Upload
caron
View
43
Download
0
Embed Size (px)
DESCRIPTION
實驗四 網路協定觀察與分析. Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU. Outline. Sniffer Introduction NetXRay Operation Guide HTTP Protocol Overview Protocol Analysis Example (HTTP) Experiment Requirements. - PowerPoint PPT Presentation
Citation preview
實驗四
網路協定觀察與分析Instructor:
Teaching Assistant:
1998/12/7
High Speed Network lab.
Department of Computer Information Science, NCTU
Outline
• Sniffer Introduction
• NetXRay Operation Guide
• HTTP Protocol Overview
• Protocol Analysis Example (HTTP)
• Experiment Requirements
SnifferOperationGuide
E x p ert M o d e F o cu s M o d e C lass ic M o d e
P ro to co l In terp reters
C a p tu r eF ilte r
C la ss ic & E x p e r tD isp la yF ilte r s
T rig g e rD e te c to r
C la ssic C a p tu re v iew s
D isp la y V iew sE x p ert O v erv iew
T ra fficG e n e ra to r
F 3
F 3
F 1 0
A d a p ter C a rd
C a p tu re B u ffer
O b jectD a ta b a se
D isk F ileP rin ter
D isca rd
D isca rd
C a p tu reF ro m< F ile>O p tio n
N etw o rk s
NetXRay Operation Guide
設定封包位址
設定封包樣版
設定封包採用的協定
單一封包資料圖
封包流向圖
協定分佈圖
封包大小分佈圖
主機流量統計表
HTTP Overview
• Application-level, distributed, collaborative, hypermedia information system.
• HTTP/0.9 (1990) : raw data transfer• HTTP/1.0 (RFC1945) : MIME-like message• HTTP/1.1 (RFC2068) : persistent connection, caching,
hierarchical proxies, new methods….• HTTP-NG• HDTP• Push (WebCasting), ICP(Internet Cache Protocol),….
HTTP Overview (cont’)
client A
Webserver
Proxy
client B
Multipurpose Internet Mail Extension -- MIME
• Non-textual data --> RFC 822 (7 bit)
MIME-type 1. Textual message bodies other than US-ASCII 2. Textual header information other than US-ASCII 3. Non-textual message part 4. Multi-part message bodies
Protocol Parameters
• HTTP version
• URI (Uniform Resource Identifiers)
• Date/Time
• Character sets
• Content coding
• Transfer coding
• Media types
Persistent Connections
• Separate TCP connection (HTTP/1.0) : increasing HTTP server load and traffic load
• Default behavior of HTTP/1.1
• Either client or server close connection by : Connection : close
• Pipelined requests/responses within a connection
HTTP messages Generic message format = request-line | response-line *message-header CRLF [message body]
• request-line = Method SP Request-URI SP HTTP-Version CRLF• response-line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
HTTP messages -- Methods• OPTION : request for information about the
communication options available on the request/response chain
• GET : retrieve information
• HEAD : retrieve information (test hypertext links for validity, accessibility, and recent modification)
• POST : subordinate to a directory, newsgroup, database...
• PUT : store entity
• DELETE : delete entity
• TRACE : see what is being received at the other end of the request chain
HTTP messages -- Status Codes
• 1XX : Informational
• 2XX : Success
• 3XX : Redirection (further actions needed)
• 4XX : Client error
• 5XX : Server error Examples. 100 : Continue201 : Created302 : Multiple choices403 : Forbidden504 : Gateway time-out
Access Authentication
• Basic authentication scheme– WWW-authenticate header, Authorization
header– base64 coding of user-pass
• Digest authentication scheme (RFC2069)
Security Considerations
• Authentication of clients
• Offering a choice of authentication schemes
• Abuse of server log information
• Attacks based on file & path names (“..”)
• Personal information
• DNS spoofing
• Transfer of sensitive information (Server, Via, Referer, From header)
Caching• Reduces the number of network round-trips and
bandwidth requirement• Semantic transparency • Expiration model
– age, expiration(lifetime) calculation• Validation model
– cache validator (Last-Modified header)• Response cachability : 200, 203, 206, 300, 301, 410• Cache control mechanism
Caching
• Cache control– Cache control header 1. What is cachable 2. Expiration mechanism modify 3. Cache revalidation & reload control 4. Entity transform
Related RFC list
• RFC822 : Standard for the Format of ARPA Internet Text Message
• RFC1630 : Universal Resource Identifier in WWW
• RFC1700 : Assigned Numbers
• RFC1738 : Universal Resource Locators
• RFC1808 : Relative Uniform Resource Locators
• RFC1945 : Hypertext Transfer Protocol -- HTTP/1.0
• RFC2045 : MIME part one
• RFC2047 : MIME part three
• RFC2069 : Digest Access Authentication
HTTP ProtocolExample
設定擷取封包位址
設定擷取封包協定
HTTP Protocol Example (cont’)
交通大學首頁 校園公告
存取校園公告所產生的 HTTP協定封包
第一個 HTTP封包內容
第二個 HTTP封包內容
第三個 HTTP封包內容
第四個 HTTP封包內容
第五個 HTTP封包內容
第六個 HTTP封包內容
網路協定列表:• HTTP必須列入實驗觀察對象。另外,各位同學可以從下列協定中選擇另一個協定作為觀察與分析的對象,所有 RFC可由 [1]或 NCTUCCCA取得。由於 ARP協定的分析流程已詳述在實驗報告範例,所以這個協定〝不可〞列入實驗報告觀察對象。
SNMP 、 ARP 、 RARP 、 DNS 、 SMTP 、 RPC 、 RIP 、 HTTP 、 DVMRP 、 POP3 、 NFS以及NetBIOS等。
實驗報告要求:•實驗報告應該包括下列項目:實驗名稱、組員與系級、實驗目的、設備與操作環境、所觀察協定之背景知識、方法與步驟、觀察與紀錄、討論(針對問題與討論的項目回答,或自行提出問題並討論之)及參考書目。報告篇幅限定為 8~10頁 (A4),一律繳交雷射或噴墨列印之完稿。