Yu Cheng (Jade) ICS 351 Lab Report extra-credit lab December 14, 2008 [Exercise 1-3] We connected the ethernet interfaces of the PC1 and PC2. We used the following commands to configure the interfaces of the PCs: on PC1: `ifconfig eth0 10.0.1.11/24` on PC2: `ifconfig eth1 10.0.1.22/24` We moved the my .html files and the images from the flash drive to the following directory on PC1. on PC1 /var/www/html We then started the Apache web server on PC1 using command: on PC1: `/etc/rc.d/init.d/http start` We were able to browse (Konqueror) the prepared web pages on the local host using URL: on PC1 "http://10.0.0.11/page1.html" Question 1: How many requests were sent on the first connection? How many replies? Was there only one TCP connection, or more than one? If there was more than one request, what web content was requested by the different requests? We saved the wireshark captured network traffic as file ex3-1.wireshark while we browsing the page on the local host. There were 2 http requests and 2 http replies sent. There were 4 TCP connections . One requests was to request the text of the page, the other one was to request the image of that page. I've attached below the packets summeraies. --------------------------- from PC1 using Konqueror --------------------------- No. Time Source Destination Protocol Info 4 0.000931 10.0.0.11 10.0.0.11 HTTP GET /page1.html HTTP/1.1 6 0.001843 10.0.0.11 10.0.0.11 HTTP HTTP/1.1 200 OK (text/html) 15 0.451107 10.0.0.11 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 17 0.452012 10.0.0.11 10.0.0.11 HTTP HTTP/1.1 200 OK (JPEG JFIF image) -------------------------------------------------------------------------------- We repeated the previous step using firefox and saved the captured wireshark network traffic as file ex3-2.wireshark. Question 2: How many requests were sent on the first connection? How many replies? Was there only one TCP connection, or more than one? If there was more than one request, what web content was requested by the different requests? There were 3 http requests and 3 http replies sent. There were 6 TCP connections. One request was for the text, one was for the image, and the last one was for the favicon. I've attached below the packets summeraies. ---------------------------- from PC1 using firefox ---------------------------- No. Time Source Destination Protocol Info 4 0.000078 10.0.0.11 10.0.0.11 HTTP GET /page1.html HTTP/1.1 6 0.000137 10.0.0.11 10.0.0.11 HTTP HTTP/1.1 200 OK (text/html) 14 0.130735 10.0.0.11 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 16 0.131601 10.0.0.11 10.0.0.11 HTTP HTTP /1.1 200 OK (JPEG JFIF image) 28 3.681689 10.0.0.11 10.0.0.11 HTTP GET /favicon.ico HTTP/1.1 30 3.682652 10.0.0.11 10.0.0.11 HTTP HTTP/1.1 404 Not Found (text/html) -------------------------------------------------------------------------------- Question 3: compare the two request headers (for the main page) and the two response headers, and find out if they were the same or different. One header indicates that the request was to request the text part of the page: GET /page1.html HTTP/1.1. The other header indicates that the request was to request the image part of the page: GET /Garfield3-1.jpg HTTP/1.1. The cooresponding replies were to answer their requests. There for one reply answered that the text sent through successfully: HTTP/1.1 200 OK (text/html) The other reply answered that the image sent through successfully: HTTP /1.1 200 OK (JPEG JFIF image). [Exercise 4-6] We then repeated the previous two steps from PC2. First, we use Konqueror. Question 1: How many requests were sent on the first connection? How many replies? Was there only one TCP connection, or more than one? If there was more than one request, what web content was requested by the different requests? We obsered 2 http requests, 2 http replies, and 4 TCP connections. They were also request and reply for the text part of the page and request and reply for the image part of the page. I've attached the packets summeraies. --------------------------- from PC2 using Konqueror --------------------------- No. Time Source Destination Protocol Info 4 0.001140 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 8 0.002607 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 17 0.456476 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 71 0.462003 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (JPEG JFIF image) -------------------------------------------------------------------------------- Then we did the same thing using firefox as the browser instead of Konqueror. Question 2: How many requests were sent on the first connection? How many replies? Was there only one TCP connection, or more than one? If there was more than one request, what web content was requested by the different requests? This time we didn't abserve the http request for fivicon. We observed again 2 http requests, 2 http replies and 4 TCP connections. ---------------------------- from PC2 using firefox ---------------------------- No. Time Source Destination Protocol Info 4 0.000052 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 8 0.001330 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 