Let’s begin our exploration of HTTP by downloading a very simple HTML file - one thatis very short, and contains no embedded objects. Do the following:
Start up your web browser.
Start up the Wireshark packet sniffer, as described in the Introductory lab (butdon’t yet begin packet capture). Enter “http” (just the letters, not the quotationmarks) in the display-filter-specification window, so that only captured HTTPmessages will be displayed later in the packet-listing window. (We’re onlyinterested in the HTTP protocol here, and don’t want to see the clutter of allcaptured packets).
Wait a bit more than one minute (we’ll see why shortly), and then beginWireshark packet capture.
Enter the following to your browser http://wireshark.grydeske.net/file1.htmlYour browser should display the very simple, one-line HTML file.
Stop Wireshark packet capture.
Your Wireshark window should look similar to the window shown below.
Figure 1: Wireshark after HTTP Get request
The example in Figure 1 shows in the packet-listing window that four HTTP messageswere captured: the GET message (from your browser to the wireshark.grydeske.netserver) and the response message from the server to your browser, and a request for the favicon.ico thatis not available - please just ignore this pair.
The packet-contents window shows details of the selected message (in this case the HTTP GET request,which is highlighted in the packet-listing window). Recall that since the HTTP messagewas carried inside a TCP segment, which was carried inside an IP datagram, which wascarried within an Ethernet frame, Wireshark displays the Frame, Ethernet, IP, and TCPpacket information as well. We want to minimize the amount of non-HTTP datadisplayed (we’re interested in HTTP here, and will be investigating these other protocolsis later labs), so make sure the boxes at the far left of the Frame, Ethernet, IP and TCPinformation have a plus sign or a right-pointing triangle (which means there is hidden,undisplayed information), and the HTTP line has a minus sign or a down-pointingtriangle (which means that all information about the HTTP message is displayed).
Tasks and Questions
By looking at the information in the HTTP GET and response messages, answer thefollowing questions.
Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
What languages (if any) does your browser indicate that it can accept to the server?
What is the IP address of your computer? Of the wireshark.grydeske.net server?
What is the status code returned from the server to your browser?
How many bytes of content are being returned to your browser?
By inspecting the raw data in the packet content window, do you see any headerswithin the data that are not displayed in the packet-listing window? If so, nameone.