Question

• Close all the browsers
• Open the Wireshark application
• Start your capture by clicking the start button
• Open IE (Internet Explorer), go to the udc website and click there on a couple of links to capture data in Wireshark, and identify the following from the application layer
  1. Request line
  2. Request command
  3. Request URL
  4. Pick a request header name and find corresponding value on your own
  5. Http version
  6. Response line
  7. Response status code and description
  8. Pick a response header name and find corresponding value on your own
• Open IE (Internet Explorer), enter in a nonexistence web site and look at the request line and response line.
  1. Get the request and the response line
  10. Compare both request and response with the prior one and explain how they are different.

Answer 1

- 0 X Search... http://www.udcc.org UDC Consortium хо - - Page Safety Tools - 9 MM UDC CONSORTIUM About UDC Resources Order Consortium Community FAQ Contact us S universal decimal classification UDC Headquarters, The Hague " M UDC Books and Schedules Universal Decimal Classification UDC is one of the most widely used classification schemes for all fields of knowledge. It is used in libraries, bibliographic, documentation and information services in over 130 countries around the world and is published in over 40 languages. O UDCC Online Shop UDC Consortium The UDCC is a non-profit association of publishers established to maintain, develop and distribute the UDC for the benefit of its users. Apart from its strategic, managerial and promotional responsibilities, the UDCC also appoints an editorial team and advisory board to oversee the content of the scheme and contribute to its regular revision in order to reflect new knowledge. UDC Online Hub Follow us: B f in UDC Summary D: 3.2 M II V: 123 K A ¢ora (») ENG 8:02 PM 28/02/2020 Il

- 0 *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help LOL X 9 TIQI Apply a display filter ... <Ctrl-/> No. Time Source Destination Protocol Length Info 4391 37.592361 117.18.237.29 192.168.1.121 TCP 54 80 – 54209 [ACK] Seq=1 Ack=1 Win=290 Len=0 4392 37.592530 192.168.1.121 117.18.237.29 TCP 54 (TCP ACKed unseen segment] 54209 - 80 [ACK] Seq=1 Ack=2 Win=517 Len=0 4393 37.683862 192.168.1.121 104.104.62.206 TCP 54 54212 + 80 [FIN, ACK] Seq=1 Ack=1 Win=517 Len=0 4394 37.687550 192.168.1.121 255.255.255.255 UDP 68 1046 → 1046 Len=26 4395 37.713217 104.104.62.206 192.168.1.121 TCP 54 80 – 54212 [FIN, ACK] Seq=1 Ack=2 Win=237 Len=0 4396 37.713835 192.168.1.121 104.104.62.206 TCP 54 54212 + 80 [ACK] Seq=2 Ack=2 Win=517 Len=0 4397 38.060314 117.18.237.29 192.168.1.121 TCP 54 80 + 54208 [ACK] Seq=1 Ack=1 Win=290 Len=0 4398 38.669495 1 92.168.1.121 117.18.237.29 TCP 54 (TCP ACKed unseen segment1 54208 + 80 TACK1 Seq=1 Acke2 Win=517 Len=0 > Frame 1: 861 bytes on wire (6888 bits), 861 bytes captured (6888 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: HonHaiPr_18:7b:23 (60:10:41:18:7b:23), Dst: Tp-LinkT_15:2e:f3 (98: da:c4:15:2e:f3) > Internet Protocol Version 4, Src: 192.168.1.121, Dst: 66.225.223.127 > Transmission Control Protocol, Src Port: 54453, Dst Port: 443, Seq: 1, Ack: 1, Len: 807 > Transport Layer Security 9000 98 da c4 15 2e f3 bo 10 41 18 7b 23 08 00 45 00 0010 03 4f 4d fe 40 00 40 06 05 29 co a8 01 79 42 el 9020 df 7f d4 b5 01 bb 26 4f 47 7f 12 dd dd 78 50 18 0030 03 fc 7a 5f 00 00 17 03 03 03 22 00 00 00 00 00 0040 99 00 02 cc 83 3f 2e_40 57 3 ba fi c1 f3 a3 6b 0050 76 03 ad 9e ba e5 2e 7e d9 4f 55 c8 99 1f 18 10 006090 38 8e 7e 40 7d @a 4ed3 c6 cc 4e 69 c7 4e e6 0070 92 9a ce b2 2f 8f 2b 70 db 67 al @a c3 a6 16 75 . . .. OM-@-@ ......&O .. .... .....?.@ ...... 18+ @}:N . ../.+ p A # . E :)...yB G ...xP. .. ..... w......k . ...... NiN: g ..... O 7 wireshark_Wi-Fi_20200228200235_a24736.pcapng Packets: 4398 · Displayed: 4398 (100.0%) D: 101 K Profile: Default 8:03 PM 28/02/2020 U: 1.5 M ^ Pola (0) J ENG IND

