Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Labsheet 1

    Încărcat de

    DannyRao
    11 vizualizări5 pagini
    cn

    Titlu original

    Labsheet1

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    cn

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    11 vizualizări5 pagini

    Labsheet 1

    Încărcat de

    DannyRao
    cn

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 5

    Computer

    networks
    LABSHEET -1
    HTTP Session
    analysis
    Capture network traffic using a packet capture tool,
    analyze the traffic, identify two distinct HTTP request-response
    session packets, and make necessary observations.
    AIM:

    Procedure:

    Capture the packets from a network link using analysis tools such as
    Wireshark in UNIX or WINDOWS.
    Identify two different http request-response sessions. For example
    GET and POST .
    Making observations
    Turn on Wireshark , select the connection (wifi ), run and capture
    some packets and stop.

    Observations:

    Any packet can be captured and its different portions can be


    analysed.
    information like source port ,destination port, sequence number e.tc
    Packet includes both payload and header.
    We can get information and understand how encrypted that system.
    We can understand that source and destination ports may or
    maynot be equal.
    retrieve information regarding data , passwords and many more.
    We can also observe how the TCP stream is working and how data is
    transferred as frames.
    From cookies we can collect information of username and password.
    Both message and response format can be observed.
    The type of operation which can be seen for e.g: GET,PUT e.t.c.

    GET /en.wikipedia.org/load.php?
    debug=false&lang=en&modules=startup&only=scripts&skin=vector&* HTTP/1.1
    Host: bits.wikimedia.org
    Connection: keep-alive
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
    like Gecko) Chrome/40.0.2214.115 Safari/537.36
    Referer: http://en.wikipedia.org/wiki/Eminem
    Accept-Encoding: gzip, deflate, sdch

    Accept-Language: en-US,en;q=0.8
    HTTP/1.0 200 OK
    Server: Apache
    Expires: Sun, 22 Feb 2015 18:12:00 GMT
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    X-Powered-By: HHVM/3.3.1
    Cache-Control: public, max-age=300, s-maxage=300
    Vary: Accept-Encoding
    Last-Modified: Sun, 22 Feb 2015 16:08:49 GMT
    Content-Type: text/javascript; charset=utf-8
    Content-Length: 19669
    Accept-Ranges: bytes
    Date: Sun, 22 Feb 2015 18:07:20 GMT
    X-Varnish: 2992181470 2992117100
    Age: 19
    X-Cache: cp1057 hit (3073)
    X-Cache: MISS from proxy25
    X-Cache-Lookup: MISS from proxy25:3128
    Via: 1.1 varnish, 1.0 proxy25:3128 (squid/2.6.STABLE21)
    Connection: keep-alive

    we can observe how GET is sent in message(request) by http


    1.1
    and the response of server through the codes like 200 HTTP 1.0
    in the above case and type of encoding, number of objects and
    the protocol by which they work.
    similarly we can see other codes of responses like 301,302,304
    and 404
    and for POST 200 for uploading files
    all these examples are given below

    GET / HTTP/1.1
    Host: kat.ph
    Connection: keep-alive
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=
    0.8
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    HTTP/1.0 301 Moved Permanently
    Server: nginx/1.7.8

    Date: Sun, 22 Feb 2015 18:11:12 GMT


    Content-Type: text/html
    Content-Length: 184
    Location: http://kickass.to/
    X-Cache: MISS from proxy25
    X-Cache-Lookup: MISS from proxy25:3128
    Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
    Connection: keep-alive
    3
    GET /searchbc.php?q=manvs+god&Bible.x=0&Bible.y=0&Bible=Lookup
    HTTP/1.1
    Host: biblemenus.com
    Connection: keep-alive
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=
    0.8
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
    Referer: http://referencebible.org/bh/topmenubhbco.htm
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    HTTP/1.0 302 Moved Temporarily
    Date: Sun, 22 Feb 2015 18:37:01 GMT
    Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5
    mod_bwlimited/1.4
    X-Powered-By: PHP/5.4.34
    Location: http://biblehub.net/search.php?q=manvs+god
    Content-Length: 0
    Content-Type: text/html
    X-Cache: MISS from proxy25
    X-Cache-Lookup: MISS from proxy25:3128
    Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
    Connection: keep-alive
    4
    GET /analytics.js HTTP/1.1
    Host: www.google-analytics.com
    Connection: keep-alive
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
    Referer: http://kickass.to/
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    If-Modified-Since: Thu, 05 Feb 2015 17:35:24 GMT
    HTTP/1.0 304 Not Modified
    Date: Sun, 22 Feb 2015 17:53:53 GMT
    Expires: Sun, 22 Feb 2015 19:53:53 GMT
    Age: 1045
    Server: GFE/2.0

    Alternate-Protocol: 80:quic,p=0.08
    X-Cache: MISS from proxy25
    X-Cache-Lookup: MISS from proxy25:3128
    Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
    Connection: keep-alive
    5
    GET /a/b/ HTTP/1.1
    Host: www.web.com
    Connection: keep-alive
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=
    0.8
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    HTTP/1.0 404 Not Found
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Server: Microsoft-IIS/7.0
    Set-Cookie: ASP.NET_SessionId=tr4dffzkcagnj0d1j2gdisjy; path=/;
    HttpOnly
    X-AspNet-Version: 4.0.30319
    Set-Cookie: ASP.NET_SessionId=tr4dffzkcagnj0d1j2gdisjy; path=/;
    HttpOnly
    Set-Cookie: inurl=iso-c=--; domain=.web.com; expires=Wed, 08-Apr-2015
    17:30:50 GMT; path=/
    Set-Cookie: affdata=; domain=.web.com; expires=Wed, 08-Apr-2015
    17:30:50 GMT; path=/
    X-Powered-By: ASP.NET
    Date: Sun, 22 Feb 2015 18:30:49 GMT
    Content-Length: 28642
    X-Cache: MISS from proxy25
    X-Cache-Lookup: MISS from proxy25:3128
    Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
    Connection: close
    6
    POST / HTTP/1.1
    Host: time.jsontest.com
    Connection: keep-alive
    Content-Length: 32
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
    Origin: chrome-extension://jaehkpjddfdgiiefcnhahapilbejohhj
    Content-type: application/x-www-form-urlencoded
    Accept: */*
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.8

    ext_id=515399&auth_val=369327017
    HTTP/1.0 200 OK
    Access-Control-Allow-Origin: *
    Content-Type: application/json; charset=ISO-8859-1
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Date: Sun, 22 Feb 2015 18:40:26 GMT
    Server: Google Frontend
    Cache-Control: private
    Content-Length: 106
    Alternate-Protocol: 80:quic,p=0.08,80:quic,p=0.08
    X-Cache: MISS from proxy25
    X-Cache-Lookup: MISS from proxy25:3128
    Via: 1.0 proxy25:3128 (squid/2.6.STABLE21)
    Connection: keep-alive

    S-ar putea să vă placă și