Wireshark

Assigned: Friday, Apr 8, 2016

Due: Friday, Apr 15, 2016 at 10:30pm

Collaboration: Complete this assignment with your assigned partner. You are expected to work collaboratively, not divide up the assigned work. You may use your classmates as a resource, but please cite them. Sharing of complete or nearly-complete answers is not permitted.

Submitting Your Work: Submit your answers to me by email before the due date. You can submit your work in the body of the email or in an attachment. Please CC your partner on the email.

Groups

  • Evan and Reilly
  • Michael and Marcel
  • Moses and Dave
  • Sarah and Albert
  • Mari and Nick
  • Daniel and Fengyuan
  • Helen and David Ca.
  • Uzo and David Ch.
  • Bazil and Hamza
  • Jerry and Shaun
  • Kumar and Alex
  • Otabek and Aleksandar

Overview

For this lab, we will complete two of the labs associated with our textbook. Instructions for these labs are available in PDF format:

The version of wireshark on MathLAN computers is slightly newer than the images in the PDFs, so a few user interface elements will look slightly different. The changes are generally small and should not be a problem. Also note that the second PDF includes some information we will not cover until the reading for Monday. You are welcome to work ahead, but if the lab is not due until after we have covered HTTP so you can delay working on this part of the lab until next week.

To start wireshark on the MathLAN computers, open a terminal and run the following command:

> wireshark &

For wireshark to work, it needs special access to the networking hardware on your computer. Normally, this access is restricted; while critical network traffic is often encrypted, you will see that examining packets can reveal some sensitive information if users or web developers are careless. You have all been granted access to wireshark for this semester. Please be a good internet and network citizen and use this access responsibly. Looking around to figure out how things work is perfectly okay, even encouraged. However, if you see network traffic that you believe was intended to be private please respect the privacy of other MathLAN users.

What to Turn in

Please send responses to the following questions. You do not need to submit any responses from the lab PDFs unless they are explicitly requested below.

A. Getting Started Lab

Please submit responses to the following questions, which come from the end of the getting started lab.

  1. Briefly describe the traffic you see in the wireshark capture. Can you identify any of the network activity other than your HTTP connection?
  2. What is the Internet address of the gaia.cs.umass.edu (also known as www- net.cs.umass.edu)? What is the Internet address of your computer? (This question is from the lab document)

B. HTTP Lab

Please submit responses to the following questions, which are a subset of the questions in the lab document linked above.

1. Basic HTTP GET/response interaction

  1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
  2. What is the status code returned from the server to your browser?
  3. When was the HTML file that you are retrieving last modified at the server?

2. HTTP CONDITIONAL GET/response interaction

  1. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
  2. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell?
  3. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?
  4. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.

3. Retrieving Long Documents

  1. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights?
  2. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request?

4. HTML Documents with Embedded Objects

  1. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent?
  2. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain.

5. HTTP Authentication

  1. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser?
  2. When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message?