内容发布更新时间 : 2024/5/3 19:23:34星期一 下面是文章的全部内容请认真阅读。
Lab Exercise – HTTP
Objective
HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. The trace file is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-http.pcap
Step 1: Capture a Trace
Capture a trace of your browser making HTTP requests as follows; alternatively, you may use a supplied trace.Now that we seen how a GET works, we will observe your browser as it makes HTTP requests. Browser behavior can be quite complex, using more HTTP features thanthe basic exchange, so we will set up a simple scenario. We are assuming that your browser will use HTTP in this simple scenario rather than newer Web protocols such as SPDY, and if this is not the case you will need to disable SPDY.
1. Use your browser to find two URLs with which to experiment, both of which are HTTP (not HTTPS)
URLs with no special port. The first URL should be that of a small to medium-sized image,
whether .jpg, .gif, or .png. We want some static content without embedded resources. You can often find such a URL by right-clicking on unlinked images in web pages to tell your browser to open the URL of the image directly. The second URL should be the home page of some major web site that you would like to study. It will be complex by comparison. Visit both URLs to check that they work, then keepthem handy outside of the browser so you can cut-and-paste them. 2. Prepare your browser by reducing HTTP activity and clearing the cache. Apart from one fresh
tab that you will use, close all other tabs, windows tominimize HTTP traffic. 3. Launch Wireshark and start a capture with a filter of “tcp port 80”.We use this filterbe-cause there is no shorthand for HTTP, but HTTP is normally carried on TCP port 80.
Figure 2: Setting up the capture options
1
4. Fetch the following sequence of URLs, after you wait for a moment to check that there is no
HTTP traffic. If there is HTTP traffic then you need to find and close the application that is caus-ing it. Otherwise your trace will have too much HTTP traffic for you to understand.You will paste each URL into the browser URL bar and press Enter to fetch it. Do not type the URL, as this may cause the browser to generate additional HTTP requests as it tries to auto-complete your typing.
a. Fetch the first static image URL by pasting the URL into the browser bar and pressing
“Enter” or whatever is required to run your browser.
b. Wait 10 seconds, and re-fetch the static image URL. Do this in the same manner, and
without using the “Reload” button of your browser, lest it trigger other behavior. c. Wait another 10 seconds, and fetch the second home page URL.
5. Stop the capture after the fetches are complete.You should have a window full of trace in which
the protocol of some packets is listed as HTTP – if you do not have any HTTP packets there is a problem with the setup such as your browser using SPDY instead of HTTP to fetch web pages.
Figure 3: Trace of HTTPtraffic showing the details of the HTTP header
2
Step 2: Inspect the Trace
To focus on HTTP traffic, enter and apply a filter expression of “http”. This filter will show HTTP re-quests and responses, but not the individual packets that are involved. Recall that an HTTP response car-rying content will normally be spread across multiple packets. When the last packet in the response ar-rives, Wireshark assembles the complete response and tags the packet with protocol HTTP. The earlier packets are simply TCP segments carrying data; the last packet tagged HTTP includes a list of all the ear-lier packets used to make the response. A similar process occurs for the request, but in this case it is common for a request to fit in a single packet. With the filter expression of “http” we will hide the in-termediate TCP packets and see only the HTTP requests and responses. With this filter, your Wireshark display should be similar to the figure showing our example.
Select the first GET in the trace, and expand itsHTTP block. This will let us inspect the details of an HTTP request. Observe that the HTTP header follows the TCP and IP headers, as HTTP is an application proto-col that is transported using TCP/IP. To view it, select the packet, find the HTTP block in the middle panel, and expand it (by using the “+” expander or icon). This block is expanded in our figure.
Explore the headers that are sent along with the request. First, you will see the GET method at the start of the request, including details such as the path. Then you will see a series of headers in the form of tagged parameters. There may be many headers, and the choice of headers and their values vary from browser to browser. See if you have any of these common headers:
? Host. A mandatory header, it identifies the name (and port) of the server. ? User-Agent. The kind of browser and its capabilities.
? Accept, Accept-Encoding, Accept-Charset, Accept-Language. Descriptions of the formats that will
be accepted in the response, e.g., text/html, including its encoding, e.g., gzip, and language. ? Cookie. The name and value of cookies the browser holds for the website. ? Cache-Control. Information about how the response can be cached.
The request information is sent in a simple text and line-based format. If you look in the bottom panel you can read much of the request directly from the packet itself!
Select the response that corresponds to the first GET in the trace, and expand itsHTTP block. The Info for this packet will indicate “200 OK” in the case of a normal, successful transfer. You will see that the re-sponse is similar to the request, with a series of headers that follow the “200 OK” status code. However, different headers will be used, and the headers will be followed by the requested content. See if you have any of these common headers:
? Server. The kind of server and its capabilities.
? Date, Last-Modified. The time of the response and the time the content last changed. ? Cache-Control, Expires, Etag. Information about how the response can be cached. Answer the following questions: (answers on next page)
1. What is the format of a header line? Give a simple description that fits the headers you see. 2. What headers are used to indicate the kind and length of content that is returned in a response?
3