PL 3 A4 Simple LEX and YACC

Simple Calculator program using LEX and YACC:


calc.l:

%{
//declarations for c code
#include<stdio.h>
#include"y.tab.h"
//extern because it is declared in yacc file and used here   
extern int yylval;
%}

//regular expressions and corresponding actions for input streams read
%%
[0-9]+ {
    yylval=atoi(yytext);
    return NUMBER;
    }   
    //If any number is encountered yylval stores its value and we are returning token number which shows yylval's type ie int

[\t];    //we are ignoring white spaces
[\n] return 0; 
. return yytext[0];  //return all the other characters as it is
%%

int yywrap()   //returns 1 when end of file is reached otherwise its value is 0
{
return 1;
}


calc.y :

//for c declarations
%{
#include<stdio.h>
 #include<time.h>
int flag=0;
extern FILE* yyin;    //file pointer by default points to terminal
%}

//for declarations in yacc
%token NUMBER        //declaring token NUMBER
%left '+''-'        //to maintain associativity
%left '*''/''%'
%left '('')'

//context free grammar rules and corresponding action
%%
ArithematicExpression:E{
    printf("\n Result=%d\n",$$);
    return 0;
    }

E:E'+'E{$$=$1+$3;}    //$$ refers to non-terminal on left side, $1 to first E on right and so on
|E'-'E{$$=$1-$3;}    //Pseudo varibles in {} describe action to be performed for given grammar rule
|E'*'E{$$=$1*$3;}
|E'/'E{$$=$1/$3;}
|E'%'E{$$=$1%$3;}
|'('E')'{$$=$2;}
|NUMBER{$$=$1;}
;
%%

void main()
{
clock_t starttime;
clock_t endtime;
double timeinterval;
int i;
FILE* fp=fopen("expressions.txt","r");        //file contains expression to be evaluated
yyin=fp;

starttime=clock();
yyparse();     //yyparse() in turn calls yylex()

endtime=clock();
timeinterval=(double)(endtime-starttime)/CLOCKS_PER_SEC;
printf("Time required for execution=%lf Seconds.\n",timeinterval);

if(flag==0)
{
printf("\n ENTERED ARETHEMATIC EXPRESSION IS VALID \n\n");
}

}

void yyerror()
{
printf("\n ENTERED ARETHEMATIC EXPRESSION IS INVALID \n\n");
flag=1;
}


OUTPUT: 

PL 3 LEX and YACC installation in Ubuntu

LEX and YACC is very simple to install on Ubuntu. Just follow the three commands:

1)sudo apt-get update
2)sudo apt-get install flex       //flex package required for lex
3)sudo apt-get install bison    //bison package required for yacc

Screenshots for the same are attached below:

1)

2)

3)

Proxy Servers

1) Explain the difference between Web server and Proxy server?
-Both are computers but difference is in the functionalities they offer.
-Basically a proxy server works as a mediator between clients and requested server while a normal server is pretty direct.
-The Proxy server's function is to sit in between the client program and the external server and to filter the requests to be able to improve the performance.
-Proxy servers also cache the pages viewed so as to reduce latency for next request.
-The web server's function is to serve static content to the client by loading the files and documents from disk and serve it across the network to the end user.
-When a client accesses a web server its IP address and location are recognized by the web server but when approaching via a proxy server the IP address is disguised and thus not recognized by the web server.

2) Types of proxy servers?
-Normal (Regular/Caching) Proxy: A regular caching proxy server is a server which listens on a separate port (e.g. 3128) and the clients (browsers) are configured to send requests for connectivity to that port. So the proxy server receives the request, fetches the content and stores a copy for future use. So next time when another client requests for the same webpage the proxy server just replies to the request with the content in its cache thus improving the overall request-reply speed.

-Transparent Proxy : This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.)
  
-Anonymous Proxy: This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users.
   
-Distorting Proxy: This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.

-High Anonymity Proxy:This type of proxy server does not identify itself as a proxy server and does not make available the original IP address.

3) Why we should use SAN?
-Because of the following features:
    -A high-speed network of storage devices.
    -Connects the storage devices with servers.
    -Can be accessed by applications on networked servers.
    -Particularly helpful in backup and disaster recovery.
    -Uses networking protocols to span longer distances geographically.
    -SAN can also simplify some management tasks.
    -Offers flexibility, availability and performance.

4) What is squid?
-Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin.
- Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP.
-Caching frequently requested Web pages, media files and other content reduces bandwidth congestion and latency.
-Squid works by tracking object use over the network. Squid will initially act as an intermediary, simply passing the client's request on to the server and saving a copy of the requested object. If the same client or multiple clients request the same object before it expires from Squid's cache, Squid can then immediately serve it, accelerating the download and saving bandwidth.