16 0.038473 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 70 0.043911 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (JPEG JFIF image) -------------------------------------------------------------------------------- Question 3: compare the two request headers (for the main page) and the two response headers, and find out if they were the same or different. The request and reply packets came as pairs. One pair for the transmission of the text part of the page, and another pair for the transmission of the image of the page. These were the same for both this exercise and the previous one. [Exercise 7] We had the browser sent a request that didn't correspond to any actual URL. We did it by typing in a URL that did not exist. We didn't save the wireshark output, so I did it again at home. I've attached the packets summeraies. ---------------------------- from PC2 using firefox ---------------------------- No. Time Source Destination Protocol Info 8 6.380782 192.168.1.100 128.171.94.193 HTTP GET /~yucheng/aha HTTP/1.1 10 6.398359 128.171.94.193 192.168.1.100 HTTP HTTP/1.1 404 Not Found (text/html) -------------------------------------------------------------------------------- [Exercise 8] We didn't observe the connection termination. The server was supposed to close the TCP connecton after the timeout timer, which was set to 5 minutes. I tried this exercise at home. After about 20 seconds, I observed that the server sent out [FIN] packet to request terminating the connection. ---------------------- from home computuer using firefox ---------------------- No. Time Source Destination Protocol Info 71 21.407276 128.171.94.193 192.168.1.100 TCP http > 2825 [FIN, ACK] (server) (client) Seq=9193 Ack=785 72 21.407354 192.168.1.100 128.171.94.193 TCP 2825 > http [ACK] (client) (server) Seq=785 Ack=9194 -------------------------------------------------------------------------------- [Exercise 9] Question 1: Does the browser reload the root web page before going to the link you clicked on? No, the browser didn't reload the root page, it sent out the request for the linked page directly For example, I've attached the requests and replies when we clicked page 2's link from page 1. ----------------------------------- from PC2 ----------------------------------- No. Time Source Destination Proto Info 6 0.000567 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 8 0.001725 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 16 0.052191 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 18 0.053173 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (JPEG JFIF image) 26 26.966704 10.0.0.22 10.0.0.11 HTTP GET /page2.html HTTP/1.1 30 26.968135 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 38 27.057187 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-2.jpg HTTP/1.1 92 27.062663 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (JPEG JFIF image) -------------------------------------------------------------------------------- Question 2: Return to the root web page. Does the browser reload it from the server, or does it use a copy that it cached internally? No, the browser didn't reload the root page when we returned to it. It used a copy that is cached internally. For example, I've attached the packets we captured when we went back from page 3 to page 1. The replies indicates that the contents of the page was not changed. The browser used the cached information of page 1. ----------------------------------- from PC2 ----------------------------------- No. Time Source Destination Prot Info 6 0.000567 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 8 0.001725 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 16 0.052191 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 18 0.053173 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (JPEG JFIF image) : : : : : : : : : : : : 171 157.355498 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 173 157.356620 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 304 Not Modified 181 157.396900 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 183 157.397972 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 304 Not Modified -------------------------------------------------------------------------------- Question 3: How many times did you have to reload it for that to happen? We clicked refresh on page 1 quite some times. All we observed was the Not Modified reply and the browser didn't reload the page. Therefore used Ctrl-F5 to force the browser to reload the page. I've copied the packets's summeraies and the fields in the http request header indicating not to use cache. ----------------------------------- from PC2 ----------------------------------- No. Time Source Destination Prot Info : : : : : : : : : : : : 332 356.941511 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 334 356.942591 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 304 Not Modified 342 356.982010 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 344 356.982988 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 304 Not Modified 352 366.891977 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 