Scribd
Upload
15 views

Networking Lab (HTTP DNS)

Uploaded by

jaycoab2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
15 views

Networking Lab (HTTP DNS)

Uploaded by

jaycoab2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Lab 1

Getting Wireshark

Download and install the Wireshark software:


 Go to http://www.wireshark.org/download.html and download and install the Wireshark binary
for your computer.

Running Wireshark
Figure 1 shows a startup screen that looks something like the screen below.

Figure 1: Initial Wireshark Screen

 Click on one of these interfaces to start packet capture (i.e., for Wireshark to begin capturing
all packets being sent to/from that interface. Figure 2 shows information about the packets
being captured.
 To stop the capture, click the Capture pull down menu and selecting Stop (or by clicking on
the red square button next to the Wireshark fin in Figure 2). 1

Figure 2 : Wireshark window, during and after capture


Taking Wireshark for a Test Run

1
1. Start up the Wireshark software and to begin packet capture, select the Capture pull down menu
and select Interfaces. This will cause the “Wireshark: Capture Options menu window to be
displayed (on a PC).

Figure 3: Wireshark Capture interface window, on a Windows computer


2. Click on Start for the interface on which you want to begin packet capture.
3. To capture some interesting packets, open a web browser to download content from a website by
using HTTP protocol.
4. While Wireshark is running, enter the URL:
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html in your browser.
5. After your browser has displayed the INTRO-wireshark-file1.html page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window as shown in Figure 2.
6. Type in “http” (without the quotes, and in lower case in Wireshark) into the display filter
specification window at the top of the main Wireshark window as shown in Figure 4.
7. The Selected packet details window shows the detailed contents of the Hypertext Transfer Protocol
application message that was found within the TCP segment that was inside the IPv4 datagram that
was inside the Ethernet II (WiFi) frame.

Figure 4: looking at the details of the HTTP GET message


8. Find the HTTP GET message that was sent from your computer to the gaia.cs.umass.edu HTTP
server. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment,
and HTTP message header information will be displayed in the packet-header window 2. By
clicking on ‘+’ and ‘-' and right-pointing and down-pointing arrowheads to the left side of the
packet details window, minimize the amount of Frame, Ethernet, Internet Protocol, and
Transmission Control Protocol information displayed. Maximize the amount information
displayed about the HTTP protocol.

9. Exit Wireshark

What to hand in

Answer the following questions, based on your Wireshark experimentation:

1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing
window in step 7 above.
2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply
was received? (By default, the value of the Time column in the packet-listing window is the
amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-
of-day format, select the Wireshark View pull down menu, then select Time Display Format,
then select Time-of-day.)
3. What is the Internet address of the gaia.cs.umass.edu (also known as www-net.cs.umass.edu)?
What is the Internet address of your computer?
4. Print the two HTTP messages (GET and OK) referred to in question 2 above.

LAB 2
2
Wireshark Lab: HTTP

1. HTTP GET/response interaction

Take exploration of HTTP by downloading a very simple HTML file - one that is very short, and
contains no embedded objects. Do the following:
1. Start up your web browser.
2. Start up the Wireshark packet sniffer. Enter “http” (just the letters, not the quotation marks) in
the display-filter-specification window to show only captured HTTP messages in the packet-
listing window.
3. Wait a bit more than one minute and then begin Wireshark packet capture.
4. Enter the following to your browser
lms.ucstaungoo.edu.mm
5. Stop Wireshark packet capture.

Print out the GET and response messages and indicate where in the message you’ve found the
information that answers the following questions.

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server
running?
HTTP version is 1.1

2. What languages (if any) does your browser indicate that it can accept to the server?
Languages : en-US.

3. What is the IP address of your computer? Of the lms.ucstaungoo.edu.mm server?


IP address of computer is 192,168.137.68.
IP address of lms.ucstaungoo.edu.mm server is 103.47.184.47.

4. What is the status code returned from the server to your browser?
The status code is 200.

5. When the HTML file that you are retrieving was last modified at the server?
Last modified at the server was Thu, 14 Jul 2022 03:49:38 GMT

6. How many bytes of content are being returned to your browser?


1031 of content are being returned to browser.

7. How many data-containing TCP segments were needed to carry the single HTTP response?
2 TCP segments
8. How many HTTP GET request messages were sent by your browser? To which Internet
addresses were these GET requests sent?
19 HTTP GET request messages were sent by browser to 103.47.184.47.