Answer A
**************

Filter : http.request.line

- 0 *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help + Protocol HTTP HTTP HTTP HTTP http.request.line Time 60 0.156280 61 0.156508 99 0.230032 173 0.596236 174 0.612734 177 0.631348 308 1.732972 579 3.549171 581 3.549227 693 4.282372 877 4.639409 880 4.640667 1042 5.475707 1100 6.115030 1101 6.131726 1106 6.148087 Source 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 Destination 104.18.20.226 104.18.20.226 104.18.20.226 23.64.140.162 23.64.140.162 23.64.140.162 117.18.237.29 151.139.128.14 151.139.128.14 172.217.174.226 117.18.237.29 117.18.237.29 172.217.174.226 23.64.140.162 23.64.140.162 23.64.140.162 HTTP HTTP HTTP HTTP HTTP HTTP X Length Info 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 309 GET /gsdomainvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGQUABBTR8bV2%2Be7 AwQ96%2FHwxJKnDY118YQQU6k5811At5RwBhiaMgm3A... 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 492 GET /img-resizer/tenant/amp/entityid/BB10vWrz.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=348&y=593 HTTP/1... 494 GET /img-resizer/tenant/amp/entityid/BB10VMDG.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2316&y=1329 HTTP... 492 GET /img-resizer/tenant/amp/entityid/BB10VMFm.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=552&y=277 HTTP/1... 296 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEARDz%2F... 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRac9iQ6hJWc99DtDoo2ucСECMELIPO1QDk... 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucСECmfLIPO1QDk... 427 GET /bg/SXXDihyo1FSM_mX1A-SOWAIKUI JHxdicknf6pdu42gU.js HTTP/1.1 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 991 GET /pagead/gen_204?id=sodar&v=30&t=2&bgai=BJ41P-yNZXvaULIyMwg045Y64AgAAAAAAAEAEAg&bg=!mJulm4NYSHDUka-THUEC... 493 GET /img-resizer/tenant/amp/entityid/BBX4wa4.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1247&y=1361 HTTP/... 493 GET /img-resizer/tenant/amp/entityid/AAHiayo.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2419&y=1852 HTTP/... 479 GET /img-resizer/tenant/amp/entityid/BBTkhHl.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg HTTP/1.1 HTTP HTTP HTTP HTTP HTTP HTTP > Frame 60: 311 bytes on wire (2488 bits), 311 bytes captured (2488 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: HonHaiPr_18:7b:23 (60:10:41:18:7b:23), Dst: Tp-Linkt_15:2e:f3 (98:da:c4:15:2e:f3) > Internet Protocol Version 4, Src: 192.168.1.121, Dst: 104.18.20.226 > Transmission Control Protocol, Src Port: 54498, Dst Port: 80, Seq: 1, Ack: 1, Len: 257 Hypertext Transfer Protocol 9000 98 da c4 15 2e f3 bo 10 41 18 7b 23 08 00 45 00 2010 01 29 bf 62 40 00 40 06 3b 57 co a8 01 79 68 12 0020 14 e 2 d4 e2 90 50 8d a2 a 8c 4a 7fcb e8 50 18 0030 02 02 8f 33 00 00 47 45 54 20 2f 67 73 6f 72 67 0040 61 6e 69 7a 61 74 69 6f 6e 76 61 6c 73 68 61 32 0050 67 32 2f 4d 45 30 77 53 7a 42 4a 4d 45 63 77 52 0060 54 41 4a 42 67 55 72 44 67 40 43 47 67 55 41 42 0070 42 51 40 6e 6b 32 63 50 65 33 76 68 4e 69 52 36 . .. A # E ) b@ @ ;W...yh- ..... .. .. ... . ...3..GE T /gsorg anizatio nvalsha2 g2/MEOWS ZBJMECWR TAJBgUrd gMCGgUAB BQMnk2cP e3vhNiR6 Request line: Character string Packets: 4398 · Displayed: 81 (1.8%) · Dropped:0 (0.0%) D: 11 K е Profile: Default 8:04 PM 28/02/2020 U: 26 K A Pola () ENG

