Scribd Logo
Upload

Welcome to Scribd!

  • Introduction to Wireshark Labs 1 and 2

    Uploaded by

    muqaddas fatima
    31 views13 pages
    The document summarizes the key findings and observations from Wireshark Labs 1 and 2 on introductory concepts like packet sniffing, the Wireshark interface, HTTP protocols. In Lab 1, the basics of Wireshark are introduced including downloading, running it, and understanding the interface. Lab 2 analyzes HTTP GET requests and responses to observe browser and server details like HTTP versions, languages, IP addresses, status codes, headers, and caching.

    Original Description:

    Original Title

    Wirecharks Lab

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes the key findings and observations from Wireshark Labs 1 and 2 on introductory concepts like packet sniffing, the Wireshark interface, HTTP protocols. In Lab 1, the basics of Wireshark are introduced including downloading, running it, and understanding the interface. Lab 2 analyzes HTTP GET requests and responses to observe browser and server details like HTTP versions, languages, IP addresses, status codes, headers, and caching.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views13 pages

    Introduction to Wireshark Labs 1 and 2

    Uploaded by

    muqaddas fatima
    The document summarizes the key findings and observations from Wireshark Labs 1 and 2 on introductory concepts like packet sniffing, the Wireshark interface, HTTP protocols. In Lab 1, the basics of Wireshark are introduced including downloading, running it, and understanding the interface. Lab 2 analyzes HTTP GET requests and responses to observe browser and server details like HTTP versions, languages, IP addresses, status codes, headers, and caching.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    ADVANCED COMPUTER NETWORK

    Assignment No. 2

    SUBMITTED TO:
    Dr. Akmal

    SUBMITTED BY:
    Muqaddas Fatima
    MS CS (1st Semester)
    ADVANCED COMPUTER NETWORK
    Wireshark Lab1 & Lab2
    ADVANCED COMPUTER NETWORK

    Wireshark Lab 1: Starting


    ➢ In this first Wireshark lab, i get familiar with Wireshark, and make some simple
    packet captures and observation.
    ➢ Here I get familiar with the Term Packet sniffer
    ➢ The basic tool for observing the messages exchanged between executing protocol
    entities is called a packet sniffer.

    Getting Wireshark
    ➢ First I download the Wireshark from http://www.wireshark.org/download.html
    ➢ And Then install in my computer.

    Running Wireshark
    ➢ When i run the Wireshark program, I get a startup screen, as shown below:

    ➢ Take a look at the upper left hand side of the screen – I’ll see an “Interface list”. This
    is the list of network interfaces on my computer.
    ADVANCED COMPUTER NETWORK

    The Wireshark interface has five major components:


    ➢ Command Menus
    ➢ Display filter specification
    ➢ List of captured packets
    ➢ Details of selected packet header
    ➢ Packet content in hexadecimal and ASCII

    “THE BASIC INTRODUCTION IS GIVEN IN LAB 1


    ABOUT WIRESHARK (E.G. WHAT IS WIRESHARK?
    WHICH TYPE OF INTERFACE IT HAS ? HOW MANY
    MAJOR COMPONENTS ? AND HOW TO START
    WIRESHARK.”
    LAB 1 END
    ADVANCED COMPUTER NETWORK

    Wireshark Lab 2: HTTP

    1. The Basic HTTP GET/response interaction


    There are some question about Wireshark Lab answer the following questions:
    1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server
    running?

    ➢ My browser is running http version 1.1


    ➢ The server is also running http version 1.1

    2. What languages (if any) does your browser indicate that it can accept to the server?

    ➢ My browser indicates that it will accept English-US and English languages from the
    server.
    ADVANCED COMPUTER NETWORK

    3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?

    ➢ IP address of my computer/Client IP Address src:192.168.1.4


    Gaia.cs.umass.edu Server IP address Dst: 128.119.245.12

    4. What is the status code returned from the server to your browser?
    ➢ The status code returned was 200 OK

    5. When was the HTML file that you are retrieving last modified at the server?
    ➢ The file was last modified on Friday, March 27, 2020 at 05:59:02 GMT
    ADVANCED COMPUTER NETWORK

    6. How many bytes of content are being returned to your browser?


    ➢ 128 bytes of content are being returned. Content-Length:128\r\n

    7. By inspecting the raw data in the packet content window, do you see any headers
    within the data that are not displayed in the packet-listing window? If so, name one.