5) What is default port of squid proxy?
-3128

6) What are the functionalities of squid proxy server?
-Squid is open source and freely available under GNU General Public License.
-Squid is not a generic proxy.It normally proxies only HTTP connections. It also does support other protocols like FTP,Gopher,SSL and WAIS but it does not support other internet protocols like real audio, news or video streaming because squid only supports UDP protocol for communication.
-It helps accelerate downloads and reduce latency by storing data in cache.
-ISP's have used squid since long back as it also helps for load balancing and handling traffic spikes

HTTP Header Analysis

1. What is Hypertext Transfer Protocol (HTTP)?
-It is an application layer protocol , designed to enable communications between clients and servers.
-HTTP works as a request-response protocol between a client and server.
-It is a generic and stateless protocol which can be used for other purposes using extensions of its request methods, error codes, and headers.
-Basically it is a TCP/IP based communication protocol used to access data on WWW.
-Also it is a connectionless protocol and uses default port as 80.

2. Port number for HTTP protocol.
-80

3. What are the HTTP request methods?
-GET  : Requests data from a specified resource
-POST : Submits data to be processed to a specified resource
-HEAD :    Same as GET but returns only HTTP headers and no document body
-PUT  :    Uploads a representation of the specified URI
-DELETE  :     Deletes the specified resource
-OPTIONS :     Returns the HTTP methods that the server supports
-CONNECT :    Converts the request connection to a transparent TCP/IP tunnel

4. What HTTP response headers do?
-The information, in the form of a text record, that a Web server sends back to a client's browser in response to receiving an HTTP request.
-The response header contains the date, size and type of file that the server is sending back to the client and also data about the server itself. The header is attached to the files being sent back to the client.

5. What happens to an undeliverable datagram?
-An undeliverable datagram is discarded and and ICMP error message is sent to source host.

6. What is HTTP session state?
-Session state, in the context of .NET, is a method keep track of the a user session during a series of HTTP requests.
-Session state allows a developer to store data about a user as he/she navigates through ASP.NET web pages in a .NET web application.
-The HTTP protocol is stateless, which means that HTTP has no built-in way to keep track of a user as they navigate from one webpage to another.
-As a result, there are a number of other methods used to maintain state. These include session state, cookies, hidden form fields (known as viewstate in .NET), passing variables through the querystring, and form posts.
-Storing session state in the application pool also means that data is lost if the server is rebooted.

7. What is the work of http in the server?
-A web server processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web.
-The primary function of a web server is to store, process and deliver web pages to clients.
-The communication between client and server takes place using the Hypertext Transfer Protocol (HTTP).
-A user agent, commonly a web browser initiates communication by making a request for a specific resource using HTTP and the server responds with the content of that resource or an error message if unable to do so.
-While the primary function is to serve content, a full implementation of HTTP also includes ways of receiving content from clients.

8. What are Status codes?
-The Status-Code element in a server response, is a 3-digit integer where the first digit of the Status-Code defines the class of response and the last two digits do not have any categorization role. There are 5 values for the first digit:
-1xx: Informational(It means the request has been received and the process is continuing)
-2xx: Success (It means the action was successfully received, understood, and accepted)
-3xx: Redirection (It means further action must be taken in order to complete the request)
-4xx: Client Error (It means the request contains incorrect syntax or cannot be fulfilled)
-5xx: Server Error (It means the server failed to fulfill an apparently valid request)




9. What s a Request message?
-An HTTP client sends an HTTP request to a server in the form of a request message to get certain data from server.
-A request message has following format:
    i) A Request-line
    ii) Zero or more header (General|Request|Entity) fields followed by CRLF
    iii) An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields
    iv) Optionally a message-body

10. What are Persistent connections?
-HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple HTTP requests/response,as opposed to opening a new connection for every single request/response pair.


11. In non – persistent HTTP connection, how can HTTP inform the TCP protocol that the end of the message has been reached?
-The HTTP client initiates a TCP connection to the server .
-The HTTP client sends a HTTP request message into the socket associated with the TCP connection that was established in step 1.
-The HTTP server:
    i) receives the request message via the socket associated with the connection that was established in step 1,
    ii) retrieves the object /someDepartment/home.index from its storage (RAM or disk),
    iii) encapsulates the object in a HTTP response message, and
    iv) sends the response message into the TCP connection.
-The HTTP server tells TCP to close the TCP connection. (But TCP doesn't actually terminate the connection until the client has received the response message intact.)
-The HTTP client receives the response message.The TCP connection terminates. The message indicates that the encapsulated object is an HTML file.

