[Computer network experiment] Experiment 1: Application protocol and data packet analysis experiment (using Wireshark)

Purpose

Through this experiment, you will be proficient in the operation and use of Wireshark, and learn to analyze the HTTP protocol.

Experimental steps

1. Download and install Wireshark;
2. Enter the command "ipconfig" in cmd to get the local IPv4 address; (this address is used to help analysis)
3. Start packet capture, visit www.china.com, and stop capturing after the page is loaded package. The results of the packet capture are as follows: (remember and save the results of the packet capture, maybe the assistant will look at it during acceptance)

4. Use the display filter to filter and select useful information for analysis.

Message analysis

1. Comprehensively analyze the intercepted messages and check how many types of HTTP messages are there?

There are two kinds of messages, one is the HTTP request message, the message with the sequence number 19 above; the other is the HTTP response message, the message with the sequence number 21 above.

2. In the intercepted HTTP messages, select an HTTP request message and the corresponding HTTP response message, carefully analyze their format, and fill in Table 1.1 and Table 1.2.

1) As follows: Analyze the HTTP request message with sequence number 19.


2) As follows: Analyze the HTTP response message with the serial number 21.

3. Analyze how many connections have been established between the client and the server in the intercepted messages? Which port numbers are used by the server and the client?

First explain why multiple connections are established:

When the user enters the address of the HTTP server to be accessed in the address bar of the browser, the working process of the browser and the accessed HTTP server is as follows:

1. The browser analyzes the URL of the page to be accessed and requests the local DNS server for IP resolution;
2. The DNS server resolves the IP address of the HTTP server and returns the IP address to the browser;
3. The browser establishes a TCP connection with the HTTP server. If the connection is successful, go to the next step;
4. The browser sends a request message (including GET information) to the HTTP server, requesting to access the specified page of the server;
5. The server responds by sending the page to be visited by the browser to the browser. During the page transmission, the browser will open multiple ports and establish multiple connections with the server;
6. Release the TCP connection;
7. The browser receives the page and displays it to the user.

It can be seen from the above that after the client connects to the server, the browser may open multiple ports and establish multiple connections with the server during the page transmission process, which speeds up page loading.

Back to the answer to this question:

I counted it roughly (mainly I don't know how to use the display filter to filter out the messages used for connection...), three connections were established, and at least one connection was established for each client port number.

The port number used by the client: 55718, 55719, 55720
The port number used by the server: 80, 443

4. Comprehensively analyze the intercepted messages, understand the working process of the HTTP protocol, and fill in the results in Table 1.3.

Corresponding screenshot:

I encountered a problem here. In the messages I caught, I didn't see the messages carrying the FIN field...