Download the file  CapturedData.zip   onto one of the lab 2 machines, csl2su1.cs.ust.hk - csl2su41.cs.ust.hk and  unzip it to be CapturedData.snp. Run the command:

snoop -i CapturedData.snp -v

If that doesn't work then your path probably doesn't include /usr/sbin, so try

/usr/sbin/snoop -i CapturedData.snp -v

CapturedData.snp  is a  file containing  a dump of data that was captured using a packet sniffer while a web browser was accessing

http://course.cs.ust.hk/comp361/fall2004/index.html

and associated files.

snoop will show you many (but not all) of the protocol packets that were exchanged between the user's machine and the server hosting the web page. The first word on a line identifies the type of protocol/packet, e.g., IP, TCP, HTTP, etc..  The purpose of this lab is to give you the chance to examine an http exchange, so we use an awk filter to strip out the http packets:

snoop -i CapturedData.snp -v | awk '{ if ( $1 == "HTTP:") print $0}'
 

Examine the output and see if you can figure out what each line is doing.  Note that for each http packet. the file will only show the first few lines of the packet (so you will not see all of the text in the http packets)

For a more detailed view of messages exchanged we  recommend installing Ethereal on your machines and running the Ethereal labs while you access the same files.


References:
http://www.ietf.org/rfc/rfc1945.txt?number=1945 (Http 1.0)
http://www.ietf.org/rfc/rfc2068.txt?number=2068 (Http 1.1)
 

Last updated by M.J. Golin  02/28/2005 04:38:05 PM
Back to class home page