Laboratory: Networks and Browsers

CSC 105

The Digital Age

Spring 2009

Summary: This laboratory exercise explores some of the data passed routinely from a browser to a Web server. While this material does not identify a specific user, it can be used to find a moderate amount of information about you. This lab also introduces cookies and suggests some potential uses.

Part I: Browser Information

Whenever you request a Web page, your browser sends the Web server data about itself. The program http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php displays some of this information.

Exercise 1

Click on the above link, scan through the information that it presents, and record the IP address of the computer you are working on.

Exercise 2

Since Internet communication requires an Internet Protocol Number (sometimes called an IP number or an IP address), it is hardly surprising that the server knows this information. Specifically, the American Registry for Internet Numbers (ARIN) is a nonprofit organization chartered to manage Internet numbers for North America, a portion of the Caribbean, and sub-equatorial Africa; and ARIN maintains a database of which IP addresses are allocated to whom.

Go to the WHOIS service that ARIN maintains for its database of IP addresses. In the upper-let corner of the page, you should find a textbox you can use to search the WHOIS database.
Type in the IP address given in step 1 for your computer. To what extent can a Web server identify you based on an IP address?

Exercise 3

Various other groups build upon ARIN's database and other network services to provide further information regarding IP addresses. Two typical sources follow. In each case, try the tool, and describe what information the Web server can locate about your browser and computer.

Geobytes maintains an IP Address Locator tool.
Hexa Software Development Center, based in Penang, Malaysia, runs "IP2Location" locator services and maintains an demo page that includes a geographic display. Enter your machine's IP address into the box and click "Find Location." When the result appears, click "Map It".
To what extent do these additional groups provide information beyond that available from ARIN?

Part II: Packet Routing

As we discussed in lecture, messages that are sent over the internet make several "hops" from router to router before reaching their destination. Linux provides a command traceroute that can be used to determine the IP address of each router that the message visits along the way.

For example, the command "traceroute cs.smith.edu" will send an (essentially empty) message to the domain cs.smith.edu and then output information about each router that passes the message along. This information usually includes the router's name and IP address; however, the owners of some routers block this information from being reported, in which case the output will include a string of asterisks instead.

Exercise 1

Open a terminal window and try the traceroute command given above. It should provide a list of routers visited by the query packet, perhaps 20 or so.

Exercise 2

Now determine the geographic path followed by your traceroute message by searching the ARIN database and recording the organization name and city of the routers visited. (Note that if a sequence of IP addresses along the path begin with the same first two numbers, they likely belong to the same organization and are located in the same city, so you really only need to look up one of them.)

If you are interested in tracing the route of packets as they travel to a domain you frequently communicate with, you can do that too. Based on my experience, you may be more successful tracing the path to small domains (such as email addresses) than large ones (such as hugely successful websites). There are likely to be routers along the way to hugely successful websites that do not allow traceroute to display their IP addresses.

Part III: Cookies

When a browser accesses a Web page, the Web server can request that your browser store a small piece of information, called a cookie, on your machine. When you go to this Web page again, the Web server can ask for the cookie and can use the cookie in processing.

Exercise 1

Check whether your browser is set to accept cookies. (In the MathLAN, we use IceWeasel, but you can follow the directions below for Mozilla. The directions for other computers may be useful if you would like to do this at home also.)
- If you use the Mozilla browser, this information can be found by looking under "Preferences" in the "Edit" menu, and then going to "Privacy & Security" and "Cookies".
- If you use Internet Explorer under Windows, this information can be found by looking under select "Internet Options" from the "Tools" menu, then look under "General" and "Settings" in the "Temporary Internet Files" section.)
- If you use Internet Explorer on a Macintosh, this information can be found by looking under "Preferences" under the "Explorer" menu, and then looking under "Cookies" in the "Receiving Files" section.
If your browser does not usually accept cookies, change the setting so that it does for this lab. You can change the settings back at the end of the lab.
Locate and browse through the list of cookies that are stored on your machine. (In IceWeasel, you can do this by clicking on the "Cookie Manager" button, located on the same dialog box where you just found your other cookie settings.)
Use your web browser to delete the cookies that are currently stored. You should be able to do this in the same "Cookie Manager" dialog window.

Exercise 2

Return to the page, http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php, and find the "History Information" section (about in the middle of the page, before a rather long table).
Reload the page a few times, and notice what changes. In Mozilla/Iceweasel this can be done by clicking "Reload" to the left of the URL near the top of the window.
The Web page web-info.php tries to save a cookie to keep track of whether or not you have visited this page previously. Return to your browser and locate the cookie(s) saved for this Web page, as described in Steps (a),(c), and (d) above.
Describe what information is set by web-info.php.
Use your browser to delete the cookie associated with web-info.php, and access that page again. Describe what appears now in the "History Information" section of that page.

Part IV: Privacy Statements

This lab has highlighted some information transmitted to a Web server from you browser whenever you access a Web page. Also, when cookies are enabled, the Web server can record some data about you for future reference. Of course, if you provide additional information about yourself through a Web form (perhaps when you are making a purchase over the Web), then a Web server will be able to link that personal data with your browser and computer information. The use of that data is left to the discretion of those running the Web server.

Many institutions and companies state their privacy policies regarding any data they collect.

Exercise 1

Find and read the privacy policy for one or two websites that you frequent, which you also give information to. Examples could include sites from which you make purchases (perhaps www.amazon.com) and social networking sites (perhaps www.facebook.com).

You might want to consider reading the privacy policy for any Web site before filling out forms on that site.

Created: 30 December 2003 [Henry Walker]
Revised: 9 May 2007 [Marge Coahran]
Revised: 7 May 2008 [Marge Coahran]
Revised: 17 March 2009 [Jerod Weinman