9. How long did it take from when the HTTP GET message was sent until the HTTP OK reply
was received?
0.502599 seconds

10. Print the two HTTP messages (GET and OK).


GET
Frame 40: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface \Device\
NPF_{045865C7-F342-4CCF-970D-3A65E8F2DB16}, id 0
Ethernet II, Src: Intel_41:cb:11 (64:5d:86:41:cb:11), Dst: 86:1b:77:fd:c9:c4
(86:1b:77:fd:c9:c4)
Internet Protocol Version 4, Src: 192.168.137.68, Dst: 103.47.184.47
Transmission Control Protocol, Src Port: 54603, Dst Port: 80, Seq: 1, Ack: 1, Len: 436
Hypertext Transfer Protocol
GET / HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
[GET / HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /
Request Version: HTTP/1.1
Host: lms.ucstaungoo.edu.mm\r\n
Connection: keep-alive\r\n
Upgrade-Insecure-Requests: 1\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/127.0.0.0 Safari/537.36\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/
webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.9\r\n
\r\n
[Full request URI: http://lms.ucstaungoo.edu.mm/]
[HTTP request 1/3]
[Next request in frame: 54]

OK
Frame 63: 221 bytes on wire (1768 bits), 221 bytes captured (1768 bits) on interface \Device\
NPF_{045865C7-F342-4CCF-970D-3A65E8F2DB16}, id 0
Ethernet II, Src: 86:1b:77:fd:c9:c4 (86:1b:77:fd:c9:c4), Dst: Intel_41:cb:11
(64:5d:86:41:cb:11)
Internet Protocol Version 4, Src: 103.47.184.47, Dst: 192.168.137.68
Transmission Control Protocol, Src Port: 80, Dst Port: 54603, Seq: 9318, Ack: 870, Len: 167
[2 Reassembled TCP Segments (1547 bytes): #62(1380), #63(167)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Response Version: HTTP/1.1
Status Code: 200
[Status Code Description: OK]
Response Phrase: OK
Date: Sun, 11 Aug 2024 16:55:54 GMT\r\n
Server: Apache/2.4.41 (Ubuntu)\r\n
Content-Disposition: inline; filename="combo"\r\n
Last-Modified: Thu, 14 Jul 2022 03:49:38 GMT\r\n
Expires: Wed, 06 Aug 2025 16:55:54 GMT\r\n
Pragma: \r\n
Cache-Control: public, max-age=31104000, immutable\r\n
Accept-Ranges: none\r\n
Etag: "9b9cbb79c1192e9cb56160269e7434e0ac649341"\r\n
Content-Encoding: gzip\r\n
Vary: Accept-Encoding\r\n
Content-Length: 1031\r\n
[Content length: 1031]
Keep-Alive: timeout=5, max=99\r\n
Connection: Keep-Alive\r\n
Content-Type: text/css;charset=UTF-8\r\n
\r\n
[HTTP response 2/3]
[Time since request: 0.174643000 seconds]
[Prev request in frame: 40]
[Request in frame: 54]
[Next request in frame: 74]
[Request URI: http://lms.ucstaungoo.edu.mm/theme/yui_combo.php?rollup/3.17.2/yui-
moodlesimple.css]
Content-encoded entity body (gzip): 1031 bytes -> 3627 bytes
File Data: 3627 bytes
Line-based text data: text/css (40 lines)
Lab 3
Wireshark Lab: Domain Name System (DNS)

 Translates hostnames to IP addresses


 a client sends a query to its local DNS server, and receives a response back.
 a query is formulated to the local DNS server and a response is received from that server

1. nslookup

 nslookup tool allows the host running the tool to query any specified DNS server for a DNS
record.
 Task, nslookup sends a DNS query to the specified DNS server, receives a DNS reply from
that same DNS server, and displays the result.
 To run it in Windows, open the Command Prompt and run nslookup on the command line.

(i). Test the first command:

nslookup www.uit.edu.mm

 The IP address for the host www.uit.edu.mm as shown Figure1, the response from this
command provides two pieces of information:
a. The name and IP address of the Default DNS server
b. The host name and IP address of www.uit.edu.mm

(ii).Test the second command:

nslookup –type=NS uit.edu.mm

In this example, we have provided the option “-type=NS” and the domain “uit.edu.mm”. This
causes nslookup to send a query for a type-NS record to the default local DNS server.

