DIGITAL FORENSICS

DA-3
NAME-YASH RAJ SINGH
REG NO.-19BCE0288
Q. LAB Digital Assignment III–Wireshark1.
Gather IP address of 5 unique websites, the website should
not be in the top 100 websites.
b.Which language is used in the server?
c.When was the HTML-file, that you have retrieved, last
modified at the server?
d.How many bytes of content (size of file) is returned to your
browser? Which header line is used to indicate this
information?
e.Inspect the contents of the first HTTP GET request from your
browser to the server. Is there an “IF-MODIFIED-SINCE”
header line in the HTTP GET message?

1)VTOP-136.233.9.22
STATUS CODE- GET /vtopconnect/login HTTP/1.1\r\n
Accept-Language: en-US,en;q=0.9,hi;q=0.8\r\n
Last Modified: not defined
CONTENT-LENGTH- 0\r\n
IF-MODIFIED-SINCE” header line in the HTTP GET message –
No
CODETANTRA

Ip: ip.dst == 136.233.9.22

Status code:
GET/vtopconnect/oauth/authorize?client_id=codetantra&sta
te=200EC58934B9EAEDFAB28 ‘
06FADF97110&redirect_uri=https%3A%2F%2Fauth.codetantr
a.com%2Fa%3F2vkcpuzxymm
5sylge2q&response_type=code HTTP/1.1 Language:
Accept-Language: en-US,en;q=0.9\r\n
Last Modified: not defined
Content-length: 0\r\n
IF-MODIFIED-SINCE” header line in the HTTP GET message –
No

3) MSFT CONNECT TEST.COM-13.107.4.52

STATUS CODE-GET /connecttest.txt HTTP/1.1\r\n

[Expert Info (Chat/Sequence): GET /connecttest.txt
HTTP/1.1\r\n]
Request Method: GET
 Accept-Language: en-US,en;q=0.9\r\n
Request URI: /connecttest.txt
Request Version: HTTP/1.1
Status Code: 200
Last Modified: Last-Modified: Tue, 15Feb2022
18:30:49GMT\r\n
IF-MODIFIED-SINCE” header line in the HTTP GET message
– No

4)WINDOWS.UPDATE-49.44.130.32
STATUS CODE-304
[Expert Info (Chat/Sequence): HTTP/1.1 304 Not
Modified\r\n]
[HTTP/1.1 304 Not Modified\r\n]
[Severity level: Chat]
[Group: Sequence]
ACCEPT LANGUAGE – Accept: */*\r\n
LAST MODIFIED-NOT DEFINED
IF-MODIFIED-SINCE” header line in the HTTP GET message-
YES- If-Modified-Since: Tue, 16 Mar 2021 07:33:42 GMT\r\n

5)HEARTBEAT.COM-3.230.17.64
STATUS CODE- GET / HTTP/1.1\r\n
Accept-Language: en-IN\r\n
Last Modified: not defined
Content-Length: 263\r\n
[Content length: 263]
IF-MODIFIED-SINCE” header line in the HTTP GET message –
No
2.What is the IP address of the host?

IP ADDRESS OF HOST-192.168.216.46
3.What is the IP address of the router?

ROUTER-192.168.216.251
4.What protocol is used to resolve the website domain name?
ANS. DOMAIN NETWORK SYSTEM
5.Which transport layer protocol is used by DNS?
ANS)DNS-.TCP-ZONE TRANSFER
DNS-.UDP-NAME TRANSFER
6.Which well-known port is used when contacting the DNS
server?

DST.PORT-53
SRC.PORT-51833
7.If a packet is highlighted by black, what does it mean for the
packet?
DESTINATION HAS BEEN UNREACHABLE

8.What is the filter command for listing all outgoing http

traffic?
HTTP IS WRITTEN ON FILTER DISPLAY

9.Why does DNS use Follow UDP Stream while HTTP use
Follow TCP Stream?
ANS)HTTP wants to send a message and uses TCP to connect
users, break down the message into packets, and sends the
message with the transport layer, DNS requests are generally
very small and they fit well within UDP segments .
10.Using Wireshark, How to capture the password
http.request.method=="POST" USE THIS ON DISPLAY FILTER
TO GET THE DESIRED OUTPUT