[cs615asa] HW4

[Jan Schaumann]

Rozy Gupta <rgupta11 at stevens.edu> wrote:
> 
> Can somebody explain me how exactly the following command works?
> 
> ( printf "GET / HTTP/1.1\r\nHost: www.yahoo.com\r\n\r\n"; sleep 1; ) | \
>         openssl s_client -connect www.yahoo.com:443

The command 'openssl s_client -connect www.yahoo.com:443' makes a TLS
connection to the host 'www.yahoo.com' on port 443.  It will then sit
there and read input from stdin to write to the remote host.

The parenthesis create a subshell, allowing you to run multiple commands
with their sequentially combined stdout being piped into the 'openssl'
command.

'printf ...;' prints the HTTP request on stdout with all required
carriage returns and line-feed characters.

'sleep 1' is added to allow the 'openssl' command to read the input from
stdin, send it to the remote site and receive the remote answer.
Without the 'sleep', the connection to the remote host would be closed
immediately after reading the last line from stdin, without waiting for
the remote side to respond.  (Alternatively, you can leave out the
'sleep 1' command and instead psss '-ign_eof -quiet' to 'openssl', but
then that connection remains kept open until it times out from the
server; the 'sleep' allows the connection to be severed by the client.)

> 
> when I try to execute ? tcpdump tcp -w http.pcap port 80?  on both
> server and client and then execute the above command in the client and
> finally try to read the file, Nothing is captured in the file.

You are telling tcpump to capture all packets that are sent to or
originate from port 80 on any host.  The 'openssl' command connects to
port 443 on the remote host, so the packets sent there are not captured
by your tcpdump command, as they do not match the requirement ("anything
going to or from port 80").

-Jan