(iii). Test the third command:


To the query sent to the DNS server ns4.nic.net.mm rather than to the default DNS server
(uit.edu.mm), enter the following command

nslookup uit.edu.mm ns4.nic.net.mm


The syntax of nslookup is: nslookup –option1 –option2 host-to-find dns-server

Figure 1: Example of the results of three independent nslookup commands

2. ipconfig

 ipconfig (for Windows) and ifconfig (for Linux/Unix) are among the most useful little utilities
for debugging network issues.
 ipconfig can be used to show your current TCP/IP information, including your address, DNS
server addresses, adapter type and so on.

For example, if you all this information about your host simply by entering
ipconfig /all
 Using this command to shows the remaining Time to Live (TTL) in seconds
ipconfig /displaydns

 To clear the cache, enter the following command


ipconfig /flushdns
Flushing the DNS cache clears all entries and reloads the entries from the hosts file

Using Wireshark
Question 1.
 Start packet capture.
 Do an nslookup on www.mit.edu
 Stop packet capture

1. Locate the DNS query and response messages. Are then sent over UDP or TCP?
They are sent over UDP.

2. What is the destination port for the DNS query message? What is the source port of DNS response
message?
The destination port is 172.18.0.1.
Source port is 172.18.0.73.

3. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of
your local DNS server. Are these two IP addresses the same?
The DNS query message is sent to 172.18.0.1.
These two IP addresses are the same.

4. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
Type = NS.
No answers.

5. Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?
There are three answers.
Frame 9309: 200 bytes on wire (1600 bits), 200 bytes captured (1600 bits) on interface \Device\
NPF_{4899752C-6EC3-41F2-9934-17BD7C546E86}, id 0
Ethernet II, Src: Routerboardc_93:38:7d (dc:2c:6e:93:38:7d), Dst: Dell_ee:44:c3
(54:48:10:ee:44:c3)
Internet Protocol Version 4, Src: 8.8.4.4, Dst: 172.18.0.73
User Datagram Protocol, Src Port: 53, Dst Port: 57988
Domain Name System (response)
Transaction ID: 0x474d
Flags: 0x8180 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the
server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 3
Authority RRs: 0
Additional RRs: 0
Queries
tile-service.weather.microsoft.com: type A, class IN
Answers
tile-service.weather.microsoft.com: type CNAME, class IN, cname
wildcard.weather.microsoft.com.edgekey.net
Name: tile-service.weather.microsoft.com
Type: CNAME (5) (Canonical NAME for an alias)
Class: IN (0x0001)
Time to live: 3580 (59 minutes, 40 seconds)
Data length: 44
CNAME: wildcard.weather.microsoft.com.edgekey.net
wildcard.weather.microsoft.com.edgekey.net: type CNAME, class IN, cname
e15275.d.akamaiedge.net
Name: wildcard.weather.microsoft.com.edgekey.net
Type: CNAME (5) (Canonical NAME for an alias)
Class: IN (0x0001)
Time to live: 13368 (3 hours, 42 minutes, 48 seconds)
Data length: 22
CNAME: e15275.d.akamaiedge.net
e15275.d.akamaiedge.net: type A, class IN, addr 104.69.175.173
Name: e15275.d.akamaiedge.net
Type: A (1) (Host Address)
Class: IN (0x0001)
Time to live: 20 (20 seconds)
Data length: 4
Address: 104.69.175.173
[Request In: 9307]
[Time: 0.034115000 seconds]

6. Provide a screenshot.
Now repeat the previous experiment, but instead issue the command:
nslookup –type=NS mit.edu

Answer the following questions :

1. To what IP address is the DNS query message sent? Is this the IP address of your default local
DNS server?
2. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
3. Examine the DNS response message. What MIT nameservers does the response message
provide? Does this response message also provide the IP addresses of the MIT namesers?
4. Provide a screenshot

Now repeat the previous experiment, but instead issue the command:
Nslookup mit.edu eur5.akam.net

1. To what IP address is the DNS query message sent? Is this the IP address of your default local
DNS server? If not, what does the IP address correspond to?
2. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
3. Examine the DNS response message. How many “answers” are provided? What does each of
these answers contain?
4. Provide a screenshot.

You might also like