CECS 474 COMPUTER NETWORKING INTEROPERABILITY
Netlab 2-Part B: Client Server Applications in the LAN – HTTP, FTP & DNS
Purpose: Now that we’ve become familiar with Wireshark we now focus a bit more on
analyzing the client/server interaction. This includes interaction between a PC and a web server
when requesting a web page using Hyper Text Transfer Protocol (HTTP). Then using Filezilla, we
will see how a File Transfer Protocol (FTP) server works. Finally, we briefly analyze the steps
taken by a Domain Name Server (DNS) to resolve (lookup) a domain name’s corresponding IP
address.
Background:
HTTP is the primary protocol used to access any web page on the Internet. It uses the Client/Server
model where the client (e.g., any PC or mobile device) requests content from the Web Server (which in
turn serves the requested web page and all it’s content). All communication between the Client and the
Server is done using HTTP messages via a Transmission Control (TCP) connection. HTTP’s ubiquitous
nature has made it a powerful and valuable protocol across the Internet. It does not matter what OS
platform you are using, which specific browser you prefer, or even what kind of device (e.g., mobile or
hardwired) you are using. HTTP is always the protocol used to request and serve objects. These objects
can be Hyper Text Markup Language (HTML) page, JPEG images, video clips, or any other format.
Like HTTP, FTP is also used to transfer files using TCP, so there are some similarities between the
protocols. FTP is used to transfer files to and from a local host to a remote server where the local host is
authenticated (i.e., required to provide a username and password) prior to gaining access to the remote
server. Unlike HTTP, FTP uses two parallel TCP connections to transfer files. The first is the TCP Control
connection on port 21 which is used for sending control information between the two hosts like user ID,
password, commands to change directory, as well as the “put” and the “get” commands. The second
connection is the Data connection on port 20. The data connection is where the actual files are
transferred. In this type of protocol where the control data is transmitted separately from the data, we
say the control is sent ‘out of band’.
It would be impractical and nearly impossible to remember and locate websites based solely on their IP
addresses. Thus, many would argue that Domain Name Systems or DNS served the most critical function
of all client/server applications. DNS is responsible for translating the domain name of a web site or a
mail server to an IP address and vice versa. Without going into to much detail, it suffices to say, that
DNS works as a distributed hierarchical database. At the top most level there is a Root server. There are
13 root servers (plus approximately 100 more mirrored sites) in the world. Most are in the US. Next in
the hierarchy are the Top Level Domain (TLD) servers. These are more refined than the Root servers in
that they handle only specific domains such as .com, .org, .gov, etc. Finally the TLD servers in the
hierarchy, you have the Authoritative DNS Servers. If you have hosts that can be accessed by the public
on the Internet, you must provide DNS records that map the host’s domain names to IP addresses. An
organization can either set up an Authoritative Server (and host it in-house) or pay to have their
Authoritative Server be provided by someone else. The DNS request sent from the host PC looking for a
Dr. Tracy Bradley Maples (Fall 2013)
Lab Design: Rogelio Cruz (mod. 9/25/13)
CECS 474 COMPUTER NETWORKING INTEROPERABILITY
DNS record and its local DNS server is recursive. If other DNS servers higher in the hierarchy need to be
contacted, the requests are iterative.
Exercises with HTTP:
Below are the steps that occur when transferring a web page from a server to the client:
HTTP Request:
 The HTTP client creates a connection with the server. In this case, your workstation creates
a TCP connection with www.newyork.com on port 80. This implies that there will be a
socket created at both the client and the server.
 The HTTP client creates an HTTP request message to the server through its socket. The
message includes /index.html
 The server receives the request through its socket and retrieves the object (/index.html)
from its memory or RAM and encapsulates the object in a response message and sends it to
the client. The server then tells the TCP to close the connection. (However TCP will keep it
open until it confirms that the message has been delivered to the client by receiving a
response from the client).
 The client receives the message, and the TCP connection closes. The message indicates that
the encapsulated object is an HTML page. Once the client extracts the HTML file it finds
references to 2 JPEG objects. The steps above are repeated for both JPEG objects.
Common HTTP Server Response Message Status Codes:
 200 Ok: Request succeeded and the information is returned in response
 301 Moved Permanently: Object has been moved to a new location (specified in Location)
 400 Bad Request: A generic error code indicating that the request was not understood by
the server
 404 Not found The requested document is not found
 505 HTTP Version Not Supported: The requested HTTP protocol version is not supported by
the server.
Procedure:
1. Open up the Firefox Web Browser. Make sure that your browser opens up with a blank page.
(Check Wireshark Reference). Restart the browser after you’ve made the changes and stay on
the blank page.
