This is an old revision of the document!
03. [30p] Network Monitoring
For this task we will use Winhttp.sln inside the Task-03 folder.
We want to check the network traffic generated by the Winhttp.exe program (located in the Debug folder, after successfully running the code). By looking at its code, it can be noticed that it makes a request to www.sociouman-usamvb.ro.
Using Wireshark, capture all the frames generated by running this program. Is it possible to extract the conversation data from the packet exchange? Justify your answer.
- Click the Start button and run Winhttp.exe. After Winhttp.exe stops, click the Stop button in Wireshark.
- Use the ping command to get the IP address of the previously mentioned URL.
- Switch back to Wireshark and add a filter for ip.addr = <ip_address> (make sure to use the IP address identified using the ping command).
- Right click on the GET /documents request and choose Follow → TCP Stream.
- In the bottom part of the Wireshark window, at the ”Show and save data as” option, choose “Raw”. Save the capture (using the “Save as” button) as ”my.pdf”.
- Use Notepad++ to open the my.pdf file and remove the headers (GET request and HTTP response).
- Save it, close Notepad++ and double-click on the newly saved file (my.pdf).
