http.host contains "www.abc.net"
this only filter the destination host.
200 means transfer is OK.
A conditional GET is an HTTP GET request that may return an HTTP 304 response (instead of HTTP 200). An HTTP 304 response indicates that the resource has not been modified since the previous GET, and so the resource is not returned to the client in such a response, the server will ask the client to access the resource from local cache. See RFC 7232 for details.
Browsers maintain a cache and if the object is already cached, the server supports conditional GET, and the resource has not changed since the previous GET (as indicated by HTTP 304), the client accesses the resource from cache.
If browsing a site for the first time, data isn’t in cache, server sends back:
- cache control in seconds: how long the data is allowed to cache.
- Last modified: when the data was modified.
- Hash: check if the content has been changed.
There are at least two (not completely independent) approaches to conditional GET:
In both cases, the value of a response header is used as the value of a subsequent request header.
Filter to show the response packet:
Some data may not be cache-able, to show these packet, use filter:
Export http file:
click file > Export Object > http , choose a file
Fist, start capture, open browser, open a web site, then refresh it( so the browser will read most of the content from cache).
- The response phrase: not modified, so the client will read resource from cache.
- Server info: nginx
- Last-modified: the data when the requested data was modified, some server does not provide this info, only tell you if it’s been modified.
- Request in frame: means to which frame does this frame response, 630 is the request frame.
Then it’s better to analyze the request frame and see the content:
First, remove the filter expression and press enter:
- find the frame 630,the → arrow means the request frame also note that the ← means the response frame.
- expand Hypertext Transfer Protocol. The path after the GET is the requested resource.
- If-Modified-Since: the client ask the server if the requested data has been modified since this point.
- Cache-Control: max-age=0.
max-age=0simply tells caches (and user agents) the response is stale from the get-go and so they SHOULD revalidate the response (eg. with the
If-Not-Modifiedheader) before using a cached copy, whereas,
no-cachetells them they MUST revalidate before using a cached copy. More check here: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1
- command: ftp
- Data: ftp-data
FTP response code: https://en.wikipedia.org/wiki/List_of_FTP_server_return_codes
list, download and delete.
password is unencrypted
- Network Miner