12. Difference between URL, URI & URN.
-All three are used to identify any resource or name on the internet but URI is superset of both URN and URL.
-Main difference between URL and URI is protocol to retrieve resource; URL includes network protocols i.e. HTTP,HTTPS,FTP etc while URI in case of URN uniquely identifies the resource eg. ISBN numbers.

Installing and configure DHCP server

Installing and configure DHCP server and


write a program (C++\Python\Java)


to install the software on remote machine.

#!/usr/bin/python

import os

import commands

while True:

x=int(raw_input("1.Install and configure DHCP\n2.Install an software on remote machine\n"))

if x==1:

current_ip=commands.getoutput("hostname -I")

print "Current IP address is : " , current_ip

os.system("yum remove dhcp")

os.system("yum install dhcp")

os.system("vi /etc/dhcp/dhcpd.conf")

os.system("systemctl start dhcpd.service")

os.system("systemctl enable dhcpd.service")

os.system("chkconfig dhcpd on")

os.system("service dhcpd restart")

current_ip=commands.getoutput("hostname -I")

print "Current IP address is : " , current_ip

if x==2:

os.system("ssh TE@192.168.5.77") 

OUTPUT:

[root@localhost]# python a4.py 1.Install and configure DHCP 2.Install an software on remote machine 1 Current IP address is : 192.168.5.76 Loaded plugins: langpacks, refresh-packagekit Resolving Dependencies --> Running transaction check ---> Package dhcp.x86_64 12:4.2.7-2.fc20 will be erased --> Finished Dependency Resolution Dependencies Resolved =================================== Package Arch Version Repository Size =================================== Removing: dhcp x86_64 12:4.2.7-2.fc20 @updates 1.4 M Transaction Summary =================================== Remove 1 Package Installed size: 1.4 M Is this ok [y/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : 12:dhcp-4.2.7-2.fc20.x86_64 1/1 warning: /etc/dhcp/dhcpd.conf saved as /etc/dhcp/dhcpd.conf.rpmsave Verifying : 12:dhcp-4.2.7-2.fc20.x86_64 1/1 Removed: dhcp.x86_64 12:4.2.7-2.fc20 Complete! Loaded plugins: langpacks, refresh-packagekit Resolving Dependencies --> Running transaction check ---> Package dhcp.x86_64 12:4.2.7-2.fc20 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================== Package Arch Version Repository Size =================================== Installing: dhcp x86_64 12:4.2.7-2.fc20 updates 516 k Transaction Summary =================================== Install 1 Package Total download size: 516 k Installed size: 1.4 M Is this ok [y/d/N]: y Downloading packages: dhcp-4.2.7-2.fc20.x86_64.rpm | 516 kB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 12:dhcp-4.2.7-2.fc20.x86_64 1/1 Verifying : 12:dhcp-4.2.7-2.fc20.x86_64 1/1 Installed: dhcp.x86_64 12:4.2.7-2.fc20 Complete! ln -s '/usr/lib/systemd/system/dhcpd.service' '/etc/systemd/system/multi-user.target.wants/dhcpd.service' Note: Forwarding request to 'systemctl enable dhcpd.service'. Redirecting to /bin/systemctl restart dhcpd.service Current IP address is : 192.168.5.76 1.Install and configure DHCP 2.Install an software on remote machine 2 TE3@192.168.5.77's password: Last login: Tue Feb 7 14:14:14 2017 from 192.168.5.76 [TE3@localhost ~]$ su Password: [root@localhost]# yum remove wireshark Loaded plugins: langpacks, refresh-packagekit No Match for argument: wireshark No Packages marked for removal [root@localhost]# yum install wireshark Loaded plugins: langpacks, refresh-packagekit Resolving Dependencies --> Running transaction check ---> Package wireshark.x86_64 0:1.10.14-1.fc20 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================== Package Arch Version Repository Size =================================== Installing: wireshark x86_64 1.10.14-1.fc20 updates 13 M Transaction Summary =================================== Install 1 Package Total download size: 13 M Installed size: 69 M Is this ok [y/d/N]: y Downloading packages: wireshark-1.10.14-1.fc20.x86_64.rpm | 13 MB 00:00:24 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wireshark-1.10.14-1.fc20.x86_64 1/1 Verifying : wireshark-1.10.14-1.fc20.x86_64 1/1 Installed: wireshark.x86_64 0:1.10.14-1.fc20 Complete! [root@localhost]# whereis wireshark wireshark: /usr/lib64/wireshark /usr/share/wireshark [root@localhost]# yum remove wireshark Loaded plugins: langpacks, refresh-packagekit Resolving Dependencies --> Running transaction check ---> Package wireshark.x86_64 0:1.10.14-1.fc20 will be erased --> Finished Dependency Resolution Dependencies Resolved =================================== Package Arch Version Repository Size =================================== Removing: wireshark x86_64 1.10.14-1.fc20 @updates 69 M Transaction Summary =================================== Remove 1 Package Installed size: 69 M Is this ok [y/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : wireshark-1.10.14-1.fc20.x86_64 1/1 Verifying : wireshark-1.10.14-1.fc20.x86_64 1/1 Removed: wireshark.x86_64 0:1.10.14-1.fc20 Complete! [root@localhost]# whereis wireshark wireshark:[root@localhost]# exit exit [TE3@localhost ~]$ exit logout Connection to 192.168.5.77 closed. 1.Install and configure DHCP 2.Install an software on remote machine ^Z [1]+ Stopped python a4.py [root@localhost]# exit exit

