1.基本HTTP GET/response交互

  • 实验图像
    Wireshark_HTTP-Answer.md - 图1
  1.     GET /wireshark-labs/HTTP-wireshark-file1.html HTTP/1.1\r\n
  2.     Accept: text/html, application/xhtml+xml, image/jxr, */*\r\n
  3.     Accept-Language: zh-CN\r\n
  4.     User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko\r\n
  5.     Accept-Encoding: gzip, deflate\r\n
  6.     Host: gaia.cs.umass.edu\r\n
  7.     Connection: Keep-Alive\r\n
  8.     \r\n
  9.     [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html]
  10.     [HTTP request 1/1]
  11.     [Response in frame: 15]
  1.     HTTP/1.1 200 OK\r\n
  2.     Server:   \r\n
  3.     Date: Mon, 02 Dec 2019 13:44:52 GMT\r\n
  4.     Content-Type: text/html; charset=UTF-8\r\n
  5.     Content-Length: 128\r\n
  6.     Connection: keep-alive\r\n
  7.     Last-Modified: Mon, 02 Dec 2019 06:59:01 GMT\r\n
  8.     ETag: "80-598b31d50a6e7"\r\n
  9.     Accept-Ranges: bytes\r\n
  10.     \r\n
  11.     [HTTP response 1/1]
  12.     [Time since request: 0.556109000 seconds]
  13.     [Request in frame: 11]
  14.     [Request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html]
  15.     File Data: 128 bytes
  17.     <html>\n
  18.     Congratulations.  You've downloaded the file \n
  19.     http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html!\n
  20.     </html>\n

  1. 您的浏览器是否运行HTTP版本1.0或1.1?服务器运行什么版本的HTTP?
    浏览器和服务器都运行 HTTP/1.1

  2. 您的浏览器会从接服务器接受哪种语言(如果有的话)?
    Accept-Language: zh-CN

  3. 您的计算机的IP地址是什么? gaia.cs.umass.edu服务器地址呢?
    计算机IP 192.168.2.239
    gaia.cs.umass.edu服务器IP 128.119.245.12

  4. 服务器返回到浏览器的状态代码是什么?
    200 OK

  5. 服务器上HTML文件的最近一次修改是什么时候?
    Last-Modified: Mon, 02 Dec 2019 06:59:01 GMT

  6. 服务器返回多少字节的内容到您的浏览器?
    Content-Length: 128

  7. 通过检查数据包内容窗口中的原始数据,你是否看到有协议头在数据包列表窗口中未显示? 如果是,请举一个例子。
    应该没有

2.HTTP条件Get/response交互

  • 实验图像
    Wireshark_HTTP-Answer.md - 图2
  1.     GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
  2.     Host: gaia.cs.umass.edu\r\n
  3.     Connection: keep-alive\r\n
  4.     Upgrade-Insecure-Requests: 1\r\n
  5.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\r\n
  6.     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\r\n
  7.     Accept-Encoding: gzip, deflate\r\n
  8.     Accept-Language: zh-CN,zh;q=0.9\r\n
  9.     \r\n
  10.     [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
  11.     [HTTP request 1/2]
  12.     [Response in frame: 312]
  13.     [Next request in frame: 420]
  1.     HTTP/1.1 200 OK\r\n
  2.     Server:   \r\n
  3.     Date: Mon, 02 Dec 2019 14:14:09 GMT\r\n
  4.     Content-Type: text/html; charset=UTF-8\r\n
  5.     Content-Length: 371\r\n
  6.     Connection: keep-alive\r\n
  7.     Last-Modified: Mon, 02 Dec 2019 06:59:01 GMT\r\n
  8.     ETag: "173-598b31d509f17"\r\n
  9.     Accept-Ranges: bytes\r\n
  10.     \r\n
  11.     [HTTP response 1/2]
  12.     [Time since request: 0.527297000 seconds]
  13.     [Request in frame: 289]
  14.     [Next request in frame: 420]
  15.     [Next response in frame: 428]
  16.     [Request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
  17.     File Data: 371 bytes
  18.     \n
  19.     <html>\n
  20.     \n
  21.     Congratulations again!  Now you've downloaded the file lab2-2.html. <br>\n
  22.     This file's last modification date will not change.  <p>\n
  23.     Thus  if you download this multiple times on your browser, a complete copy <br>\n
  24.     will only be sent once by the server due to the inclusion of the IN-MODIFIED-SINCE<br>\n
  25.     field in your browser's HTTP GET request to the server.\n
  26.     \n
  27.     </html>\n
  1.     GET /wireshark-labs/HTTP-wireshark-file2.html HTTP/1.1\r\n
  2.     Host: gaia.cs.umass.edu\r\n
  3.     Connection: keep-alive\r\n
  4.     Cache-Control: max-age=0\r\n
  5.     Upgrade-Insecure-Requests: 1\r\n
  6.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\r\n
  7.     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\r\n
  8.     Accept-Encoding: gzip, deflate\r\n
  9.     Accept-Language: zh-CN,zh;q=0.9\r\n
  10.     If-None-Match: "173-598b31d509f17"\r\n
  11.     If-Modified-Since: Mon, 02 Dec 2019 06:59:01 GMT\r\n
  12.     \r\n
  13.     [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]
  14.     [HTTP request 2/2]
  15.     [Prev request in frame: 289]
  16.     [Response in frame: 428]
  1.     HTTP/1.1 304 Not Modified\r\n
  2.     Server:   \r\n
  3.     Date: Mon, 02 Dec 2019 14:14:14 GMT\r\n
  4.     Connection: keep-alive\r\n
  5.     ETag: "173-598b31d509f17"\r\n
  6.     \r\n
  7.     [HTTP response 2/2]
  8.     [Time since request: 0.560527000 seconds]
  9.     [Prev request in frame: 289]
  10.     [Prev response in frame: 312]
  11.     [Request in frame: 420]
  12.     [Request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html]

