Thanks to all who participated in the packet capture challenge at Sharkfest 2012! We had a great time at Sharkfest! Here’s the solution, or scroll down to try the challenge yourself!
Many folks showed us different approaches to this challenge. Here is one approach.
Visit the HTTP Requests analysis tool for this capture and take a look at the Response Codes tab.
The Response Codes graph shows a break down of traffic by HTTP Response code. Select the 500 errors to view all the HTTP traffic with 500 error responses. This will bring you back to the packet view of the HTTP response traffic. Use the TCP follow stream on any of these requests to learn the actual HTTP host involved. The host is www.cherokee-project.com.
Now visit the HTTP Requests tool again and select “Request by Host”. Find www.cherokee-project.com and hit the ‘+’ to expand the different URLs to this host. It turns out only one URL is involveed. You can now select this URL to view all the individual requests with response times. The summary at the top tells you the longest response is 0.906130 seconds. You can search for this actual response in your browser and then view the stream to find exact timing information.
Stay tuned for more challenges!
The Sharkfest 2012 Packet Capture Challenge
Well, fear not, here it is:
This capture file contains several web requests. One specific URL experiences repeated 500 Internal Server Errors. Find that URL and then identify the specific request that had the longest response time. At what time was this request issued? HINT: Try using our new HTTP analysis tools by selecting Analysis Tools -> HTTP Requests.
Solve this during SHARKFest, bring the answer to us on Tuesday night at the vendor event, and get one of our famous CloudShark t-shirts!
For those of you at home, stay tuned. We’ll have an even harder challenge coming soon!