Lab Assignments for Chapter 2

We have created six lab assignments for this chapter: Lab2-1 to Lab2-6. We have also included six lab-report sheets, which means that each lab assignment needs to be reported in a separate sheet. The six lab assignments are related to six application-layer protocols we discussed in this chapter. The lab assignment for SSH protocol has been moved to Chapter 10 because it involves security issues. It is strongly recommended that the student carefully study and digest the corresponding protocols before working on the related lab assignment. It is necessary that the student carefully study the instructions in the lab assignment for Chapter 1 before starting this assignment.

Lab2-1: HTTP

HTTP is used to handle web pages. In this lab, we retrieve a web page and then, using Wireshark, capture HTTP packets. We learn about the two most common HTTP mes- sages (GET and response). We also examine the role of browser caching.

Assignment

The assignment for this lab has three parts.

Part I: General

Start your web browser and clear the browser's cache memory, but do not access any website yet.

Open Wireshark and start capturing.

Go back to your web browser and retrieve any web page that contains embedded objects (pictures, logos, etc.).

Since the browser's cache memory has been cleared, the web page is retrieved from the original destination. Type http (lowercase) in the filter field of the Wire- shark and click Apply so that only HTTP messages are displayed.

After enough packets have been captured, select the Capture from the pull-down menu and select Stop to stop capturing. The packet list pane of the Wireshark should now display many HTTP packets.

Questions

Using the captured information, answer the following question in your lab-report sheet.

1. What is the source IP address of the first GET message?

2. What is the destination IP address of the first GET message?

3. What is the source IP address of the first response message?

4. What is the destination IP address of the first response message?

5. How the source and destination addresses in the first response message are related to those in the first GET message?

6. Using the time stamps of a GET message and that of the corresponding response message, determine how long it took from the time the GET message was sent until the response message was received. By default, the value of the time column is the amount of time in seconds since Wireshark tracing began.

7. From one of the messages, determine the HTTP version.

8. From the first GET message, determine the URL of the website.

9. From the first GET message, determine the user agent.

10. Using the first GET message, determine the medium format, the language, the

encoding, and the character set that the client can accept.

11. What are the status codes for the first response message? Check the status code table to see the descriptions of this code.

12. Record the etag (identity tag) of the first response message. What is the application of etag in conditional request in HTTP.

13. What is the value of the content-length field of the first response message?

Part II: Embedded Objects

Most web pages contain pictures, logos, and so on, in the form of embedded objects. When you open any of these pages, embedded objects are retrieved from the same web- site or a different website. In this part, we extract information about these embedded objects in the captured file.

Questions

Using the captured file in Part I of the assignment, answer the following questions in your lab-report sheet.

1. Checking your browser, how many embedded objects are in the page?

2. How many GET messages sent by the browser to retrieve the embedded objects?

3. What is the URL of each embedded object?

4. Has the HTTP used persistent or non-persistent connection? Explain your answer.

Part III: Browsers Cache Memory

To reduce the response time and internet traffic, most bowers keep the recently retrieved HTTP objects in their cache memory. When the browser receives a request to retrieve a web file, it first checks its cache memory. If it has the file, it sends a condi- tional GET (IF-Modified-Since) request. The server sends the file if it is modified; oth- erwise, it sends a Not Modified response.

Open the Wireshark and start capturing. Go to your browser and retrieve the same web page again by clicking reload or refresh bottom on your browser. This time the page is retrieved from the cache memory. Type http (lowercase) in the filter field of the

Wireshark and click Apply so that only HTTP messages are displayed. Stop the Wire- shark and save the captured file.

Questions

Using the captured file, answer the following question in your lab report.

1. What is the value of the content-length field of the response message?

2. Explain the answer to the first question.