CloudShark Blog

Training, webinars, and resources for network analysis

June 28, 2012

Sharkfest Packet Capture Challenge Solution

Published
June 28, 2012
Share

Tags
HTTP

Thanks to all who participated in the packet capture challenge at Sharkfest 2012! We had a great time at Sharkfest! Here’s the solution, or scroll down to try the challenge yourself!

The Solution

Many folks showed us different approaches to this challenge. Here is one approach.

Visit the HTTP Requests analysis tool for this capture and take a look at the Response Codes tab.

https://www.cloudshark.org/analysis/61cdf49986bd/http_req

The Response Codes graph shows a break down of traffic by HTTP Response code. Select the 500 errors to view all the HTTP traffic with 500 error responses. This will bring you back to the packet view of the HTTP response traffic. Use the TCP follow stream on any of these requests to learn the actual HTTP host involved. The host is www.cherokee-project.com.

https://www.cloudshark.org/analysis/61cdf49986bd/follow?stream=1&proto=tcp

Now visit the HTTP Requests tool again and select “Request by Host”. Find www.cherokee-project.com and hit the ‘+’ to expand the different URLs to this host. It turns out only one URL is involveed. You can now select this URL to view all the individual requests with response times. The summary at the top tells you the longest response is 0.906130 seconds. You can search for this actual response in your browser and then view the stream to find exact timing information.

Stay tuned for more challenges!

The Sharkfest 2012 Packet Capture Challenge

Greetings SHARKFest! What would you think of us if we hadn’t come up with a packet capture challenge just for you?

Well, fear not, here it is:

https://www.cloudshark.org/captures/0d3ba6b38d8f

This capture file contains several web requests. One specific URL experiences repeated 500 Internal Server Errors. Find that URL and then identify the specific request that had the longest response time. At what time was this request issued? HINT: Try using our new HTTP analysis tools by selecting Analysis Tools -> HTTP Requests.

Solve this during SHARKFest, bring the answer to us on Tuesday night at the vendor event, and get one of our famous CloudShark t-shirts!

For those of you at home, stay tuned. We’ll have an even harder challenge coming soon!

About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: