[ Up (Contents) ] Last Updated: 30 August 2000

APPENDIX C

The XHTML 1.0 Web development Sourcebook

Monitoring HTTP Transactions

This Appendix describes using the programs listen, backtalk, telnet, and monitor to observe the data sent between a Web client (such as a browser) and a Web server. Listen acts like a dumb server and lets you observe the data that a browser sends when it requests a specific URL. Backtalk is a slightly more intelligent version of listen that lets you (the user) see the data sent by the browser, and also allows you type data to be sent to the browser after the browser has made a request. Thus, using backtalk, you can play the role of a Web server, typing in various server response messages and seeing how they affect the browser. These two programs are discussed in Section C.1.

Telnet lets you mimic the role of a browser. Telnet can make a connection to any port on a computer and, once a connection is made, any characters you type are sent to the remote port, and any text returned by the remote port are typed to the display. Thus, by using telnet to connect to a remote Web server, you can type HTTP request header fields (and data) into the telnet client, mimicking the behavior of a browser, and then see the data sent back by the remote server. This procedure is described in Section C.2.

Monitor lets you monitor the data sent between a browser and a remote Web server. It does this by acting as a simpleminded proxy server—using suitably written URLs, the Web browser connects (and sends data) to monitor, which forwards the data to a designated Web server, but also copies this information to a designated file. Subsequently, when the remote Web server returns data to monitor, monitor forwards this data to the browser and also copies the data to the designated file. As a result, the data file retains a record of all the data sent between the browser and the remote server.

The programs listen, backtalk, and monitor are available for downloading, as described in Section C.4, both as source code (in C) and as compiled executables for a number of different platforms. The telnet program is a standard tool on all Unix, Windows 95/98/2000/NT, and Macintosh systems.

Alternate Formats
This Document (Word 6 Format)

 

 



C.1 Listen and Backtalk to Mimic a Server

Listen is a simple program that listens at a TCP/IP port and prints to the display any characters received at the port. Thus, by pointing a browser at the port being monitored by listen, this program can be used to observe the data that Web browsers send when making an HTTP request. Similar to listen, backtalk listens at a TCP/IP port and prints to the display any characters received at the port. However, backtalk also lets the user type characters (enter data) at the console, with these characters being sent back to the remote program that is talking to that port. Thus, backtalk can act like a simpleminded HTTP server—or rather, the user and backtalk can act like a simpleminded server, because the user has to type, by hand, the data to be returned to the browser.

To run either program, simply type the program name at the command prompt. Listen (or backtalk) then prints the port number it is listening at and goes silent. Here is a typical example (the typed command is shown in boldface):

prompt%> listen

listening on 2055

At this point, any data sent to port 2055 on this computer will be printed on the screen just below the string listening on 2055. For example, if the preceding command were executed on the machine with domain name www.testing.org, then a browser could be pointed to the running listen program simply by accessing the URL

http://www.testing.org:2055/test_data

where test_data is added simply to place some data in the location portion of the URL. Note that this could be done in several ways:

  • By typing the URL directly into a browser’s location or address window
  • By creating an X/HTML document containing hypertext links that point to the correct URL
  • By writing an X/HTML document containing a form that references the correct URL

When a browser accesses the indicated URL, it sends an HTTP message to the indicated port—this message (the HTTP header plus any subsequent data) is then displayed at the console, as illustrated in Figure C.1. Thus, you can use these programs to observe essentially all forms of interaction between a browser and a server.

Figure C.1
Example of a backtalk session. The text in boldface italics is typed by the user. The browser’s request header begins with the line GET /test_data HTTP/1.0 and ends with a single blank line.

prompt%> backtalk
listening on 2055
GET /test_data HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.61 [en] (Win98; I)
Host: www.testing.org:2055
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
HTTP
/1.0 200 OK
Date: Wed, 26 Jan 2000 22:26:03 GMT
Content-Type: text
/html
<html>
<head><title>Test document<
/title></head>
<body>
<h1>Test page<
/h1>
<
/body></html>
^D

With backtalk, any characters typed by the user are sent to the remote client attached to this port—the italicized boldface text in Figure C.1 is an example of the type of text a person might type. With backtalk, the character Ctrl-D (indicated in Figure C.1 by the symbol ^D) tells backtalk to close the connection to the browser. This informs the browser that all data has arrived and causes it to render the page. To stop backtalk (or listen), you simply type Ctrl-C.

