I am working on a school project, in which I have to analyze .pcap files in C language using the libcap library. I am new to networking, however I do know that TCP is on the layer 4 and HTTP is on the 7th layer in the OSI model. I want to sort HTTP packets, and print out the source/destination ports but I'm a little confused how to distinguish HTTP protocols from TCP protocols.
Here is an example, which I don't understand:
EDIT: Here is another example, where the source port is 80, the length is 100. The 54th byte is 48, which is the same as for a HTTP 1.1 response packet. It is a TCP.
https://i.stack.imgur.com/RQs6v.png
The destination port here is 80, which is HTTP. However wireshark does not list this packet as a HTTP protocol, it is just TCP.
https://i.stack.imgur.com/TsVuO.png
Me question is how to determine based on bytes if the packet is a HTTP protocol or just a TCP protocol?
You cannot determine if a packet is HTTP or not just by looking at its headers. HTTP is application level, if you want to identify an HTTP stream you will have to check the innermost payload of the packet. In other words, HTTP packets are distinguishable just by looking at what comes after the TCP header. Wireshark already does this for you and marks packets that look like HTTP as such. You can filter packets identified as HTTP by Wireshark by simply typing http in the filter bar at the top.
In your case, the packet you show has Length = 0, so there really isn't anything to analyze other than the various headers of the different layers. The packet is not HTTP.
Determining HTTP traffic "based on bytes" can be done by looking at the payload: HTTP requests and responses have known formats. For example HTTP 1.1 requests start with <METHOD> <URI> HTTP/1.1\r\n, and responses with HTTP/1.1 <CODE> <MSG>\r\n.
I am working on a simple client server applications which utilize basic GET POST functionality. I had a question regarding specifying the GET or POST or any Request Method when we send a request from client to server. There is a separate "Request Method" as HTTP spec says should specify the method. But I do see some examples where we send the request method through Query Parameters. Which is proper way and what happens in case we also send a request method through query parameter? Which one should be considered by the server if by chance the one specified in query parameter differ from actual request method?
I have a programming project where I have to create a multithreaded web server which handles HTTP requests.
I just learned socket programming and I got a client and a server running. I wanted to know what the best method would be for parsing the HTTP request headers. I saw this: how to parse http request in c++ a few minutes back. But I would rather not shift to C++ at this point. So how should one go about parsing an HTTP request in C?
You can have a look at the web servers in C such as mongoose (https://github.com/cesanta/mongoose/blob/master/mongoose.c) and could use the same methodology to parse the http request. But what would I suggest is that just go through the HTTP RFC 2616 since that would help you in writing your own parser for http requests.
By the way which kind of HTTP requests your Server is handling (GET or POST or BOTH) ??
In http post requests the HTTP header & data are separated by "\r\n\r\n".
In received data sscanf the Content-Length form the http header then start reading the data after you get "\r\n\r\n" until you get the same amount of data as mentioned in Content-Length.
I have written code for sending client user passwords to an HTTP server for verification via HTTP. I generate the query string (containing usr, pwd) and send the request to the server. That works.
But now I have to send a file (text/xml) to that server. I don't know how it can be done.
Do we have to write some code on the server or only in the client?
What are the mechanisms on the server for accepting file and on the client for sending files?
The HTTP protocol is really simple, actually:
the client sends a line containing HTTP method name, URL and protocol version
the client sends an RFC822 header containing request parameters and, if a data block follows, details about the data block.
the client sends the data block
the server sends a line containing protocol version, status code and message
the server sends an RFC822 header containing response parameters and, if a data block follows (or the client performed a HEAD request), details about the data block
the server sends the data block, unless the method is HEAD.
the connection is either torn down, or the protocol restarted.
Typically, servers will understand at least these methods:
GET (client does not send data block, server sends data block)
HEAD (same as GET, but server omits response data block)
POST (client sends data block, server responds with data block)
PUT (client sends data block, server does not send data block)
There is some implied semantics in the choice of method, in that GET requests never modify server state and their results may be cached and reused (which is what allows the browser to go back and forth between pages), while POST requests do change server state -- incidentally, this is what you do when you upload a file.
So, in order to send a file, prepare a POST or PUT request (depending on whether you expect a reply document, or if a simple acknowledgement status code is sufficient), which consists of the request line, the headers containing extra protocol info ("Host:", "User-Agent:", ...), the headers describing the file ("Content-Type:", "Content-Length:", ...), an empty line, and the file contents, and send that over a TCP connection, then read back the status line, the response headers and the response file (if you asked for one).
It depends on the server's application how to load the file.
You may need to send the file using the HTTP "POST" method instead of "GET".
POST /your_uri HTTP/1.1
Host: www.yourhost.com
Content-type: application/x-www-form-urlencoded
Content-length: 41
filename=test.xml&data=yoururlencodeddata
The server application may expect files encoded with "multipart/form-data" boundaries, something like that:
Content-type: multipart/form-data, boundary=AaBb01x
--AaBb01x
content-disposition: form-data; name="yourfield"
Your field data
--AaBb01x
content-disposition: form-data; name="yourfilefield"; filename="filename.xml"
Content-Type: text/xml
<root>your xml data</root>
--AaBb01x
If its a XML file it is easy.
You can add Content-Type: text/xml in the HTTP header and append the XML file data after the \r\n\r\n of the HTTP header and send it via the socket to the webserver.
The webserver will understand from the HTTP header that it contains XML file and takes the file. In the case of a bnary file, you will need to convert it to base64.
For example I have used a buffer to store the http request. Now if you send this buffer to the socket connected to the webserver, the FileName.xml will be saved in the webserver. For this to work the upload.php has to able to work with POST data.
The boundary is to show the boundary between the data and is needed by the HTTP protocol. It can be any random generated number and make sure the start boundary and the close boundary numbers are equal. Also content length is the length of the file.
`
char buf[2048] = "POST http://www.nameofyoursite.com/upload.php HTTP/1.1\r\n"
"Host: www.nameofyoursite.com\r\n"
"Content-Type: multipart-form-data, boundary=1234567\r\n"
"Content-Length: 15\r\n\r\n"
"--1234567\r\n"
"Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"FileName.xml\"\r\n"
"Content-Type: text/xml\r\n"
"<xml>This is a test</xml>\r\n"
"--1234567--\r\n";
`
I am currently building an http web client using sockets which gets a url as input and should perform the following task: Connect to the web server and save the response of the server in a file, and print the status code included in the http response.
I have completed the first part of writing in a file and I am having a problem with retrieving the status code. Is there a library or a function that could help me?
You should use libcurl to perform the HTTP request.
And the function curl_easy_getinfo to get the HTTP code.
The first line of the response is the status line, and is very easy to parse. It consists of the protocol version followed by a numeric status code and its associated textual phrase ("OK", "Not Found" etc).
For example:
HTTP/1.1 200 OK
The exact syntax and the list of valid codes is documented in RFC 2616 (section 6.1).