HTTP

Prompt

HTTP is how we're sending you this message, analyze the provided capture to answer the following questions about a HTTP download.

You can read this guide to learn more about computer networking.

HTTP.pcap24.9KB

Tutorial Video

Walk-Through

Use Wireshark or, if provided, the web-based CloudShark tool to solve the challenge. HTTP (Hypertext Transfer Protocol) is used to deliver and present the information you see on a webpage. All of the questions and answers are specific to the HTTP, so it is suggested that you learn more about HTTP:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP

Question 1 can be solved by applying the filter below and looking at the HTTP dissection using the http.request filter.

image

The filter restricts the results to packets that contain the request that the client sent to the server. The “User-Agent” field in the HTTP portion of the packet is used to identify the software making the HTTP request, which gives you the answer to question 1.

Questions 2 - 4 can be solved by applying the http.response filter and looking at the HTTP packet dissection. The filter restricts the results to packets that the server responded with.

image

The “Server” field in the HTTP portion of the packet is used to identify the software responding to the HTTP request, which gives you the answer to question 2.

If you refer back to the “Internet Protocol Version 4” (IPv4) portion of the packet, you will see the “src” (Source) and “dst” (Destination) for the packet. You treat these fields similar to addresses on a mail envelope. The Source is the sender and the Destination is the recipient. We are currently looking at a packet that the server is sending in response to the client. This means that the Source is the IP address of the server (answer to question 4) and the Destination is the IP address that initiated the request (answer to question 3). If you go back to the packet from question 1, you will notice that the Source and Destination are flipped - this is because the packet was traveling in the opposite direction.

Question 5 can be solved by selecting the Wireshark option, “File > Export Objects > HTTP” and then using the Linux “md5sum” program to calculate the MD5 sum. This exports the files transferred via HTTP from the packet capture to a local copy on your computer.

image

If you are using Cloudshark, you can accomplish this by selecting “Analysis Tools > HTTP Analysis > HTTP Objects” and then selecting the only item, “logo.png”, and hit “Download”. You can then run a command line tool to calculate the md5sum of the file or use an online tool such as Online MD5.

Questions

What Linux tool was used to execute a file download?

What is the name of the web server software that handled the request?

What IP address initiated request?

What is the IP address of the server?

What is the MD5 sum of the file downloaded?

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.