flyingscorpio/efrei
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
efrei/network-protocols/tp1.tex

304 lines
12 KiB
TeX
Raw Blame History

\documentclass[a4paper,french,12pt]{article}
\title{Networks and Protocols --- Wireshark Lab}
\author{Shanny Guerriau --- Nelson Alikou Dongmo --- Tunui Franken}
\usepackage{../cours}
\begin{document}
\maketitle
\clearpage
\section{HTTP}
\subsection{Basic HTTP GET/response interaction}
\begin{enumerate}
\item Is your browser running HTTP version 1.0 or 1.1?
What version of HTTP is the server running?
The client and the server are both running HTTP version 1.1.
(client: trace n°10, server: trace n°12)
\item What languages (if any) does your browser indicate that it cas accept to the server?
The \texttt{Accept-Language} header indicates that the browser accepts \texttt{en-us}.
\item What is the IP address of your computer?
Of the gaia.cs.umass.edu server?
The client computer has private address 192.168.1.102.
The server has address 128.119.245.12.
\item What is the status code returned from the server to your browser?
The GET ``OK'' response indicates a 200 status code.
\item When was the HTML file that you are retrieving last modified at the server?
The \texttt{Last-Modified} header indicates \texttt{Tue, 23 Sep 2003 05:29:00 GMT}.
\item How many bytes of content are being returned to your browser?
The server has returned 73 bytes.
\end{enumerate}
\subsection{HTTP conditional GET/response interaction}
\begin{enumerate}\setcounter{enumi}{6}
\item Inspect the contents of the first HTTP GET request from your browser to the server.
Do you see an ``IF-MODIFIED-SINCE'' line in the HTTP GET\@?
The line is not present.
\item Inspect the contents of the server response.
Did the server explicitly return the contents of the file?
How can you tell?
The server returned a 200 return status code.
If it hadn't explicitly returned the contents of the file, it would have returned a 304 status code.
\item Now inspect the contents of the second HTTP GET request from your browser to the server.
Do you see an ``IF-MODIFIED-SINCE'' line in the HTTP GET\@?
If so, what information follows the ``IF-MODIFIED-SINCE'' header?
This time, the header is present in the browser's request.
The next header is ``IF-NONE-MATCH''.
\item What is the HTTP status code and phrase returned from the server in response to this second HTTP GET\@?
Did the server explicitly return the contents of the file?
This time the response has a 304 return status code, with a ``Not Modified'' message.
The server does not send the file contents, because the browser has already cached it.
\end{enumerate}
\subsection{Retrieving long documents}
\begin{enumerate}\setcounter{enumi}{10}
\item How many HTTP GET request messages did your browser send?
Which packet number in the trace contains the GET message for the Bill of Rights?
The browser has sent one GET request.
This request has packet number 8.
\item Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET response?
The packet n°14 contains the status code and phrase.
\item What is the status code and phrase in the response?
The status code returned by the server is 200, associated with the ``OK'' phrase.
\item How many data-containing TCP segments were needed to carry the single HTTP response and the the text of the Bill of Rights?
The HTTP response was broken down into 3 separate TCP segments containing data.
Each segment being 1460 bytes long, they add up to 4272.
\end{enumerate}
\subsection{HTML Documents with Embedded Objects}
\begin{enumerate}\setcounter{enumi}{14}
\item How many HTTP GET request messages did your browser send?
To which Internet addesses were these GET requests sent?
The browser has sent 3 GET request messages to 3 different IP addresses~:
\texttt{128.119.245.12}, \texttt{165.193.123.218} and \texttt{134.241.6.82}.
\item Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel?
Explain.
The \texttt{Time} column indicates that the GET requests were made separately.
The TCP data indicates the the Acknowledgement numbers are also independant (their relative value is 1).
\end{enumerate}
\subsection{HTTP Authentication}
\begin{enumerate}\setcounter{enumi}{16}
\item What is the server's response (status code and phrase) in response to the initial HTTP GET message from your browser?
The response is 401 --- Authorization Required.
\item When your browser sends the HTTP GET message for the second time, what new field is included in the HTTP GET message?
There is an \texttt{Authorization: Basic} field in the GET header.
