gaia.umass server. One was sent to the aw-bc.com site, and the last one was sent to manic.cs.umass.edu.

17. I assume they were downloaded in parallel, as the time on the response messages for both images is identical.

Part 5: HTTP Authentication

18. The response to the first GET message is 401 Authentication Required.

19. The new field in the second GET message is a field called "Authorization" that appears to contain the username and password I used to log in.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)