Re: help abt HTTP protocol !
From: gaurav (gaurav_gopu_at_yahoo.com)
Date: 06/18/03
- Next message: Cedric Blancher: "Re: Linux Firewall/NAT replacement for Linksys BEFSR41"
- Previous message: David: "Re: CPU speed for Linux Firewall/NAT solution"
- In reply to: James Grant: "Re: help abt HTTP protocol !"
- Next in thread: gaurav: "Re: help abt HTTP protocol !"
- Reply: gaurav: "Re: help abt HTTP protocol !"
- Reply: James Grant: "Re: help abt HTTP protocol !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Jun 2003 00:21:46 -0700
James Grant <nospam@nospam.com> wrote in message news:<3EEF4A96.B9869660@nospam.com>...
> gaurav wrote:
> >
> > After 3-way handshake is done, say HTTP protocol has do transact with
> > its
> > request and reply .....Like GET, POST, HEAD, etc ... Now to validate
> > the protocol(HTTP), we have to look at more than 3 packets (TCP
> > handshake)...
> >
> > NOW MINE QUESTION IS !!!!
> >
> > Let me repeat, how many packets do we have to look at do decalre a
> > HTTP protocol connection, as HTTP itself and not any other protocol.
> >
> > kindly help me as soon as possible. ...
> >
> > Gaurav
>
> The answer is not as simple as you want.
> The HTTP request could be sent one byte at a time, covering
> hundreds of packets. An attacker could fragment the packets
> too.
>
> You really want to collect all the packets until you see
> complete line. Then you know you have the entire HTTP
> request.
>
> James Grant
thnx James for answerin me....
i wud like 2 make 1 thin clear is dat .. me is a novice in comp
security issues... it's an assignment given 2 me by my boss.... for
the time being let us assume dat.. the hacker is not fragmenting the
packets............ den how can i assertain ..dat a protocol is HTTP
itself...
I have juz been goin thru d RFC for HTTP protocol...
n wht i can get frm dem is dat is as follows :
A request message from a client to a server includes, within the first
line of that message, the method to be applied to the resource, the
identifier of the resource, and the protocol version in use.
Request = Request-Line ;
*( general-header ;
| request-header ;
| entity-header ) ;
CRLF
[ message-body ] ;
now the understanding part of dis format :
Request-Line
The Request-Line begins with a method token, followed by the
Request-URI and the protocol version, and ending with CRLF. The
elements are separated by SP characters. No CR or LF are allowed
except in the final CRLF sequence.
Request-Line = Method SP Request-URI SP HTTP-Version CRLF
the Methods defined here are as follows
Method
The Method token indicates the method to be performed on the
resource identified by the Request-URI. The method is case-sensitive.
Method = "OPTIONS" ;
| "GET" ;
| "HEAD" ;
| "POST" ;
| "PUT" ;
| "DELETE" ;
| "TRACE" ;
| extension-method
extension-method = token
Request-URI
The Request-URI is a Uniform Resource Identifier and identifies
the resource upon which to apply the request.
Request-URI = "*" | absoluteURI | abs_path
The three options for Request-URI are dependent on the nature of
the request. The asterisk "*" means that the request does not apply to
a particular resource, but to the server itself, and is only allowed
when the method used does not necessarily apply to a resource. One
example would be
OPTIONS * HTTP/1.1
General Header Fields
There are a few header fields which have general applicability for
both request and response messages, but which do not apply to the
entity being transferred. These header fields apply only to the
message being transmitted.
general-header = Cache-Control ;
| Connection ;
| Date ;
| Pragma ;
| Transfer-Encoding ;
| Upgrade ;
| Via ;
General-header field names can be extended reliably only in
combination with a change in the protocol version. However, new or
experimental header fields may be given the semantics of general
header fields if all parties in the communication recognize them to be
general-header fields. Unrecognized header fields are treated as
entity-header fields.
now..... dere are r very many details.. ..i hve juz listed a few of
dem...
now.. dis is wht d structure of HTTP goes abt...
kindly... guide me as to how should i proceed now .... !! should i
look for dis header information abt the HTTP in the TCP/IP packet that
is inbound or outbound.. or by nething else ...
waitin for ur reply..
thnx
gaurav
- Next message: Cedric Blancher: "Re: Linux Firewall/NAT replacement for Linksys BEFSR41"
- Previous message: David: "Re: CPU speed for Linux Firewall/NAT solution"
- In reply to: James Grant: "Re: help abt HTTP protocol !"
- Next in thread: gaurav: "Re: help abt HTTP protocol !"
- Reply: gaurav: "Re: help abt HTTP protocol !"
- Reply: James Grant: "Re: help abt HTTP protocol !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
