You are on page 1of 9

Kulliyyah of Engineering

Department of Electrical and Electronics


Engineering

DATA COMMUNICATION AND NETWORKING


ECE 4241

SEMESTER 2 2016/2017

Wireshark Lab: HTTP

NAME : Nurul Aqilah Binti Hamzah


MATRIC NO : 1326648
LECTURER : DR. MOHAMED HADI HABAEBI
INTRODUCTION
In the previous Wireshark lab, we have studied that Wireshark allows the user to give network
interface controllers in which the user can check all traffics visible on that interfaces and allows the
users to know the different types of network protocols that exist. In this Wireshark lab, we would
studied on the several aspects of HTTP protocol. HTTP stands for hypertext transfer protocol which
designed to permit intermediate network elements to improve or enable communications between
clients and servers.

OBJECTIVES
To study HTTP protocol in the aspects of:
i. the basic and conditional GET/response interaction
ii. HTTP message formats
iii. retrieving large HTML files
iv. retrieving HTML files with embedded objects
v. HTTP authentication and security

ANALYSIS AND DISCUSSION


There are five part in this lab assignment that will be discussed in this report, which are: (i) the basic
HTTP GET/response interaction, (ii) the HTTP CONDITIONAL GET/response interaction, (iii) retrieving
long documents, (iv) HTML documents with embedded objects and (v) HTTP authentication. Students
also need to answer all the question given in each part.

i) The Basic HTTP GET/Response Interaction

The steps to run the basic HTTP is given in the lab manual and figure 1 below shows the results
of HTTP GET and HTTP reply which will be used to answer the questions given.

(a) HTTP basic GET response

my IP gaia server
address IP address

my browser running http 1.1

languages accepted

(b) Details of frame 172 (my browser)


status code

server
running last modified
http 1.1 content
length returned

(c) Details of frame 177 (server)


Figure 1: Results of HTTP GET and HTTP reply

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
Both, my browser and the server are running HTTP version 1.1.

2. What languages (if any) does your browser indicate that it can accept to the server?
The accepted languages are en-US and en which known as English (United States) and
English.

3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?


My computer IP address is 192.168.0.139 meanwhile gaia.cs.umass.edu server IP address
is 128.119.245.12.

4. What is the status code returned from the server to your browser?
The status code returned is 200.

5. When was the HTML file that you are retrieving last modified at the server?
Monday, 20th March 2017 at 05:59:02 GMT was last modified HTML file at the server.

6. How many bytes of content are being returned to your browser?


128 bytes content length are being returned.

7. By inspecting the raw data in the packet content window, do you see any headers within
the data that are not displayed in the packet-listing window? If so, name one.
All headers can be found in the raw data in packet content window.
ii) The HTTP CONDITIONAL GET/Response Interaction

In this part, we are testing the HTTP aspects by using two identical HTTP GETs. Noticed that
when first GET is used, there was a reply HTTP OK. When the second identical GET is used, then
there was a reply HTTP Not Modified. Figure 2 below shows the results of Wireshark when a two
identical HTTP GET is used. This results will be used to answer the following questions.

(a) HTTP GET response of two similar HTTP GET request

(b) Details of frame 28 (First HTTP GET request)

(c) Details of frame 32 (First HTTP GET response)


IF-MODIFIED-SINCE

(d) Details of frame 39 (Second HTTP GET request)

(e) Details of frame 41 (Second HTTP GET response)


Figure 2: Results of Wireshark When a Two Identical HTTP GET is Used

8. Inspect the contents of the first HTTP GET request from your browser to the server. Do
you see an IF-MODIFIED-SINCE line in the HTTP GET?
As in figure 2(b), there is no IF-MDIFIED-SINCE line in the first HTTP GET request.

9. Inspect the contents of the server response. Did the server explicitly return the contents
of the file? How can you tell?
Yes, the server explicitly return the contents of the file as can be seen in the Line-based
text data field. Figure 3 below shows Line-based text data field of first HTTP GET.

Figure 3: The pink box is the text returned in response to first GET
10. Now inspect the contents of the second HTTP GET request from your browser to the
server. Do you see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what
information follows the IF-MODIFIED-SINCE: header?
As in figure 2(d), there is IF-MDIFIED-SINCE line in the second HTTP GET request. The
information follows after IF-MODIFIED-SINCE is Tue, 21 Mar 2017 05:59:01 GMT which is
date of the last modification from previous HTTP GET request.