    ➢ No, I don’t see header in HTTP message.


    ADVANCED COMPUTER NETWORK

    2. The HTTP CONDITIONAL GET/response interaction


    Answer the following questions:

    8. Inspect the contents of the first HTTP GET request from your browser to the server.
    Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?

    ➢ No there is no IF-MODIFIED-SINCE line in the GET message. Because we see the


    first GET request and my browser didn’t have any previous URL I opened.

    9. Inspect the contents of the server response. Did the server explicitly return the
    contents of the file? How can you tell?
    ➢ The server did explicitly return the contents of the file. Wireshark includes a
    section titled “Line-Based Text Data” which shows what the server sent back to
    my browser which is specifically what the website showed when I brought it up
    on my browser.
    ADVANCED COMPUTER NETWORK

    10. Now inspect the contents of the second HTTP GET request from your browser to the
    server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what
    information follows the “IF-MODIFIED-SINCE:” header?

    ➢ Yes in the second HTTP message an IF-MODIFIED-SINCE line is included. The


    information that follows is the date and time that I last accessed the webpage.

    11. What is the HTTP status code and phrase returned from the server in response to this
    second HTTP GET? Did the server explicitly return the contents of the file? Explain
    ➢ The HTTP status code is “304: Not Modified”
    ➢ The server did not return the contents of the file because the browser simply
    retrieved the contents from its cache. Had the file been modified since it was last
    accessed, it would have returned the contents of the file, instead it simply told my
    browser to retrieve the old file from its cached memory.
    ADVANCED COMPUTER NETWORK

    3. Retrieving Long Documents


    12. How many HTTP GET request messages did your browser send? Which packet
    number in the trace contains the GET message for the Bill or Rights?

    ➢ My browser only sent 1 HTTP GET request to the server. The packet that contain the
    GET message was packet number 116.

    13. Which packet number in the trace contains the status code and phrase associated
    with the response to the HTTP GET request?

    ➢ The packet that contains the status code and phrase which the server sent in response
    to the GET message was packet number 124.
    ADVANCED COMPUTER NETWORK

    14. What is the status code and phrase in the response?


    ➢ HTTP/1.1 200 OK …See the image from question 13.

    15. How many data-containing TCP segments were needed to carry the single HTTP
    response and the text of the Bill of Rights?

    ➢ The data was sent in 4 TCP segments to the browser, then reassembled.
    ADVANCED COMPUTER NETWORK

    4. HTML Documents with Embedded Objects


    16. How many HTTP GET request messages did your browser send? To which
    Internet addresses were these GET requests sent?

    ➢ My browser sent 3 http GET message requests. One each to each for each of the
    following: The initial page, the Pearson logo, and the cover of the Pearson book, 5th
    Edition.
    ➢ Initial Page address: 128.119.245.12
    ➢ Pearson Logo: 128.119.245.12
    ➢ Kurose book, 5th Edition: 128.119.245.12

    Screenshot is attached below.

    17. Can you tell whether your browser downloaded the two images serially, or whether
    they were downloaded from the two web sites in parallel? Explain.
    ADVANCED COMPUTER NETWORK

    ➢ The browser downloaded the images in serially. Because the first image was
    request and it returned then second image was requested by the browser and it
    returned the second image. Both files would have been requested then would
    returned in different time. The second image was sent in multiple TCP segments,
    like the one we did before. The second image took 70 packets to send as shown
    above.
    ADVANCED COMPUTER NETWORK

    5. HTTP Authentication
    18. What is the server’s response (status code and phrase) in response to the initial
    HTTP GET message from your browser?

    ➢ The severs initial response was “401 Unauthorized”.

    19. When your browser’s sends the HTTP GET message for the second time, what new
    field is included in the HTTP GET message?

    ➢ The new field that is now included is the authorization field. This is included
    because we sent the server a username and password along with our request
    stating that we were authorized to receive the page.

    You might also like