Thursday, February 9, 2017

Wireshark Lab #4 - Retrieving Long Documents

Retrieving Long Documents

In our examples thus far, the documents retrieved have been simple and short HTML files. Let’s next see what happens when we download a long HTML file. Do the following:
  • Start up your web browser, and make sure your browser’s cache is cleared, as discussed above.
  • Start up the Wireshark packet sniffer
  • Enter the following URL into your browser
  • Your browser should display the rather lengthy "The Most Horrible X-Mas Ever."
  • Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed.
In the packet-listing window, you should see your HTTP GET message, followed by a multiple-packet TCP response to your HTTP GET request. This multiple-packet response deserves a bit of explanation. Remember that the HTTP response message consists of a status line, followed by header lines, followed by a blank line, followed by the entity body. In the case of our HTTP GET, the entity body in the response is the entire requested HTML file. In our case here, the HTML file is rather long, and at more than 4500 bytes, it is too large to fit in one TCP packet.

The single HTTP response message is thus broken into several pieces by TCP, with each piece being contained within a separate TCP segment. In recent versions of Wireshark, Wireshark indicates each TCP segment as a separate packet, and the fact that the single HTTP response was fragmented across multiple TCP packets is indicated by the “TCP segment of a reassembled PDU” in the Info column of the Wireshark display.

Earlier versions of Wireshark used the “Continuation” phrase to indicated that the entire content of an HTTP message was broken across multiple TCP segments.. We stress here that there is no  “Continuation” message in HTTP!

Answer the following questions:
  1. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights?
  2. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request?
  3. What is the status code and phrase in the response?
  4. How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights? 
 Turn in to Jupiter as a PDF

No comments:

Post a Comment