Extra Credit Homework

Protocol Analysis - Treasure Hunt

 

This homework is a practical homework on protocol analysis. And you are actually looking for something in the trace this time.

1.0 General Setup

  1. Install a network protocol analyzer called Wireshark (http://www.wireshark.org/download.html). You can also use Fiddler ( http://www.fiddler2.com/fiddler2/ ) at the same time.
  2. Go to www.yahoo.com to get a new yahoo id for email. Alternatively, you can use an existing id. It will work as long as it is a web based email.
  3. Clean browser cache with new ids are recommended. (You will have cleaner traffic that way).

 

2.0

Trace Capture Part I

1 Make sure you signout of any Yahoo account in the browser that you are using. In order words, create a new Yahoo account in this exercise. Start the network protocol analyzer Make sure everything works and you can capture HTTP traffic.
2 Click this link Only use this link
3 Click the "Create your free account" button Capture the network trace.
4 Complete register and create a flickr account Pay close attention to the page with username and password field.
5 Upload a photo Make sure the network protocol analyzer is working. Make sure you have the trace. Stop the analyzer and perform analysis

Trace Capture Part II

1 Make sure you signout of any Yahoo account in the browser that you are using. Start the network protocol analyzer Make sure everything works and you can capture HTTP traffic. Alternatively, you can use a different browser to have a clean start.
2 Click this link Emails for Small Business with Constant Contact Only use this link
3 Click the "Get Started / Free" button Capture the network trace.
4 Complete the registration Pay close attention to the username and password field.
5 Log back on to the system and checkout the site. Make sure the network protocol analyzer is working. Make sure you have the trace. Stop the analyzer and perform analysis

 

3.0 Analysis

You just did a quick audit on two different systems built by a big Internet company and a small company. Flickr is actually a Yahoo company.

Part a

For Flickr, some of the pages contain a randomly generated hidden value in the page. Go through your trace and identify those random hidden values. Random in this context is the fact that the value is not the same for different pages generated by the server. You must refer to the trace to get credit. After you identify the hiddle value in the flickr pages. Discuss the following:

Now, go through the constant contact trace that you captured. Are there any randomly generated hidden value in a page? If yes, please refer to the trace. If not, why not?

 

Part b

Besides the randomly generated hidden value, what extra information is generated in the page? List 5 findings with reference to the trace.

 

Hints: