實驗四

網路協定觀察與分析Instructor:

Teaching Assistant:

1998/12/7

High Speed Network lab.

Department of Computer Information Science, NCTU

Outline

• Sniffer Introduction

• NetXRay Operation Guide

• HTTP Protocol Overview

• Protocol Analysis Example (HTTP)

• Experiment Requirements

SnifferOperationGuide

E x p ert M o d e F o cu s M o d e C lass ic M o d e

P ro to co l In terp reters

C a p tu r eF ilte r

C la ss ic & E x p e r tD isp la yF ilte r s

T rig g e rD e te c to r

C la ssic C a p tu re v iew s

D isp la y V iew sE x p ert O v erv iew

T ra fficG e n e ra to r

F 3

F 3

F 1 0

A d a p ter C a rd

C a p tu re B u ffer

O b jectD a ta b a se

D isk F ileP rin ter

D isca rd

D isca rd

C a p tu reF ro m< F ile>O p tio n

N etw o rk s

NetXRay Operation Guide

設定封包位址

設定封包樣版

設定封包採用的協定

單一封包資料圖

封包流向圖

協定分佈圖

封包大小分佈圖

主機流量統計表

HTTP Overview

• Application-level, distributed, collaborative, hypermedia information system.

• HTTP/0.9 (1990) : raw data transfer• HTTP/1.0 (RFC1945) : MIME-like message• HTTP/1.1 (RFC2068) : persistent connection, caching,

hierarchical proxies, new methods….• HTTP-NG• HDTP• Push (WebCasting), ICP(Internet Cache Protocol),….

HTTP Overview (cont’)

client A

Webserver

Proxy

client B

Multipurpose Internet Mail Extension -- MIME

• Non-textual data --> RFC 822 (7 bit)

MIME-type 1. Textual message bodies other than US-ASCII 2. Textual header information other than US-ASCII 3. Non-textual message part 4. Multi-part message bodies

Protocol Parameters

• HTTP version

• URI (Uniform Resource Identifiers)

• Date/Time

• Character sets

• Content coding

• Transfer coding

• Media types

Persistent Connections

• Separate TCP connection (HTTP/1.0) : increasing HTTP server load and traffic load

• Default behavior of HTTP/1.1

• Either client or server close connection by : Connection : close

• Pipelined requests/responses within a connection

HTTP messages Generic message format = request-line | response-line *message-header CRLF [message body]

• request-line = Method SP Request-URI SP HTTP-Version CRLF• response-line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF

HTTP messages -- Methods• OPTION : request for information about the

communication options available on the request/response chain

• GET : retrieve information

• HEAD : retrieve information (test hypertext links for validity, accessibility, and recent modification)

• POST : subordinate to a directory, newsgroup, database...

• PUT : store entity

• DELETE : delete entity

• TRACE : see what is being received at the other end of the request chain

HTTP messages -- Status Codes

• 1XX : Informational

• 2XX : Success

• 3XX : Redirection (further actions needed)

• 4XX : Client error

• 5XX : Server error Examples. 100 : Continue201 : Created302 : Multiple choices403 : Forbidden504 : Gateway time-out

Access Authentication

• Basic authentication scheme– WWW-authenticate header, Authorization

header– base64 coding of user-pass

• Digest authentication scheme (RFC2069)

Security Considerations

• Authentication of clients

• Offering a choice of authentication schemes

• Abuse of server log information

• Attacks based on file & path names (“..”)

• Personal information

• DNS spoofing

• Transfer of sensitive information (Server, Via, Referer, From header)

Caching• Reduces the number of network round-trips and

bandwidth requirement• Semantic transparency • Expiration model

– age, expiration(lifetime) calculation• Validation model

– cache validator (Last-Modified header)• Response cachability : 200, 203, 206, 300, 301, 410• Cache control mechanism

Caching

• Cache control– Cache control header 1. What is cachable 2. Expiration mechanism modify 3. Cache revalidation & reload control 4. Entity transform

Related RFC list

• RFC822 : Standard for the Format of ARPA Internet Text Message

• RFC1630 : Universal Resource Identifier in WWW

• RFC1700 : Assigned Numbers

• RFC1738 : Universal Resource Locators

• RFC1808 : Relative Uniform Resource Locators

• RFC1945 : Hypertext Transfer Protocol -- HTTP/1.0

• RFC2045 : MIME part one

• RFC2047 : MIME part three

• RFC2069 : Digest Access Authentication

HTTP ProtocolExample

設定擷取封包位址

設定擷取封包協定

HTTP Protocol Example (cont’)

交通大學首頁 校園公告

存取校園公告所產生的 HTTP協定封包

第一個 HTTP封包內容

第二個 HTTP封包內容

第三個 HTTP封包內容

第四個 HTTP封包內容

第五個 HTTP封包內容

第六個 HTTP封包內容

網路協定列表：• HTTP必須列入實驗觀察對象。另外，各位同學可以從下列協定中選擇另一個協定作為觀察與分析的對象，所有 RFC可由 [1]或 NCTUCCCA取得。由於 ARP協定的分析流程已詳述在實驗報告範例，所以這個協定〝不可〞列入實驗報告觀察對象。

SNMP 、 ARP 、 RARP 、 DNS 、 SMTP 、 RPC 、 RIP 、 HTTP 、 DVMRP 、 POP3 、 NFS以及NetBIOS等。

實驗報告要求：•實驗報告應該包括下列項目：實驗名稱、組員與系級、實驗目的、設備與操作環境、所觀察協定之背景知識、方法與步驟、觀察與紀錄、討論（針對問題與討論的項目回答，或自行提出問題並討論之）及參考書目。報告篇幅限定為 8~10頁 (A4)，一律繳交雷射或噴墨列印之完稿。