You are on page 1of 9

Kulliyyah of Engineering

Department of Electrical and Electronics
Engineering

DATA COMMUNICATION AND NETWORKING
ECE 4241

SEMESTER 2 2016/2017

Wireshark Lab: HTTP

NAME : Nurul Aqilah Binti Hamzah
MATRIC NO : 1326648
LECTURER : DR. MOHAMED HADI HABAEBI

retrieving large HTML files iv. we would studied on the several aspects of HTTP protocol. In this Wireshark lab. HTTP authentication and security ANALYSIS AND DISCUSSION There are five part in this lab assignment that will be discussed in this report. HTTP message formats iii. which are: (i) the basic HTTP GET/response interaction. (iii) retrieving long documents. we have studied that Wireshark allows the user to give network interface controllers in which the user can check all traffics visible on that interfaces and allows the users to know the different types of network protocols that exist. HTTP stands for hypertext transfer protocol which designed to permit intermediate network elements to improve or enable communications between clients and servers. Students also need to answer all the question given in each part. (iv) HTML documents with embedded objects and (v) HTTP authentication. (a) HTTP basic GET response my IP gaia server address IP address my browser running http 1. OBJECTIVES  To study HTTP protocol in the aspects of: i. the basic and conditional GET/response interaction ii. INTRODUCTION In the previous Wireshark lab.1 languages accepted (b) Details of frame 172 (my browser) . i) The Basic HTTP GET/Response Interaction The steps to run the basic HTTP is given in the lab manual and figure 1 below shows the results of HTTP GET and HTTP reply which will be used to answer the questions given. retrieving HTML files with embedded objects v. (ii) the HTTP CONDITIONAL GET/response interaction.

my browser and the server are running HTTP version 1. 5. do you see any headers within the data that are not displayed in the packet-listing window? If so.cs. When was the HTML file that you are retrieving last modified at the server?  Monday.umass.cs. Is your browser running HTTP version 1. By inspecting the raw data in the packet content window. name one. 3.139 meanwhile gaia. How many bytes of content are being returned to your browser?  128 bytes content length are being returned. 7. status code server running last modified http 1. 20th March 2017 at 05:59:02 GMT was last modified HTML file at the server. What languages (if any) does your browser indicate that it can accept to the server?  The accepted languages are en-US and en which known as English (United States) and English.1? What version of HTTP is the server running?  Both. What is the IP address of your computer? Of the gaia.12. 2.0 or 1. What is the status code returned from the server to your browser?  The status code returned is 200.1 content length returned (c) Details of frame 177 (server) Figure 1: Results of HTTP GET and HTTP reply 1.umass.1.edu server IP address is 128. 6.168.119.245.0. .edu server?  My computer IP address is 192. 4.  All headers can be found in the raw data in packet content window.

Figure 2 below shows the results of Wireshark when a two identical HTTP GET is used. we are testing the HTTP aspects by using two identical HTTP GETs. Noticed that when first GET is used.ii) The HTTP CONDITIONAL GET/Response Interaction In this part. there was a reply HTTP OK. then there was a reply HTTP Not Modified. (a) HTTP GET response of two similar HTTP GET request (b) Details of frame 28 (First HTTP GET request) (c) Details of frame 32 (First HTTP GET response) . When the second identical GET is used. This results will be used to answer the following questions.

Inspect the contents of the server response. there is no “IF-MDIFIED-SINCE” line in the first HTTP GET request. Figure 3 below shows Line-based text data field of first HTTP GET. Did the server explicitly return the contents of the file? How can you tell?  Yes. the server explicitly return the contents of the file as can be seen in the Line-based text data field. Figure 3: The pink box is the text returned in response to first GET . Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?  As in figure 2(b). IF-MODIFIED-SINCE (d) Details of frame 39 (Second HTTP GET request) (e) Details of frame 41 (Second HTTP GET response) Figure 2: Results of Wireshark When a Two Identical HTTP GET is Used 8. Inspect the contents of the first HTTP GET request from your browser to the server. 9.

