 So we have a number of packets captured here from our browsing to our simple website We know that if we browse through there's some HTTP messages some TCP messages and ARP Let's hide the ARP for now Not ARP is one filter so show everything that is not an ARP message the not is the exclamation mark We'll get rid of some of the others at the moment Firstly note that HTTP is an application layer protocol and it uses TCP as the transport protocol Therefore Before we can actually send a HTTP message. We need to establish a TCP connection from client to server So the first three frames in this capture From client to server then the response and then client back to server one two three The TCP three-way handshake Send a SIN message To server the server responds with an act of that SIN and a SIN of its own And then the client acknowledges the SIN from the server SIN SINAC AC There's a TCP three-way handshake Then we can send data which is this fourth frame from client to server. We'll look at the contents of that in a moment It's the HTTP message Uh, note that the next frame does not contain any data. It's a TCP segment And the act flag is set Really the purpose of this Segment five is to acknowledge the data in the previous segment And we'll see that uh come through and we'll see the TCP connection being closed with the fins later And then when we access page one And another HTTP request for page one before that there's another connection set up. So this is at time 38 SIN SINAC AC Download the page Some acts get the response close the connection at time 61 establish another connection In some Browsing situations you may see the single connection and multiple pages accessed But in this case using links we create a connection Access a page close the connection To access the next web page. We create a new TCP connection and so on The purpose here isn't to study the TCP connection. We want to just look at the hgdp exchange So i'm going to change the filter and let's just show hgdp messages That simplifies everything Remember 192 1681.11 is the client 2.21 is the server the web server in this case And the basics of hgdp is that the client sends a request for a web page And assuming the server has that page requested The server sends back a response Including the content of that web page And when the client gets that response it displays the content on the screen In our case we saw it displayed in the links web browser Now there are other scenarios that can occur different types of requests Different types of responses In this simple scenario, we'll just see a single type of request and response So the first two messages belong to one exchange with hgdp a request and a response Let's look at the request in detail If we expand, so it's from client to server The summary info says that the client wants to get So that's the type of request A file identified by a forward slash And using the protocol hgdp version 1.0 But there's more information in the request So if we expand the hgdp message, that's actually the first line of the request With hgdp we send messages in a text format Basically the fields in a header on a separate lines So this is the first line saying get the file slash using hgdp version 1.0 But there's some fields included And we see the name of the field, the colon and followed by the field value For example one field is the host field Which gives the IP address or the name of the server that we're accessing In this case it's the IP address of node 3 These accept fields are indicating some preferences with what the browser wants to accept in response The type of response they'd prefer The type of encoding they may accept Whether it can be zipped Maybe the web page is sent back zipped And the type of language they'd prefer to get Note that they're preferences The web server may not have the content in that format So it may still send it in a different format The user agent field is a string that indicates the web browser that's making the request In this case it says the web browser is called links version 2.8.9 dev.8 And it's using some library and some SSL or some secure libraries as well So some details about the web browser Formerly called the user agent And that's about all of the request in this case So it sends a request for what file? Well the slash file Why? Because when I opened links the command I used I type in the protocol to use HTTP The address of the server 192.168.2.21 And the file I requested is simply that single slash that forward slash I didn't type in a name like index.html I just typed slash And now in most cases for web servers The web server will interpret a request for the forward slash As if a page exists called index.html it will return index.html There are other variations that could be index.html index.php It depends upon the configuration of the web server But it's typical that if you request a directory Like a forward slash Then the server returns the file index.html which is in that directory There are other cases as well Let's have a look what was returned By the server in frame number 6 here The summary information is that The response was using protocol HTTP version 1.1 Even though the client is using 1.0 There's some compatibility with the different version So the server is using 1.1 And the 200 okay The 200 is the response code and the okay is a response message So they go together And 200 okay means Your request was okay I have the page here it is You may have seen other responses When you go into more advanced scenarios One you know of is probably 404 not found The response you get when you try to access a web page That doesn't exist on the server There are many other types as well So let's look at the response in depth The first line is this 200 okay Then we have some fields coming from the server Back to the client The date of the response Something that identifies the server When this page was last changed A few other fields like the content length Length how it was encoded In this case the content Which is the web page Was compressed using gzip And the type is html If we keep going down Then the actual content is included The data Which is the web page And it's maybe easier to see here The content Called line based text data But the web page in this case Is the html Doctype html It's hard to read here Head title simple demo I just jumped to node 3 And we go into the directory www.html And we look at index.html Using less You see that is the web page So the html content of this file Was sent back in the response It was actually zipped But Wireshark doesn't show it zipped It decompresses for us So we can see the actual content The web page is 420 bytes But compressed it was down to 270 bytes When the browser receives this And decompresses It uses the html to display the page In whether it's color coding Or the appropriate fonts and so on In links there's not many options To change fonts But you can change colors And the web browser displays the links It was a link to page 1 example So that's the basics of a htdp exchange We request a page And if all goes well Comes back in the response 38 seconds later We clicked on the link to request page 1 Page 1 came back In the response Then a bit later Requested index.html Because we clicked on a link To index.html And the response came back Note that Really requesting slash Versus requesting slash index.html For this web server They are the same We get the same page back We requested page 2 We got it back We requested page 3 Which is in a sub directory Called subdir And we got it back So we can see the basics of htdp From capturing The packets between our browser Using links and our simple website Which was created with a script