Wireshark Lab: HTTP

Computer Networking: A Top-

th

Version: 2.0 (June 2007) down Approach, 4 edition.

© 2007 J.F. Kurose, K.W. Ross. All Rights Reserved

Having gotten our feet wet with the Wireshark packet sniffer in the introductory lab,

we’re now ready to use Wireshark to investigate protocols in operation. In this lab, we’ll

explore several aspects of the HTTP protocol: the basic GET/response interaction, HTTP

message formats, retrieving large HTML files, retrieving HTML files with embedded

objects, and HTTP authentication and security. Before beginning these labs, you might

want to review Section 2.2 of the text.

1. The Basic HTTP GET/response interaction

Let’s begin our exploration of HTTP by downloading a very simple HTML file - one that

is very short, and contains no embedded objects. Do the following:

1. Start up your web browser.

2. Start up the Wireshark packet sniffer, as described in the Introductory lab (but

don’t yet begin packet capture). Enter “http” (just the letters, not the quotation

marks) in the display-filter-specification window, so that only captured HTTP

messages will be displayed later in the packet-listing window. (We’re only

interested in the HTTP protocol here, and don’t want to see the clutter of all

captured packets).

3. Wait a bit more than one minute (we’ll see why shortly), and then begin

Wireshark packet capture.

4. Enter the following to your browser

/wireshark-labs/HTTP-wireshark-file1.html

Your browser should display the very simple, one-line HTML file.

5. Stop Wireshark packet capture.

Your Wireshark window should look similar to the