  1. 检查第一个从您浏览器到服务器的HTTP GET请求的内容。您在HTTP GET中看到了“IF-MODIFIED-SINCE”行吗?
    没看到

  2. 检查服务器响应的内容。服务器是否显式返回文件的内容? 你是怎么知道的?
    服务器显式返回了文件内容,在实体部分可以看到

  3. 现在,检查第二个HTTP GET请求的内容。 您在HTTP GET中看到了“IF-MODIFIED-SINCE:”行吗? 如果是,“IF-MODIFIED-SINCE:”头后面包含哪些信息?
    If-Modified-Since: Mon, 02 Dec 2019 06:59:01 GMT\r\n
    包含了本地保存的文件的在服务器上的最后修改时间

  4. 针对第二个HTTP GET,从服务器响应的HTTP状态码和短语是什么?服务器是否明确地返回文件的内容?请解释。
    304 Not Modified
    服务器没有明确返回文件内容,因为文件后来没有被修改。

3.检索长文件

  • 实验图像
    Wireshark_HTTP-Answer.md - 图3
  1.     GET /wireshark-labs/HTTP-wireshark-file3.html HTTP/1.1\r\n
  2.     Host: gaia.cs.umass.edu\r\n
  3.     Connection: keep-alive\r\n
  4.     Upgrade-Insecure-Requests: 1\r\n
  5.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\r\n
  6.     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\r\n
  7.     Accept-Encoding: gzip, deflate\r\n
  8.     Accept-Language: zh-CN,zh;q=0.9\r\n
  9.     \r\n
  10.     [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file3.html]
  11.     [HTTP request 1/1]
  12.     [Response in frame: 23]
  1. Frame 23: 782 bytes on wire (6256 bits), 782 bytes captured (6256 bits) on interface 0
  2. Ethernet II, Src: PhicommS_cc:6b:be (68:db:54:cc:6b:be), Dst: IntelCor_c2:8c:e7 (1c:1b:b5:c2:8c:e7)
  3. Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.2.239
  4. Transmission Control Protocol, Src Port: 80, Dst Port: 60903, Seq: 4023, Ack: 460, Len: 728
  5. [4 Reassembled TCP Segments (4750 bytes): #20(1460), #21(1460), #22(1102), #23(728)]
  6.     [Frame: 20, payload: 0-1459 (1460 bytes)]
  7.     [Frame: 21, payload: 1460-2919 (1460 bytes)]
  8.     [Frame: 22, payload: 2920-4021 (1102 bytes)]
  9.     [Frame: 23, payload: 4022-4749 (728 bytes)]
  10.     [Segment count: 4]
  11.     [Reassembled TCP length: 4750]
  12.     [Reassembled TCP Data: 485454502f312e3120323030204f4b0d0a5365727665723a…]
  13. Hypertext Transfer Protocol
  14.     HTTP/1.1 200 OK\r\n
  15.     Server:   \r\n
  16.     Date: Mon, 02 Dec 2019 14:37:48 GMT\r\n
  17.     Content-Type: text/html; charset=UTF-8\r\n
  18.     Content-Length: 4500\r\n
  19.     Connection: keep-alive\r\n
  20.     Last-Modified: Mon, 02 Dec 2019 06:59:01 GMT\r\n
  21.     ETag: "1194-598b31d5031b6"\r\n
  22.     Accept-Ranges: bytes\r\n
  23.     \r\n
  24.     [HTTP response 1/1]
  25.     [Time since request: 0.572555000 seconds]
  26.     [Request in frame: 16]
  27.     [Request URI: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file3.html]
  28.     File Data: 4500 bytes
  29. Line-based text data: text/html (98 lines)

