LE/EECS 3214 – Computer Network Protocol & Applications

Fall 2021/22

Programming Assignment 1
Submission Deadline: October 03, 2021 before 23:59

Assignment 1: Network Monitoring with Wireshark and Application

Layer Protocols
Objectives
The purpose of this activity is to learn the fundamentals of network monitoring and packet sniffing with the help of
Wireshark, mainly, and some other tools. We will use Wireshark to explore application layer protocols such as
HTTP and DNS.

Submission Requirements
• Please submit your results/output in a PDF file. Submit your code in a text (.txt) file.
• The name of the files must be your YorkU student number such as 100131001.pdf or 100131001.txt.
• File must be uploaded to the A01 submission link provided on the eClass. The name of submission must also
be your YorkU student number.
• If the files do not open properly or the content is not clear, then you will be awarded zero.
• The deadline is Sunday October 03, 2021 before 11:59 PM.
• This is an individual assignment
• Late submission is not permitted under any circumstances.
• Your submissions will be verified using Turnitin (or some other suitable tool) for originality. 60% or
more similarity will be awarded zero in the assignment and reported to the department. We may report
similarity less than 60% if it is of significant nature.

Assignment Requirements and Setup

This assignment is largely based on the first three Wireshark labs (Getting Started, HTTP and DNS) of our
course book. The description of these three labs can be accessed on the link below; use the 8th edition files. Also,
the three files are uploaded to eClass:
https://gaia.cs.umass.edu/kurose_ross/wireshark.php
In order to answer the questions in this assignment, you need to first finish the above three labs and answer the
questions in those labs. However, you are not required to submit the answers to these questions there. You
must only submit the answers to the questions asked below in this document.

Fall 2021/22 EECS 3214 A 1

General Instructions
• Please make sure that your document is easy to understand; clearly add the question number, part
number, captions and foot notes wherever required. If the TA can’t locate the answer, then it is your
responsibility.
• Make sure that images/screenshots are clear. If the image is big then split it into multiple parts.
Clearly write their purpose. You can add multiple images even if the question statement doesn’t say
so to make sure that your answer is easy to comprehend.
• Highlight the significant parts of each image so that TA can easily identify the required answer.
• Add necessary explanation to make sure that TA can understand different parts of your document.

Question 1: Capturing an HTTP Message

Select a website of your choice; must be different than the Wireshark labs above. Now follow the approach
suggested in the Lab1 (Getting Started) above to capture the HTTP GET and HTTP OK messages (one
GET and its corresponding OK). Add the following items to your submission:
#1-A: Add the Wireshark screenshot and highlight the two messages in it. [3 Marks]
#1-B: Write the complete URL of the webpage referred in GET message. Which fields/lines of GET
message can be used to acquire the complete URL? [2 Marks]
#1-C: Assume the content of a GET message is provided to you in the form of a string. Write a
Python (or Java) program to parse this string to extract the complete URL out of this string. You
cannot use any existing libraries/functions designed specifically to process HTTP messages. Submit
this program in a .txt file as mentioned in the “Submission Requirements”. [5 Marks]

Question 2: Analyzing HTTP Messages

For this question, follow the instructions completely in the Lab2 (HTTP) above. Add the following items
to your submission:
#2-A: For a certain “HTTP OK” message, what does the difference in the values of “Content-
Length” and the “Length” column in Wireshark window? To support your argument, provide
evidence from the captured packets. [3 Marks]

#2-B: An HTTP GET message was sent with “IF-MODIFIED-SINCE” entry. From the response
message, how can we identify if the content is modified since the time mentioned in the GET

Fall 2021/22 EECS 3214 A 2

message? To support your argument, provide evidence through Wireshark traces/images; if
possible. [2 Marks]
#2-C: When an HTTP message is contained in multiple TCP segments, does each TCP segment
contain the HTTP OK status message? To support your answer, add the screen shots from
Wireshark. [2 Marks]

Question 3: DNS
For this question, follow the instructions completely in the Lab3 (DNS) mentioned above. Now, add the
following items to your submission:
#3-A: What is your default server for nslookup and what is its IP address? To support your answer,
also add the screen shot from your computer. [2 Marks]
#3-B: Add your answers to lab3 questions 5 and 7 in the submission document. Add screenshots to
support your answer. [6 Marks]
#3-C: We want to represent the content of a DNS message in the form of a Python Dictionary where
keys are the message field names and key-values are the field values. Provide the definition of this
dictionary in your submission document. You can use the DNS message format given in the book to
answer this question. Only definition is required and you do not need to show any data in the
dictionary structure. [5 Marks]

Fall 2021/22 EECS 3214 A 3