Answer B
************

Filter : http.request.method

- 0 *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help + No. Protocol HTTP HTTP HTTP HTTP http.request.method Time 60 0.156280 61 0.156508 99 0.230032 173 0.596236 174 0.612734 177 0.631348 308 1.732972 579 3.549171 581 3.549227 693 4.282372 877 4.639409 880 4.640667 1042 5.475707 1100 6.115030 1101 6.131726 1106 6.148087 Source 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 192.168.1.121 Destination 104.18.20.226 104.18.20.226 104.18.20.226 23.64.140.162 23.64.140.162 23.64.140.162 117.18.237.29 151.139.128.14 151.139.128.14 172.217.174.226 117.18.237.29 117.18.237.29 172.217.174.226 23.64.140.162 23.64.140.162 23.64.140.162 HTTP HTTP HTTP HTTP HTTP HTTP X Length Info 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 309 GET /gsdomainvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGQUABBTR8bV2%2Be7 AwQ96%2FHwxJKnDY118YQQU6k5811At5RwBhiaMgm3A... 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 492 GET /img-resizer/tenant/amp/entityid/BB10vWrz.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=348&y=593 HTTP/1... 494 GET /img-resizer/tenant/amp/entityid/BB10VMDG.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2316&y=1329 HTTP... 492 GET /img-resizer/tenant/amp/entityid/BB10VMFm.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=552&y=277 HTTP/1... 296 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEARDz%2F... 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRac9iQ6hJWc99DtDoo2ucСECMELIPO1QDk... 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucСECmfLIPO1QDk... 427 GET /bg/SXXDihyo1FSM_mX1A-SOWAIKUI JHxdicknf6pdu42gU.js HTTP/1.1 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 991 GET /pagead/gen_204?id=sodar&v=30&t=2&bgai=BJ41P-yNZXvaULIyMwg045Y64AgAAAAAAAEAEAg&bg=!mJulm4NYSHDUka-THUEC... 493 GET /img-resizer/tenant/amp/entityid/BBX4wa4.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1247&y=1361 HTTP/... 493 GET /img-resizer/tenant/amp/entityid/AAHiayo.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2419&y=1852 HTTP/... 479 GET /img-resizer/tenant/amp/entityid/BBTkhHl.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg HTTP/1.1 HTTP HTTP HTTP HTTP HTTP HTTP > Frame 60: 311 bytes on wire (2488 bits), 311 bytes captured (2488 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: HonHaiPr_18:7b:23 (60:10:41:18:7b:23), Dst: Tp-Linkt_15:2e:f3 (98:da:c4:15:2e:f3) > Internet Protocol Version 4, Src: 192.168.1.121, Dst: 104.18.20.226 > Transmission Control Protocol, Src Port: 54498, Dst Port: 80, Seq: 1, Ack: 1, Len: 257 Hypertext Transfer Protocol 9000 98 da c4 15 2e f3 be 10 41 18 7b 23 08 00 45 00 0010 01 29 bf 62 40 00 40 06 3b 57 co a8 01 79 68 12 0020 14 e 2 d4 e2 90 50 8d a2 a 8c 4a 7fcb e8 50 18 0030 02 02 8f 33 00 00 47 45 54 20 2f 67 73 6f 72 67 0040 61 6e 69 7a 61 74 69 6f 6e 76 61 6c 73 68 61 32 0050 67 32 2f 4d 45 30 77 53 7a 42 4a 4d 45 63 77 52 0060 54 41 4a 42 67 55 72 44 67 40 43 47 67 55 41 42 0070 42 51 40 6e 6b 32 63 50 65 33 76 68 4e 69 52 36 ... A {#..E :) b@ @ ;W...yh ..... .. .. ... . ...3..GE T /gsorg anizatio nvalsha2 g2/MEOWS ZBJMECWR TAJBgUrd gMCGgUAB BQMnk2cP e3vhNiR6 O 7 wireshark_Wi-Fi_20200228200235_a24736.pcapng Packets: 4398 · Displayed: 81 (1.8%) · Dropped:0 (0.0%) Profile: Default 8:05 PM D: 2.5 K a 9 _5 e 4 U: 1.8 K ^ ° C) / ENG 28/02/2020

