Wireshark - HTTP - v6.1 Solution

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 6

Part 1

262 18:05:05.616617 HTTP 480 GET /wireshark-labs/HTTP-wireshark-file1.html

Frame 262: 480 bytes on wire (3840 bits), 480 bytes captured (3840 bits) on interface 0
Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 3278, Dst Port: 80, Seq: 1, Ack: 1, Len: 426
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n]
Request Method: GET
Request URI: /wireshark-labs/HTTP-wireshark-file1.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
Upgrade-Insecure-Requests: 1\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html]
[HTTP request 1/1]
[Response in frame: 266]

266 18:05:05.932070 HTTP 516 HTTP/1.1 200 OK (text/html)

Frame 266: 516 bytes on wire (4128 bits), 516 bytes captured (4128 bits) on interface 0
Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 80, Dst Port: 3278, Seq: 1, Ack: 427, Len: 462
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
Request Version: HTTP/1.1
Status Code: 200
[Status Code Description: OK]
Response Phrase: OK
Date: Fri, 20 Oct 2017 18:05:06 GMT\r\n
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
ETag: "80-55bf42b5c5bb9"\r\n
Accept-Ranges: bytes\r\n
Content-Type: text/html; charset=UTF-8\r\n
Content-Length: 128\r\n
Connection: Keep-Alive\r\n
Age: 0\r\n
[HTTP response 1/1]
[Time since request: 0.315453000 seconds]
[Request in frame: 262]
File Data: 128 bytes
Line-based text data: text/html
Congratulations. You've downloaded the file \n

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?

Browser: HTTP 1.1

Server: HTTP 1.1

2. What languages (if any) does your browser indicate that it can accept to the server?

3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?

My computer:

4. What is the status code returned from the server to your browser?

5. When was the HTML file that you are retrieving last modified at the server?

Fri, 20 Oct 2017 05:59:01 GMT

6. How many bytes of content are being returned to your browser?

7. By inspecting the raw data in the packet content window, do you see any headers within the data that
are not displayed in the packet-listing window? If so, name one.

Part 2
7 19:00:31.581401 HTTP 480 GET /wireshark-labs/HTTP-wireshark-file2.html
Frame 7: 480 bytes on wire (3840 bits), 480 bytes captured (3840 bits) on interface 0
Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 7232, Dst Port: 80, Seq: 1, Ack: 1, Len: 426
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
Upgrade-Insecure-Requests: 1\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
[HTTP request 1/2]
[Response in frame: 9]
[Next request in frame: 18]

9 19:00:31.674093 HTTP 762 HTTP/1.1 200 OK (text/html)

Frame 9: 762 bytes on wire (6096 bits), 762 bytes captured (6096 bits) on interface 0
Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 80, Dst Port: 7232, Seq: 1, Ack: 427, Len: 708
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Date: Fri, 20 Oct 2017 18:56:27 GMT\r\n
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
ETag: "173-55bf42b5c53e9"\r\n
Accept-Ranges: bytes\r\n
Content-Type: text/html; charset=UTF-8\r\n
Content-Length: 371\r\n
Connection: Keep-Alive\r\n
Age: 244\r\n
[HTTP response 1/2]
[Time since request: 0.092692000 seconds]
[Request in frame: 7]
[Next request in frame: 18]
[Next response in frame: 22]
File Data: 371 bytes
Line-based text data: text/html
Congratulations again! Now you've downloaded the file lab2-2.html. <br>\n
This file's last modification date will not change. <p>\n
Thus if you download this multiple times on your browser, a complete copy <br>\n
will only be sent once by the server due to the inclusion of the IN-MODIFIED-SINCE<br>\n
field in your browser's HTTP GET request to the server.\n
18 19:00:41.919239 HTTP 592 GET /wireshark-labs/HTTP-wireshark-file2.html
Frame 18: 592 bytes on wire (4736 bits), 592 bytes captured (4736 bits) on interface 0
Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 7232, Dst Port: 80, Seq: 427, Ack: 709, Len: 538
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
Cache-Control: max-age=0\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
Upgrade-Insecure-Requests: 1\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
If-None-Match: "173-55bf42b5c53e9"\r\n
If-Modified-Since: Fri, 20 Oct 2017 05:59:01 GMT\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
[HTTP request 2/2]
[Prev request in frame: 7]
[Response in frame: 22]

22 19:00:42.569630 HTTP 378 HTTP/1.1 304 Not Modified

Frame 22: 378 bytes on wire (3024 bits), 378 bytes captured (3024 bits) on interface 0
Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 80, Dst Port: 7232, Seq: 709, Ack: 965, Len: 324
Hypertext Transfer Protocol
HTTP/1.1 304 Not Modified\r\n
Date: Fri, 20 Oct 2017 19:00:42 GMT\r\n
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
ETag: "173-55bf42b5c53e9"\r\n
Accept-Ranges: bytes\r\n
Content-Type: text/html; charset=UTF-8\r\n
Connection: Keep-Alive\r\n
Age: 0\r\n
[HTTP response 2/2]
[Time since request: 0.650391000 seconds]
[Prev request in frame: 7]
[Prev response in frame: 9]
[Request in frame: 18]

8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IF-

9. Inspect the contents of the server response. Did the server explicitly return the contents of the file?
How can you tell?

Yes. Content-Length header and the actual content.

10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you
see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what information follows the IF-MODIFIED-
SINCE: header?

Yes. Fri, 20 Oct 2017 05:59:01 GMT

11. What is the HTTP status code and phrase returned from the server in response to this second HTTP
GET? Did the server explicitly return the contents of the file? Explain.

304 Not Modified. The server didnt explicitly return the contents. The file
wasnt modified so the browser showed the cached contents.
Part 3

12. How many HTTP GET request messages did your browser send? Which packet number in the trace
contains the GET message for the Bill of Rights?

One HTTP GET request. Packet Number 169.

13. Which packet number in the trace contains the status code and phrase associated with the response
to the HTTP GET request?

Packet Number 187.

14. What is the status code and phrase in the response?

200 OK.
15. How many data-containing TCP segments were needed to carry the single HTTP response and the
text of the Bill of Rights?

6 packets.

Part 4

16. How many HTTP GET request messages did your browser send? To which Internet addresses were
these GET requests sent?

3 GET requests. They were sent to IP:

17. Can you tell whether your browser downloaded the two images serially, or whether they were
downloaded from the two web sites in parallel? Explain.

In parallel. The browser sent two GET requests to retrieve the two images then
received the packets of the two images simultaneously.
Part 5

13 21:58:47.463960 HTTP 581 GET /wireshark-labs/protected_pages/HTTPwireshark-

file5.html HTTP/1.1
Frame 13: 581 bytes on wire (4648 bits), 581 bytes captured (4648 bits) on interface 0
Ethernet II, Src: HonHaiPr_27:6f:65 (b8:76:3f:27:6f:65), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
Internet Protocol Version 4, Src:, Dst:
Transmission Control Protocol, Src Port: 22148, Dst Port: 80, Seq: 469, Ack: 719, Len: 527
Hypertext Transfer Protocol
GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n]
Request Method: GET
Request URI: /wireshark-labs/protected_pages/HTTP-wireshark-file5.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
Cache-Control: max-age=0\r\n
Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
Upgrade-Insecure-Requests: 1\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
[HTTP request 2/2]
[Prev request in frame: 7]
[Response in frame: 15]

18. What is the servers response (status code and phrase) in response to the initial HTTP GET message
from your browser?

401 Unauthorized.
19. When your browsers sends the HTTP GET message for the second time, what new field is included in
the HTTP GET message?

Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=

You might also like