COMP 6461: Computer Networks & Protocols Concordia University

Lab Assignment 3
Application Layer (Wireshark: HTTP)
Due Date: Friday, November 1st , 2024, by 11:59 PM

Instructor: Dr. Sandra Céspedes

Objectives
In this lab, we will explore several aspects of the HTTP protocol: the basic GET/response interaction,
HTTP message formats, retrieving large HTML files, and retrieving HTML files with embedded objects.

Submission Instructions
Deadline
The deadline is November 1st , 2024 (Friday) at 11:59 pm sharp. A 5-mark penalty will be imposed
on late submissions. Late submission refers to submission or re-submission after the deadline. The
submission link will close on November 3r d , 2024 (Sunday) at 11:59 pm sharp. No late submissions
will be accepted afterward.

Marking
This assignment must be solved individually. Under no circumstances should you solve it in a group and
then submit it as an individual solution. This is considered plagiarism. The lab is worth 50 marks in
total. You need at least 35 marks to pass this lab.

Submission in Moodle
Create a single PDF file that contains your answers and submit it to the corresponding assignment
folder in Moodle. Name your file as ≪Student number≫.pdf, where ≪Student number≫ refers to your
student ID number.

Plagiarism Warning
You are free to discuss this assignment with your friends. However, you should refrain from sharing
your answers. We highly recommend that you attempt this assignment on your own and figure things
out along the way, as many resources are available online.

We employ a zero-tolerance policy against plagiarism. If a suspicious case is found, students will be asked
to explain their answers to the evaluator in person. The confirmed breach may result in a zero mark for
the assignment and further disciplinary action from the department.

Question & Answer

If you have any doubts about this assignment, please post your questions on Moodle or consult the
TA. However, the TA will NOT debug issues for students. The intention of Q&A is to help clarify
misconceptions or give you necessary directions.

Fall 2024
A Word of Advice
This assignment can be time-consuming. We suggest you start your assignment early. Do not post your
solution in any public domain on the Internet or share it with friends, even after the term is over.

Lab Setup
You should use your local machine for all tasks in this assignment. The tools you need are:
1. Google Chrome or any other modern browser

2. Wireshark

Task 1: The Basic HTTP GET/response interaction

Let us begin our exploration of HTTP by downloading a very simple HTML file, which is very short and
contains no embedded objects. Do the following:
1. Start up your web browser.

2. Make sure that your browser has the automatic ”http” to ”https” redirection function disabled (on
Chrome, you can do it in settings -> privacy and security -> security, see Figrue 1).

3. Start up the Wireshark packet sniffer, as described in the Introductory lab (but do not yet begin
packet capture). Enter “http” (just the letters, not the quotation marks, and in lower case) in the
display-filter-specification window so that only captured HTTP messages will be displayed later in
the packet-listing window. (We’re only interested in the HTTP protocol here and don’t want to
see the clutter of all captured packets).

4. Wait a bit more than one minute (we will see why shortly), and then begin Wireshark packet
capture.

5. Enter the following to your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wires

hark-file1.html Your browser should display the very simple, one-line HTML file.

6. Stop Wireshark packet capture.

Figure 1: Redirection function disabled on Chrome

Your Wireshark window should look similar to the window shown in Figure 2. If you’re unable to run
Wireshark on a live network connection, you can download a packet trace that was created when the
steps above were followed1 .
1
You can download the zip file https://comp445.github.io/wireshark-labs/wireshark-traces.zip and extract

2
 Figure 2: Wireshark Display after HTTP-wireshark-file1.html has been retrieved by your browser.

The example in Figure 2 shows in the packet-listing window that two HTTP messages were captured:
the GET message (from your browser to the web server) and the response message from the server
to your browser. The packet-contents window shows details of the selected message (in this case, the
HTTP OK message, highlighted in the packet-listing window). Recall that since the HTTP message was
carried inside a TCP segment, which was held inside an IP datagram, which was held within an Ethernet
frame, Wireshark displays the Frame, Ethernet, IP, and TCP packet information. We want to minimize
the amount of non-HTTP data displayed (we are interested in HTTP here and will be investigating these
other protocols in later labs), so make sure the boxes at the far left of the Frame, Ethernet, IP and
TCP information have a plus sign or a right-pointing triangle (which means there is hidden, undisplayed
information), and the HTTP line has a minus sign or a down-pointing triangle (which means that all
information about the HTTP message is displayed).

