Skip to content

Wireshark Lab 2, Part 2: Conditional GET/Response Interaction

February 27, 2013

Video Clip of the lab running:

———————————————————————————————————————————————————————-

STEPS:

Step 1: Start up your web browser, and make sure your browser’s cache is cleared, as discussed above.

Step 2: Start up the Wireshark packet sniffer

Step 3: Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html Your browser should display a very simple five-line HTML file.

Step 4: Quickly enter the same URL into your browser again (or simply select the refresh button on your browser)

Step 5: Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet-listing window.

Wireshark2part2

———————————————————————————————————————————————————————-

QUESTIONS:

8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?

  • No there is no IF-MODIFIED-SINCE line in the GET message.

9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell?

  • The server did explicitly return the contents of the file. Wireshark includes a section titled “Line-Based Text Data” which shows what the server sent back to my browser which is specifically what the website showed when I brought it up on my browser.

Untitled

10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?

  • Yes in the second HTTP message an IF-MODIFIED-SINCE line is included. The information that follows is the date and time that I last accessed the webpage

wireshark2.9

11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.

  • The HTTP status code is “304: Not Modified”
  • The server did not return the contents of the file because the browser simply retrieved the contents from its cache. Had the file been modified since it was last accessed, it would have returned the contents of the file, instead it simply told my browser to retrieve the old file from its cached memory.

From → Wireshark Labs

Leave a Comment

Leave a comment

«
»