Exercise 2

a) In the first few packets, the client machine is looking up the common name (cname) of a web site to find its IP address. What is the cname of this web site? Give two IP addresses for this web site.
CNAME: www.yahoo.com
IP addresses:
• 216.109.117.106
• 216.109.117.109

b) How many packets/frames does it take to receive the web page (the answer to the first http get request only)?
It takes 22 packets to receive the web page.

c) Does this web site use gzip to compress its data for sending? Does it write cookies? In order to answer these questions, look under the payload for the reassembled packet that represents the web page. This will be the last packet from question b above. Look to see if it has “Content-Encoding” set to gzip, and to see if it has a “Set-Cookie” to write a cookie.
This web site does not use qzip to compress its data for sending.
This web site does not write cookies.

d) What is happening in packets 26 and 27? Does every component of a web page have to come from the same server? See the Hint to the left.
In packet 26, the server is sending query to another server.
In packet 27, the next server is responding to the main server.
This concludes that every component of a webpage do not have to come from same server. It might need smaller components from other server as well.

e) In packet 37 we see another DNS query, this time for us.i1.yimg.com. Why does the client need to ask for this IP address? Didn’t we just get this address in packet 26? (This is a trick question; carefully compare the two common names in packet 26 and 37.)

The DNS query made in packet 26 and 37 is different.

f) In packet 42 we see a HTTP “Get” statement, and in packet 48 a new HTTP “Get” statement. Why didn’t the system need another DNS request before the second get statement? Click on packet 42 and look in the middle window. Expand the line titled “Hypertext Transfer Protocol” and read the “Host:” line. Compare that line to the “Host:” line for packet 48.

In both packets, 42 and 48, the host is same: us.i1.yimg.com\r\n
So it does not require for another DNS query in the same session.

g) Examine packet 139. It is one segment of a PDU that is reassembled with several other segments in packet 160. Look at packets 141, 142, and 143. Are these three packets also part of packet 160? What happens if a set of packets that are supposed to be reassembled do not arrive in a continuous stream or do not arrive in the proper order?

Packets 141 and 142 are not the part of packet 160.
Packet 143 is a part of packet 160.
If a set of packets that are supposed to be reassembled do not arrive in a continuous stream or do not arrive in the proper order, it does not effect the main packet.


h) Return to examine frames 141 and 142. Both of these are graphics (GIF files) from the same source IP address. How does the client know which graphic to match up to each get statement? Hint: Click on each and look in the middle window for the heading line that starts with “Transmission Control Protocol”. What difference do you see in the heading lines for the two files? Return to the original “Get” statements. Can you see the same difference in the “Get” statements?

Both files in frames 141 and 142 are similar and from the same source IP address. The client knows the graphic to match up to each get statement from their “Stream Index”. Each of them have different “Stream Index”.