Juliane Turcovic Guedes

1. The Basic HTTP GET/response interaction

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?

Both of them are working with HTTP 1.1

2. What languages (if any) does your browser indicate that it can accept to the server?

The languages accept to the server are pt-BR,pt;q=0.6,en;q=0.4\r\n

3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?

My IP address is 144.13.133.189 and of the server is 128.189.245.12

4. What is the status code returned from the server to your browser?
(same image question 01)
The status code returned is 200 OK

5. When was the HTML file that you are retrieving last modified at the server?

Last-Modified: Tue, 23 Sep 2014 18:11:01 GMT\r\n

6. How many bytes of content are being returned to your browser?

Content-Length: 128 bytes


7. By inspecting the raw data in the packet content window, do you see any headers within the data
that are not displayed in the packet-listing window? If so, name one.
no, I dont see any in the HTTP Message

PS: I put attached in the zip file the file text that would have the answers, but I used the print screen.

2. The HTTP CONDITIONAL GET/response interaction

8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an
IF-MODIFIED-SINCE line in the HTTP GET?
No. Time Source Destination
Protocol Length Info
8 2014-09-23 16:55:18.937909000 144.13.176.21
128.119.245.12 HTTP 571 GET /wireshark-labs/HTTP-
wireshark-file2.html HTTP/1.1

Frame 8: 571 bytes on wire (4568 bits), 571 bytes captured
(4568 bits) on interface 0
Interface id: 0 (\Device\NPF_{D874F814-4F81-449E-B392-
B416AE60D65C})
Encapsulation type: Ethernet (1)
Arrival Time: Sep 23, 2014 16:55:18.937909000 Central
Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1411509318.937909000 seconds
[Time delta from previous captured frame: 0.000132000
seconds]
[Time delta from previous displayed frame: 0.000000000
seconds]
[Time since reference or first frame: 6.360319000 seconds]
Frame Number: 8
Frame Length: 571 bytes (4568 bits)
Capture Length: 571 bytes (4568 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1), Dst:
00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
Destination: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
Address: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
Address: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 144.13.176.21
(144.13.176.21), Dst: 128.119.245.12 (128.119.245.12)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default;
ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default
(0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not
ECN-Capable Transport) (0x00)
Total Length: 557
Identification: 0x5d85 (23941)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xe59e [validation disabled]
[Good: False]
[Bad: False]
Source: 144.13.176.21 (144.13.176.21)
Destination: 128.119.245.12 (128.119.245.12)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 50354 (50354), Dst
Port: 80 (80), Seq: 1, Ack: 1, Len: 517
Source Port: 50354 (50354)
Destination Port: 80 (80)
[Stream index: 0]
[TCP Segment Len: 517]
Sequence number: 1 (relative sequence number)
[Next sequence number: 518 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 68
[Calculated window size: 17408]
[Window size scaling factor: 256]
Checksum: 0xaa99 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.043447000 seconds]
[Bytes in flight: 517]
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file2.html
HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-labs/HTTP-
wireshark-file2.html HTTP/1.1\r\n]
[GET /wireshark-labs/HTTP-wireshark-file2.html
HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /wireshark-labs/HTTP-wireshark-file2.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
Cache-Control: max-age=0\r\n
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/
webp,*/*;q=0.8\r\n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/37.0.2062.120 Safari/537.36\r\n
Accept-Encoding: gzip,deflate,sdch\r\n
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4\r\n
If-None-Match: "d6c96-173-9754a940"\r\n
If-Modified-Since: Tue, 23 Sep 2014 21:53:01 GMT\r\n
\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-
labs/HTTP-wireshark-file2.html]
[HTTP request 1/2]
[Response in frame: 10]
[Next request in frame: 729]
There is no IF-MODIFIED-SINCE in the first GET
9. Inspect the contents of the server response. Did the server explicitly return the contents of the file?
How can you tell?
No. Time Source Destination
Protocol Length Info
10 2014-09-23 16:55:18.984503000 128.119.245.12
144.13.176.21 HTTP 726 HTTP/1.1 200 OK
(text/html)

Frame 10: 726 bytes on wire (5808 bits), 726 bytes
captured (5808 bits) on interface 0
Interface id: 0 (\Device\NPF_{D874F814-4F81-449E-
B392-B416AE60D65C})
Encapsulation type: Ethernet (1)
Arrival Time: Sep 23, 2014 16:55:18.984503000 Central
Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1411509318.984503000 seconds
[Time delta from previous captured frame:
0.000778000 seconds]
[Time delta from previous displayed frame:
0.046594000 seconds]
[Time since reference or first frame: 6.406913000
seconds]
Frame Number: 10
Frame Length: 726 bytes (5808 bits)
Capture Length: 726 bytes (5808 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http:data-text-
lines]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00),
Dst: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
Destination: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
Address: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
Source: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
Address: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 128.119.245.12
(128.119.245.12), Dst: 144.13.176.21 (144.13.176.21)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default;
ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint:
Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT
(Not ECN-Capable Transport) (0x00)
Total Length: 712
Identification: 0x8e7c (36476)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x030d [validation disabled]
[Good: False]
[Bad: False]
Source: 128.119.245.12 (128.119.245.12)
Destination: 144.13.176.21 (144.13.176.21)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port:
50354 (50354), Seq: 1, Ack: 518, Len: 672
Source Port: 80 (80)
Destination Port: 50354 (50354)
[Stream index: 0]
[TCP Segment Len: 672]
Sequence number: 1 (relative sequence number)
[Next sequence number: 673 (relative sequence
number)]
Acknowledgment number: 518 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not
set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 54
[Calculated window size: 6912]
[Window size scaling factor: 128]
Checksum: 0xec4f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.043447000 seconds]
[Bytes in flight: 672]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Date: Tue, 23 Sep 2014 21:55:21 GMT\r\n
Server: Apache/2.2.3 (CentOS)\r\n
Last-Modified: Tue, 23 Sep 2014 21:55:01 GMT\r\n
ETag: "d6c96-173-9e7bb740"\r\n
Accept-Ranges: bytes\r\n
Content-Length: 371\r\n
[Content length: 371]
Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=UTF-8\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.046594000 seconds]
[Request in frame: 8]
[Next request in frame: 729]
[Next response in frame: 730]
Line-based text data: text/html
\n
<html>\n
\n
Congratulations again! Now you've downloaded the file
lab2-2.html. <br>\n
This file's last modification date will not change. <p>\n
Thus if you download this multiple times on your
browser, a complete copy <br>\n
will only be sent once by the server due to the inclusion
of the IN-MODIFIED-SINCE<br>\n
field in your browser's HTTP GET request to the server.\n
\n
</html>\n
Yes, because they show a text that was returned in response to first GET. (Bold part in green)

10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do
you see an IF-MODIFIED-SINCE: line in the HTTP GET? If so, what information follows the
IF-MODIFIED-SINCE: header?
No. Time Source Destination
Protocol Length Info
729 2014-09-23 16:55:27.275048000 144.13.176.21
128.119.245.12 HTTP 545 GET /wireshark-
labs/HTTP-wireshark-file2.html HTTP/1.1

Frame 729: 545 bytes on wire (4360 bits), 545 bytes
captured (4360 bits) on interface 0
Interface id: 0 (\Device\NPF_{D874F814-4F81-449E-
B392-B416AE60D65C})
Encapsulation type: Ethernet (1)
Arrival Time: Sep 23, 2014 16:55:27.275048000 Central
Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1411509327.275048000 seconds
[Time delta from previous captured frame:
1.569405000 seconds]
[Time delta from previous displayed frame:
8.290545000 seconds]
[Time since reference or first frame: 14.697458000
seconds]
Frame Number: 729
Frame Length: 545 bytes (4360 bits)
Capture Length: 545 bytes (4360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1), Dst:
00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
Destination: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
Address: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
Source: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
Address: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 144.13.176.21
(144.13.176.21), Dst: 128.119.245.12 (128.119.245.12)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default;
ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint:
Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT
(Not ECN-Capable Transport) (0x00)
Total Length: 531
Identification: 0x5e41 (24129)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xe4fc [validation disabled]
[Good: False]
[Bad: False]
Source: 144.13.176.21 (144.13.176.21)
Destination: 128.119.245.12 (128.119.245.12)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 50354 (50354),
Dst Port: 80 (80), Seq: 518, Ack: 673, Len: 491
Source Port: 50354 (50354)
Destination Port: 80 (80)
[Stream index: 0]
[TCP Segment Len: 491]
Sequence number: 518 (relative sequence number)
[Next sequence number: 1009 (relative sequence
number)]
Acknowledgment number: 673 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not
set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 65
[Calculated window size: 16640]
[Window size scaling factor: 256]
Checksum: 0x0db3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.043447000 seconds]
[Bytes in flight: 491]
Hypertext Transfer Protocol
GET /wireshark-labs/HTTP-wireshark-file2.html
HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /wireshark-
labs/HTTP-wireshark-file2.html HTTP/1.1\r\n]
[GET /wireshark-labs/HTTP-wireshark-file2.html
HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /wireshark-labs/HTTP-wireshark-
file2.html
Request Version: HTTP/1.1
Host: gaia.cs.umass.edu\r\n
Connection: keep-alive\r\n
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,im
age/webp,*/*;q=0.8\r\n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/37.0.2062.120 Safari/537.36\r\n
Accept-Encoding: gzip,deflate,sdch\r\n
Accept-Language: pt-BR,pt;q=0.8,en-
US;q=0.6,en;q=0.4\r\n
If-None-Match: "d6c96-173-9e7bb740"\r\n
If-Modified-Since: Tue, 23 Sep 2014 21:55:01 GMT\r\n
\r\n
[Full request URI: http://gaia.cs.umass.edu/wireshark-
labs/HTTP-wireshark-file2.html]
[HTTP request 2/2]
[Prev request in frame: 8]
[Response in frame: 730]
There is an If-Modified-Since in the second HTTP GET and the information they give is Tue,
23 Sep 2014 21:55:01 GMT\r\n