2. Launch Wireshark and after checking settings start the capture. (Check Wireshark Reference
Sheet)
3. Once the capture is started use Firefox to go to http://www.newyork.com
4. After the page loads go to http://www.newyork.com/products/index.html
5. Stop the Wireshark Capture.
Dr. Tracy Bradley Maples (Fall 2013)
Lab Design: Rogelio Cruz (mod. 9/25/13)
CECS 474 COMPUTER NETWORKING INTEROPERABILITY
6. Refine your capture by using “http” in the filter
Answer the follow questions about HTTP:
 How many total (GET) messages did your request have?
 For any of the GET messages answer the following questions: (HINT: Use information from
“details of selected packet header”)
a. What type of object was requested?
b. What is the Host?
c. What is the source’s socket?
d. What is the destination’s socket?
 For the response messages, what status codes are present? Explain.
Exercises with FTP:
Below are the steps that occur when transferring to or from an FTP server to the client:
FTP:





A socket is created between the client and server using both TCP port 20 (control).
Server asks for a username and password for authentication
If successful, client is granted access to directory. This is typically an isolated directory for
that particular user.
The directory contents (if any) are listed. The list of files is sent over the data connection
(port 21).
The user now has the option to either store a file (upload) to the server or retrieve a file
(download).
Typical FTP command and responses:
 331 Username OK, password required
 124 Data connection already open; transfer starting
 226 File fully transferred
 425 Can’t open data connection
 452 Error Writing File
Procedure:
7. Launch notepad and create a text file with any content in the body. Save it as test (thedate).txt
in your “C:\Users\Netlab\Documents” directory. For example for September 25th you would
save it as “test0925.txt”
8. Launch command prompt
9. Make sure no browser is open and start a new capture with Wireshark.
10. Once the capture is started use command prompt and type: ftp www.newyork.com
Dr. Tracy Bradley Maples (Fall 2013)
Lab Design: Rogelio Cruz (mod. 9/25/13)
CECS 474 COMPUTER NETWORKING INTEROPERABILITY
11. When it asks for credentials, enter user and the group number. For example group 1 uses:
user1, password: user1
12. After your authenticated do a “status” command.
13. Next, do a “put” command to upload your text file to the server. An example of the command
looks like: ”put C:\Users\Netlab\Documents\test0925.txt “
14. Open up the Filezilla client from your desktop.
15. In the “Host” field enter either the name or IP address of the server. For the username and
password use the same as before. Leave the port blank and click the “Quickconnect” button.
16. If you successfully transferred the text file via the command prompt earlier you will see it inside
the directory. If so select it from the remote server and get it by either dragging it to your
desktop folder in the Local site side or right clicking it and selecting download
17. If you were not successful using the command prompt then put (upload) the file using by right
clicking and selecting upload.
18. Stop the Wireshark Capture.
Answer the follow questions about FTP:
 Using the Wireshark capture, answer the following:
a. What mode is the FTP setup to use?
b. Filter using “ftp”. Which TCP port is being used?
c. Of the two methods tried, which one was easier? Explain briefly.
d. Find the username and password messages sent to the server. Are they encrypted
or plain text? Can you find the text file in plain text?
e. Now filter using “ftp-data”. Sort through the messages and look at the FTP Data in
the header details. Can you find the message in the text file? Is it encrypted or plain
text?
f. Of the two methods tried, is one more secure than the other?
g. Would you want to use FTP for transferring confidential documents? Explain.
Exercises with DNS:
Below are the steps that occur when a local host initiates querries:
DNS Querries:
 Host checks with local DNS server to see if it has desired record to remote site.
 Local DNS checks and if it does not have it forwards the request to a Root DNS
 The Root DNS analyzes the domain being requested and forwards it to the corresponding
TLS DNS server
 TLS DNS server finds Authoritative DNS server that has desired host’s record and retrieves it.
Then forwards it to Root Server which in turn sends it back to the local DNS and finally to
the host.
Dr. Tracy Bradley Maples (Fall 2013)
Lab Design: Rogelio Cruz (mod. 9/25/13)
CECS 474 COMPUTER NETWORKING INTEROPERABILITY
Procedure:
19.
20.
21.
22.
23.
24.
Launch a command prompt window
Launch Wireshark and start a capture.
Do an nslookup to www.losangeles.com
Do an nslookup to www.yoohoo.com
Stop the Wireshark Capture.
Refine your capture by using “dns” in the filter
Answer the follow questions about DNS:
 In the command prompt window,
a. What is the non-authoritative answer for www.losangeles.com?
b. What is the non-authoritative answer for www.yoohoo.com?
c. Why are they non-authoritative?
 In the Wireshark capture,
a. Which was the first server to be asked about www.losangeles.com?
b. What port was used? Is it UDP or TCP?
c. Explain what how you think the local DNS obtained the records for the two sites.
Refer to the WAN diagram to provide accurate information.
Dr. Tracy Bradley Maples (Fall 2013)
Lab Design: Rogelio Cruz (mod. 9/25/13)