Wireshark - HTTP - v6.1 Solution

Part 1
262 18:05:05.616617 192.168.1.108 128.119.245.12 HTTP 480 GET /wireshark-labs/HTTP-wireshark-file1.html

HTTP/1.1
Frame 262: 480 bytes on wire (3840 bits), 480 bytes captured (3840 bits) on interface 0
Ethernet II, Src: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
Internet Protocol Version 4, Src: 192.168.1.108, Dst: 128.119.245.12
Transmission Control Protocol, Src Port: 3278, Dst Port: 80, Seq: 1, Ack: 1, Len: 426
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n]
Request Method: GET
Request URI: /wireshark-labs/HTTP-wireshark-file1.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100
Safari/537.36\r\n
Upgrade-Insecure-Requests: 1\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html]
[HTTP request 1/1]
[Response in frame: 266]
266 18:05:05.932070 128.119.245.12 192.168.1.108 HTTP 516 HTTP/1.1 200 OK (text/html)

Ethernet II, Src: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d), Dst: HewlettP_79:e2:f1 (74:46:a0:79:e2:f1)
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
Status Code: 200
[Status Code Description: OK]
Response Phrase: OK
Date: Fri, 20 Oct 2017 18:05:06 GMT\r\n
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3\r\n
Last-Modified: Fri, 20 Oct 2017 05:59:01 GMT\r\n
ETag: "80-55bf42b5c5bb9"\r\n
Accept-Ranges: bytes\r\n
Content-Type: text/html; charset=UTF-8\r\n
Content-Length: 128\r\n
Connection: Keep-Alive\r\n
Age: 0\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.315453000 seconds]
[Request in frame: 262]
File Data: 128 bytes
Line-based text data: text/html
<html>\n
Congratulations. You've downloaded the file \n
http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html!\n
</html>\n
1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
Browser: HTTP 1.1
Server: HTTP 1.1
2. What languages (if any) does your browser indicate that it can accept to the server?
English
3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?
My computer: 192.168.1.108
Server: 128.119.245.12
4. What is the status code returned from the server to your browser?
200
5. When was the HTML file that you are retrieving last modified at the server?
Fri, 20 Oct 2017 05:59:01 GMT

6. How many bytes of content are being returned to your browser?
128
7. By inspecting the raw data in the packet content window, do you see any headers within the data that
are not displayed in the packet-listing window? If so, name one.
Content-Type
Part 2
HTTP/1.1
Safari/537.36\r\n
\r\n
[HTTP request 1/2]
[Next request in frame: 18]
9 19:00:31.674093 128.119.245.12 192.168.1.108 HTTP 762 HTTP/1.1 200 OK (text/html)

HTTP/1.1 200 OK\r\n
ETag: "173-55bf42b5c53e9"\r\n
Content-Length: 371\r\n
Age: 244\r\n
\r\n
[HTTP response 1/2]
[Next request in frame: 18]
[Next response in frame: 22]
File Data: 371 bytes
Line-based text data: text/html
\n
<html>\n
\n
Congratulations again! Now you've downloaded the file lab2-2.html. <br>\n
This file's last modification date will not change. <p>\n
Thus if you download this multiple times on your browser, a complete copy <br>\n
will only be sent once by the server due to the inclusion of the IN-MODIFIED-SINCE<br>\n
field in your browser's HTTP GET request to the server.\n
\n
</html>\n
HTTP/1.1
Cache-Control: max-age=0\r\n
Safari/537.36\r\n
If-None-Match: "173-55bf42b5c53e9"\r\n
If-Modified-Since: Fri, 20 Oct 2017 05:59:01 GMT\r\n
\r\n
[HTTP request 2/2]
[Prev request in frame: 7]
22 19:00:42.569630 128.119.245.12 192.168.1.108 HTTP 378 HTTP/1.1 304 Not Modified

HTTP/1.1 304 Not Modified\r\n
ETag: "173-55bf42b5c53e9"\r\n
Age: 0\r\n
\r\n
[HTTP response 2/2]
[Prev response in frame: 9]
8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IF-
MODIFIED-SINCE line in the HTTP GET?
NO
9. Inspect the contents of the server response. Did the server explicitly return the contents of the file?
How can you tell?
Yes. Content-Length header and the actual content.

10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you
see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what information follows the IF-MODIFIED-
SINCE: header?
Yes. Fri, 20 Oct 2017 05:59:01 GMT

11. What is the HTTP status code and phrase returned from the server in response to this second HTTP
GET? Did the server explicitly return the contents of the file? Explain.
304 Not Modified. The server didnt explicitly return the contents. The file
wasnt modified so the browser showed the cached contents.
Part 3
12. How many HTTP GET request messages did your browser send? Which packet number in the trace
contains the GET message for the Bill of Rights?
One HTTP GET request. Packet Number 169.

13. Which packet number in the trace contains the status code and phrase associated with the response
to the HTTP GET request?
Packet Number 187.

14. What is the status code and phrase in the response?
200 OK.
15. How many data-containing TCP segments were needed to carry the single HTTP response and the
text of the Bill of Rights?
6 packets.
Part 4
16. How many HTTP GET request messages did your browser send? To which Internet addresses were
these GET requests sent?
3 GET requests. They were sent to IP: 128.119.245.12

17. Can you tell whether your browser downloaded the two images serially, or whether they were
downloaded from the two web sites in parallel? Explain.
In parallel. The browser sent two GET requests to retrieve the two images then
received the packets of the two images simultaneously.
Part 5
13 21:58:47.463960 192.168.1.100 128.119.245.12 HTTP 581 GET /wireshark-labs/protected_pages/HTTPwireshark-

file5.html HTTP/1.1
Ethernet II, Src: HonHaiPr_27:6f:65 (b8:76:3f:27:6f:65), Dst: Tp-LinkT_37:f1:0d (30:b5:c2:37:f1:0d)
GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n]
Request Method: GET
Request URI: /wireshark-labs/protected_pages/HTTP-wireshark-file5.html
Cache-Control: max-age=0\r\n
Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
Safari/537.36\r\n
\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
[HTTP request 2/2]
18. What is the servers response (status code and phrase) in response to the initial HTTP GET message
from your browser?
401 Unauthorized.
19. When your browsers sends the HTTP GET message for the second time, what new field is included in
the HTTP GET message?
Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=

Wireshark - HTTP - v6.1 Solution

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Wireshark - HTTP - v6.1 Solution

Încărcat de

Drepturi de autor:

Formate disponibile

Part 1

262 18:05:05.616617 192.168.1.108 128.119.245.12 HTTP 480 GET /wireshark-labs/HTTP-wireshark-file1.html

266 18:05:05.932070 128.119.245.12 192.168.1.108 HTTP 516 HTTP/1.1 200 OK (text/html)

Browser: HTTP 1.1

Server: HTTP 1.1

Fri, 20 Oct 2017 05:59:01 GMT

9 19:00:31.674093 128.119.245.12 192.168.1.108 HTTP 762 HTTP/1.1 200 OK (text/html)

22 19:00:42.569630 128.119.245.12 192.168.1.108 HTTP 378 HTTP/1.1 304 Not Modified

Yes. Content-Length header and the actual content.

Yes. Fri, 20 Oct 2017 05:59:01 GMT

One HTTP GET request. Packet Number 169.

Packet Number 187.

3 GET requests. They were sent to IP: 128.119.245.12

13 21:58:47.463960 192.168.1.100 128.119.245.12 HTTP 581 GET /wireshark-labs/protected_pages/HTTPwireshark-

Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=

S-ar putea să vă placă și