11. What is the HTTP status code and phrase returned from the server in response to this second
HTTP GET? Did the server explicitly return the contents of the file? Explain.
No. Time Source Destination
Protocol Length Info
730 2014-09-23 16:55:27.320476000 128.119.245.12
144.13.176.21 HTTP 235 HTTP/1.1 304 Not
Modified

Frame 730: 235 bytes on wire (1880 bits), 235 bytes
captured (1880 bits) on interface 0
Interface id: 0 (\Device\NPF_{D874F814-4F81-449E-
B392-B416AE60D65C})
Encapsulation type: Ethernet (1)
Arrival Time: Sep 23, 2014 16:55:27.320476000 Central
Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1411509327.320476000 seconds
[Time delta from previous captured frame:
0.045428000 seconds]
[Time delta from previous displayed frame:
0.045428000 seconds]
[Time since reference or first frame: 14.742886000
seconds]
Frame Number: 730
Frame Length: 235 bytes (1880 bits)
Capture Length: 235 bytes (1880 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00),
Dst: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
Destination: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
Address: a0:a8:cd:9f:23:f1 (a0:a8:cd:9f:23:f1)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
Source: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
Address: 00:0c:31:ca:98:00 (00:0c:31:ca:98:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 128.119.245.12
(128.119.245.12), Dst: 144.13.176.21 (144.13.176.21)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default;
ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint:
Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT
(Not ECN-Capable Transport) (0x00)
Total Length: 221
Identification: 0x8e7d (36477)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x04f7 [validation disabled]
[Good: False]
[Bad: False]
Source: 128.119.245.12 (128.119.245.12)
Destination: 144.13.176.21 (144.13.176.21)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port:
50354 (50354), Seq: 673, Ack: 1009, Len: 181
Source Port: 80 (80)
Destination Port: 50354 (50354)
[Stream index: 0]
[TCP Segment Len: 181]
Sequence number: 673 (relative sequence number)
[Next sequence number: 854 (relative sequence
number)]
Acknowledgment number: 1009 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not
set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 63
[Calculated window size: 8064]
[Window size scaling factor: 128]
Checksum: 0x5250 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 729]
[The RTT to ACK the segment was: 0.045428000
seconds]
[iRTT: 0.043447000 seconds]
[Bytes in flight: 181]
Hypertext Transfer Protocol
HTTP/1.1 304 Not Modified\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 304 Not
Modified\r\n]
[HTTP/1.1 304 Not Modified\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 304
Response Phrase: Not Modified
Date: Tue, 23 Sep 2014 21:55:30 GMT\r\n
Server: Apache/2.2.3 (CentOS)\r\n
Connection: Keep-Alive\r\n
Keep-Alive: timeout=10, max=99\r\n
ETag: "d6c96-173-9e7bb740"\r\n
\r\n
[HTTP response 2/2]
[Time since request: 0.045428000 seconds]
[Prev request in frame: 8]
[Prev response in frame: 10]
[Request in frame: 729]
The file has not been modified this time, so the text of the file was not returned in the HTTP
message, like we see above in the text in bold.

3. Retrieving Long Documents
12. How many HTTP GET request messages did your browser send? Which packet number in the
trace contains the GET message for the Bill or Rights?

The browser send one HTTP GET request message. And the packet number in the trace is 26.

13. Which packet number in the trace contains the status code and phrase associated with the
response to the HTTP GET request?
Packet number: 28.

14. What is the status code and phrase in the response?
200 OK in the packet number 33.

15. How many data-containing TCP segments were needed to carry the single HTTP response and
the text of the Bill of Rights?
Three packets, they are the numbers 28, 29 and 30.

4. HTML Documents with Embedded Objects

16. How many HTTP GET request messages did your browser send? To which Internet addresses
were these GET requests sent?

Four HTTP GET request messages (we see four but two of them is the same)
packet 141 in the trace to get the base file address: 128.119.245.12
packet 155 to get the 5th edition textbook cover address: 128.119.240.90
packet 158 to get the Pearson logo address: 165.193.140.14
packet 177 to get the 5th edition textbook cover address: 128.119.240.90

17. Can you tell whether your browser downloaded the two images serially, or whether they were
downloaded from the two web sites in parallel? Explain.
The downloads occurred in parallel. Note that the two GET messages for the images are in
packets 155 and 158. The 200OK reply containing the images show up as packets 171, and
267. Thus the request for the second image file (packet 155) was made BEFORE packet 171,
the first image file was received.








5 HTTP Authentication
18. What is the servers response (status code and phrase) in response to the initial HTTP GET
message from your browser?

Packet 20 in the trace contains the first GET and packet 22 contains the REPLY. The servers
in packet 22 is: 401 Authorization Required

19. When your browsers sends the HTTP GET message for the second time, what new field is
included in the HTTP GET message?

The HTTP GET includes the Authorization: Basic field