Answer C
************

Filter : http.request.uri

- 0 *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help + Protocol HTTP HTTP HTTP HTTP http.request.uri Time http.request.uri path http.request.uri query http.request.uri.query.parameter 61 0.156200 192.100.1.12 99 0.230032 192.168.1.121 173 0.596236 192.168.1.121 174 0.612734 192.168.1.121 177 0.631348 192.168.1.121 308 1.732972 192.168.1.121 579 3.549171 192.168.1.121 581 3.549227 192.168.1.121 693 4.282372 192.168.1.121 877 4.639409 192.168.1.121 880 4.640667 192.168.1.121 1042 5.475707 192.168.1.121 1100 6.115030 192.168.1.121 1101 6.131726 192.168.1.121 1106 6.148087 192.168.1.121 Destination 104.18.20.226 104.18.20.226 104.18.20.226 23.64.140.162 23.64.140.162 23.64.140.162 117.18.237.29 151.139.128.14 151.139.128.14 172.217.174.226 117.18.237.29 117.18.237.29 172.217.174.226 23.64.140.162 23.64.140.162 23.64.140.162 HTTP HTTP HTTP HTTP HTTP HTTP X Length Info 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 309 GET /gsdomainvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGQUABBTR8bV2%2Be7 AwQ96%2FHwxJKnDY118YQQU6k5811At5RwBhiaMgm3A... 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 492 GET /img-resizer/tenant/amp/entityid/BB10vWrz.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=348&y=593 HTTP/1... 494 GET /img-resizer/tenant/amp/entityid/BB10VMDG.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2316&y=1329 HTTP... 492 GET /img-resizer/tenant/amp/entityid/BB10VMFm.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=552&y=277 HTTP/1... 296 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEARDz%2F... 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRac9iQ6hJWc99DtDoo2ucСECMELIPO1QDk... 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucСECmfLIPO1QDk... 427 GET /bg/SXXDihyo1FSM_mX1A-SOWAIKUI JHxdicknf6pdu42gU.js HTTP/1.1 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 991 GET /pagead/gen_204?id=sodar&v=30&t=2&bgai=BJ41P-yNZXvaULIyMwg045Y64AgAAAAAAAEAEAg&bg=!mJulm4NYSHDUka-THUEC... 493 GET /img-resizer/tenant/amp/entityid/BBX4wa4.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1247&y=1361 HTTP/... 493 GET /img-resizer/tenant/amp/entityid/AAHiayo.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2419&y=1852 HTTP/... 479 GET /img-resizer/tenant/amp/entityid/BBTkhHl.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg HTTP/1.1 HTTP HTTP HTTP HTTP HTTP HTTP > Frame 60: 311 bytes on wire (2488 bits), 311 bytes captured (2488 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: HonHaiPr_18:7b:23 (60:10:41:18:7b:23), Dst: Tp-Linkt_15:2e:f3 (98:da:c4:15:2e:f3) > Internet Protocol Version 4, Src: 192.168.1.121, Dst: 104.18.20.226 Transmission Control Protocol, Src Port: 54498, Dst Port: 80, Seq: 1, Ack: 1, Len: 257 Hypertext Transfer Protocol 9000 98 da c4 15 2e f3 bo 10 41 18 7b 23 08 00 45 00 0010 01 29 bf 62 40 00 40 06 3b 57 coa8 01 79 68 12 0020 14 e 2 d4 e2 90 50 8d a2 a 8c 4a 7fcb e8 50 18 0030 02 02 8f 33 00 00 47 45 54 20 2f 67 73 6f 72 67 0040 61 6e 69 7a 61 74 69 6f 6e 76 61 6c 73 68 61 32 0050 67 32 2f 4d 45 30 77 53 7a 42 4a 4d 45 63 77 52 0060 54 41 4a 42 67 55 72 44 67 40 43 47 67 55 41 42 0070 42 51 40 6e 6b 32 63 50 65 33 76 68 4e 69 52 36 . .. A # E :) b@ @ ;W...yh ..... .. .. ... . ...3..GE T /gsorg anizatio nvalsha2 g2/MEOWS ZBJMECWR TAJBgUrd gMCGgUAB BQMnk2cP e3vhNiR6 O Z Request URI: Character string Packets: 4398 · Displayed: 81 (1.8%) · Dropped:0 (0.0%) D: 691 | V: 1.1K Pola ( ENG е Profile: Default 8:06 PM 28/02/2020