By looking at the information in the HTTP GET and response messages, answer the following questions.
When answering any questions in this lab, describe your work. You don’t need to provide screenshots for
everything, but we need to ensure you understand your answers. That’s a difficult task, given that your
particular network capture will be unique. We cannot check your understanding if you only give us a
number (or whatever). If we cannot check your understanding, we cannot give you marks for it. So,
please describe your answer, where you found it, and/or how you obtained it. You are encouraged to
provide a screenshot if that helps clarify where you got the answer.
1. [2 marks] Is your browser running HTTP version 1.0, 1.1, or 2? What version of HTTP is the
server running?

2. [2 marks] What languages (if any) does your browser indicate that it can accept to the server?

3. [2 marks] What was the round-trip time for the request (i.e. time between sending the request
and capturing the response)?

4. [2 marks] What status code is returned to your browser from the server?

5. [2 marks] When was the HTML file you are retrieving last modified at the server?
the trace file http-wireshark-trace1-1. These trace files can answer these Wireshark lab questions without capturing packets
on your own. Each trace was made using Wireshark running on one of the author’s computers while performing the steps
indicated in the Wireshark lab. Once you have downloaded a trace file, you can load it into Wireshark and view it using the
File pull-down menu, choose Open, and then select the trace file name. The resulting display should look similar to Figure 2
(for the http-wireshark-trace1-1 trace file for this HTTP lab). The Wireshark user interface displays a bit differently on
different operating systems and in other versions of Wireshark.

3
 6. [2 marks] How many bytes of content are being returned to your browser?

7. [2 marks] By inspecting the raw data in the packet content window, do you see any headers within
the data that are not displayed in the packet-listing window? If so, name one.

Task 2: The HTTP CONDITIONAL GET/response interaction

Most web browsers perform object caching and thus often perform a conditional GET when retrieving
an HTTP object. Before performing the steps below, ensure your browser’s cache is empty. Now do the
following:

• Start up your web browser and make sure your browser’s cache is cleared, as discussed above.

• Start up the Wireshark packet sniffer

• Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP

-wireshark-file2.html. Your browser should display a very simple five-line HTML file.

• Quickly enter the same URL into your browser again (or select the refresh button on your browser).

• Stop Wireshark packet capture, and enter “http” (again, in lower case without the quotation marks)
in the display-filter-specification window so only captured HTTP messages will be displayed later
in the packet-listing window.

If you’re unable to run Wireshark on a live network connection (or unable to get your browser to issue an
If-Modified-Since field on the second HTTP GET request), you can download a packet trace that was
created when the steps above were followed2

Answer the following questions:

8. [2 marks] Inspect the contents of the first HTTP GET request from your browser to the server.
Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?

9. [4 marks] Inspect the contents of the server response. Did the server explicitly return the contents
of the file? How can you tell?

10. [2 marks] Now inspect the contents of the second HTTP GET request from your browser to the
server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET?3 If so, what information
follows the “IF-MODIFIED-SINCE:” header?

11. [3 marks] What is the HTTP status code and phrase returned from the server in response to this
second HTTP GET? Did the server explicitly return the contents of the file? Explain.

Task 3: Retrieving Long Documents

Let us see what happens when we download a long HTML file. Do the following:

• Start up your web browser and make sure your browser’s cache is cleared, as discussed above.

• Start up the Wireshark packet sniffer.