Source code and executable versions of listen and backtalk can be downloaded from the book’s supporting Web site, as described in Section C.4.

Back to top

C.2 Using Telnet to Mimic a Browser

You can use a telnet client to play the role of a Web browser. For example, on a Unix system, typing the command:

telnet www.testserver.org 80

makes a connection to port 80 on the machine www.testserver.org (this can be similarly done using Windows or Macintosh telnet clients, simply by entering the server’s host name and the desired port number in the appropriate boxes). If there is a Web server running on this port, any characters typed by the user are sent to the Web server, which interprets them as commands coming from a remote client (such as a Web browser). After a complete request is sent, the remote server will send data back, which the telnet client simply types to the screen. An example is shown in Figure C.2—here, the HTTP message information typed in by the user consists solely of the string GET /foo.html HTTP/1.0, followed by a single blank line (noted here by the symbol <CRLF> that marks the end of the header. The data that follows (in normal font) is that returned by the Web server.

Figure C.2
Example of a Unix-style telnet session to a remote Web server. The text in boldface italics is typed by the user. The symbol <crlf> corresponds to an empty line typed in by the user.

prompt%> telnet www.testserver.org 80
Trying 142.150.64.89...
Connected to www.testserver.org.
Escape character is '^]'.
Get
/foo.html HTTP/1.0
<CRLF>

HTTP/1.1 404 Not Found
Date: Thu, 27 Jan 2000 16:05:47 GMT
Server: Apache/1.3.4 (Unix)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /foo.html was not found on this server.<P>
</BODY></HTML>
Connection closed by foreign host.

The last line, Connection closed by foreign host, is produced by the telnet program itself and indicates that the connection between the telnet client and the server has been broken.

If you want to save the information into a file, as opposed to seeing it on the display, you can type the command:

telnet www.testserver.org 80 > filename

which saves everything the user types — and everything the server sends back — in the file named filename. However, note that this also means you won’t be able to see what you type, as this text is also stored in the file, as opposed to being displayed on the screen.

Back to top

C.3 Using Monitor to Monitor Client-Server Transactions

Monitor lets you monitor the data sent between a browser and a remote Web server. It does this by acting as a simpleminded proxy server. You access URLs that connect the Web browser (and sends data) to monitor, which, in turn, forwards the data to a designated remote server. At the same time, monitor copies this information to a designated file, or directly types it to the display. Then, when the remote Web server returns data to monitor, monitor forwards this data to the browser and copies the data to the designated file. As a result, the file retains a record of all the data sent between the browser and the remote server.

When you run monitor, you can specify a number of options to define the remote server (and port) to which it connects, the name of the file to which data should be stored, and the local port to which the browser should connect. The possible options (with parameters in italics) are

  • -o filename specifies a file into which the monitored data should be saved. If filename exists, then the contents are erased when monitor starts. If this option is absent, then the monitored data is displayed on the terminal. Note that this latter option can cause problems with the terminal if binary data (such as image files) is being transferred.
  • -s remote-server is a mandatory parameter specifying the domain name of the remote server to contact. At present, numeric IP addresses are not supported.
  • -p remote-port is an optional parameter specifying the port number to contact on the remote server. If this is absent, then monitor assumes a default value of 80.
  • -l loc-port specifies a local port (on the machine where monitor is running) by which monitor will communicate with the remote browser. Note that this number must be greater than 1024 if monitor is run by nonprivileged users. If not specified, then monitor chooses an available port number. In either case, monitor displays the selected port number to the user.
  • -v specifies verbose output, useful for debugging purposes. Verbose output is sent to the display (stderr), and is not stored in filename.

An example is

monitor -o test.dat -s www.utoronto.ca

which means that monitor will connect to the HTTP server running on port 80 at the machine www.utoronto.ca, and that the session will be archived in the file test.dat.

When monitor starts up, it initially types data to the terminal giving the location at which monitor is running (so you know where to point the browser) and the name of the remote server to which monitor connects. Example output is

prompt%> monitor -o test.dat -s www.utoronto.ca -l 13169

Proxy server at host smaug.java.utoronto.ca on port 13169

Proxy connection to host www.utoronto.ca on port 80

The first line tells where monitor is running, and the second says that monitor connects onto the Web server running on port 80 at www.utoronto.ca. Now, any URLs starting with the string

http://smaug.java.utoronto.ca:13169

will connect a browser (or any other client) to monitor, and via monitor to the server running on www.utoronto.ca.