Answer E
*************

Filter : http.request.version

*Wi-Fi File Edit View GO O / http.request.version + Time HTTP 60 0.156280 61 0.156508 99 0.230032 173 0.596236 174 0.612734 177 0.631348 308 1.732972 579 3.549171 581 3.549227 693 4.282372 877 4.639409 880 4.640667 1042 5.475707 1100 6.115030 1101 6.131726 1106 6.148087 - 0 Capture Analyze Statistics Telephony Wireless Tools Help XC 9 - 92T @ I X Source Destination Protocol Length Info 192.168.1.121 104.18.20.226 HTTP 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 192.168.1.121 104.18.20.226 HTTP 309 GET /gsdomainvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGQUABBTR8bV2%2Be7 AwQ96%2FHwxJKnDY118YQQU6k5811At5RwBhiaMgm3A... 192.168.1.121 104.18.20.226 HTTP 311 GET /gsorganizationvalsha2g2/MEOWSZBJMECWRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvB17BwQult5h8b0cFilTHMDMET.... 192.168.1.121 23.64.140.162 492 GET /img-resizer/tenant/amp/entityid/BB10vWrz.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=348&y=593 HTTP/1... 192.168.1.121 23.64.140.162 HTTP 494 GET /img-resizer/tenant/amp/entityid/BB10VMDG.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2316&y=1329 HTTP... 192.168.1.121 23.64.140.162 HTTP 492 GET /img-resizer/tenant/amp/entityid/BB10VMFm.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=552&y=277 HTTP/1... 192.168.1.121 117.18.237.29 HTTP 296 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEARDz%2F... 192.168.1.121 151.139.128.14 HTTP 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRac9iQ6hJWc99DtDoo2ucСECMELIPO1QDk... 192.168.1.121 151.139.128.14 HTTP 288 GET /MFEWTZBNMESWSTAJBgUrDgMCGgUABBR64T700MQqLL Qoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucСECmfLIPO1QDk... 192.168.1.121 172.217.174.226 HTTP 427 GET /bg/SXXDihyo1FSM_mX1A-SOWAIKUI JHxdicknf6pdu42gU.js HTTP/1.1 192.168.1.121 117.18.237.29 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 192.168.1.121 117.18.237.29 HTTP 294 GET /MFEWTZBNME SWSTAJBgUrDgMCGgUABBTPJVUY%2Bs%2Bj4yzQuAcL20Qno5fCgQUUWj%2FkK8CB3U8zNllzkiErhZcjsCEA5kSzCg... 192.168.1.121 172.217.174.226 HTTP 991 GET /pagead/gen_204?id=sodar&v=30&t=2&bgai=BJ41P-yNZXvaULIyMwg045Y64AgAAAAAAAEAEAg&bg=!mJulm4NYSHDUka-THUEC... 192.168.1.121 23.64.140.162 HTTP 493 GET /img-resizer/tenant/amp/entityid/BBX4wa4.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1247&y=1361 HTTP/... 192.168.1.121 23.64.140.162 HTTP 493 GET /img-resizer/tenant/amp/entityid/AAHiayo.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2419&y=1852 HTTP/... 192.168.1.121 23.64.140.162 HTTP 479 GET /img-resizer/tenant/amp/entityid/BBTkhHl.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg HTTP/1.1 HTTP > Frame 60: 311 bytes on wire (2488 bits), 311 bytes captured (2488 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: HonHaiPr_18:7b:23 (60:10:41:18:7b:23), Dst: Tp-Linkt_15:2e:f3 (98:da:c4:15:2e:f3) > Internet Protocol Version 4, Src: 192.168.1.121, Dst: 104.18.20.226 Transmission Control Protocol, Src Port: 54498, Dst Port: 80, Seq: 1, Ack: 1, Len: 257 Hypertext Transfer Protocol 9000 98 da c4 15 2e f3 bo 10 41 18 7b 23 08 00 45 00 0010 01 29 bf 62 40 00 40 06 3b 57 coa8 01 79 68 12 0020 14 e 2 d4 e2 90 50 8d a2 a 8c 4a 7fcb e8 50 18 0030 02 02 8f 33 00 00 47 45 54 20 2f 67 73 6f 72 67 0040 61 6e 69 7a 61 74 69 6f 6e 76 61 6c 73 68 61 32 0050 67 32 2f 4d 45 30 77 53 7a 42 4a 4d 45 63 77 52 0060 54 41 4a 42 67 55 72 44 67 40 43 47 67 55 41 42 0070 42 51 40 6e 6b 32 63 50 65 33 76 68 4e 69 52 36 . .. A # E :) b@ @ ;W...yh ..... .. .. ... . ...3..GE T /gsorg anizatio nvalsha2 g2/MEOWS ZBJMECWR TAJBgUrd gMCGgUAB BQMnk2cP e3vhNiR6 O Z Request Version: Character string Packets: 4398 Displayed: 81 (1.8%) · Dropped:0 (0.0%) D: 374 e Profile: Default 8:07 PM 28/02/2020 U: 454 ^ ° C) / ENG

Answer F
*************

Filter :http.response.line

- 0 OCSP *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help IUO XC992 T Q Q @ I http.response No. Time http.response.code Destination Protocol Length Info http.response.code.desc 12 0. http.response.line 192.168.1.121 OCSP 776 Response 65 0.2 http.response.phrase 192.168.1.121 OCSP 971 Response 85 0.2 http.response.version 192.168.1.121 OCSP 525 Response 122 0.http.response_for.uri 192.168.1.121 814 Response 123 0.5 http.response in 192.168.1.121 OCSP 825 Response 151 0.4 http.response_number be 192.168.1.121 OCSP 825 Response 217 0.943380 23.64.140.162 192.168.1.121 HTTP 1186 HTTP/1.1 200 OK (JPEG JFIF image) 219 0.943382 23.64.140.162 192.168.1.121 HTTP 697 HTTP/1.1 200 OK (JPEG JFIF image) 235 0.946334 23.64.140.162 192.168.1.121 HTTP 1167 HTTP/1.1 200 OK (JPEG JFIF image) 315 1.886576 117.18.237.29 192.168.1.121 OCSP 853 Response 649 3.983292 151.139.128.14 192.168.1.121 OCSP 525 Response 651 3.984325 151.139.128.14 192.168.1.121 OCSP 525 Response 717 4.458515 172.217.174.226 192.168.1.121 HTTP 306 HTTP/1.1 200 OK (text/javascript) 895 4.713810 117.18.237.29 192.168.1.121 OCSP 853 Response 900 4.721801 117.18.237.29 192.168.1.121 OCSP 853 Response 1056 5.620512 172.217.174.226 192.168.1.121 HTTP 469 HTTP/1.1 204 No Content > Frame 12: 776 bytes on wire (6208 bits), 776 bytes captured (6208 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: Tp-LinkT_15:2e:f3 (98:da:c4:15:2e:f3), Dst: HonHaiPr_18:7b:23 (60:10:41:18:7b:23) > Internet Protocol Version 4, Src: 104.18.20.226, Dst: 192.168.1.121 > Transmission Control Protocol, Src Port: 80, Dst Port: 54495, Seq: 1441, Ack: 1, Len: 722 > [2 Reassembled TCP Segments (2162 bytes): #6(1440), #12(722)] > Hypertext Transfer Protocol > Online Certificate Status Protocol 0000 bo 10 41 18 7b 23 98 da c4 15 2e f3 08 00 45 00 0010 02 fa 8b 86 40 00 38 06 75 62 68 12 14 e2 co a8 0020 01 79 00 50 d4 df 8a 33 6C if 17 b4 co d7 50 18 0930 00 42 3c ae 00 00 64 a 34 aa cb c7 7f 17 99 88 9040 fo 6d 50 48 e3 ec d4 ba f4 25 d8 ae 20 6e 29 ff 2050 8d 5e 4c 6e 31 ao 9c ba 52 5a d7 81 63 2b 05 09 0060 dc ci 58 a4 15 53 fb fd b5 4c 18 01 33 ad aa ao Frame (776 bytes) Reassembled TCP (2162 bytes) O Z Response: Boolean A { .....E @ 8ubh. y.p...3 1 ..... . B<...d. 4....... TPH . •• n): Lnl... RZC +.. X.5 L..3... Packets: 4398 · Displayed: 86 (2.0%). Dropped:0 (0.0%) D: 2.1 K Profile: Default 8:08 PM E 28/02/2020 U: 1.4 K A la 1) J ENG