\end{enumerate}
\section{DNS}
\subsection{nslookup}
\begin{enumerate}
\item Run \texttt{nslookup} to obtain the IP address of a Web server in Asia.
What is the IP address of that server?
The IP addesses of the server is \texttt{58.229.6.225}.
\begin{lstlisting}[gobble=20]
$ nslookup www.aiit.or.kr
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
Name: www.aiit.or.kr
Address: 58.229.6.225
\end{lstlisting}
\item Run \texttt{nslookup} to determine the authoritative DNS servers for a university in Europe.
\begin{lstlisting}[gobble=20]
$ nslookup -type=SOA efrei.net
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
efrei.net
origin = a.dns.gandi.net
mail addr = hostmaster.gandi.net
serial = 1585830728
refresh = 10800
retry = 3600
expire = 604800
minimum = 10800
Authoritative answers can be found from:
a.dns.gandi.net internet address = 173.246.98.1
a.dns.gandi.net has AAAA address 2604:3400:abca::1
\end{lstlisting}
\end{enumerate}
\subsection{ipconfig}
\subsection{Tracing DNS with Wireshark}
\begin{enumerate}\setcounter{enumi}{2}
\item Locate the DNS query and response messages.
Are they sent over UDP or TCP\@?
The DNS queries are sent over UDP\@.
\item What is the destination port for the DNS query message?
What is the source port of the DNS response message?
The destination port of the query and the source port of the response are the same~: UDP port 53.
\item To what IP address is the DNS query message sent?
Use ipconfig to determine the IP addess of your local DNS server.
Are those two IP addresses the same?
\begin{lstlisting}[gobble=20]
$resolvconf -l
# resolv.conf from wlan0.dhcp
# Generated by dhcpcd from wlan0.dhcp
domain campus.villejuif
search campus.villejuif
nameserver 10.0.1.1
nameserver 192.168.32.5
nameserver 192.168.32.6
\end{lstlisting}
The IP addresses are not the same because I am using a wireshark trace.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
The query type is \texttt{A}, so it is an IPv4 query.
It does not contain any answer.
\item Examine the DNS response message.
How many ``answers'' are provided?
What do each of these answers contain?
The response provides 2 answers, each containing an IP address for the query.
\item Consider the subsequent TCP SYN packet sent by your host.
Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
The IP is \texttt{132.151.6.75}, which corresponds to the first answer in the DNS response.
\item This web page contains images.
Before retrieving each image, does your host issue new DNS queries?
The images are in the same domain, so the client does not need to issue new DNS queries.
\item What is the destination port for the DNS query message?
What is the source port of the DNS response message?
Again, the destination port for the query and the source port for the response are UDP port 53.
\item To what IP address is the DNS query message sent?
Is this the IP address of your default local DNS server?
The query is sent to \texttt{128.238.29.22}.
It is an IP address used in the trace, not my local address.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
The query is of PTR type.
It does not contain any answer.
\item Examine the DNS response message.
How many ``answers'' are provided?
What do each of these answers contain?
The response provides 1 answer containing the domain name corresponding the the requested IP address (reverse DNS).
\item Provide a screenshot.
\item To what IP address is the DNS query message sent?
Is this the IP address of your default DNS server?
The query is sent to \texttt{128.238.29.22}.
It is an IP address used in the trace, not my local address.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
It is again a PTR type, and does not contain any answer.
\item Examine the DNS response message.
What MIT nameservers does the response message provide?
Does this response message also provide the IP addresses of the MIT nameservers?
It provides \texttt{dns-prime.poly.edu}.
The IP address if present, backwards, in the \texttt{in-addr.arpa} field.
\item Provide a screenshot.
\item To what IP address is the DNS query message sent?
Is this the IP address of your default DNS server?
If not, what does the IP address correspond to?
The IP is \texttt{18.72.0.3} and corresponds to the IP address in the \texttt{in-addr.arpa} field for the PTR query.
\item Examine the DNS query message.
What ``Type'' of DNS query is it?
Does the query message contain any ``answers''?
It is again a PTR type, and does not contain any answer.
\item Examine the DNS response message.
How many ``answers'' are provided?
What do each of these answers contain?
The response contains the \texttt{bitsy.mit.edu}.
\end{enumerate}
\end{document}
Reference in a new issue View git blame Copy permalink