Stop and close any capture that you may have open and

This preview shows page 5 - 11 out of 38 pages.

Stop and close any capture that you may have open, and start a new capture. Set the filter to show only HTTP traffic. Let’s start with the HTTP request sent from your web browser. In your web browser, navigate to - scf.usc.edu/~csci571/Special/HTTP/proxy.html In the top frame of the Wireshark main window, look for the packet that corresponds to your request. This contains the URL in the “Info” section. Select this packet. In the middle frame of the Wireshark window, expand the “Hypertext Transfer Protocol” section. Notice the details given for the: o GET request o Host o User-Agent o Accepts o cookie o etc
Details of outgoing HTTP request corresponding to proxy.html Now, let’s take a look at the HTTP response to the above request.
In the top frame of the Wireshark main window, find and select the “HTTP/1.1 200 OK” packet immediately below the request for proxy.html. This is the response containing the requested web page. Again, expand the “Hypertext Transfer Protocol” section. Notice the details given for o Cache-Control o Content-Type o Server o etc
Details of incoming HTTP response corresponding to proxy.html If we expand the “HTTP chunked response” section, we can find the actual data transmitted in the response.
In this case, note the web page HTML visible in the bottom frame of the window Data section of the HTTP response, containing the web page HTML
The requested web page contained a background image, which the web browser also had to fetch. Notice that below the two packets we have already examined, there is another pair of request and response packets corresponding to the page background image, USCwebMarble.jpg. Examine the details of these two packets as well. Now, repeat the exercise with the following links and observe the behavior of the corresponding requests and responses: a file with only text: a file with text and one gif image: - scf.usc.edu/~csci571/Special/HTTP/simple2.html a file with two frames containing simple1.htm and simple2.html: - scf.usc.edu/~csci571/Special/HTTP/simple3.html an executable script: a page that uses the POST method: - fill and submit the form, and examine the request and response. a missing file: a secure directory: Filtering with Expressions While we can easy to examine the traffic that occurs from browsing in a controlled environment as we have done above, things may be different in practice where there may be a large amount of traffic to sift through – simply isolating HTTP traffic may not be enough. To locate specific packets related to individual requests or responses from a within larger capture containing more traffic, we can perform even more specific filtering using a variety of expressions relating to various header fields and their contents.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture