Classroom Public page

Lab 9-1: HTTP GET Trace

387 words

Course: NET-101, Week 9 Time: ~45 minutes (paired with lab-9-2 for one 90-minute session) Tools: Academy pcap-tools workbench at /pcap-tools/; terminal with curl Captures: fundamentals-http-get.pcap, http-get.pcap

Part 1: Read a complete HTTP/1.1 conversation (~25 minutes)

Load fundamentals-http-get.pcap in pcap-tools. Apply http to see only the HTTP application-layer packets (the TCP handshake and teardown packets will be hidden by this filter; that is expected).

Exercise 1.1 -- The HTTP GET request:

Click the packet containing the HTTP GET request. Expand "Hypertext Transfer Protocol" in the packet detail pane.

  1. What is the Request Method?
  2. What is the Request-URI (the path)?
  3. What is the HTTP version?
  4. What Host header value is present?
  5. What User-Agent header value is present?
  6. What Accept header value is present?
  7. What Connection header value is present? What does it mean?

Exercise 1.2 -- The HTTP 200 OK response:

Click the packet containing the HTTP response.

  1. What is the Response Code?
  2. What is the Content-Type header?
  3. What is the Content-Length header value in bytes?
  4. What is the response body? (You may read it in hex in the packet bytes pane; it should be a short text string.)
  5. Does the response include a Server header? If so, what does it say?

Part 2: Compare to the Wireshark sample (~15 minutes)

Load http-get.pcap (the upstream-mirrored Wireshark sample).

Apply http.

  1. What URL (Host + URI) is being requested?
  2. What is the User-Agent header value? Is this a real browser or a tool?
  3. What HTTP status code does the response carry?
  4. How many TCP segments carry the response body? (Remove the http filter and look at the full packet list; count packets with HTTP data going from server to client after the 200 OK.)

Part 3: Live curl inspection (~10 minutes)

In your terminal:

curl -v --http1.1 https://virtuscyberacademy.org/ 2>&1 | head -50

(The 2>&1 redirects curl's verbose output, which goes to stderr, into stdout so you can pipe it.)

  1. What is the status code in the response?
  2. List at least 5 response headers you see.
  3. One of the headers should be a security-related header (look for Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, or similar). Write down its full value.
  4. Why does curl -v show TLS handshake information before the HTTP response when connecting to an HTTPS URL?

Artifact

Create lab-9-1.md in your net-101/ Git repo with:

  • Answers to all questions
  • The relevant curl output

Commit with a meaningful commit message.