Description

Exercise 3: Using Wireshark to understand basic HTTP request/response messages (marked, include in your report)
We will not be running Wireshark on a live network connection (You are strongly encouraged to try this on your own machine. Pointers provided at the end of this exercise). The CSE network administrators do not permit live traffic monitoring for security reasons. Instead, for all our lab exercises we will make use of several trace files, which were collected by running Wireshark by one of the textbook’s authors. For this particular experiment download the following trace file: http-wireshark-trace-1

NOTE: IT IS NOT POSSIBLE TO RUN WIRESHARK VIA SSH. IT IS A RESOURCE INTENSIVE
PROGRAM AND IT WOULD SLOW DOWN THE CSE LOGIN SERVERS. IF YOU WANT TO WORK REMOTELY, THEN YOU CAN DOWNLOAD AND INSTALL WIRESHARK ON YOUR PERSONAL MACHINE. WIRESHARK IS AVAILABLE ON ALL LAB MACHINES.
The following indicate the steps involved:
Step 1: Start Wireshark by typing wireshark at the command prompt.
Step 2: Load the trace file http-wireshark-trace-1 by using the File pull down menu, choosing Open and selecting the appropriate trace file. This trace file captures a simple request/response interaction between a browser and a web server.
Step 3: You will see a large number of packets in the packet-listing window. Since we are currently only interested in HTTP we will filter out all the other packets by typing “http” in lowercase in the Filter field and press Enter. You should now see only HTTP packets in the packetlisting window.
Step 4: Select the first HTTP message in the packet-listing window and observe the data in the packet-header detail window. Recall that since each HTTP message was carried inside a TCP segment, which was carried inside an IP datagram, which was carried within an Ethernet frame, Wireshark displays the Frame, Ethernet, IP, and TCP packet information as well. We want to minimize the amount of non-HTTP data displayed (we’re interested in HTTP here, and will be investigating these other protocols is later labs), so make sure the boxes at the far left of the Frame, Ethernet, IP and TCP information have a right-pointing arrowhead (which means there is hidden, undisplayed information), and the HTTP line has a down-pointing arrowhead (which means that all information about the HTTP message is displayed).
NOTE: Please neglect the HTTP GET and response for favicon.ico, (the third and fourth HTTP messages in the trace file. Most browsers automatically ask the server if the server has a small icon file that should be displayed next to the displayed URL in the browser. We will ignore references to this pesky file in this lab.)
By looking at the information in the HTTP GET and response messages (the first two messages), answer the following questions:

Question 1: What is the status code and phrase returned from the server to the client browser?

Answer:
status code:200
Response Phrase: OK

Answer:
Last modified: Tue, 23 Sep 2003 05:29:00 GMT

Question 3: Is the connection established between the browser and the server persistent or nonpersistent? How can you infer this?
Answer:
Persistent, request and response connection header are Keep-Alive, which means use single TCP connections to send and receive multiple HTTP request and responses rather than open a new connection for every single request and response pair.

Question 4: How many bytes of content are being returned to the browser?
Answer:
73 bytes.

Question 5: What is the data contained inside the HTTP response packet? Answer:

Exercise 4: Using Wireshark to understand the HTTP CONDITIONAL GET/response interaction (marked, include in your report)
For this particular experiment download the second trace file: http-wireshark-trace-2
The following indicate the steps for this experiment:
Step 1: Start Wireshark by typing wireshark at the command prompt.
Step 2: Load the trace file http-wireshark-trace-2 by using the File pull down menu, choosing Open and selecting the appropriate trace file. This trace file captures a request response between a client browser and web server where the client requests the same file from the server within a span of a few seconds.
Step 3: Filter out all the non-HTTP packets and focus on the HTTP header information in the packet-header detail window.
By looking at the information in the HTTP GET and response messages (the first two messages), answer the following questions:

Question 1: Inspect the contents of the first HTTP GET request from the browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
Answer:

No.
Question 2: Does the response indicate the last time that the requested file was modified?
Answer:

Yes, it is. That last-modified is Tue, 23 Sep 2003 05:35:00 GMT
Question 3: Now inspect the contents of the second HTTP GET request from the browser to the server. Do you see an “IF-MODIFIED-SINCE:” and “IF-NONE-MATCH” lines in the HTTP GET? If so, what information is contained in these header lines?
Answer:

Yes it have IF-MODIFIED-SINCE and IF-NONE-MATCH line.
If-Modified-Since: Tue, 23 Sep 2003 05:35:00 GMT
If-None-Match: “1bfef-173-8f4ae900”
IF-NONE-MATCH contains Etag value.

Question 4: What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.
Answer:

Status Code:304, Phrase: Not Modified
Not return the contents of the file. there is no need to retransmit the requested resources because the resource has not been modified since the version specified by the request headers. Client still has a previously-downloaded (local) copy.

Question 5: What is the value of the Etag field in the 2nd response message and how it is used? Has this value changed since the 1 st response message was received?
Answer:

ETag: “1bfef-173-8f4ae900”.
Not changed. The ETag use to compare the server’s ETag value and check whether any different between the cache and server resources. To determine whether need to retransmit the requested resources or just use local cached resource.

Exercise 5 Example (python3 .7.3 CSE machine):