1 / 36

實驗四 網路協定觀察與分析

實驗四 網路協定觀察與分析. Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU. Outline. Sniffer Introduction NetXRay Operation Guide HTTP Protocol Overview Protocol Analysis Example (HTTP) Experiment Requirements.

caron
Download Presentation

實驗四 網路協定觀察與分析

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 實驗四網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU

  2. Outline • Sniffer Introduction • NetXRay Operation Guide • HTTP Protocol Overview • Protocol Analysis Example (HTTP) • Experiment Requirements

  3. SnifferOperationGuide

  4. NetXRay Operation Guide

  5. 設定封包位址

  6. 設定封包樣版

  7. 設定封包採用的協定

  8. 單一封包資料圖

  9. 封包流向圖

  10. 協定分佈圖

  11. 封包大小分佈圖

  12. 主機流量統計表

  13. HTTP Overview • Application-level, distributed, collaborative, hypermedia information system. • HTTP/0.9 (1990) : raw data transfer • HTTP/1.0 (RFC1945) : MIME-like message • HTTP/1.1 (RFC2068) : persistent connection, caching, hierarchical proxies, new methods…. • HTTP-NG • HDTP • Push (WebCasting), ICP(Internet Cache Protocol),….

  14. HTTP Overview (cont’) Web server client A Proxy client B

  15. Multipurpose Internet Mail Extension -- MIME • Non-textual data --> RFC 822 (7 bit) • MIME-type • 1. Textual message bodies other than US-ASCII • 2. Textual header information other than US-ASCII • 3. Non-textual message part • 4. Multi-part message bodies

  16. Protocol Parameters • HTTP version • URI (Uniform Resource Identifiers) • Date/Time • Character sets • Content coding • Transfer coding • Media types

  17. Persistent Connections • Separate TCP connection (HTTP/1.0) : increasing HTTP server load and traffic load • Default behavior of HTTP/1.1 • Either client or server close connection by : • Connection : close • Pipelined requests/responses within a connection

  18. HTTP messages • Generic message format • = request-line | response-line • *message-header • CRLF • [message body] • request-line • = Method SP Request-URI SP HTTP-Version CRLF • response-line • = HTTP-Version SP Status-Code SP Reason-Phrase CRLF

  19. HTTP messages -- Methods • OPTION : request for information about the communication options available on the request/response chain • GET : retrieve information • HEAD : retrieve information (test hypertext links for validity, accessibility, and recent modification) • POST : subordinate to a directory, newsgroup, database... • PUT : store entity • DELETE : delete entity • TRACE : see what is being received at the other end of the request chain

  20. HTTP messages -- Status Codes • 1XX : Informational • 2XX : Success • 3XX : Redirection (further actions needed) • 4XX : Client error • 5XX : Server error Examples. 100 : Continue 201 : Created 302 : Multiple choices 403 : Forbidden 504 : Gateway time-out

  21. Access Authentication • Basic authentication scheme • WWW-authenticate header, Authorization header • base64 coding of user-pass • Digest authentication scheme (RFC2069)

  22. Security Considerations • Authentication of clients • Offering a choice of authentication schemes • Abuse of server log information • Attacks based on file & path names (“..”) • Personal information • DNS spoofing • Transfer of sensitive information (Server, Via, Referer, From header)

  23. Caching • Reduces the number of network round-trips and bandwidth requirement • Semantic transparency • Expiration model • age, expiration(lifetime) calculation • Validation model • cache validator (Last-Modified header) • Response cachability : 200, 203, 206, 300, 301, 410 • Cache control mechanism

  24. Caching • Cache control • Cache control header • 1. What is cachable • 2. Expiration mechanism modify • 3. Cache revalidation & reload control • 4. Entity transform

  25. Related RFC list • RFC822 : Standard for the Format of ARPA Internet Text Message • RFC1630 : Universal Resource Identifier in WWW • RFC1700 : Assigned Numbers • RFC1738 : Universal Resource Locators • RFC1808 : Relative Uniform Resource Locators • RFC1945 : Hypertext Transfer Protocol -- HTTP/1.0 • RFC2045 : MIME part one • RFC2047 : MIME part three • RFC2069 : Digest Access Authentication

  26. HTTP ProtocolExample 設定擷取封包位址 設定擷取封包協定

  27. HTTP Protocol Example (cont’) 交通大學首頁 校園公告

  28. 存取校園公告所產生的HTTP協定封包

  29. 第一個HTTP封包內容

  30. 第二個HTTP封包內容

  31. 第三個HTTP封包內容

  32. 第四個HTTP封包內容

  33. 第五個HTTP封包內容

  34. 第六個HTTP封包內容

  35. 網路協定列表: • HTTP必須列入實驗觀察對象。另外,各位同學可以從下列協定中選擇另一個協定作為觀察與分析的對象,所有RFC可由[1]或NCTUCCCA取得。由於ARP協定的分析流程已詳述在實驗報告範例,所以這個協定〝不可〞列入實驗報告觀察對象。 • SNMP、ARP、RARP、DNS、SMTP、RPC 、RIP、HTTP、DVMRP、POP3、NFS以及NetBIOS等。

  36. 實驗報告要求: • 實驗報告應該包括下列項目:實驗名稱、組員與系級、實驗目的、設備與操作環境、所觀察協定之背景知識、方法與步驟、觀察與紀錄、討論(針對問題與討論的項目回答,或自行提出問題並討論之)及參考書目。報告篇幅限定為8~10頁(A4),一律繳交雷射或噴墨列印之完稿。

More Related