Relatório Wireshark LAB - HTTP-DNS

7/26/2019 Relatrio Wireshark LAB - HTTP-DNS

1/13

Wireshark Lab: HTTP

1. The Basic HTTP GET/response interaction

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTPis the server running?

Meu browser e o servidor esto rodando HTTP 1.1.

2. What languages (if any) does your browser indicate that it can accept tothe server?

Accept-language: pt-BR, pt; en-US, en.

3. What is the IP address of your computer? Of the gaia.cs.umass.eduserver?

Meu IP: 192.168.1.102IP do servidor: 128.119.245.12

4. What is the status code returned from the server to your browser?

HTTP/1.1 200 OKRequest Version: HTTP/1.1Status Code: 200

Response Phrase: OK

5. When was the HTML file that you are retrieving last modified at theserver?

Last-Modified: Sun, 01 Apr 2012 14:01:01 GMT

6. How many bytes of content are being returned to your browser?

Content-Length: 128

7. By inspecting the raw data in the packet content window, do you seeany headers within the data that are not displayed in the packet-listingwindow? If so, name one.

No, todos os cabealhos esto no packet content.


2/13

2. The HTTP CONDITIONAL GET/response interaction

8. Inspect the contents of the first HTTP GET request from your browserto the server. Do you see an IF-MODIFIED-SINCE line in the HTTPGET?

No.

9. Inspect the contents of the server response. Did the server explicitlyreturn the contents of the file? How can you tell?

Sim. No campo Line-based text data: text/htmlpodemos ver o contedo dapgina.

10. Now inspect the contents of the second HTTP GET request from yourbrowser to the server. Do you see an IF-MODIFIED-SINCE: line in theHTTP GET? If so, what information follows the IF-MODIFIED-SINCE:header?

Sim. If-Modified-Since: Sun, 01 Apr 2012 16:44:01 GMT

11. What is the HTTP status code and phrase returned from the server inresponse to this second HTTP GET? Did the server explicitly return thecontents of the file? Explain.

HTTP/1.1 304 Not Modified

Request Version: HTTP/1.1Status Code: 304Response Phrase: Not Modified

Como o contedo j est no cache do navegador, o servidor no retorna ocontedo novamente.

3. Retrieving Long Documents

12. How many HTTP GET request messages were sent by your browser?

Foi enviado um HTTP GET pelo navegador.

13. How many data-containing TCP segments were needed to carry thesingle HTTP response?

Foram necessrios 4 segmentos de TCP para carregar a pgina.


3/13

14. What is the status code and phrase associated with the response to theHTTP GET request?

HTTP/1.1 200 OKRequest Version: HTTP/1.1

Status Code: 200Response Phrase: OK

15. Are there any HTTP status lines in the transmitted data associated witha TCP-induced Continuation?

No.

4. HTML Documents with Embedded Objects

16. How many HTTP GET request messages were sent by your browser?To which Internet addresses were these GET requests sent?

Foram enviadas trs requisies HTTP GET pelo navegador.Para os seguintes endereos:1) 128.119.245.122) 165.193.140.143) 128.119.240.90

17. Can you tell whether your browser downloaded the two images serially,or whether they were downloaded from the two web sites in parallel?Explain.

Cada imagem foi transmitida em uma conexo TCP diferente, logo sobaixadas em srie.

5 HTTP Authentication

18.What is the servers response (status code and phrase) in response tothe initial HTTP GET message from your browser?

HTTP/1.1 401 Authorization RequiredRequest Version: HTTP/1.1Status Code: 401Response Phrase: Authorization Required

19. When your browsers sends the HTTP GET message for the secondtime, what new field is included in the HTTP GET message?

Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=Credentials: wireshark-students:network


4/13


5/13

Wireshark Lab: DNS

1 nslookup

1. Run nslookupto obtain the IP address of a Web server in Asia.

nslookup www.kantei.go.jp

Servidor: DSLink260E.local.lanAddress: 192.168.1.1

No resposta de autorizao:Nome: www.kantei.go.jpAddress: 202.232.75.151

2. Run nslookupto determine the authoritative DNS servers for a universityin Europe.Testamos para University of Cambridge

nslookuptype=NS cam.ac.uk

Servidor: DSLink260E.local.lanAddress: 192.168.1.1

No resposta de autorizao:

cam.ac.uk nameserver = bitsy.mit.educam.ac.uk nameserver = authdns0.csx.cam.ac.ukcam.ac.uk nameserver = ns2.ic.ac.ukcam.ac.uk nameserver = dns0.eng.cam.ac.ukcam.ac.uk nameserver = authdns1.csx.cam.ac.ukcam.ac.uk nameserver = dns0.cl.cam.ac.ukcam.ac.uk nameserver = dns1.cl.cam.ac.uk

ns2.ic.ac.uk internet address = 155.198.142.82bitsy.mit.edu internet address = 18.72.0.3


6/13

3. Run nslookupso that one of the DNS servers obtained in Question 2 isqueried for the mail servers for Yahoo! mail.

nslookup mail.yahoo.com bitsy.mit.edu

Servidor: BITSY.MIT.EDUAddress: 18.72.0.3

No resposta de autorizao:Nome: login.lga1.b.yahoo.comAddresses: 98.139.241.94

209.191.92.114Aliases: mail.yahoo.com

login.yahoo.comlogin-global.lgg1.b.yahoo.com

2 ipconfig

4. Locate the DNS query and response messages. Are then sent over UDPor TCP?

Foram transmitidas com UDP.

5. What is the destination port for the DNS query message? What is the

source port of DNS response message?

A porta de destino da mensagem de consulta DNS 53.A porta de origem da mensagem de resposta DNS 53.

6. To what IP address is the DNS query message sent? Use ipconfig todetermine the IP address of your local DNS server. Are these two IPaddresses the same?

A mensagem de consulta DNS enviada para o IP 192.168.1.1Servidor DNS local: 192.

Logo, so os mesmos endereos IP.

7. Examine the DNS query message. What Type of DNS query is it? Doesthe query message contain any answers?

Type: A (Host address)A mensagem de consulta no contm answers.


7/13

8. Examine the DNS response message. How many answers areprovided? What do each of these answers contain?

Foi gerada uma resposta:www.ietf.org: type A, class IN, addr 12.22.58.30

A resposta contm:Name: www.ietf.orgType: A (Host address)Class: IN (0x0001)Time to live: 15 minutes, 26 secondsData length: 4Addr: 12.22.58.30 (12.22.58.30)

9. Consider the subsequent TCP SYN packet sent by your host. Does thedestination IP address of the SYN packet correspond to any of the IPaddresses provided in the DNS response message?

Sim, o endereo IP de destino do pacote TCP SYN o mesmo da mensagemde resposta DNS (12.22.58.30).

10. This web page contains images. Before retrieving each image, does yourhost issue new DNS queries?

No. Pois h cache DNS de consulta anterior.

Executando: nslook up www.mi t .edu

11. What is the destination port for the DNS query message? What is thesource port of DNS response message?

A porta de destino da mensagem de consulta DNS 53.A porta de origem da mensagem de resposta DNS 53.

12. To what IP address is the DNS query message sent? Is this the IP

address of your default local DNS server?

A mensagem de consulta DNS enviada para o endereo IP 192.168.1.1Este o endereo IP do servidor DNS local.

13.Examine the DNS query message. What Type of DNS query is it? Doesthe query message contain any answers?

Type: A (Host address)A mensagem de consulta no contm answers


8/13

14.Examine the DNS response message. How many answers areprovided? What do each of these answers contain?

Foi gerada uma resposta:www.mit.edu: type A, class IN, addr 18.9.22.169

A resposta contm:Name: www.mit.eduType: A (Host address)Class: IN (0x0001)Time to live: 1 minuteData length: 4Addr: 18.9.22.169 (18.9.22.169)


9/13

15. Provide a screenshot.

Mensagem de consulta DNS

Mensagem de resposta DNS


10/13

Executando: ns lookup type=NS m it.edu

16. To what IP address is the DNS query message sent? Is this the IPaddress of your default local DNS server?

A mensagem de consulta DNS enviada para o endereo IP 192.168.1.1Este o endereo IP do servidor DNS local


Type: NS (Authoritative name server)A mensagem de consulta no contm answers

18. Examine the DNS response message. What MIT nameservers does theresponse message provide? Does this response message also providethe IP addresses of the MIT namesers?

mit.edu nameserver = STRAWB.mit.edumit.edu nameserver = BITSY.mit.edumit.edu nameserver = W20NS.mit.edu

BITSY.mit.edu internet address = 18.72.0.3STRAWB.mit.edu internet address = 18.71.0.151W20NS.mit.edu internet address = 18.70.0.160


11/13





12/13

Executando: nslo oku p www.ai i t .or .kr bi tsy.mit .edu

20. To what IP address is the DNS query message sent? Is this the IPaddress of your default local DNS server? If not, what does the IPaddress correspond to?

A mensagem de consulta DNS foi enviada para o endereo IP 18.72.0.3Este no o endereo IP do servidor DNS local (192.168.1.1).


Type: A (Host address)A mensagem de consulta no contm answers

22.Examine the DNS response message. How many answers areprovided? What does each of these answers contain?

Foi gerada uma resposta:www.aiit.or.kr: type A, class IN, addr 121.254.171.27

A resposta contm:Name: www.aiit.or.krType: A (Host address)Class: IN (0x0001)Time to live: 1 hourData length: 4

Addr: 121.254.171.27 (121.254.171.27)


13/13