thus the HTTP response is separated into few TCP segments. there is “IF-MDIFIED-SINCE” line in the second HTTP GET request. the objective is to retrieve long document. Generally in this part. . What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain. single HTTP response was fragmented through frames 65. Therefore. 66 and 67 which indicate in info column “[TCP segment of a reassembled PDU]”.  The HTTP status code for second HTTP GET is 304 and the response phrase is Not Modified as shown in figure 4 below. Now inspect the contents of the second HTTP GET request from your browser to the server. 10. From the details in frame 68. Figure 4: The status code and response phrase for frame 41 iii) Retrieving Long Documents In figure 5 shows packet listing window in which it consists TCP and HTTP protocol. what information follows the “IF-MODIFIED-SINCE:” header?  As in figure 2(d). Figure 5: Packet Listing Window Which Consists TCP and HTTP protocol 12. 13. Noticed that. The server did not return the contents of the file as the browser loaded from its cache. Since one TCP packet is unable to fit all 4500 bytes. 11. there is no line-based text data field. The information below is used to answer the question given. The information follows after IF-MODIFIED-SINCE is Tue. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request?  Packet 68 contains the status code and phrase associated with the response to the HTTP GET request as shown in figure 6 below. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so. 21 Mar 2017 05:59:01 GMT which is date of the last modification from previous HTTP GET request. it is known that the HTML file is long which content length of 4500 bytes. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill of Rights?  Only one HTTP GET request message was send by my browser and packet 57 contains the GET message for the Bill of Rights.

What is the status code and phrase in the response?  The status code in the response is 200 and the response phase is OK. 67 & 68) which contain TCP segments were needed to carry a single HTTP response and the text of the Bill of Rights. Figure 6: Details of packet 68 (HTTP GET response) 14. iv) HTML Documents With Embedded Objects In this part. we are studied on the HTML documents with embedded objects packet traffic by using Wireshark software as shown in figure below.edu/wireshark-labs/HTTP-wireshark- file4.umass. 15.html is entered Figure 8: The packet listing window of HTML documents with embedded objects . How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights?  Four packet (65. Figure 7: My browser display when http://gaia. The data that will be used consists of short HTML files and two images where the images does not contained in the HTML but instead the URLs for the images are in the downloaded HTML file. 66.cs.

90.12.245. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser?  Packet 41 contains the server’s response where the status code is 401 and the response phrase is unauthorized as in figure below. When your browser’s sends the HTTP GET message for the second time.119. The third is packet 77 to find the 5th edition textbook cover and lastly is packet 88 to get the 5th edition textbook cover. what new field is included in the HTTP GET message?  New field that included in the HTTP GET message is “Authorization: Basic” field. Can you tell whether your browser downloaded the two images serially. 19. Figure 10 shows the details regarding the new field.  The browser downloaded the two images serially. Figure 10: The pink box is the new field . 17. 16.245. or whether they were downloaded from the two web sites in parallel? Explain. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent?  There were four HTTP GET request send.12. First is packet 39 to get the base HTML file that was sent to IP address 128. v) HTTP Authentication And Security Figure 9: Packet listing window of HTTP authentication and security 18. Second is packet 68 to get the Pearson logo which also sent to 128. Packets 77 and 88 are both sent to IP address 128.119. These can be seen through TCP ports as the two images were transmitted over two TCP connection.119.240.

now I be able to capture and analyse the basic and conditional HTTP GET response. By using a Wireshark software. Table 1: The status code and phrase that can be seen throughout this assignment Status Code Response Phrase 200 OK 304 Not Modified 302 Found 401 Unauthorized 404 Not Found . HTML documents with embedded objects and HTTP authentication and security. Throughout this assignment.CONCLUSION This Wireshark lab assignment on the topic HTTP was successfully done. Besides. I’m also be able to see the difference between retrieving long documents. Table 1 shows the summary table of status code and phrase that had be seen during the lab assignment. I able to see a different status code and response phrase.