The data stored in the file test.dat will look something like that shown in Figure C.3. The lines --- BEGIN DATA FROM CLIENT --- and so on (shown in boldface) are not part of the actual HTTP transactions, but are added by monitor to show when the browser and remote server began (and ended) sending data to each other. The lines ... omitted data ... (in boldface italics) indicate portions of the data that were omitted to make this figure smaller. The sequence ^M at the end of each text line is an artifact of the editor used to display the file and denotes the carriage return character—each text line is actually ended by a carriage return line feed (CRLF) character pair.

Figure C.3  
Example data saved by monitor when monitoring the communication between a browser and a Web server.

--- BEGIN DATA FROM CLIENT ---- ^M
GET / HTTP/1.0^M
Connection: Keep-Alive^M
User-Agent: Mozilla/3.01 (Win95; I)^M
Host: smaug.java.utoronto.ca:13169^M
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*^M
^M
--- BEGIN DATA FROM SERVER ---- ^M

HTTP/1.1 200 OK^M
Date: Fri, 28 Jan 2000 15:47:25 GMT^M
Server: Apache/1.3.3 (Unix)^M
Last-Modified: Fri, 28 Jan 2000 15:30:02 GMT^M
ETag: "21283-3939-3891b5fa"^M
Accept-Ranges: bytes^M
Content-Length: 14649^M
Keep-Alive: timeout=15, max=100^M
Connection: Keep-Alive^M
Content-Type: text/html^M
<html>^M
<head>^M
<title>University of Toronto Home Page</title>^M
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">^M
<LINK REL=stylesheet HREF="uthome.css" TYPE="text/css">^M
<script language="JavaScript">^M
.... omitted data ....

</body>^M
</html>^M
--- END DATA FROM SERVER ---- ^M
--- BEGIN DATA FROM CLIENT ---- ^M

GET /images/redarrow.gif HTTP/1.0^M
Referer: http://smaug.java.utoronto.ca:13169/^M
Connection: Keep-Alive^M
User-Agent: Mozilla/3.01 (Win95; I)^M
Host: smaug.java.utoronto.ca:13169^M
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg^M
^M
--- END DATA FROM SERVER ---- ^M
--- BEGIN DATA FROM SERVER ---- ^M
HTTP/1.1 200 OK^M
Date: Fri, 28 Jan 2000 15:47:26 GMT^M
Server: Apache/1.3.3 (Unix)^M
Last-Modified: Wed, 24 Nov 1999 22:27:42 GMT^M
ETag: "420e4-7b-383c665e"^M
Accept-Ranges: bytes^M
Content-Length: 123^M
Keep-Alive: timeout=15, max=100^M
Connection: Keep-Alive^M
Content-Type: image/gif^M
^M
GIF89a^O^S3\231\231\231\231PP!^D^A^O, ^O^S^D(dI<1/28>>`(v!^X
w^X^A%\204 8^Z@8M???^X\2201\203^U`&\21
1;--- END DATA FROM SERVER ---- ^M
--- BEGIN DATA FROM CLIENT ---- ^M

GET /images/noarrow.gif HTTP/1.0^M
Referer: http://smaug.java.utoronto.ca:13169/^M
Connection: Keep-Alive^M
User-Agent: Mozilla/3.01 (Win95; I)^M
Host: smaug.java.utoronto.ca:13169^M
.... omitted data ...

Note, too, near the bottom of the file, that the second piece of data sent to the browser is a binary (GIF image) file. This produces odd sequences of characters on a text editor, and the file may look quite different, depending on the editor you use. Indeed, if your files contain binary data, you may need to configure your editor to acceptably display the data.

Back to top

C.4 Where to Obtain the Programs

Listen and backtalk were originally written by Norman Wilson, formerly of the Canadian Centre for Theoretical Astrophysics at the University of Toronto, and subsequently were slightly modified by the author. Monitor was written by the author, using the code of backtalk as a starting point. These programs were written for Unix systems, and they run under most variants of Unix. Unfortunately, they have not been ported to Windows 95/NT or MacOS. The programs are available, both as source code and as compiled executables, for SGI IRIX (6.x), Solaris (2.5), and Linux (2.2) at http://www.iangraham.org/books/xhtml2/appc/.

 


Back to top


The XHTML Web Development Sourcebook © 1995-2000 by Ian S. Graham