Read the HTTP header and analyze the parameters.

Write a C++ program to read the HTTP header and analyze the parameters.

#include <iostream>
#include <string>
#include <cstring>
#include <crafter.h>
#include <stdio.h>

using namespace std;
using namespace Crafter;

int tcpcount = 0;
int httpcount = 0;
int req_count = 0;
int res_count = 0;
int ok= 0;
int moved = 0;
int forbidden = 0;
struct Info
{
    string hostname ;
    int requestcount ;
    string contenttype;
} ;
Info in[10];
int count=1;

void PacketHandler(Packet* sniff_packet, void* user) {
        RawLayer* raw_payload = sniff_packet->GetLayer<RawLayer>();
        if(raw_payload) {

TCP* tcp_layer = sniff_packet->GetLayer<TCP>();
cout << "[#] TCP packet from source port: " << tcp_layer->GetSrcPort() << endl;
tcpcount++;

                string payload = raw_payload->GetStringPayload();
                string test1="HTTP/1.1";
string test2="GET";
string test3="POST";
string test4="HTTP/1.0";
string test5="200";
string test6="302";
string test7="403";
if(strstr(payload.c_str(),test1.c_str())||strstr(payload.c_str(),test4.c_str()))
{
                cout << "[+] ---PACKET--- [+]" << endl;
cout<<payload<<endl;
cout << "[#] With Properties: " << endl;
cout<<"HTTP PACKET FOUND!!!"<<endl;
httpcount++;
if((strstr(payload.c_str(),test5.c_str())))
{
ok++;
}
else if((strstr(payload.c_str(),test6.c_str())))
{
moved++;
}
else if((strstr(payload.c_str(),test7.c_str())))
{
forbidden++;
}
if((strstr(payload.c_str(),test2.c_str()))||(strstr(payload.c_str(),test3.c_str())))
{
cout<<"REQUEST PACKET FOUND!!!"<<endl;
req_count++;
}
else
{
cout<<"RESPONSE PACKET FOUND!!!"<<endl;
res_count++;
}
std::string delimiter = "\n";

size_t pos,pos1 = 0;
std::string token;

int isize=sizeof(in)/sizeof(in[0]);
int flag=0;

while ((pos = payload.find(delimiter)) != std::string::npos)
{

    token = payload.substr(0, pos);

    if((pos1=token.find("Host:"))!=std::string::npos)
    {
    for(int ii=0;ii<count;ii++)
    {
    if(in[ii].hostname==token)
    {
    
    in[ii].requestcount++;
    flag=1;
    }
    else
    {
    
    flag=0;
    }
    }
    if(flag==0)
    {

in[count].hostname=token;
in[count].requestcount=1;  
count++;
    cout << "\n-->\t"<<token << endl; 
    
    }
    
    
    }
    payload.erase(0, pos + delimiter.length());
}
}

        }
}


int main() {
        string iface = "p4p1";
        Sniffer sniff("tcp",iface,PacketHandler);
sniff.Capture(200);
cout <<"\nNumber of TCP packets: "<<tcpcount;
cout<<"\nNumber of HTTP headers :"<<httpcount<<endl;
cout<<"\nNumber of Request Packets :"<<req_count<<endl;
cout<<"\nNumber of Response Packets :"<<res_count<<endl;
cout<<"\nMoved :"<<moved<<endl;
cout<<"\nOK :"<<ok<<endl;
cout<<"\nForbidden :"<<forbidden<<endl;
for(int jj=0;jj<count;jj++)
        {
        cout<<"host name is       "<<in[jj].hostname<<"\n";
        cout<<"request count is   "<<in[jj].requestcount<<"\n";
       
        }
        return 0;
}  

OUTPUT:

[root@06 crafter-0.2]# g++ /home/tecomp/3425/assign1.cpp -lcrafter
[root@06 crafter-0.2]# ./a.out
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://ocsp.digicert.com/ HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive

0q0o0M0K0I0     + �&� ��~�B� /j �
0 Qh��� u<��edb� �Yr; ӷ �d�:'��    ��G�� 0 0     + 0
      + 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!

