【Wireshark Lab v8.0】Lab2：HTTP

以下实验步骤均来自实验指导手册。

实验指导手册下载地址：Jim Kurose Homepage (umass.edu)

1.The Basic HTTP GET/response interaction

在浏览器输入http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html，并抓取对应的http包，结果如下，得到`http get请求数据包以及http responce`数据包

为方便分析数据包，可以将内容打印出来，如下

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
   
   

2. What languages (if any) does your browser indicate that it can accept to the server?
   

3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?
   
   在get请求中，计算机的ip地址是Source，server的ip地址是Destination

4. What is the status code returned from the server to your browser?
   

5. When was the HTML file that you are retrieving last modified at the server?
   
   有趣的是，无论何时抓包，上次更改时间永远是在一分钟之内，手册解释如下
   

6. How many bytes of content are being returned to your browser?
   

7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one.
   
   packet-listing只显示了这些header
   在get请求中，下面这些没有显示
   
   同样，在responce中，也有未显示的headers
   

2.The HTTP CONDITIONAL GET/response interaction

先清空浏览器缓存，然后访问http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html，然后不清空缓存再次访问此url，抓包如下，并打印出来

1. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
   在第一次get/responce中，没有这一行，在第二次get中才会存在
   

2. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell?
   在第一次responce中存在文件的内容

但是在第二次responce中，没有返回文件的具体内容

1. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:”header?
   

2. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.
   

3.Retrieving Long Documents

本部分实验，由于涉及到部分tcp报文需要观测，故不再打印出来，直接在wireshark中进行分析，抓包前需要清空缓存

1. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights?
   总共发送了1个，number 8包括
   

2. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request?
   

3. What is the status code and phrase in the response?
   

4. How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights?
   

4.HTML Documents with Embedded Objects

抓包前需要清空缓存

1. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent?
   

2. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain.
   同时，第三个get请求是在第二个get发出之后发出的，并没有等待第二个get的responce返回
   

5.HTTP Authentication

抓包前需要清空缓存

1. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser?
   

2. When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message?
   
   
   值得注意的是，进行http认证的时候，账户名和密码只是简单的进行了base64编码，而没有进行加密，这是不安全的。