Scribd
Upload
43 views

Computer Netwoking Wireshark Lab Report: SID: 201824405007 Name: Islam MD Aminul Major: Computer Science and Technology

This document is a lab report for a computer networking course. It summarizes the student's completion of a Wireshark lab assignment. The student captured network packets using Wireshark and answered questions about the protocols, addresses, timings and contents of the HTTP requests and responses. They provided packet captures and time stamps as evidence for their answers. The student made 3 HTTP requests - one each to gaia.cs.umass.edu, their own computer, and an external image site. They were unable to determine if the image downloads occurred serially or in parallel from the packet capture.

Uploaded by

samilu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views

Computer Netwoking Wireshark Lab Report: SID: 201824405007 Name: Islam MD Aminul Major: Computer Science and Technology

This document is a lab report for a computer networking course. It summarizes the student's completion of a Wireshark lab assignment. The student captured network packets using Wireshark and answered questions about the protocols, addresses, timings and contents of the HTTP requests and responses. They provided packet captures and time stamps as evidence for their answers. The student made 3 HTTP requests - one each to gaia.cs.umass.edu, their own computer, and an external image site. They were unable to determine if the image downloads occurred serially or in parallel from the packet capture.

Uploaded by

samilu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

COMPUTER NETWOKING

WIRESHARK LAB REPORT


SID: 201824405007
Name: ISLAM MD AMINUL
Major: Computer science and technology
Installing wireshark and getting started.
The first lab of this course is about how to install Wireshark and get familiar with it.
The lab introduces packet sniffer, Wireshark. Wireshark is a free open source network protocol
analyzer. It is used for network troubleshooting and communication protocol analysis.
Wireshark captures network packets in real time and display them in human-readable format.
It provides many advanced features including live capture and offline analysis, three-pane packet
browser, coloring rules for analysis.

Requirements for Lab:


1. Laptop / Decktop (I used my Windows 10 OS Laptop)
2. Internet Connection (I used my university Wifi)
3. Wireshark Software (installed in my device)

01: List 3 different protocols that appear in the protocol column in the unfiltered packet-listing
window in step 7 above.
Answer:

Three different protocols are TCP, HTTP and DNS.


figure number 01display the three different protocols.

Figure number01
2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply
was received? (By default, the value of the Time column in the packet_listing window is the
amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-
day format, select the Wireshark View pull down menu, then select Time Display Format, then
select Time-of-day.) Answer:
[Time since request: 0.311286000 seconds]
Date: Mon, 12 Apr 2021 17:13:15 GMT\r\n
Last-Modified: Mon, 12 Apr 2021 05:59:02 GMT\r\n
figure02 display the answer of this question.

Figure number02
3. What is the Internet address of the gaia.cs.umass.edu (also known as www_net.cs.umass.edu)?
What is the Internet address of your computer?
answer:
Internet address of computer is 10.32.8.66
Internet address of the gaia.cs.umass.edu is 128.119.245.12. In figure 03 below clearly display
the internet address of my computer and gais.cs.umass.edu.

Figure number03
4. Print the two HTTP messages (GET and OK) referred to in question 2 above. To do so, select
Print from the Wireshark File command menu, and select the“Selected Packet Only” and “Print
as displayed” radial buttons, and then click OK. Answer:

HTTP GET
Frame 4002: 637 bytes on wire (5096 bits), 637 bytes captured (5096 bits) on interface
\Device\NPF_{68F7F910-BA37-439A-83B9-A1973D41CF15}, id 0
Ethernet II, Src: IntelCor_ac:8b:7c (08:d4:0c:ac:8b:7c), Dst: IETF-VRRP-VRID_03
(00:00:5e:00:01:03)
Internet Protocol Version 4, Src: 10.32.8.66, Dst: 128.119.245.12
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 623
Identification: 0x1f77 (8055)
Flags: 0x40, Don't fragment
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0x512c [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.32.8.66
Destination Address: 128.119.245.12
Transmission Control Protocol, Src Port: 58488, Dst Port: 80, Seq: 1, Ack: 1, Len: 583
Hypertext Transfer Protocol
GET /wireshark-labs/INTRO-wireshark-file1.html HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-labs/INTRO-wireshark-file1.html
HTTP/1.1\r\n]
Request Method: GET
Request URI: /wireshark-labs/INTRO-wireshark-file1.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
Upgrade-Insecure-Requests: 1\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/89.0.4389.114 Safari/537.36\r\n
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;
q=0.8,application/signed-exchange;v=b3;q=0.9\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-GB-oxendict,en-US;q=0.9,en;q=0.8\r\n
If-None-Match: "51-5bfac18097a36"\r\n
If-Modified-Since: Sun, 11 Apr 2021 05:59:02 GMT\r\n
\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html]
[HTTP request 1/2]
[Response in frame: 4072]
[Next request in frame: 4168]