Answer G
*************

Filter :http.response.code == 200

- 0 Help Tools I Protocol OCSP OCSP OCSP OCSP *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless LOL XC TI http.response.code == 2000 No. Time Source Destination 12 0.010913 104.18.20.226 192.168.1.121 65 0.223040 151.139.128.14 192.168.1.121 85 0.223049 151.139.128.14 192.168.1.121 122 0.371674 104.18.20.226 192.168.1.121 123 0.371675 104.18.20.226 192.168.1.121 151 0.455922 104.18.20.226 192.168.1.121 217 0.943380 23.64.140.162 192.168.1.121 219 0.943382 23.64.140.162 192.168.1.121 235 0.946334 23.64.140.162 192.168.1.121 315 1.886576 117.18.237.29 192.168.1.121 649 3.983292 151.139.128.14 192.168.1.121 651 3.984325 151.139.128.14 192.168.1.121 717 4.458515 172.217.174.226 192.168.1.121 895 4.713810 117.18.237.29 192.168.1.121 900 4.721801 117.18.237.29 192.168.1.121 1112 6.152666 23.64.140.162 192.168.1.121 Length Info 776 Response 971 Response 525 Response 814 Response 825 Response 825 Response 1186 HTTP/1.1 200 OK 697 HTTP/1.1 200 OK 1167 HTTP/1.1 200 OK 853 Response 525 Response 525 Response 306 HTTP/1.1 200 OK 853 Response 853 Response 1046 HTTP/1.1 200 OK OCSP OCSP HTTP HTTP HTTP OCSP OCSP OCSP HTTP OCSP OCSP HTTP (JPEG JFIF image) (JPEG JFIF image) (JPEG JFIF image) (text/javascript) (JPEG JFIF image) > Frame 12: 776 bytes on wire (6208 bits), 776 bytes captured (6208 bits) on interface \Device\NPF_{EB8A5677-BB51-4572-A4AD-B459C838D6A6}, id o > Ethernet II, Src: Tp-LinkT_15:2e:f3 (98:da:c4:15:2e:f3), Dst: HonHaiPr_18:7b:23 (60:10:41:18:7b:23) > Internet Protocol Version 4, Src: 104.18.20.226, Dst: 192.168.1.121 > Transmission Control Protocol, Src Port: 80, Dst Port: 54495, Seq: 1441, Ack: 1, Len: 722 > [2 Reassembled TCP Segments (2162 bytes): #6(1440), #12(722)] > Hypertext Transfer Protocol > Online Certificate Status Protocol 0000 bo 10 41 18 7b 23 98 da c4 15 2e f3 08 00 45 00 0010 02 fa 8b 86 40 00 38 06 75 62 68 12 14 e2 co a8 0020 01 79 00 50 d4 df 8a 33 6C if 17 b4 co d7 50 18 0930 00 42 3c ae 00 00 64 a 34 aa cb c7 7f 17 99 88 9040 fo 6d 50 48 e3 ec d4 ba f4 25 d8 ae 20 6e 29 ff 0050 8d 5e 4c 6e 31 a 9c ba 52 5a d7 81 63 2b 65 99 0060 dc ci 58 a4 15 53 fb fd b5 4c 18 01 33 ad aa ao Frame (776 bytes) Reassembled TCP (2162 bytes) O Z wireshark_Wi-Fi_20200228200235_a24736.pcapng A { .....E @ 8ubh. y.p...3 1 ..... . B<...d. 4....... TPH . •• n): Ln1... RZC+.. X.5 L..3... Packets: 4398 · Displayed: 81 (1.8%) · Dropped:0 (0.0%) D: 3.0 K U: 5.7K A ¢ la 1) / .. . Profile: Default 8:10 PM E 28/02/2020 ENG

Answer H
*************

- 0 31 HTTP *Wi-Fi File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help OOO XC 92 TbQ@I tcp.stream eq 11 No. Time Source Destination Protocol Length Info 247 20.123701 192.168.1.121 52.58.78.16 TCP 66 54806 + 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1 249 20.263948 52.58.78.16 192.168.1.121 TCP 66 80 – 54806 [SYN, ACK] Seq=0 Ack=1 Win=26883 Len=0 MSS=1440 SACK_PERM=1 WS=128 250 20.264290 192.168.1.121 52.58.78.16 TCP 54 54806 + 80 [ACK] Seq=1 Ack=1 Win=132352 Len=0 251 20.265769 192.168.1.121 52.58.78.16 472 GET / HTTP/1.1 256 20.406134 52.58.78.16 192.168.1.121 TCP 54 80 – 54806 [ACK] Seq=1 Ack=419 Win=28032 Len=0 259 20.413952 52.58.78.16 192.168.1.121 TCP 1152 80 + 54806 [PSH, ACK] Seq=1 Ack=419 Win=28032 Len=1098 (TCP segment of a reassembled PDU] 260 20.413953 52.58.78.16 192.168.1.121 HTTP 59 HTTP/1.1 301 Moved Permanently (text/html) 261 20.414048 192.168.1.121 52.58.78.16 TCP 54 54806 – 80 [ACK] Seq=419 Ack=1104 Win=131328 Len=0 2313 65.415156 192.168.1.121 52.58.78.16 TCP 55 (TCP Keep-Alive] 54806 + 80 [ACK] Seq=418 Ack=1164 Win=131328 Len=1 2214 CE 52527 52 52 78 16 102 169 1 121 TCD GG ETCD Von Alive ACVL 80 CARAS Carl Coo-1104 AK-410 Lin-28022 Lon-A CLE-A19 CDE-410 > Ethernet II, Src: HonHaiPr_18:7b:23 (60:10:41:18:7b:23), Dst: Tp-LinkT_15:2e:f3 (98: da:c4:15:2e:f3) > Internet Protocol Version 4, Src: 192.168.1.121, Dst: 52.58.78.16 > Transmission Control Protocol, Src Port: 54806, Dst Port: 80, Seq: 1, Ack: 1, Len: 418 Hypertext Transfer Protocol > GET / HTTP/1.1\r\n Host: casdre.com\r\n Connection: keep-alive\r\n Upgrade-Insecure-Requests: 1\r\n User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9, image/webp, image/apng,*/*;q=0.8, application/signed-exchange;v=b3;q=0.9\r\n Accept-Encoding: gzip, deflate\r\n Accept-Language: en-US,en;q=0.9\r\n \r\n [Full request URI: http://casdre.com/] [HTTP request 1/1] [Response in frame: 260] 9000 98 da c4 15 2e f3 bo 10 41 18 7b 23 08 00 45 00 0010 01 ca 61 c8 40 00 40 06 92 fa co a8 01 79 34 3a 0020 4e 10 d6 16 00 50 a3 aa b7 56 5c al 98 8a 50 18 0030 02 05 76 85 90 90 47 45 54 20 2f 20 48 54 54 50 0040 2f 31 2e 31 Od Oa 48 6f 73 74 3a 20 63 61 73 64 0050 72 65 2e 63 6f 6d Od Oa 43 6f 6e 6e 65 63 74 69 0060 6f 6e 3a 20 6b 65 65 70 2d 61 60 69 76 65 Od Da 0070 55 70 67 72 61 64 65 2d 49 6e 73 65 63 75 72 65 ... A {# . E a @.@ .....y4: N ..... V...P. ..V... GET / HTTP /1.1. Ho st: casd re.com Connecti on: keep-alive.. Upgrade - Insecure O 2 wireshark_Wi-Fi_20200228201440_a25536.pcapng Packets: 2544 . Displayed: 12 (0.5%) Profile: Default 8:16 PM E 28/02/2020 U: 355 4 0 a 1) / ENG