-->    Host: ocsp.digicert.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=506358
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:32 GMT
ETag: "586b34ab-1d7"
Expires: Mon, 09 Jan 2017 22:21:32 GMT
Last-Modified: Tue, 03 Jan 2017 05:20:43 GMT
Server: ECS (maa/AE9B)
X-Cache: HIT
Content-Length: 471
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://ocsp.digicert.com/ HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive

0q0o0M0K0I0     + ߪ �(�    A���B��G@B�X� �>�i ��G Ԙ& �cd+� ����\��m�+B�]0�� 0 0     + 0
      + 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=503978
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:32 GMT
ETag: "586b3534-1d7"
Expires: Mon, 09 Jan 2017 22:21:32 GMT
Last-Modified: Tue, 03 Jan 2017 05:23:00 GMT
Server: ECS (maa/AE9C)
X-Cache: HIT
Content-Length: 471
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[+] ---PACKET--- [+]
CONNECT start.fedoraproject.org:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: start.fedoraproject.org


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!

-->    Host: start.fedoraproject.org
[#] TCP packet from source port: 60275
[+] ---PACKET--- [+]
CONNECT piwik.fedorainfracloud.org:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: piwik.fedorainfracloud.org


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!

-->    Host: piwik.fedorainfracloud.org
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 Connection established


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60276
[+] ---PACKET--- [+]
GET http://www.google.com/ HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NID=94=fHprfB0JZPoVHBUrUVNhvIqg5ZWOXBKDO6wCrLoyyC7gzXub98cm6YQg-FfHNC9j6biMixluZucJIcYlx02AGC-msLXj7Kzlzu_Q65rtjeDdxuz0frFQc1Uj9d5fOw_DsUsO7ECJqsgfvs5p
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!

-->    Host: www.google.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA
Content-Length: 261
Date: Tue, 03 Jan 2017 10:21:39 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60276
[+] ---PACKET--- [+]
GET http://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA HTTP/1.1
Host: www.google.co.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NID=94=EQCI91_cgorVVlAFLWvJmLQknPUD-Av1uGFz7aWB1YkweH2Qp5nBe8-TUZI_tJi1QgoeoGd7XTb3PSq_ffd0hTMk6hh913BoaLZiEoMLqc7OinozTPAdsLO5MrzSRraZP3bpImCoB9YNfnKNeAXIKik; OGPC=135465984-7:
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!

-->    Host: www.google.co.in
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 302 Moved Temporarily
Location: https://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 03 Jan 2017 10:21:39 GMT
Server: gws
Content-Length: 277
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[+] ---PACKET--- [+]
CONNECT www.google.co.in:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google.co.in


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 Connection established


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://clients1.google.com/ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0     + ��j��� �p�I #z�� (~d J� ��h�v����b �Z�/+j8���� 0 0     +0 0
      + 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!

-->    Host: clients1.google.com
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:40 GMT
Expires: Sat, 07 Jan 2017 10:21:40 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://g.symcd.com/ HTTP/1.1
Host: g.symcd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 102
Content-Type: application/ocsp-request
Connection: keep-alive

0d0b0@0>0<0     + ��9 � ��yP �`�Ԣ<��� �*�A���¸>U��� � :�� 0 0     +0 0
      + 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!

-->    Host: g.symcd.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=592223, public, no-transform, must-revalidate
Last-Modified: Tue, 3 Jan 2017 06:51:03 GMT
Expires: Tue, 10 Jan 2017 06:51:03 GMT
Date: Tue, 03 Jan 2017 10:21:40 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128

Number of TCP packets: 85
Number of HTTP headers :17

Number of Request Packets :6

Number of Response Packets :11

Moved :2

OK :6

Forbidden :0
host name is     
request count is   0
host name is       Host: ocsp.digicert.com
request count is   2
host name is       Host: start.fedoraproject.org
request count is   1
host name is       Host: piwik.fedorainfracloud.org
request count is   1
host name is       Host: www.google.com
request count is   1
host name is       Host: www.google.co.in
request count is   2
host name is       Host: clients1.google.com
request count is   1
host name is       Host: g.symcd.com
request count is   1
[root@A06 crafter-0.2]#