Scribd Logo
Upload

Welcome to Scribd!

  • 517 views

    HTTP: Stephan Benjamin Helmy:Wireshark Lab1

    Uploaded by

    Stephan Youanas
    1) The document contains the answers to questions about analyzing network traffic using Wireshark. It includes details on protocols observed, packet timing, IP addresses, HTTP requests and responses, and DNS queries. 2) Questions are asked about analyzing the HTTP and DNS protocols in more depth, including HTTP versions, headers, status codes, and whether files are retrieved sequentially or in parallel. 3) DNS queries are examined in more detail, looking at response types, nameservers, and whether IP addresses are provided. Screenshots of DNS queries and responses are also requested.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd

    HTTP: Stephan Benjamin Helmy:Wireshark Lab1

    Uploaded by

    Stephan Youanas
    517 views8 pages
    1) The document contains the answers to questions about analyzing network traffic using Wireshark. It includes details on protocols observed, packet timing, IP addresses, HTTP requests and responses, and DNS queries. 2) Questions are asked about analyzing the HTTP and DNS protocols in more depth, including HTTP versions, headers, status codes, and whether files are retrieved sequentially or in parallel. 3) DNS queries are examined in more detail, looking at response types, nameservers, and whether IP addresses are provided. Screenshots of DNS queries and responses are also requested.

    Original Title

    wireshark lab2003

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1) The document contains the answers to questions about analyzing network traffic using Wireshark. It includes details on protocols observed, packet timing, IP addresses, HTTP requests and responses, and DNS queries. 2) Questions are asked about analyzing the HTTP and DNS protocols in more depth, including HTTP versions, headers, status codes, and whether files are retrieved sequentially or in parallel. 3) DNS queries are examined in more detail, looking at response types, nameservers, and whether IP addresses are provided. Screenshots of DNS queries and responses are also requested.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    517 views8 pages

    HTTP: Stephan Benjamin Helmy:Wireshark Lab1

    Uploaded by

    Stephan Youanas
    1) The document contains the answers to questions about analyzing network traffic using Wireshark. It includes details on protocols observed, packet timing, IP addresses, HTTP requests and responses, and DNS queries. 2) Questions are asked about analyzing the HTTP and DNS protocols in more depth, including HTTP versions, headers, status codes, and whether files are retrieved sequentially or in parallel. 3) DNS queries are examined in more detail, looking at response types, nameservers, and whether IP addresses are provided. Screenshots of DNS queries and responses are also requested.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 8

    :WIRESHARK LAB1 Stephan Benjamin Helmy

    HTTP
    1-List the different protocols that appear in the protocol column in the unfiltered packet-listing
    window in step 7 above.

    Arp,Icmpv6,dns,tcp,http

    2-How long did it take from when the HTTP GET message was sent until the HTTP OK reply was
    received? (By default, the value of the Time column in the packet-listing window is the amount of
    time, in seconds, since Wireshark tracing began To display the Time field in time-of-day format, select
    the Wireshark VIEW pull down menu, then select Time Display Format, then select Time-of-day.)

    0.00000000 sec

    3-What is the internet address of the gaia.cs.umass.edu (also known as www.net.cs.imass.edu)?what


    is the internet address of your computer?

    Src : 10.0.0.14,Des : 128.119.245.12

    4-Print the two HTTP messages displayed in step9 above. TO do so, select Print from the Wireshark
    File command menu, and select "Selected Packet Only" and "Print as displayed" and then click OK.