356 366.893393 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 364 366.934241 10.0.0.22 10.0.0.11 HTTP GET /Garfield3-1.jpg HTTP/1.1 418 366.939703 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (JPEG JFIF image) ---------------------------- http request header ------------------------------- GET /page1.html HTTP/1.1\r\n Host: 10.0.0.11\r\n : : Pragma: no-cache\r\n Cache-Control: no-cache\r\n -------------------------------------------------------------------------------- [Exercise 10] We tried the load a page that didn't exist on our serer and save the wireshark captured network traffic as file ex10.wireshark. I've attached below the relavent information. The http reply also sent back the html contents for the 404 error page. ----------------------------------- from PC2 ----------------------------------- No. Time Source Destination Prot Info 4 0.000262 10.0.0.22 10.0.0.11 HTTP GET /page4.html HTTP/1.1 6 0.001547 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 404 Not Found (text/html) ------------------------------- http reply header ------------------------------ HTTP/1.1 404 Not Found\r\n ==> server couldn't find the request Date: Fri, 12 Dec 2008 03:35:53 GMT\r\n ==> the date and time Server: Apache/2.2.8 (Fedora)\r\n ==> the web server Content-Length: 282 ==> the content length of the packet Connection: close\r\n ==> connection was closed Content-Type: text/html; ==> this reply contents is text charset=iso-8859-1\r\n \r\n -------------------------------------------------------------------------------- [Exercise 11] We used the text based browser (Links) to browse our pages. We saved the wireshark captured network traffic as file ex11.wireshark. The main difference was that the browser didn't even try to request for the images. I've attached the packets's summeraies for loading page 1 and page 2. ----------------------------------- from PC2 ----------------------------------- No. Time Source Destination Prot Info 4 0.000210 10.0.0.22 10.0.0.11 HTTP GET /page1.html HTTP/1.1 8 0.001041 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) 16 59.865670 10.0.0.22 10.0.0.11 HTTP GET /page2.html HTTP/1.1 20 59.867087 10.0.0.11 10.0.0.22 HTTP HTTP/1.1 200 OK (text/html) -------------------------------------------------------------------------------- When we clicked on the image links, we saw a list of options that we could do to handle this image. I did it at home. The message window was: ------------------ message window for images on Links brwoser ------------------ Uknown type Content type is image/gif. Do you want to save or display this file? Options: [save] [Display] [Cancel] -------------------------------------------------------------------------------- [Exercise 12] We telneted PC1 port 80 from PC2 using command `telnet 10.0.0.11 80`. We typed in the http request header below to try to communicate with the server, PC1. GET / http /1.1 host: 10.0.0.11 (or anything else) We successfully connected with PC1. We can also do `GET /page1.html http /1.1` to get the contents of the page directly. We repeated the exercise using HEAD. HEAD / http /1.1 host: 10.0.0.11 (or anything else) -------------------------------------------------------------------------------- HEAD / HTTP/1.1 HOST: 10.0.0.11 HTTP/1.1 200 OK Date: Fri, 12 Dec 2008 03:58:58 GMT Server: Apache/2.2.8 (Fedora) Connection: close Content-Type: text/html;charset=ISO-8859-1 -------------------------------------------------------------------------------- The result contains only the http reply header this time. Nothing about the directory of the pages were returned. [Exercise 14] We don't want the KeepAliveTimeout field to be too long. To have the connection open far too long can be a security issue. -------------------------------------------------------------------------------- # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 -------------------------------------------------------------------------------- [Exercise 15] We added these two entries in the httpd configuration file. We also added "PC1" and "PC5" in the /etc/host file. We mapped these two names with a different IP address. One set of .html files and images were in the directory /var/www/html. The other set of .html files and images were in the directory /var/www/webpages. -------------------------------------------------------------------------------- <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/webpages/ ServerName PC1 ErrorLog /var/log/dummy-host.example.com-error_log CustomLog /var/log/dummy-host.example.com-access_log common </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html/ ServerName PC5 ErrorLog /var/log/dummy-host.example.com-error_log CustomLog /var/log/dummy-host.example.com-access_log common </VirtualHost> -------------------------------------------------------------------------------- After this configuration. We were able to view the pages on both PC1 and PC2 using their vitural host names. on PC1 URL: http://PC5/page1.html (this is a file in /var/www/html) on PC1 URL: http://PC1/ics351.html (this is a file in /var/www/webpages) on PC2 URL: http://PC5/page1.html on PC2 URL: http://PC1/ics351.html