HTTP OK
Frame 4072: 492 bytes on wire (3936 bits), 492 bytes captured (3936 bits) on interface
\Device\NPF_{68F7F910-BA37-439A-83B9-A1973D41CF15}, id 0
Ethernet II, Src: IETF-VRRP-VRID_03 (00:00:5e:00:01:03), Dst: IntelCor_ac:8b:7c
(08:d4:0c:ac:8b:7c)
Internet Protocol Version 4, Src: 128.119.245.12, Dst: 10.32.8.66
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 478
Identification: 0x151e (5406)
Flags: 0x40, Don't fragment
Fragment Offset: 0
Time to Live: 37
Protocol: TCP (6)
Header Checksum: 0xb716 [validation disabled]
[Header checksum status: Unverified]
Source Address: 128.119.245.12
Destination Address: 10.32.8.66
Transmission Control Protocol, Src Port: 80, Dst Port: 58488, Seq: 1, Ack: 584, Len: 438
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
Response Version: HTTP/1.1
Status Code: 200
[Status Code Description: OK]
Response Phrase: OK
Date: Mon, 12 Apr 2021 17:13:15 GMT\r\n
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.14 mod_perl/2.0.11
Perl/v5.16.3\r\n
Last-Modified: Mon, 12 Apr 2021 05:59:02 GMT\r\n
ETag: "51-5bfc035e02d35"\r\n
Accept-Ranges: bytes\r\n
Content-Length: 81\r\n
Keep-Alive: timeout=5, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=UTF-8\r\n
\r\n
[HTTP response ½
[Time since request: 0.311286000 seconds]
[Request in frame: 4002]
[Next request in frame: 4168]
[Next response in frame: 4233]
[Request URI: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html]
File Data: 81 bytes
Line-based text data: text/html (3 lines)
---------------------------------------------------------------------------------------------------------------------
1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server
running?
Answer:
My browser is running HTTP version 1.1. and server is running 1.1 as well.

Figure number04
2. What languages (if any) does your browser indicate that it can accept to the server? the
language is En-US.
Answer:
Accept-Language: en-GB-oxendict,en-US;q=0.9,en;q=0.8\r\n
3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?
Answer:
Internet adress of my computer is 10.32.8.66
The Internet address of the gaia.cs.umass.edu is 128.119.245.12
Figure number05 display the internet address of my computer and gaia.cs.umass.edu server.

Figure number05
4. What is the status code returned from the server to your browser? Status Code: 200[Status
Code Description: OK] Answer:
Status Code: 200 Status
Code Description: OK

Figure number06
5.When was the HTML file that you are retrieving last modified at the server? Answer:
Last-Modified: Mon, 12 Apr 2021 05:59:02 GMT\r\n
Figure number07 display the last modified at the server.

Figure number07
6. How many bytes of content are being returned to your browser? Answer:
81 bytes of content has been returning to my browser.
Figure number08 display below how many bytes of content are being returned to my browser.

Figure number08
7. By inspecting the raw data in the packet content window, do you see any headers within the
data that are not displayed in the packet-listing window? If so, name one.Answer the following
questions:
Answer: NO.
8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you
see an “IF-MODIFIED-SINCE” line in the HTTP GET?
Answer: No. I do not see an "IF-MODIFIED-SINCE line in the HTTP GET.
Figure number09
9. Inspect the contents of the server response. Did the server explicitly return the contents of the
file? How can you tell?
Answer:
Yes. Because we can see the contents in the Line-based text data field.
10. Now inspect the contents of the second HTTP GET request from your browser to the server.
Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows
the “IF-MODIFIED-SINCE:” header?
Answer:
No. I do not see an “IF-MODIFIED-SINCE:” line in the HTTP GET.
11. What is the HTTP status code and phrase returned from the server in response to this second
HTTP GET? Did the server explicitly return the contents of the file?
Answer:
The status code and phrase returned from the server is GET /favicon.ico HTTP/1.1\r\n
Expert Info (Chat/Sequence): GET /favicon.ico HTTP/1.1\r\n]
Figure number10
12.  How many HTTP GET request messages did your browser send? Which packet number in
the trace contains the GET message for the Bill or Rights? Answer:
HTTP GET request messages my browser send is 1 And Packet number: 2016

Figure number11
13. Which packet number in the trace contains the status code and phrase associated with the
response to the HTTP GET request? Answer:
Packet number 2079
And, status code 200 OK

Figure number12
14. What is the status code and phrase in the response?
Answer: response is 200 OK.
[Associated with answer no 13]
16. How many HTTP GET request messages did your browser send? To which Internet
addresses were these GET requests sent?
Answer: My browser got 3 HTTP GET request send.
1. 128.119.245.12
2. 10.32.8.66
3. 178.79.137.164

Figure number14
17. Can you tell whether your browser downloaded the two images serially, or whether they
were downloaded from the two web sites in parallel?
Answer:
The two images were downloaded from the two web sites in parallel. Because one image come
from 10.32.8.66 this IP and other come from this 178.79.137.164 IP.
Figure number15 clearly shows the different IP two images.

Figure number15

18. What is the server’s response (status code and phrase) in response to the initial HTTP GET
message from your browser?
Answer:
HTTP/1.1 401 Unauthorized\r\n
Status Code: 401
[Status Code Description: Unauthorized]
Response Phrase: Unauthorized
WWW-Authenticate: Basic realm="wireshark-students only"\r\n
Figure number16
19.  When your browser’s sends the HTTP GET message for the second time, what new field is
included in the HTTP GET message? Answer:
Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
Credentials: wireshark-students:network

Figure number17
THANK YOU

You might also like