-
Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the
server running?
-
What languages (if any) does your browser indicate that it can accept to the
server?
-
What is the IP address of your computer? Of the gaia.cs.umass.edu server?
Utsnitt 1.1
No. Time Source Destination Protocol Info
8 0.155585 192.168.1.4 128.119.245.12 HTTP GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1
Frame 8 (494 bytes on wire, 494 bytes captured)
Ethernet II, Src: FujitsuS_10:74:8a (00:19:99:10:74:8a), Dst: Tilgin_24:dd:c7 (00:02:61:24:dd:c7)
Internet Protocol, Src: 192.168.1.4 (192.168.1.4), Dst: 128.119.245.12 (128.119.245.12)
Transmission Control Protocol, Src Port: ftsrv (1359), Dst Port: http (80), Seq: 1, Ack: 1, Len: 440
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n
Host: gaia.cs.umass.edu\r\n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: nb,no;q=0.8,nn;q=0.6,en-us;q=0.4,en;q=0.2\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 300\r\n
Connection: keep-alive\r\n
\r\n
-
What is the status code returned from the server to your browser?
-
When was the HTML file that you are retrieving last modified at the server?
-
How many bytes of content are being returned to your browser?
Utsnitt 1.2
No. Time Source Destination Protocol Info
10 0.298398 128.119.245.12 192.168.1.4 HTTP HTTP/1.1 200 OK (text/html)
Frame 10 (488 bytes on wire, 488 bytes captured)
Ethernet II, Src: Tilgin_24:dd:c7 (00:02:61:24:dd:c7), Dst: FujitsuS_10:74:8a (00:19:99:10:74:8a)
Internet Protocol, Src: 128.119.245.12 (128.119.245.12), Dst: 192.168.1.4 (192.168.1.4)
Transmission Control Protocol, Src Port: http (80), Dst Port: ftsrv (1359), Seq: 1, Ack: 441, Len: 434
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Request Version: HTTP/1.1
Response Code: 200
Date: Wed, 21 Jan 2009 10:38:36 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Wed, 21 Jan 2009 10:38:01 GMT\r\n
ETag: "8734d-80-bffe1440"\r\n
Accept-Ranges: bytes\r\n
Content-Length: 128\r\n
[Content length: 128]
Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\r\n
\r\n
Line-based text data: text/html
-
By inspecting the raw data in the packet content window, do you see any headers
within the data that are not displayed in the packet-listing window? If so, name
one.
-
Inspect the contents of the first HTTP GET request from your browser to the
server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
Utsnitt 2.1
No. Time Source Destination Protocol Info
3800 20.510849 192.168.1.4 128.119.245.12 HTTP GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1
Frame 3800 (607 bytes on wire, 607 bytes captured)
Ethernet II, Src: FujitsuS_10:74:8a (00:19:99:10:74:8a), Dst: Tilgin_24:dd:c7 (00:02:61:24:dd:c7)
Internet Protocol, Src: 192.168.1.4 (192.168.1.4), Dst: 128.119.245.12 (128.119.245.12)
Transmission Control Protocol, Src Port: netview-aix-8 (1668), Dst Port: http (80), Seq: 994, Ack: 861, Len: 553
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
Request Method: GET
Request URI: /wireshark-labs/HTTP-wireshark-file2.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: nb,no;q=0.8,nn;q=0.6,en-us;q=0.4,en;q=0.2\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 300\r\n
Connection: keep-alive\r\n
If-Modified-Since: Wed, 21 Jan 2009 12:38:02 GMT\r\n
If-None-Match: "d6c96-173-6d349e80"\r\n
Cache-Control: max-age=0\r\n
\r\n
-
Inspect the contents of the server response. Did the server explicitly return the
contents of the file? How can you tell?