    1 ) No. Time Source Destination Protocol Info

    12 10.015698 10.0.0.14 128.119.245.12 HTTP GET / HTTP/1.1

    Frame 12: 466 bytes on wire (3728 bits), 466 bytes captured (3728 bits)

    Ethernet II, Src: QuantaCo_65:f1:76 (c8:0a:a9:65:f1:76), Dst: Peripher_08:7e:02 (00:60:52:08:7e:02)

    Internet Protocol, Src: 10.0.0.14 (10.0.0.14), Dst: 128.119.245.12 (128.119.245.12)

    Transmission Control Protocol, Src Port: 50560 (50560), Dst Port: http (80), Seq: 1, Ack: 1, Len: 412

    Hypertext Transfer Protocol

    2 ) No. Time Source Destination Protocol Info

    81 17.237751 128.119.245.12 10.0.0.14 HTTP HTTP/1.1 404 Not Found (text/html)

    Frame 81: 810 bytes on wire (6480 bits), 810 bytes captured (6480 bits)

    Ethernet II, Src: Peripher_08:7e:02 (00:60:52:08:7e:02), Dst: QuantaCo_65:f1:76 (c8:0a:a9:65:f1:76)

    7
    Internet Protocol, Src: 128.119.245.12 (128.119.245.12), Dst: 10.0.0.14 (10.0.0.14)

    Transmission Control Protocol, Src Port: http (80), Dst Port: 50560 (50560), Seq: 36865, Ack: 1437, Len: 756

    [Reassembled TCP Segments (1492 bytes): #79(736), #81(756)]

    Hypertext Transfer Protocol

    Line-based text data: text/html

    __________________________________________________________________________

    1-Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?

    Src : 1.1,Des : 1.1

    2-What languages (if any) does your browser indicate that it can accept to the server?

    En - us

    3-What is the IP address of your computer? Of the gaia.cs.umass.edu server?

    10.0.0.14 128.119.245.12

    4-What is the status code returned from the server to your browser?

    html

    5-When was the HTML file that you are retrieving last modified at the server?

    Last-Modified: Mon, 06 Dec 2010 00:11:01 GMT\r\n

    6-How many bytes of content are being returned to your browser?

    128

    7-By inspecting the raw data in the packet content window, do you see any headers within the data
    that are not displayed in the packet-listing window? If so, name one.

    NO

    8-Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an
    "IF-MODIFIED-SINCE" line in the HTTP GET?

    NO

    9-Inspect the contents of the server response. Did the server explicity return the contents of the file?
    How can you tell?

    Yes,From line-based text data we find the HTML code for the web page

    7
    10-Now inspect the contents of the second HTTP GET request from your browser to the server. Do you
    see an "IF-MODIFIED-SINCE" line in the HTTP GET? IF so, what information follows the "IF-MODIFIED-
    SINCE:" header?

    Yes,If-Modified-Since: Mon, 06 Dec 2010 18:32:02 GMT\r\n

    11-What is the HTTP status code and phrase returned from the server in response to this second HTTP
    GET? Did the server explicity return the contents of the file? Explain.

    HTTP status code : OK

    No server return the content of the previous HTTP replay because the page isn’t modified’

    12-How many HTTP GET request messages were sent by your browser?

    One message

    13-How many data-containing TCP segments were needed to carry the single HTTP response? 8

    14-What is the status code and phrase associated with the response to the HTTPGET request?

    Status code : 200,Phrase : OK

    15-Are there any HTTP status lines in the transmitted data associated with a TCP-induced
    "Continuation"?

    no

    16 – How many HTTP GET request messages were sent by your browser? To whichInternet addresses
    were these GET requests sent?

    17 –Can you tell whether your browser downloaded the two images serially, or
    whether they were downloaded from the two web sites in parallel? Explain.

    128.119.240.90 and for image 165.193.140.14

    18-What is the servers response (status code and phrase) in response to the initial HTTP GET message
    from your browser?

    Status code : 401,Phrase : Authorization Required

    19-When your browser's sends the HTTP GET message for the second time, what new field is included
    in the HTTP GET message?

