Wireshark file for two http packets: get and reply


Legend:

For this page, we will highlight on the following elements:

  1. Green - first line of each packet.
  2. Cyan - the URL of the web page
    1. Note the IP address and the port number
    2. And the "/" - the page of the request
    3. Matches the @app.route ("/") line in the program.
  3. IP Addresses - source and destination of GET and REPLY packets
    1. Note that the Ethernet and TCP lines also have source and destination addresses
  4. Pink - the HTTP content of the REPLY packet, the HTML of the web page being returned by the Python program.
  5. Magenta - the various protocols:
    1. Ethernet
    2. IP - Internet Protocol
    3. TCP - Transmission Control Protocol
    4. HTTP - Hypertext Transfer Protocol

NOTE: routers, firewalls and other network security devices and software can make decisions based on the information in packets, such as these.
So studying the information here will give you a good introduction to what information is available when implementing automatic packet controls.
The decisions are typically whether or not to accept and forward a packet to the indicated destination.




Frame 64: 541 bytes on wire (4328 bits), 541 bytes captured (4328 bits) on interface 0
    Interface id: 0
    WTAP_ENCAP: 1
    Arrival Time: Jun 30, 2020 20:15:53.821639696 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1593548153.821639696 seconds
    [Time delta from previous captured frame: 0.000031946 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 2.945879027 seconds]
    Frame Number: 64
    Frame Length: 541 bytes (4328 bits)
    Capture Length: 541 bytes (4328 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http]
Ethernet II, Src: 12:40:7b:d9:c4:35 (12:40:7b:d9:c4:35), Dst: 12:fd:33:d4:83:9b (12:fd:33:d4:83:9b)
    Destination: 12:fd:33:d4:83:9b (12:fd:33:d4:83:9b)
        Address: 12:fd:33:d4:83:9b (12:fd:33:d4:83:9b)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 12:40:7b:d9:c4:35 (12:40:7b:d9:c4:35)
        Address: 12:40:7b:d9:c4:35 (12:40:7b:d9:c4:35)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 73.147.223.247 (73.147.223.247), Dst: 172.31.91.177 (172.31.91.177)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 527
    Identification: 0x0000 (0)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 45
    Protocol: TCP (6)
    Header checksum: 0x1a8e [correct]
        [Good: True]
        [Bad: False]
    Source: 73.147.223.247 (73.147.223.247)
    Destination: 172.31.91.177 (172.31.91.177)
Transmission Control Protocol, Src Port: 59526 (59526), Dst Port: http-alt (8080), Seq: 1, Ack: 1, Len: 475
    Source port: 59526 (59526)
    Destination port: http-alt (8080)
    [Stream index: 1]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 476    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)
    Header length: 32 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 2058
    [Calculated window size: 131712]
    [Window size scaling factor: 64]
    Checksum: 0xc171 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        Timestamps: TSval 1183847843, TSecr 4171958891
            Kind: Timestamp (8)
            Length: 10
            Timestamp value: 1183847843
            Timestamp echo reply: 4171958891
    [SEQ/ACK analysis]
        [Bytes in flight: 475]
Hypertext Transfer Protocol
    GET / HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
            [Message: GET / HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /
        Request Version: HTTP/1.1
    Host: 3.86.214.140:8080\r\n
    Connection: keep-alive\r\n
    Cache-Control: max-age=0\r\n
    Upgrade-Insecure-Requests: 1\r\n
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 OPR/68.0.3618.173\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: en-US,en;q=0.9\r\n
    \r\n
    [Full request URI: http://3.86.214.140:8080/]

Frame 68: 283 bytes on wire (2264 bits), 283 bytes captured (2264 bits) on interface 0
    Interface id: 0
    WTAP_ENCAP: 1
    Arrival Time: Jun 30, 2020 20:15:53.823709145 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1593548153.823709145 seconds
    [Time delta from previous captured frame: 0.000161785 seconds]
    [Time delta from previous displayed frame: 0.002069449 seconds]
    [Time since reference or first frame: 2.947948476 seconds]
    Frame Number: 68
    Frame Length: 283 bytes (2264 bits)
    Capture Length: 283 bytes (2264 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http:data-text-lines]
Ethernet II, Src: 12:fd:33:d4:83:9b (12:fd:33:d4:83:9b), Dst: 12:40:7b:d9:c4:35 (12:40:7b:d9:c4:35)
    Destination: 12:40:7b:d9:c4:35 (12:40:7b:d9:c4:35)
        Address: 12:40:7b:d9:c4:35 (12:40:7b:d9:c4:35)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 12:fd:33:d4:83:9b (12:fd:33:d4:83:9b)
        Address: 12:fd:33:d4:83:9b (12:fd:33:d4:83:9b)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.31.91.177 (172.31.91.177), Dst: 73.147.223.247 (73.147.223.247)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 269
    Identification: 0x7964 (31076)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 255
    Protocol: TCP (6)
    Header checksum: 0xd02a [correct]
        [Good: True]
        [Bad: False]
    Source: 172.31.91.177 (172.31.91.177)
    Destination: 73.147.223.247 (73.147.223.247)
Transmission Control Protocol, Src Port: http-alt (8080), Dst Port: 59526 (59526), Seq: 18, Ack: 476, Len: 217
    Source port: http-alt (8080)
    Destination port: 59526 (59526)
    [Stream index: 1]
    Sequence number: 18    (relative sequence number)
    [Next sequence number: 235    (relative sequence number)]
    Acknowledgment number: 476    (relative ack number)
    Header length: 32 bytes
    Flags: 0x019 (FIN, PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size value: 219
    [Calculated window size: 28032]
    [Window size scaling factor: 128]
    Checksum: 0x325b [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        Timestamps: TSval 4171958919, TSecr 1183847843
            Kind: Timestamp (8)
            Length: 10
            Timestamp value: 4171958919
            Timestamp echo reply: 1183847843
    [SEQ/ACK analysis]
        [Bytes in flight: 235]
    TCP segment data (217 bytes)
[2 Reassembled TCP Segments (234 bytes): #67(17), #68(217)]
    [Frame: 67, payload: 0-16 (17 bytes)]
    [Frame: 68, payload: 17-233 (217 bytes)]
    [Segment count: 2]
    [Reassembled TCP length: 234]
Hypertext Transfer Protocol
    HTTP/1.0 200 OK\r\n
        [Expert Info (Chat/Sequence): HTTP/1.0 200 OK\r\n]
            [Message: HTTP/1.0 200 OK\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Version: HTTP/1.0
        Status Code: 200
        Response Phrase: OK
    Content-Type: text/html; charset=utf-8\r\n
    Content-Length: 80\r\n
        [Content length: 80]
    Server: Werkzeug/1.0.0 Python/3.6.10\r\n
    Date: Tue, 30 Jun 2020 20:15:53 GMT\r\n
    \r\n
Line-based text data: text/html
    <h1>This is a simple web page</h1><h2>Your Name Here 001</h2><h3>more stuff</h3>

End - Jun 30, 2020