Lab 4: HTTP / HTTPS, DNS & Wireshark

Back to Labs

1. Lab Introduction

This lab covers the implementation and analysis of HTTP/HTTPS, DNS configuration in Cisco Packet Tracer, and packet capture/analysis using Wireshark. You will configure a web server, observe HTTP and HTTPS traffic, create DNS records, and use Wireshark filters to inspect network traffic.

2. HTTP vs HTTPS - Overview

HTTP (Hypertext Transfer Protocol) is the foundation of data communication for the World Wide Web. The client (browser) sends requests and the server responds with resources such as HTML. HTTPS secures HTTP by using SSL/TLS to encrypt the channel between client and server.

HTTP HTTPS
URL begins with http:// URL begins with https://
Port 80 Port 443
Unencrypted Encrypted (SSL/TLS)
No certificate required Server certificate required (CA-signed or self-signed for lab)
Works at Application Layer Encryption at Transport Layer (TLS) + Application

3. HTTP / HTTPS Packet Observation (Packet Tracer)

Steps (Packet Tracer):

  • Set up topology (server, client PCs, switches/routers if required) and assign static IPs.
  • Enable HTTP/HTTPS service on the server (Server > Services > HTTP / HTTPS).
  • From client Desktop > Web Browser, enter server IP or DNS name to request pages.
  • Switch to Simulation Mode, filter by http or https, capture and inspect PDUs. 

# Packet Tracer hints - browser test
1. Open PC0 -> Desktop -> Web Browser
2. Type web server IP (e.g. http://192.168.2.2) or hostname (<use DNS if configured>)
3. Switch to Simulation -> Edit Filters -> enable 'http' or 'https' then Capture/Forward
Note:

Observe HTTP and HTTPS traffic using Cisco Packet Tracer and capture PDUs to see difference in port numbers and payload.Use the Packet Tracer web browser and the simulation filters to capture HTTP (port 80) and HTTPS (port 443) PDUs and inspect the outbound/inbound PDU details.

4. DNS - Theory & Packet Tracer Configuration

DNS (Domain Name System) translates human-friendly hostnames into IP addresses. In Packet Tracer you can enable DNS on a server and add records like A, CNAME, NS, and SOA for the simulated network. 


# Common DNS record types (conceptual)
A      # Map hostname to IPv4 address
CNAME  # Alias pointing to a canonical hostname
NS     # Authoritative name server for a zone
SOA    # Start of Authority - zone metadata
Question: Configure basic DNS records in Packet Tracer so that hostnames resolve to server IPs.
Explanation: Add A records for hostnames (e.g., web-server -> 192.168.2.2) and CNAMEs for aliases so clients can resolve names in the lab topology.

Packet Tracer - Steps to add DNS records

  1. Click DNS Server > Services > DNS.
  2. Add an A record: name: web-server, IP: 192.168.2.2, click Add.
  3. Add a CNAME record: alias: www, canonical: web-server, click Add.
  4. On client PC, Desktop > Web Browser, type web-server or www to verify resolution.

5. Cisco Packet Tracer - Example CLI (router/server hints)

(Not all Packet Tracer devices require the same exact commands; this is sample CLI for real devices / learning.)


!-- Example: configure router interface (conceptual)
enable
configure terminal
interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 no shutdown
exit
!-- Configure DNS server IP on router (if acting as resolver)
ip name-server 192.168.2.10
Question: Assign IPs to router interfaces and set a name-server.
Explanation: Configure interface addressing and tell the router which DNS server to use as a resolver.

6. Wireshark - Comprehensive Display Filters

Wireshark is an open-source packet analyzer used for troubleshooting and protocol analysis. Use these filters to capture and analyze specific network traffic patterns.

Essential Wireshark Display Filters

http
Show HTTP requests and responses
dns
Show DNS queries and responses
tcp.port == 80
Filter HTTP traffic on port 80
tcp.port == 443
Filter HTTPS traffic on port 443
udp.port == 53
Filter DNS traffic on port 53
ip.src == x.x.x.x
Filter packets from specific source IP
ip.dst == x.x.x.x
Filter packets to specific destination IP
ip.addr == x.x.x.x
Filter packets to/from specific IP
arp
Show ARP requests and responses
icmp
Show ICMP packets (ping, traceroute)
tcp.flags.syn == 1
Show TCP SYN packets (connection initiation)
tcp.flags.fin == 1
Show TCP FIN packets (connection termination)
tcp.stream eq 1
Show specific TCP stream number
http.response.code == 200
Show HTTP 200 OK responses
http.response.code == 404
Show HTTP 404 Not Found responses
http.request.method == "GET"
Show HTTP GET requests only
http.request.method == "POST"
Show HTTP POST requests only
tls || ssl
Show TLS/SSL encrypted traffic
Question: Capture and filter packets to inspect HTTP/HTTPS/DNS traffic.
Explanation: Use Wireshark display filters to focus on relevant packets. For HTTPS, inspect the TLS handshake (ClientHello, ServerHello, Certificate).

7. HTTP Packet Analysis - Example (Wireshark)

Use the provided test site in the lab or any controlled test server (do not capture or inspect private traffic you don't own). Inspect the following in Wireshark:

  • Request line and headers (GET /index.html HTTP/1.1).
  • Response status (200 OK, 404 Not Found, etc.).
  • Observe that with HTTPS the application data is encrypted (you will not see HTML in the packet payload).

# Example test site used in lab (public test target)
URL: http://testphp.vulnweb.com/login.php
Username: test
Password: test
# (Used only in lab for educational packet structure analysis)
Question: Analyze an HTTP login request and locate the GET/POST request, headers, and response status.
Explanation: Use Wireshark to find the login request packet, inspect headers and follow the TCP stream to see the request/response exchange.

8. Lab Implementation - Interactive Screenshots

HTTP/HTTPS Implementation

DNS Implementation

9. Lab Resources

Lab 4 Task PDF

Download PDF