INFO 671 Web Systems and Architecture

Assignment 1

Drexel University College of Computing and Informatics

1. Overview

The Web and the Internet are supported by various network protocols. An essential skill for developing effective Web applications is the understanding of network protocols. In this assignment, we will see protocols in action by observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. In this assignment, we will use the packet sniffer, Wireshark. A packet sniffer captures (“sniffs”) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages.

1. What To Do

The following steps describe what you should do to complete the assignment.

Observing HTTP:

Step 1: Download and install the Wireshark software:

• Go to http://www.wireshark.org/download.html and download and install the Wireshark binary for your computer.
• The Wireshark FAQ has a number of helpful hints and interesting tidbits of information, particularly if you have trouble installing or running Wireshark.

Step 2: Start running Wireshark and click one of the network interfaces to capture packets. Make sure you will choose the right interface for capturing packets in later steps.

Step 3: While Wireshark is running, enter the URL:

http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html and have that page displayed in your browser.

Step 4: After your browser has displayed the INTRO-wireshark-file1.html page (it is a simple one line of congratulations), stop Wireshark packet capture by selecting stop in the Wireshark capture window.

Step 5: Examine two HTTP messages: the request message (from your browser to the gaia.cs.umass.edu web server) and the response message from the server to your browser.

Answer the following questions:

1. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received?
2. What is the Internet address of the cs.umass.edu? What is the Internet address of your computer?
3. What version of HTTP does the message indicate that the client is running?
4. What version of HTTP does the message indicate that the server is running?
5. What languages (if any) does your browser indicate that it can accept to the server?
6. What is the status code returned from the server to your browser? Step 6: Exit Wireshark.

Observing HTTP CONDITIONAL GET/response:

Most web browsers perform object caching and thus perform a conditional GET when retrieving an HTTP object. Before performing the steps below, make sure your browser’s cache is empty. (To do this under Firefox, select Tools->Clear Recent History and check the Cache box, or for Internet Explorer, select Tools->Internet Options->Delete File; these actions will remove cached files from your browser’s cache.) Now do the following:

Step 1: Start up your web browser, and make sure your browser’s cache is cleared, as discussed above.

Step 2: Start up the Wireshark packet sniffer.

Step 3: Enter the following URL into your browser: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html Your browser should display a very simple five-line HTML file.

Step 4: Quickly enter the same URL into your browser again (or simply select the refresh button on your browser).

Step 5: Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet- listing window.

Answer the following questions:

1. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
2. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell?
3. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?
4. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.

Observing HTTP Authentication:

Let’s try visiting a web site that is password-protected and examine the sequence of HTTP message exchanged for such a site. The URL

http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html is password protected. The username is “wireshark-students” (without the quotes), and the password is “network” (again, without the quotes). So let’s access this “secure” password-protected site. Do the following:

Step 1: Make sure your browser’s cache is cleared, as discussed above, and close down your browser. Then, start up your browser. Step 2: Start up the Wireshark packet sniffer. Step 3: Enter the following URL into your browser "http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html Type the requested user name and password into the pop up box.

Step 4: Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet- listing window.

Answer the following questions:

1. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser?

2 When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message?

Note: The username (wireshark-students) and password (network) that you entered are encoded in the string of characters (d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=) following the “Authorization: Basic” header in the client’s HTTP GET message. While it may appear that your username and password are encrypted, they are simply encoded in a format known as Base64 format. The username and password are not encrypted! To see this, go to http://www.motobit.com/util/base64-decoder-encoder.asp and enter the base64-encoded string d2lyZXNoYXJrLXN0dWRlbnRz and decode. Voila! You have translated from Base64 encoding to ASCII encoding, and thus should see your username! To view the password, enter the remainder of the string Om5ldHdvcms= and press decode. Since anyone can download a tool like Wireshark and sniff packets (not just their own) passing by their network adaptor, and anyone can translate from Base64 to ASCII (you just did it!), it should be clear to you that simple passwords on WWW sites are not secure unless additional measures are taken.

Observing TCP:

Step 1: Start up your web browser. Go the http://gaia.cs.umass.edu/wireshark-labs/alice.txt and retrieve an ASCII copy of Alice in Wonderland. Store this file somewhere on your computer.

Step 2: Next go to http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html You should see a screen that looks like:

Step 3: Use the Browse button in this form to enter the name of the file (full path name) on your computer containing Alice in Wonderland (or do so manually). Don’t yet press the “Upload alice.txt file” button.

Step 4: Now start up Wireshark and begin packet capture.

Step 5: Returning to your browser, press the “Upload alice.txt file” button to upload the file to the gaia.cs.umass.edu server. Once the file has been uploaded, a short congratulations message will be displayed in your browser window.

Step 6: Stop Wireshark packet capture.

Step 7: Filter the packets displayed in the Wireshark window by entering “tcp” into the display filter specification window towards the top of the Wireshark window.

Answer the following questions:

1 What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu?

2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection?

1. A well-structured and detailed report describing the results of doing the assignment. The report should include the following content:
   1. An introduction section that briefly introduces the purpose of the assignment.
   2. Answers to the questions in the assignment. Use screenshots and circle the areas containing the information for answering the questions.
   3. Each screenshot must be accompanied by short text to briefly describe what the picture is about.
   4. Any comments that describe your thoughts and ideas.
   5. A conclusion section that briefly summarizes lessons learned from doing the assignment.

1. Written Presentation Requirements

Images must be clear and legible. Assignments will be judged on the basis of visual appearance, grammatical correctness, and quality of writing, as well as their contents. Please make sure that the text of your assignments is well-structured, using paragraphs, full sentences, and other features of well-written presentation. Text font size should be either 11 or 12 points.