lab2 rashid habib ullah reg. no. 109

8/10/2019 Lab2 Rashid Habib Ullah Reg. No. 109

1/12

Computer and Communication Networks (CCN) SEECS, NUST

Lab 2: Introduction to HTTP and HTTPS

Name: Rashid Habib Ullah Registration No. 109

Lab Title:WiresharkHTTP (Hypertext Transfer Protocol) & HTTPS

Objective of th is lab:

In this lab, well explore several aspects of the HTTP protocol: the basic GET/response

interaction, HTTP message formats, retrieving large HTML files; we will also see how to

install and configure HTTP server using the Apache webserver software.

I nstructions:

Read carefully before starting the lab.

These exercises are to be done individually.

You are supposed to provide the answers to the questions listed at the end of this

document and upload the completed report to your courses LMS site.

For all questions, you must not on ly answer the question, but also supply all necessary

information regarding how you arrived at the answer (e.g., use screenshots/

accompanying text, etc.)

Avoid plagiarism by copying from the Internet or from your peers. You may refer to

source/ text but you must paraphrase the original work. Your submitted work should be

written by yourself.

Complete the lab half an hour before the lab ends.

At the end of the lab, a viva will be conducted to evaluate your understanding.

Background:

Having introduced the Wireshark packet sniffer in the introductory lab, were now ready to

use Wireshark to investigate protocols in operation, like HTTP, which is a common language

of the modern global Internet. The worlds web browsers, servers and related web

applications all talk to each other through HTTP, the Hypertext Transfer Protocol. Before

proceeding to the experiments, read introductions to some general terms used in this lab, toavoid any confusion.

1. What is a web page?

A Web page (also called a document) consists of objects. An object is a simple file -- such as

a HTML file, a JPEG image, a GIF image, a Java applet, an audio clip, etc. -- that is

addressable by a single URL. Most Web pages consist of a base HTML file and several

referenced objects. For example, if a Web page contains HTML text and five JPEG images,

then the Web page has six objects: the base HTML file plus the five images. The base HTML

file references the other objects in the page with the objects' URLs. Each URL has two

components: the host name of the server that houses the object and the object's path name. For


2/12



example, the URL www.someSchool.edu/someDepartment/picture.gif has

www.someSchool.edu for a host name and /someDepartment/picture.gif for a path name.

2. What is a web browser?

A browser is a user agent for the Web; it displays to the user the requested Web page and

provides numerous navigational and configuration features. Web browsers also implement the

client side of HTTP. Thus, in the context of the Web, we will interchangeably use the words

"browser" and "client". Popular Web browsers include Google Chrome, Netscape

Communicator and Microsoft Explorer.

3. What is a web server?

A Web server houses Web objects, each addressable by a URL. Web servers also implement

the server side of HTTP. Popular Web servers include Apache, Microsoft Internet

Information Server, and the Netscape Enterprise Server. (Netcraft provides a nice survey of

Web server penetration [Netcraft].)

4. Introduction to HTTP:

The Hypertext Transfer Protocol (HTTP), the Web's application-layer protocol, is at the heart

of the Web. HTTP is implemented in two programs: a client program and server program.

The client program and server programs, executing on different end systems, talk to each

other by exchanging HTTP messages. HTTP defines the structure of these messages and how

the client and server exchange the messages. HTTP defines how Web clients (i.e., browsers)

request Web pages from servers (i.e., Web servers) and how servers transfer Web pages to

clients. When a user requests a Web page (e.g., clicks on a hyperlink), the browser sends

HTTP request messages for the objects in the page to the server. The server receives therequests and responds with HTTP response messages that contain the objects.

5. Introduction to HTTPS:

Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications

protocol forsecure communication over a computer network, with especially wide

deployment on theInternet.Technically, it is not a protocol in itself; rather, it is the result of

simplylayering theHypertext Transfer Protocol (HTTP) on top of theSSL/TLSprotocol,

thus adding the security capabilities of SSL/TLS to standard HTTP communications.

In its popular deployment on the internet, HTTPS providesauthentication of the web site and

associatedweb server that one is communicating with, which protects againstMan-in-the-

middle attacks.Additionally, it provides bidirectionalencryption of communications between

a client and server, which protects against tampering the contents of the communication. In

practice, this provides a reasonable guarantee that one is communicating with precisely the

web site that one intended to communicate with, as well as ensuring that the contents of

communications between the user and site cannot be read or forged by any third party.

6. Introduction to Transport Layer Security and Secure Sockets Layer:

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),

arecryptographic protocols that provide communicationsecurity over theInternet. TLS and

SSLencrypt the segments ofnetwork connections at theApplication Layer for theTransport
http://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Hypertext_Transfer_Protocolhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Application_Layerhttp://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Application_Layerhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Hypertext_Transfer_Protocolhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Communications_protocol


3/12



Layer, usingasymmetric cryptography for key exchange,symmetric encryption for

confidentiality, andmessage authentication codes for message integrity.

Exercise 01: The Basic HTTP GET/response interaction

Aim of th is exercise: We will now learn about what packets are exchanged during a HTTP

conversation---we will learn about the HTTP GET message that is sent from the HTTP client

to the HTTP server and the HTTP message that is sent as response to this message.

Follow the steps below to complete this exercise and to provide answers to the questions

below

Start up your web browser.

Start up the Wireshark packet sniffer, as described in lab 1 (but dont yet begin

packet capture). Enter http (just the letters, not the quotation marks) in the display-

filter-specification window, so that only captured HTTP messages will be displayed

later in the packet-listing window. (Were only interested in the HTTP protocol here,

and dont want to see the clutter of all captured packets).

Wait a bit more than one minute (well see why shortly), and then begin Wireshark

packet capture.

Enter the following to your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-

wireshark-file1.html .Your browser should display the very simple, one-line HTMLfile.

Stop Wireshark packet capture.

The example in Figure 1 (shown on next page) shows in the packet-listing window that two

HTTP messages were captured: the GET message (from your browser to the

gaia.cs.umass.edu web server) and the response message from the server to your browser.

The packet-contents window shows details of the selected message (in this case the HTTP

GET message, which is highlighted in the packet- listing window). Recall that since the

HTTP message was carried inside a TCP segment, which was carried inside an IP datagram,

which was carried within an Ethernet frame, Wireshark displays the Frame, Ethernet, IP, andTCP packet information as well.
http://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Transport_Layer


4/12



Figure 1: Wireshark display after http://gaia.cs.umass.edu/wireshark-labs/ HTTP-

wireshark-file1.html has been retrieved by your browser

By looking at the information in the HTTP GET and response messages, answer the

following questions:

1.1Which version of HTTP is the browser runni ng 1.0 or 1.1? Which HTTP version is

the server runn ing?

Answer:Both server and client (browser) running 1.1 version of HTTP


5/12



1.2What languages (i f any) does the browser in dicate that i t can accept to the

server?

Answer:Browser indicates that it can accept US English language to the server.

1.3What is the IP address of your computer and of the gaia.cs.umass.edu server?

Answer:IP Address of my computer: 10.99.7.4

IP Address of gaia.cs.umass.edu server: 128.119.245.12

In GET message source will be my computer and destination will be that server so by

determining the source and destination address of IP in GET message I can tell the IP

address of my computer and of the server.


6/12



1.4What is the status code returned fr om the server to your browser?

Answer:Status code returned from the server to my browser is 200 which is code for OK.

1.5When the HTM L fi le that you are retr ieving was last modif ied at the server?

Answer:HTML file was last modified Fri, 27 Jun 2014 6:00:01 GMT. We can determine it in

the packet-header window of the OK message sent from the server.


7/12



Exercise 02: The HTTP CONDITIONAL GET/response interaction

Aim of th is exercise: We will now learn about a variant of the HTTP GET request message

that weve seen earlier. We will note how the HTTP CONDITIONAL GET request and thereply to such a request differ from a simple HTTP GET request.

The following indicate the steps for this experiment:

Start up your web browser, and make sure your browsers cache is cleared, as

discussed above.

Start up the Wireshark packet sniffer

Enter the following URL into your browser

http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html

Your browser should display a very simple five-line HTML file.

Quickly enter the same URL into your browser again (or simply select the refresh

button on your browser)

Stop Wireshark packet capture, and enter http in the display-filter-specification

window, so that only captured HTTP messages will be displayed later in the packet-

listing window.

Filter out all the non-HTTP packets and focus on the HTTP header information in the

packet-header detail window.

By looking at the information in the HTTP GET and response messages (the first two

messages), answer the following questions:


8/12



2.1Inspect the contents of the first HTTP GET request from the browser to the server.

Do you see an IF-MODIFIED-SINCE line in the HTTP GET?Answer:

No there is no IF-MODIFIED-SINCE line in first HTTP GET request.

2.2Now inspect the contents of the second HTTP GET request from the browser to the

server. Do you see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what

information is contained in the IF-MODIFIED-SINCE: header?Answer:

Yes there is IF-MODIFIED-SINCE line in the second request. And there is

information of last modification date of that file in that line.


9/12



2.3What is the HTTP status code and phrase returned from the server in response to

this second HTTP GET?

Answer:

It is 304, code for not modified.


10/12



Exercise 03:HTTPS Analysis

Aim of th is exercise: In our examples thus far, the documents retrieved have been simple and

short HTML files. Lets next see what are the contents and headers of https protocol.

Do the following:

Start up your web browser, and make sure your browsers cache is cleared, as

discussed above.

Start up the Wireshark packet sniffer

Enter the following URL into your browser https://google.com.pk

Stop Wireshark packet capture, and enter SSL in the display-filter-specification

window, so that only captured HTTP secure messages will be displayed

3.1 Observe the packets sent from client to server and server to client. What is the

pattern of TLSv1 packets?

Answer:

In Client-to-Server client send request for application data and hello and send the

Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message and in Server-to-

Client communication server send back the Client Key Exchange, Change Cipher Spec,

Encrypted Handshake Message and start send application data.

After sending application data, server change the Client Key Exchange, Change Cipher

Spec, Encrypted Handshake Message and client send back the requests and then server start

sending application data again.


11/12



3.2Look into the details of http and find out the port number used by the https?

Answer:

It is 443.


12/12



3.3Explore the handshake protocol field of SSL of first TLSv1 client request and

display its result.

Answer:

3.4 Explore the handshake protocol field of SSL of the server response of first

TLSv1 client request and display result.

Answer:

Document contains materi al fr omwww.wikipedia.organd other sour ces.
http://www.wikipedia.org/http://www.wikipedia.org/http://www.wikipedia.org/http://www.wikipedia.org/

lab2 rashid habib ullah reg. no. 109

Documents