    Authorization field

    _________________________________________________________________________

    7
    DNS
    1- Run nslookup to obtain the IP address of a Web server in Asia.
    www.aiit.or.kr Server: UnKnown Address: 192.168.1.1

    2-Run nslookup to determine the authoritative DNS servers for a university in Europe.
    mit.edu nameserver = strawb.mit.edu

    mit.edu nameserver = w20ns.mit.edu

    mit.edu nameserver = bitsy.mit.edu

    3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers
    for Yahoo! mail.

    yahoo.com nameserver = ns6.yahoo.com


    yahoo.com nameserver = ns4.yahoo.com
    yahoo.com nameserver = ns3.yahoo.com
    yahoo.com nameserver = ns1.yahoo.com
    yahoo.com nameserver = ns2.yahoo.com
    yahoo.com nameserver = ns5.yahoo.com
    yahoo.com nameserver = ns8.yahoo.com
    yahoo.com nameserver = ns6.yahoo.com
    yahoo.com nameserver = ns4.yahoo.com
    yahoo.com nameserver = ns3.yahoo.com
    yahoo.com nameserver = ns1.yahoo.com
    yahoo.com nameserver = ns2.yahoo.com
    yahoo.com nameserver = ns5.yahoo.com
    yahoo.com nameserver = ns8.yahoo.com

    4-Locate the DNS query and response messages. Are then sent over UDP or TCP?

    UDP

    5-What is the destination port for the DNS query message sent? What is the source port of DNS
    response message?

    the destination port for the DNS query message sent = 53

    the source port of DNS response message = 65418

    6-TO what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your
    local DNS server. Are these two IP addresses the same?

    7
    192.168.1.1, 192.168.1.1, yes the same

    7-Examine the DNS query message. what "Type" of DNS query is it? Does the query message contain
    any "answers"?

    Slandered query UDP no its hasn’t any answer

    8-Examine the DNS response message. How many "answers" are provided? What do each of these
    answers contain?

    Slandered query response UDP yes it has answer contain the name , type ,class ,time to live , data length
    ,addr

    9-Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the
    SYN packet correspond to any of the IP addresses provided in the DNS response message?

    Yes , it correspond to addr field

    10-This web page contains images. Before retrieving each image, does your host issue new DNS
    queries?

    No

    11-WhaT is the destination port for the DNS query message? What is the source port of DNS response
    message?

    Destination port = 53,Source port = 58757

    12-To what IP address is the DNS query message sent? Is this the IP address of your default local DNS
    server?

    192.168.1.1,yes

    13-EXamine the DNS query message. What "Type" of DNS query is it? DOES the query message
    contain any "answers"?

    Slandered query UDP no its hasn’t any answer

    14-Examine the DNS response message. How many "answers" are provided? What do each of these
    answers contain?

    Slandered query response UDP yes it has 7 answer contain

    the name = www.mit.edu

    type = a (host address), class = IN (0x0001)

    time to live= 1 minute

    7
    data length= 4, addr= 18.9.22.169

    15- Provide a screenshot.

    16-TO what IP address is the DNS query message sent? Is this the IP address of your default local DNS
    server?TO what IP address is the DNS query message sent? Is this the IP address of your default local
    DNS server?

    192.168.1.1,Yes

    17-Examine the DNS query message. what "Type" of DNS query is it? Does the query message contain
    any "answers"?

    Slandered query UDP no its hasn’t any answer

    18-Examine the DNS query message. What MIT nameservers does the reponse message provide? Does
    this response message also provide the IP addresses of the MIT nameservers?

    strawb.mit.edu

    w20ns.mit.edu

    bitsy.mit.edu

    strawb.mit.edu

    w20ns.mit.edu

    7
    bitsy.mit.edu

    no it isn’t provided the IP addresses of the MIT nameseverrs

    19-Provide a screenshot.

    20-TO what IP address is the DNS query message sent? Is this the IP address of your default local DNS
    server? IF not, what does the IP address correspond to?

    18.72.0.3,No it’s the default dns

    21-EXamine the DNS query message. What "Type" of DNS query is it? DOES the query message
    contain any "answers"?

    Slandered query UDP no its hasn’t any answer

    22-Examine the DNS response message. How many "answers" are provided? What do each of these
    answers contain?

    Slandered query response UDP yes it has 7 answer contain

    the name = www.ait.or.kr

    type = a (host address)

    class = IN (0x0001)

    7
    time to live= 1 hour

    data length= 4

    addr= 222.106.36.115

    23-Provide a screenshot.

    You might also like