2
If you’re unable to run Wireshark on a live network connection, you can download the zip file https://comp445.gith
ub.io/wireshark-labs/wireshark-traces.zip and extract the trace file http-wireshark-trace2-1.
3
Hint: ideally, you should see an If-Modified-Since header since you’ve just downloaded this page a few seconds ago.
However, depending on the browser you’re using and the format of the server’s earlier response to your initial GET, your
browser may not include an If-Modified-Since even if the document has been downloaded and cached. The Chrome browser
is pretty good at regularly using If-Modified-Since. But Safari and Firefox are much more finicky about when to use If-
Modified-Since. Life is not always as easy in practice as it is in theory!

4
 • Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP
-wireshark-file3.html. Your browser should display the rather lengthy US Bill of Rights.

• Stop Wireshark packet capture, and enter “http” in the display-filter-specification window so that
only captured HTTP messages will be displayed.

In the packet-listing window, you should see your HTTP GET message, followed by a multiple-packet
TCP response to your HTTP GET request. Ensure your Wireshark display filter is cleared so the multi-
packet TCP response will be displayed in the packet listing.

This multiple-packet response deserves a bit of explanation. Recall that the HTTP response message
consists of a status line, followed by header lines, followed by a blank line, followed by entity-body. In
the case of our HTTP GET, the entity-body in the response is the entire requested HTML file. In our
case, the HTML file is rather long and, at 4500 bytes, is too large to fit in one TCP packet. The single
HTTP response message is thus broken into several pieces by TCP, each contained within a separate
TCP segment. In recent versions of Wireshark, Wireshark indicates each TCP segment as a separate
packet, and the fact that the single HTTP response was fragmented across multiple TCP packets is
indicated by the “TCP segment of a reassembled PDU” in the Info column of the Wireshark display.

Answer the following questions4 :

12. [2 marks] How many HTTP GET request messages did your browser send?

13. [2 marks] Which packet number in the trace contains the status code and phrase associated with
the response to the HTTP GET request?

14. [2 marks] What is the status code and phrase in the response?

15. [3 marks] How many data-containing TCP segments were needed to carry the single HTTP re-
sponse?

16. [6 marks] How many bytes of overhead were generated in TCP to transport the response? What
percentage is the TCP overhead of the entire TCP + HTTP + Data transmission? (Yes, we
deliberately ignore IP and Ethernet for this question). Make sure to explain what you think is
overhead.

Task 4: HTML Documents with Embedded Objects

Now that we have seen how Wireshark displays the captured packet traffic for large HTML files, we can
look at what happens when your browser downloads a file with embedded objects, i.e., a file that includes
other objects (in the example below, image files) that are stored on another server(s). Do the following:

• Start up your web browser and make sure your browser’s cache is cleared, as discussed above.

• Start up the Wireshark packet sniffer.

• Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HT

TP-wireshark-file4.html. Your browser should display a short HTML file with two images.
These two images are referenced in the base HTML file. That is, the images themselves are not
contained in the HTML; instead, the URLs for the images are included in the downloaded HTML
file. Your browser will have to retrieve these image files from the indicated websites using separate
GET requests. The publisher’s logo is retrieved from the gaia.cs.umass.edu website. The image
of the 8th edition cover (one of our favourite covers) is stored on a server in France.
4
If youare unable to run Wireshark on a live network connection, you can download the zip file https://comp445.gith
ub.io/wireshark-labs/wireshark-traces.zip and extract the trace file http-wireshark-trace3-1

5
 • Stop Wireshark packet capture, and enter “http” in the display-filter-specification window to display
only captured HTTP messages.

Answer the following questions5 :

17. [5 marks] How many HTTP GET request messages did your browser send? To which Internet
addresses were these GET requests sent?

18. [5 marks] Can you tell whether your browser downloaded the two images serially or downloaded
them from the two websites in parallel? Explain.

5
If you’re unable to run Wireshark on a live network connection, you can download the zip file https://comp445.gith
ub.io/wireshark-labs/wireshark-traces.zip and extract the trace file http-wireshark-trace4-1.