Utsnitt 2.2
No. Time Source Destination Protocol Info
3802 20.653623 128.119.245.12 192.168.1.4 HTTP HTTP/1.1 200 OK (text/html)
Frame 3802 (425 bytes on wire, 425 bytes captured)
Ethernet II, Src: Tilgin_24:dd:c7 (00:02:61:24:dd:c7), Dst: FujitsuS_10:74:8a (00:19:99:10:74:8a)
Internet Protocol, Src: 128.119.245.12 (128.119.245.12), Dst: 192.168.1.4 (192.168.1.4)
Transmission Control Protocol, Src Port: http (80), Dst Port: netview-aix-8 (1668), Seq: 1169, Ack: 1547, Len: 371
[Reassembled TCP Segments (679 bytes): #3801(308), #3802(371)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Request Version: HTTP/1.1
Response Code: 200
Date: Wed, 21 Jan 2009 12:39:01 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Wed, 21 Jan 2009 12:39:01 GMT\r\n
ETag: W/"d6c96-173-70b8e340"\r\n
Accept-Ranges: bytes\r\n
Content-Length: 371\r\n
[Content length: 371]
Keep-Alive: timeout=10, max=98\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\r\n
\r\n
Line-based text data: text/html
-
Now inspect the contents of the second HTTP GET request from your browser to
the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If
so, what information follows the “IF-MODIFIED-SINCE:” header?
Utsnitt 2.3
No. Time Source Destination Protocol Info
3547 19.305857 192.168.1.4 128.119.245.12 HTTP GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1
Frame 3547 (607 bytes on wire, 607 bytes captured)
Ethernet II, Src: FujitsuS_10:74:8a (00:19:99:10:74:8a), Dst: Tilgin_24:dd:c7 (00:02:61:24:dd:c7)
Internet Protocol, Src: 192.168.1.4 (192.168.1.4), Dst: 128.119.245.12 (128.119.245.12)
Transmission Control Protocol, Src Port: netview-aix-8 (1668), Dst Port: http (80), Seq: 441, Ack: 679, Len: 553
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
Request Method: GET
Request URI: /wireshark-labs/HTTP-wireshark-file2.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: nb,no;q=0.8,nn;q=0.6,en-us;q=0.4,en;q=0.2\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 300\r\n
Connection: keep-alive\r\n
If-Modified-Since: Wed, 21 Jan 2009 12:38:02 GMT\r\n
If-None-Match: "d6c96-173-6d349e80"\r\n
Cache-Control: max-age=0\r\n
\r\n
-
What is the HTTP status code and phrase returned from the server in response to
this second HTTP GET? Did the server explicitly return the contents of the file?
Explain.
Utsnitt 2.4
No. Time Source Destination Protocol Info
3593 19.456651 128.119.245.12 192.168.1.4 HTTP HTTP/1.1 304 Not Modified
Frame 3593 (236 bytes on wire, 236 bytes captured)
Ethernet II, Src: Tilgin_24:dd:c7 (00:02:61:24:dd:c7), Dst: FujitsuS_10:74:8a (00:19:99:10:74:8a)
Internet Protocol, Src: 128.119.245.12 (128.119.245.12), Dst: 192.168.1.4 (192.168.1.4)
Transmission Control Protocol, Src Port: http (80), Dst Port: netview-aix-8 (1668), Seq: 679, Ack: 994, Len: 182
Hypertext Transfer Protocol
HTTP/1.1 304 Not Modified\r\n
Request Version: HTTP/1.1
Response Code: 304
Date: Wed, 21 Jan 2009 12:39:00 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Connection: Keep-Alive\r\n
Keep-Alive: timeout=10, max=99\r\n
ETag: "d6c96-173-6d349e80"\r\n
\r\n
-
How many HTTP GET request messages were sent by your browser?
1
-
How many data-containing TCP segments were needed to carry the single HTTP
response?
14
-
What is the status code and phrase associated with the response to the HTTP GET
request?
-
Are there any HTTP status lines in the transmitted data associated with a TCP-
induced “Continuation”?
-
How many HTTP GET request messages were sent by your browser? To which
Internet addresses were these GET requests sent?
-
Can you tell whether your browser downloaded the two images serially, or
whether they were downloaded from the two web sites in parallel? Explain.
-
What is the server’s response (status code and phrase) in response to the initial
HTTP GET message from your browser?
-
When your browser’s sends the HTTP GET message for the second time, what
new field is included in the HTTP GET message?