I have a server, and I was monitoring the incoming requests. There is a particular email, from which I'm getting multiple requests, but the IP address keeps changing little by little every few days. Example -
Request 1 -> (Email1, X.Y.Z.56)
Request 2 -> (Email1, X.Y.Z.56)
(after few days...)
Request 3 -> (Email1, X.Y.Z.57)
Request 4 -> (Email1, X.Y.Z.57)
(after few days...)
Request 5 -> (Email1, X.Y.Z.58)
Request 6 -> (Email1, X.Y.Z.58)
Request 7 -> (Email1, X.Y.Z.58)
(after few days...)
Request 8 -> (Email1, X.Y.Z.59)
How is the user able to change his public IP address so often? The requests are from the same email.
Got some help from my colleague. This is very interesting. Here is the complete discussion - Quora Link
It all depends on the ISP. It often allocates IP addresses dynamically, based on availability.
Related
I ran wireshark for a while and opened a few webpages now my class assignment is asking me to find out the number of http and https connections established. Can you suggest commands or filters to find these out?
HTTP is connection-less, that means client and server knows about each other during current request and response only. You can open the .pcapng file and then
Click on “Statistics”
Select “HTTP”
Select “Packet Counter“
In my case, I can 14 requests and 14 responses. (Success 2xx).
Consider a scenario,
A is running a server.
B is connected to A. Also, B is running a server. B works as a router.
C is connected to B.
Network Architecture
Now C makes a HTTP request to A via B.
i.e. C will request B and B will request A.
The response B gets from A will be sent to C.
So how A can distinguish that whether request from B is original request from B.
or request from some other clients of B?
B is called a "proxy".
The proxy can add an HTTP header:
X-Forwarded-For: <client>, <proxy1>, <proxy2>
So that A will know that B is proxy for a request from C.
The X-Forwarded-For (XFF) header is a de-facto standard header for
identifying the originating IP address of a client connecting to a web
server through an HTTP proxy or a load balancer.
See here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
I would like to know your view/comments regarding this concept. If an alternative is available? And if this would be feasible/beneficial?
As per my understanding, for every http request, the server performs some operation and sends back a http response.
Now consider any scenario, where we want to have more control over the process running on the server.
Situation 1 : http request send -> server start processing (long task in process) -> user closes the browser.
Here the process still executes, consuming the server and http response will be ignored at the client.
Here resources are wasted.
Situation 2 : http request send -> server starts processing (long task in process)
Here the client is unaware of the status of the process running in the server.
The client has to wait till it gets back the http response.
My Idea : In between the initial http request and final http response, add a feature to send multiple intermediate http responses, that will carry information regarding the process running at the server end.
Solution to Situation 1 : http request send -> server start processing (long task in process) -> [ return the process id as an intermediate http response] -> user closes the browser -> [ send an http request to closes the server process using the process id]
Solution to Situation 2 : http request send -> server starts processing (long task in process) -> [return http responses with details of the process running at the server at intervals] -> [perform any operation if required]
Kindly comment :) and correct if I'm missing anything.
For "Situation 2", you should have a look at informational responses; see https://greenbytes.de/tech/webdav/rfc7231.html#status.1xx.
I'm currently trying to automatically reconstruct an HTTP browsing only with a pcap ( basically it means matching an HTTP reply to the next HTTP requests). Most of the times, it works fine but sometimes a certain url, u, is present in the data of multiple HTTP replies.
For example, if u1 and u2 contains u in their reply data and if the request to u happens after the request to u2, how can I decide if the request to u was caused by u1 or by u2 ? Note that no request to u was made between u1 and u2.
Are there some fields in any network layer that I can use to make this match ?
Thanks!
HTTP runs on top of TCP, which is connection-oriented. You have access to the IP header of the connection used for the HTTP request (client IP/port -> server IP/Port).
HTTP is a command/response protocol, there is 1 response for each request.
So, simply look for an HTTP response immediately following the HTTP request on the same TCP connection (server IP/Port -> client IP/Port).
HTTP is state-less, the connection may be closed between requests without affecting the overall browsing model (closing connections is the required behavior in HTTP 0.9, is the default behavior in HTTP 1.0, and is not the default behavior in HTTP 1.1+), so it is possible for an HTTP response to trigger subsequent requests on new connections, so you need to be ready to handle that. The Connection header in the HTTP request will tell you whether the client is asking for the connection to remain open or not. The Connection header in the HTTP response will tell you whether the server is actually closing the connection or not after sending the response. But even if the server leaves the connection open, that is no guarantee that the client will actually reuse the same connection for later requests to the same server (though it likely will, unless a timeout elapses between requests).
I have a client program running locally in iPhone emulator and local server written in Java. Client talks to server with JSON over HTTP requests. Now I am trying to record a client session http requests with JMeter to use them as a base to load-test server.
The problem is client requests do not go throw JMeter proxy. Client gets 501 "Method not implemented" (it is not because of https, I am using http). There is nothing in JMeter log about the request, and obviously nothing gets recorded in JMeter and the request doesn't reach the server.
There is well-described steps to setup JMeter proxy to record request from a browser, but my client programm is not a browser. Though JSON over HTTP is widely adopted approach, I could not find anything on the web about recording such requests with JMeter. I understand I need to do on the client the same thing browser does when proxying request and what I've found about it is that I need to set Host header to server's host and port, but that did not work and I cannot see how is it related to 501 error client gets.
If someone can explain what should be done on client or how to configure JMeter to let it know where to proxy client's requests or link any manual explaining that, it would be great help. I've been searching for solution for a few hours already and had no luck. Please help.
You can see my question and the answer I got below:
Use Jmeter proxy to record HTTP calls from iOS simulator
In short:
With this tutorial you can record calls from your Android device:
http://blazemeter.com/blog/load-testing-mobile-apps-made-easy
For make same thing with iPhone, do the following steps:
Mac configuration:
system preferences -> Network -> Advanced.. -> Proxies -> check "Web Proxy (HTTP) ->in "Web Proxy Server" field, type your IP (http://www.wikihow.com/Find-Your-IP-Address-on-a-Mac), and choose available port (I using 8080) ->ok -> Apply
iPhone configuration:
Settings -> WiFi -> choose same wifi you use with your Mac -> press on it again to go to it's details -> scroll down ->In HTTP proxy, choose Manual -> server = your mac IP you found earlier -> port = the port you chosen (maybe 8080)
Now You can start recording all "iPhone network out" using jmeter recording controller