用Wireshark进行HTTP协议分析（精荐）

1、tcp/1p 实 验 报 告头验1用wireshark进行iittp协议分析学专班姓学院计算机学院 业网络工程 级 1班名刘小芳号 410090401272012.51.1实验性质木实验为操作分析性实验。1.2实验目的1. 掌握wireshark软件的基木使用方法。2. 掌握基本的网络协议分析方法。3. 使用wireshark抓包工具，分析http数据报的格式。4. 加深理解http协议的原理及其工作过程。1.3实验环境1. 硕件环境：pc机1台。2. 网络环境：pc机接入lan或intemeto物理地址：00e04c001678 ip 地址：19268.0.1313. 软件环境：window

2、s操作系统和wireshark软件。1.4实验学时2学时（90分钟）。1.5实验内容与要求1.5.1启动wireshark协议分析工具1.5.2抓取http数据包迢13 3.096708 128.23838.160 5 http 429 get / http/1.1+ frame 13: 429 bytes on wire (34 32 bits),429 bytes captured (34 32 bits)i+i ethernet iif src : ibm_10 : 60 : 99 (00 : 09 : 6b : 10 : 60 : 99) , dst: al 1

3、-hsrp-routers_0 十 internet protocol version 4f src: 60 (60), dst: 132 i*i transmission control protocol, src port: 3369 (3369), dst port: http (80) f (±)hypertext transfer protocoloooo 0010 0020 0030 004 0 0050 0060 0070 0080 0090 ooao oobo ooco oodo ooeo oofo 0100 0110

4、0120 0130 0140 0150 0160 0170 0180 0190 olaoofbcl780c9f303a74cled3c3d5094536772&66676267242474706c2dde525oe371obd5do7o3o24ao02052666226767606226352570729blf9 71dl54 c7 a o a2d326666667670509 eo a3d62442342coood74co3429911oe5e8541ofla40006727777666426662453264oooo a9dood9of363536 43oo e7 e c00500

5、662726766766667622276600271619c5ffel53efcaf65o7e90814466666666666666363337660 780d8f560d cg8a5592fbfo82bh o9156726772626276672362474w 54o49f5oto3o c3o73 a51544 afob 48556267277727266766665062® oob4o57 a eido4d c e373 c c e5d e am o ab5266666676226667 6664023h 8688a71ofoel28811o5c29e96e 02443667

6、6226776642566642660 9 e4o41df9 c4off3caaa997e54fd 9 e2276626262627403066523760 000f0d954cec7eldd7da400059a 682276667662766206077223660 o6do59o715643fc43e5flbb794d 140266266677766776666333670 b4643ocl33f ed96o594dool3e35 6 a5562266626666776747333266/pm.le 9-1-j g n1pu1.5.3分析http报文1. the basic http ge

7、t/response in teraction1. is your browser running http version 1.0 or 1.1? what version of http is the server running?http 1.12. what languages (if any) does your browser indicate that it can accept to the server?accept-language: zh-cnrn3. what is the ip address of your computer? of the gaia.cs.umas

8、 server?31128.238.3 8.1604. what is the status code returned from the server to your browser?200 ok5. when was the html file that you are retrieving last modified at the server20 may 2013 09:42:43 gmtrn6. how many bytes of content are being returned to your browser?4297. by inspectin

9、g the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? if so, name one.有2. the http conditional get/response interactionanswer the following questions:& inspect the contents of the first http get request from your

10、browser to the server. do you see an “ifmodifiedsince" line in the http get?有9. inspect the contents of the server response. did the server explicitly return the contents of the file? how can you tell?有 http/1.1 200 okrn10. now inspect the contents of the second http get request from your brows

11、er to the server. do you see an tfmodifiedsince:“ line in the http get? ifso, what information follows the “ifmodifiedsince:“ header?没有11. what is the http status code and phrase returned from the server in response to this second http get? did the server explicitly return the contents of the file?2

12、00 没有3. retrieving long documentsanswer the following questions:12. how many http get request messages were sent by your browser?113. how many data-containing tcp segments were needed to carry the single http response?414. what is the status code and phrase associated with the response to the http g

13、et request?code 200 phrase ok15. are there any http status lines in the transmitted data associated with a tcpinduced "continuation"?no1.6实验总结http协议工作原理http协议的主要特点可概括如下：l支持客户/服务器模式。2.简单快速：客户向服务器请求服务时，只需传送请求方法和路径。请求方法常川的有get、 head、posto每种方法规定了客户与服务器联系的类型不同。由于http协议简单，使得http服务器的程序规模小，因而通信速度很

14、快。3灵活：http允许传输任意类型的数据对象。正在传输的类型由content-type加以标记。4. 无连接：无连接的含义是限制每次连接只处理一个请求。服务器处理完客户的请求，并 收到客户的应答后，即断开连接。采用这种方式可以节省传输时间。5无状态：http协议是无状态协议。无状态是指协议对于事务处理没有记忆能力。缺少状 态意味着如果后续处理需要前面的信息，则它必须重传，这样可能导致每次连接传送的数据量 齟蟆a娥环矫妫诜衿鞅恍桦惹靶畔彼挠y鹑徒峡赚？.http办议除了tcp/ip协议，http可以说是最重要，r使用最多的网络协议了假设现在有一个html文件:http.html,存放在web服

15、务器上,其url为 文件内容为：html代码：<htinl><head>< titlohttp. html</title ></head><body>hello, http</hody></html>现在，一个用户通过ie访问该地址，ie首先将此地址的域名通过dns转换为一个ip地址，然后 通过一个web服务器开放的端口(默认为80,不为80需在域名后加上“:端口号"，例如 www:81)与具连接，然后传送一个类似这样的http请求(使用flashget等卜-载软件下 载文件时，在详细信息里也可

16、以看到类似的信息)：get/http.html ht7p/1.1accept: */*user-agent: mozilla/4.0 (compatible; ms1e.6.0; windows nt 5.1)pragma: no-cachecache-control: no-cacheconnection: close空行1请求的第一行为请求内容，表示通过get方法向服务器请求资源，/http.html为请求资源名称， http/1表示使用http协议，版本1.1。然后接下來的儿行称为请求信息的标头(header),其屮描 述了请求的一些信息，比如客户端浏览器标识等。最后一个空行表示请求结束。当web服务器接收到该请求时，服务器检查所请求的资源是否有效，且是否有相应的权限。如 果没冇问题，则服务器会传回类似如下的http响应信息：http/1.1 200 0kserver: microsoj卜iis/5.0date: thursday, march 31, 2005 17:15:23 gmtcontent-type: text/htmlcontent-length: 88空行<html><head></head><body>hello, http</body></html>其中第一行的“20（f是一个