11. What is the HTTP status code and phrase returned from the server in response to this
second HTTP GET? Did the server explicitly return the contents of the file? Explain.
The HTTP status code for second HTTP GET is 304 and the response phrase is Not Modified
as shown in figure 4 below. The server did not return the contents of the file as the
browser loaded from its cache. Therefore, there is no line-based text data field.

Figure 4: The status code and response phrase for frame 41

iii) Retrieving Long Documents

In figure 5 shows packet listing window in which it consists TCP and HTTP protocol. Generally
in this part, the objective is to retrieve long document. From the details in frame 68, it is known
that the HTML file is long which content length of 4500 bytes. Since one TCP packet is unable to
fit all 4500 bytes, thus the HTTP response is separated into few TCP segments. Noticed that, single
HTTP response was fragmented through frames 65, 66 and 67 which indicate in info column [TCP
segment of a reassembled PDU]. The information below is used to answer the question given.

Figure 5: Packet Listing Window Which Consists TCP and HTTP protocol

12. How many HTTP GET request messages did your browser send? Which packet number
in the trace contains the GET message for the Bill of Rights?
Only one HTTP GET request message was send by my browser and packet 57 contains the
GET message for the Bill of Rights.

13. Which packet number in the trace contains the status code and phrase associated with
the response to the HTTP GET request?
Packet 68 contains the status code and phrase associated with the response to the HTTP
GET request as shown in figure 6 below.
Figure 6: Details of packet 68 (HTTP GET response)

14. What is the status code and phrase in the response?


The status code in the response is 200 and the response phase is OK.

15. How many data-containing TCP segments were needed to carry the single HTTP
response and the text of the Bill of Rights?
Four packet (65, 66, 67 & 68) which contain TCP segments were needed to carry a single
HTTP response and the text of the Bill of Rights.

iv) HTML Documents With Embedded Objects

In this part, we are studied on the HTML documents with embedded objects packet traffic by
using Wireshark software as shown in figure below. The data that will be used consists of short
HTML files and two images where the images does not contained in the HTML but instead the
URLs for the images are in the downloaded HTML file.

Figure 7: My browser display when http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-


file4.html is entered

Figure 8: The packet listing window of HTML documents with embedded objects
16. How many HTTP GET request messages did your browser send? To which Internet
addresses were these GET requests sent?
There were four HTTP GET request send. First is packet 39 to get the base HTML file that
was sent to IP address 128.119.245.12. Second is packet 68 to get the Pearson logo which
also sent to 128.119.245.12. The third is packet 77 to find the 5th edition textbook cover
and lastly is packet 88 to get the 5th edition textbook cover. Packets 77 and 88 are both
sent to IP address 128.119.240.90.

17. Can you tell whether your browser downloaded the two images serially, or whether
they were downloaded from the two web sites in parallel? Explain.
The browser downloaded the two images serially. These can be seen through TCP ports
as the two images were transmitted over two TCP connection.

v) HTTP Authentication And Security

Figure 9: Packet listing window of HTTP authentication and security

18. What is the servers response (status code and phrase) in response to the initial HTTP
GET message from your browser?
Packet 41 contains the servers response where the status code is 401 and the response
phrase is unauthorized as in figure below.

19. When your browsers sends the HTTP GET message for the second time, what new field
is included in the HTTP GET message?
New field that included in the HTTP GET message is Authorization: Basic field. Figure 10
shows the details regarding the new field.

Figure 10: The pink box is the new field


CONCLUSION
This Wireshark lab assignment on the topic HTTP was successfully done. By using a Wireshark
software, now I be able to capture and analyse the basic and conditional HTTP GET response. Besides,
Im also be able to see the difference between retrieving long documents, HTML documents with
embedded objects and HTTP authentication and security. Throughout this assignment, I able to see a
different status code and response phrase. Table 1 shows the summary table of status code and phrase
that had be seen during the lab assignment.

Table 1: The status code and phrase that can be seen throughout this assignment
Status Code Response Phrase
200 OK
304 Not Modified
302 Found
401 Unauthorized
404 Not Found

You might also like