Documente Academic
Documente Profesional
Documente Cultură
networks
LABSHEET -1
HTTP Session
analysis
Capture network traffic using a packet capture tool,
analyze the traffic, identify two distinct HTTP request-response
session packets, and make necessary observations.
AIM:
Procedure:
Capture the packets from a network link using analysis tools such as
Wireshark in UNIX or WINDOWS.
Identify two different http request-response sessions. For example
GET and POST .
Making observations
Turn on Wireshark , select the connection (wifi ), run and capture
some packets and stop.
Observations:
GET /en.wikipedia.org/load.php?
debug=false&lang=en&modules=startup&only=scripts&skin=vector&* HTTP/1.1
Host: bits.wikimedia.org
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/40.0.2214.115 Safari/537.36
Referer: http://en.wikipedia.org/wiki/Eminem
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
HTTP/1.0 200 OK
Server: Apache
Expires: Sun, 22 Feb 2015 18:12:00 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
X-Powered-By: HHVM/3.3.1
Cache-Control: public, max-age=300, s-maxage=300
Vary: Accept-Encoding
Last-Modified: Sun, 22 Feb 2015 16:08:49 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 19669
Accept-Ranges: bytes
Date: Sun, 22 Feb 2015 18:07:20 GMT
X-Varnish: 2992181470 2992117100
Age: 19
X-Cache: cp1057 hit (3073)
X-Cache: MISS from proxy25
X-Cache-Lookup: MISS from proxy25:3128
Via: 1.1 varnish, 1.0 proxy25:3128 (squid/2.6.STABLE21)
Connection: keep-alive
GET / HTTP/1.1
Host: kat.ph
Connection: keep-alive
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=
0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
HTTP/1.0 301 Moved Permanently
Server: nginx/1.7.8
Alternate-Protocol: 80:quic,p=0.08
X-Cache: MISS from proxy25
X-Cache-Lookup: MISS from proxy25:3128
Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
Connection: keep-alive
5
GET /a/b/ HTTP/1.1
Host: www.web.com
Connection: keep-alive
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=
0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
HTTP/1.0 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=tr4dffzkcagnj0d1j2gdisjy; path=/;
HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tr4dffzkcagnj0d1j2gdisjy; path=/;
HttpOnly
Set-Cookie: inurl=iso-c=--; domain=.web.com; expires=Wed, 08-Apr-2015
17:30:50 GMT; path=/
Set-Cookie: affdata=; domain=.web.com; expires=Wed, 08-Apr-2015
17:30:50 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 22 Feb 2015 18:30:49 GMT
Content-Length: 28642
X-Cache: MISS from proxy25
X-Cache-Lookup: MISS from proxy25:3128
Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
Connection: close
6
POST / HTTP/1.1
Host: time.jsontest.com
Connection: keep-alive
Content-Length: 32
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Origin: chrome-extension://jaehkpjddfdgiiefcnhahapilbejohhj
Content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
ext_id=515399&auth_val=369327017
HTTP/1.0 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=ISO-8859-1
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sun, 22 Feb 2015 18:40:26 GMT
Server: Google Frontend
Cache-Control: private
Content-Length: 106
Alternate-Protocol: 80:quic,p=0.08,80:quic,p=0.08
X-Cache: MISS from proxy25
X-Cache-Lookup: MISS from proxy25:3128
Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
Connection: keep-alive