Answer J
************

DNS will response false as it does not have that site route and permanently moved page will be redirect to something google or website buying or available to purchase that domain.

A *Wi-Fi File Edit Wireshark. Follow HTTP Stream (tcp.stream eq 11). Wi-Fi - 0 x View Go Capture Ana GET / HTTP/1.1 Host: casdre.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Applewebkit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/ 537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9, image/webp, image/apng,*/*;q=0.8, application/signed- exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 d PDU] tcp.stream eq 11 No. Time Source 247 20.123701 192.168.1 249 20.263948 52.58.78. 250 20.264290 192.168.1 251 20.265769 192.168.1 256 20.406134 52.58.78. 259 20.413952 52.58.78. 260 20.413953 52.58.78. 261 20.414048 192.168.1 2313 65.415156 192.168.1 22:14 GC5C2027 52 58 78 > Frame 260: 59 bytes on wire ( > Ethernet II, Src: Tp-LinkT_15 > Internet Protocol Version 4, > Transmission Control Protocol > [2 Reassembled TCP Segments ( > Hypertext Transfer Protocol Line-based text data: text/ht <html><body>You are being HTTP/1.1 301 Moved Permanently Server: openresty/1.13.6.2 Date: Fri, 28 Feb 2020 14:43:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Location: https://dan.com/buy-domain/casdre.com?redirected=true&tid=com Cache-Control: no-cache Set-Cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c 5ca=RH11aOxPdFJtaillemczu3lUWEJYTJhY2hyaUtEV3BXenB5eTIPTG9xMDIRUOhSUWNOYOVmdOsvaG5tOWI4S2FRanQOSU90CXVYQUZ1L2MVRkhyV2NmawlsT Uw5VExLbzlpRlZ3WVVCNJA9LS11NXJ0Y1dDdURBTE9SQWUVSOh6wlhBPT%3D--f96cdcb934593b17a7d5334f4ale236697b9af8; path=/; HttpOnly X-Request-Id: ed8fcb9b-6356-40ca-99ac-78ada8e97080 X-Runtime: 0.007272 <html><body>You are being <a href="https://dan.com/buy-domain/casdre.com?redirected=true&amp;tld-com">redirected</a>.</ body></html> 0000 30 68 74 6d 6c 3e 3c 62 0010 61 72 65 20 62 65 69 6e 0020 66 3d 22 68 74 74 70 73 0030 6f 6d 2f 62 75 79 2d 64 0040 73 64 72 65 2e 63 6f 6d 0050 74 65 64 3d 74 72 75 65 0060 3d 63 6f 6d 22 3e 72 65 Frame (59 bytes) Reassembled TCP (110 O 2 wireshark_Wi-Fi_20200228201440 Packet 251. 1 client pkt, 1 server pkt, 1 turn. Click to select. Entire conversation (1510 bytes) Find: Show and save data as ASCII v Find Next Back Close Help D: 836 U: 546 A Filter Out This Stream Print Save as... Profile: Default 8:18 PM ENG NO 28/02/2020 1

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)