Description

Sending First Email:

Tracking with WireShark:
File added to github repository.
command frames Description
openssl s_client −crlf −ign_ eof −connect smtp.gmail.com:465 1-11 This opens an SSL connection to smtp.gmail.com at port 465 and prints the SSL certificate.
helo gmail.com 12-15 initiate the SMTP conversation with the gmail client
auth login 16-19 authenticate to the server with login
bHVpc2VzcGlub3phMTEyNTk5QGdtYWl sLmNvbQ== 20-23 My username
MTEyNTE5OTk= 24-27 My password
mail from:
<luisespinoza112599@gmail.com> 28-31 Email of the sender
rcpt to: <lfespino@asu.edu> 32-35 email of the reciever
data 36-39 Starts a new message transfer
Subject: 40-41 not a command
Email text 42-43 not a command
<enter> 44-45 not a command
. 46-49 Marks the end of the new message
Other email 50-71 not a command
quit 71-80 Closes connection with server

Questions
1. What filter did you use to catch the traffic and explain why you chose that filter? I used the TCP filter at port 465 because we are using an SSL encryption protocol, which uses TCP. This displays both TCP and TLS protocols.
2. What is the standard port for SMTP and why do we use port 465 in the example? The standard port is port 25. We are using port 465 because we are using SSL
3. Explain each line used in the command line and what does it do? Answered in the table above.
4. How much back and forth communication do you see for establishing the connection?
Since we are using TCP, establishing our connection will be done through many packets. Opening an SSL connection, initiating our conversation with gmail.com and authenticating was done in a total of 27 frames.
5. What is the port of your local machine between sending the two emails when communicating with the SMTP server? In my wireshark file, the port is 38932.
6. Explain who sends the first FIN flag and how the quitting process works. In my wireshark file, the source port 465 sends the FIN flag first. This happens because “quit” asks the server to close the connection, and it responds with 221 if it is closed correctly.

2. Understanding HTTP
Call that gets all the commits on the default branch of a repository https://api.github.com/repos/saguUU/Medusa-Quest/commits

Call that that adds GET parameters that specifies a specific branch and sets page limit to 100 https://api.github.com/repos/saguUU/Medusa-Quest/commits/amtrang?per_page=100

Questions
1. Explain the specific api calls you used.
I used two REST API calls from github. The first call specified the repository name and its owner, then I used “/commits” to display all the commits of the repository’s default branch. The next api call was similar to the last one, except I added “/amtrang” after the commits. This gave me the commits of a specific branch, called amtrang. Next I added “?per_page=100” which makes the call display 100 up to commits per page.
2. Explain the difference between stateless and state-full communication State-full communication is different from stateless communication in that it stores previous context and history and uses that to deliver data. In a stateless communication, requests and responses happen in isolation from any previous history or state, what you ask for is what you get.

3. Setup your second system and run Server on it
Running a simple Java WebServer:

Analyze what happens

Questions
1. What filter did you use? Explain why you chose that filter.
I simply chose to use “port 9000” since that is the port I am using and my second system is a pi that is connected to my computer through an ethernet cable.
2. What happens when you are on /random and click the refresh button compared to the browser refresh (you can also use the command line output that the
WebServer generates to answer this)?
When pressing the “random” button I get the following command line output:
Received: GET /json HTTP/1.1
Received: Host: 10.42.0.107:9000
Received: Connection: keep-alive
Received: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Received: Accept: */*
Received: Referer: http://10.42.0.107:9000/random
Received: Accept-Encoding: gzip, deflate
Received: Accept-Language: en-US,en;q=0.9,es;q=0.8 Received:
FINISHED PARSING HEADER
When reloading in the browser I get this instead:
Received: GET /random HTTP/1.1
Received: Host: 10.42.0.107:9000
Received: Connection: keep-alive
Received: Cache-Control: max-age=0
Received: Upgrade-Insecure-Requests: 1
Received: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/88.0.4324.150 Safari/537.36 Received: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-e xchange;v=b3;q=0.9
Received: Accept-Encoding: gzip, deflate
Received: Accept-Language: en-US,en;q=0.9,es;q=0.8 Received:
FINISHED PARSING HEADER

Received: GET /json HTTP/1.1
Received: Host: 10.42.0.107:9000
Received: Connection: keep-alive
Received: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Received: Accept: */*
Received: Referer: http://10.42.0.107:9000/random
Received: Accept-Encoding: gzip, deflate
Received: Accept-Language: en-US,en;q=0.9,es;q=0.8
Received:
FINISHED PARSING HEADER
3. What kinds of response codes are you able to get through different requests to your server?
When looking through the code, we can see the following codes:
● 200: OK
● 404: Not Found
● 400: Bad Request
4. Explain the response codes you get and why you get them?
● 200: When everything goes well
● 404: When we make a file GET request and the file does not exist
● 400: When the request is not recognized at all
5. When you do a ipOfSecondMachine:9000 take a look what Wireshark generates as a server response. Are you able to find the data that the server sends back to you?
Yes, because this is HTTP and the information is not encrypted.
6. Based on the above question explain why HTTPs is now more common than HTTP.
With all the sensitive information that is transferred, we need the encryption that HTTPs provides us.
7. What port does the server listen to for HTTP requests in our case and is that the most common port for HTTP?
The server listens to port 9000. The most common port for HTTP is 80.
8. What local port is used when sending different requests to the WebServer? How does it differ to the traffic to your SMTP server from part 1?
35712. The traffic differs in that my SMTP server’s traffic was encrypted.

Creating a Real Web Server
1. Check your traffic to your Webserver now. What port is the traffic going to now? Is it the same as previously used or is it and should it be different?
It is now going to port 80, the default HTTP port. It is different because we are using nginx to display our webserver program.
2. Is it still HTTP or is it now HTTPs? Why?
It is still HTTP. We get to set up HTTPs in the extra credit section.

Multiply
The multiply case did not have error handling. I decided to first check if the request contains “num1=” and “num2=” then check if the parameters are integers. This my code, using code 400 as Bad Request:
else if (request.contains(“multiply?”)) {
// This multiplies two numbers, there is NO error handling, so when
// wrong data is given this just crashes

// checks if there are mun1 and num2 parameters
if (request.contains(“num1=”) && request.contains(“num2=”)) {
Map<String, String> query_pairs = new LinkedHashMap<String, String>();
// extract path parameters query_pairs = splitQuery(request.replace(“multiply?”, “”));

// check if parameters are integers
if (isStringInt(query_pairs.get(“num1”)) && isStringInt(query_pairs.get(“num2”))) {

// extract required fields from parameters
Integer num1 = Integer.parseInt(query_pairs.get(“num1”)); Integer num2 = Integer.parseInt(query_pairs.get(“num2”));

// do math
Integer result = num1 * num2;

// Generate response
builder.append(“HTTP/1.1 200 OK “);
builder.append(“Content-Type: text/html; charset=utf-8 “); builder.append(” “);
builder.append(“Result is: ” + result);
} else { // failure; the request does not contain two integers builder.append(“HTTP/1.1 400 Bad Request “);
builder.append(“Content-Type: text/html; charset=utf-8 “); builder.append(” “);
builder.append(“failure; the request does not contain two integers”);
}

} else { // failure; the request does not contain two paramters builder.append(“HTTP/1.1 400 Bad Request “);
builder.append(“Content-Type: text/html; charset=utf-8 “); builder.append(” “);
builder.append(“failure; the request does not contain two paramters”);
}

GitHub
WebServer updated coded added to repo.