网络自顶向下实验一——HTTP

Wireshark Lab: HTTP

1.The Basic HTTP GET/response interaction

Basic information of HTTP

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
2. What languages (if any) does your browser indicate that it can accept to the server?
3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?
4. What is the status code returned from the server to your browser?
5. When was the HTML file that you are retrieving last modified at the server?
6. How many bytes of content are being returned to your browser?
7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one.
   
   

1. My browser run HTTP version 1.1. Just like the pic1 show above. Remote server run HTTP version 1.1, too. As is shown in pic2.
   

2. According to the pic3, we know that browser can accept these three languages : en-US, zh-CN or zh.

3. My own IP address is the source of first item in Wireshark. 10.147.141.193. That is my own IP address.

   PS C:\Users\16700> ipconfig | findstr IPv4
   IPv4 ?? . . . . . . . . . . . . : 192.168.195.1
   IPv4 ?? . . . . . . . . . . . . : 192.168.175.1
   IPv4 ?? . . . . . . . . . . . . : 10.147.241.193  
   

   and is exactly same as my own ipconfig!

   And the IP address of gaia.cs.umass.edu server is the Destination of first item in Wireshark.128.119.245.12.

   PS C:\Users\16700> ping gaia.cs.umass.edu                                           
   正在 Ping gaia.cs.umass.edu [128.119.245.12] 具有 32 字节的数据:
   
   来自 128.119.245.12 的回复: 字节=32 时间=272ms TTL=43
   来自 128.119.245.12 的回复: 字节=32 时间=264ms TTL=43
   来自 128.119.245.12 的回复: 字节=32 时间=267ms TTL=43
   来自 128.119.245.12 的回复: 字节=32 时间=263ms TTL=43
   

   and it is also the same as what we ping the address!

4. From pic2 we can read the status code 304 Not Modified in response message.

5. // This maybe the Date item of response message. Wed, 27 Mar 2019 09:40:00 GMT

   This is the If-Modified-Since part : Wed, 27 Mar 2019 05:59:01 GMT.

6. Server send 293bytes to my browser. As is shown in the pic2.

   If return 304 Not Modified that means since we first request the page, this page is not change at all. And server won’t return us page content, and we use browser cache to load this page. So we should flash browser cache and reload the page so that to let server know we are green hand in this page. And finally we get status code 200, and get it’s length : 128bytes

   

7. Connection-alive, Last-Modified

2.The HTTP CONDITIONAL GET/response interaction

HTTP Cache

8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell?
10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?
11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.

  Before we answer questions above, we must know something like this:

• When we first access the server, for example, xxxx.com the client (in this case, our browser). We might sent HTTP request to remote server;
• Remote server accept our request and send client response packet. Include Last-Modified and ETag items with status code 200 ;
• We access xxxx.com again without clean browser cache. This time client will send request, Include If-Modified-Since,If-None-Matchto the server
• Remote server accept our request and check If-None-Match and ETag
  • if If-None-Match equals ETag --That’s to say, server do not change since client last access. Then server will return status code 304 and response include ETag.
  • if If-None-Match not equals ETag --That’s to say, server have changed the file. This access is regarded as a new access. Server will return status code 200 and response with Last-Modified and ETag

8. In above analysis, we can easy to know when we first request, we can not see If-Modified-SINCE line in HTTP GET.
   
   

9. Look at the pic above we can see that server return the html content to us explicitly when first access the web. While the second access, it does not return!

   It is HTTP cache that make these case! We first access xxxx.com without any cache, so remote server return us html content explicitly. When we 2nd access xxxx.com and get 304 – we know that what we need are all at HTTP cache. So server will not return html content.

10. Yeah, we can see an If-Modified-Since line in 2nd HTTP GET. In fact, information follows the tag is exactly the information from 1st server response Last-Modified tag.
11. When we 2nd receive the remote server, we get status code 304.-- That means client cache has already stored the information. And server will not return content of file. Reason is what I said in 9.

3.Retrieving Long Documents

Big File HTTP SUBSection

12. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights?
13. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request?
14. What is the status code and phrase in the response?
15. How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights?
    

12. I have sent 2 HTTP/GET request messages. One of them(61) is request of the HTML, while another(79) is request for the icon next to the title. Packet 61 contains the GET message for Bill or Rights?

13. Packet 76 contains the status code and phrase to the HTTP GET request.
    

14. 200 OK

15. In fact, we know that the HTML file is 4500bytes, and every TCP can carry 1460bytes, so we need $\dfrac{4500}{1460} = 3.08$， So we will use 4 TCP.

4.HTML Documents with Embedded Objects

16. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent?

17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain

    Before we answer question above, we must know something below.

  The process of request is divided into these steps:

• client(usually browser) send request to remote server
• remote server return HTML File to local client
• browser check if there are Embedded Objects in RETURNED HTML.
  • EXIST: then client start another request to ask the object
  • ELSE: Finish this connection.

16. My browser sent 4 request messages.

  For Packet 17, This is the request for html file. For Packet 33, This is the request for the logo of person.png; For Packet 34, This is the request for cover.jpg, And the last one was the Packet 130, This is the request for the icon next to the title.

17. Parallel! In fact when we request for the EMBEDDED OBJECTS, we can see from the Wireshark that browser sent THE 2nd request immediately rather than request until the RESPONSE of 1st request.

5.HTTP Authentication

18. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser?

19. When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message?
    

https://blog.csdn.net/maoliran/article/details/51841420

18. The remote server response 401 Unauthorized for our initial HTTP GET message.
19. When we request the site for second time, we can find that in HTTP GET we find Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms= .

In fact, the values follow by tag Authorization : Basic is the result of encryption if username and password.(in this case, we use base64)