  1. 您的浏览器发送多少HTTP GET请求消息?哪个数据包包含了美国权利法案的消息?
    只发送了一个HTTP GET请求消息。
    返回的四个TCP数据包都包含了美国权利法案的消息。

  2. 哪个数据包包含响应HTTP GET请求的状态码和短语?
    返回的第一个TCP数据包包含响应HTTP GET请求的状态码和短语

  3. 响应中的状态码和短语是什么?
    200 OK

  4. 需要多少包含数据的TCP段来执行单个HTTP响应和权利法案文本?
    需要4个TCP数据包

4.具有嵌入对象的HTML文档

  • 实验图像
    Wireshark_HTTP-Answer.md - 图4

  1. 您的浏览器发送了几个HTTP GET请求消息? 这些GET请求发送到哪个IP地址?
    3个HTTP GET请求消息。都发送到 128.119.245.12

  2. 浏览器从两个网站串行还是并行下载了两张图片?请说明。
    串行,因为有Connection: Keep-Alive

5.HTTP认证

  • 实验图像
    Wireshark_HTTP-Answer.md - 图5
  1.     GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n
  2.     Host: gaia.cs.umass.edu\r\n
  3.     Connection: keep-alive\r\n
  4.     Upgrade-Insecure-Requests: 1\r\n
  5.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\r\n
  6.     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\r\n
  7.     Accept-Encoding: gzip, deflate\r\n
  8.     Accept-Language: zh-CN,zh;q=0.9\r\n
  9.     \r\n
  10.     [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
  11.     [HTTP request 1/1]
  12.     [Response in frame: 70]
  1.     HTTP/1.1 401 Unauthorized\r\n
  2.     Date: Tue, 03 Dec 2019 16:39:11 GMT\r\n
  3.     Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.11 Perl/v5.16.3\r\n
  4.     WWW-Authenticate: Basic realm="wireshark-students only"\r\n
  5.     Content-Length: 381\r\n
  6.         [Content length: 381]
  7.     Keep-Alive: timeout=5, max=100\r\n
  8.     Connection: Keep-Alive\r\n
  9.     Content-Type: text/html; charset=iso-8859-1\r\n
  10.     \r\n
  11.     [HTTP response 1/1]
  12.     [Time since request: 0.263216000 seconds]
  13.     [Request in frame: 66]
  14.     [Request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
  15.     File Data: 381 bytes
  1.     GET /wireshark-labs/protected_pages/HTTP-wireshark-file5.html HTTP/1.1\r\n
  2.     Host: gaia.cs.umass.edu\r\n
  3.     Connection: keep-alive\r\n
  4.     Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
  5.     Upgrade-Insecure-Requests: 1\r\n
  6.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\r\n
  7.     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\r\n
  8.     Accept-Encoding: gzip, deflate\r\n
  9.     Accept-Language: zh-CN,zh;q=0.9\r\n
  10.     \r\n
  11.     [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
  12.     [HTTP request 1/1]
  13.     [Response in frame: 195]
  1.     HTTP/1.1 200 OK\r\n
  2.     Date: Tue, 03 Dec 2019 16:39:20 GMT\r\n
  3.     Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.11 Perl/v5.16.3\r\n
  4.     Last-Modified: Tue, 03 Dec 2019 06:59:03 GMT\r\n
  5.     ETag: "84-598c73b444ac9"\r\n
  6.     Accept-Ranges: bytes\r\n
  7.     Content-Length: 132\r\n
  8.         [Content length: 132]
  9.     Keep-Alive: timeout=5, max=100\r\n
  10.     Connection: Keep-Alive\r\n
  11.     Content-Type: text/html; charset=UTF-8\r\n
  12.     \r\n
  13.     [HTTP response 1/1]
  14.     [Time since request: 0.266665000 seconds]
  15.     [Request in frame: 192]
  16.     [Request URI: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html]
  17.     File Data: 132 bytes

  1. 对于您的浏览器的初始HTTP GET消息,服务器响应(状态码和短语)是什么响应?
    401 Unauthorized

  2. 当您的浏览器第二次发送HTTP GET消息时,HTTP GET消息中包含哪些新字段?
    Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=