Laboratory: Computer Networks and Cookies

CSC 105 - The Digital Age

Summary: This laboratory exercise explores some of the data passed routinely from a browser to a Web server. While this material does not identify a specific user, it can be used to find a moderate amount of information about you. This lab also introduces cookies and suggests some potential uses.

Part I: Browser Information

Whenever you request a Web page, your browser sends the Web server data about itself. The program http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php displays some of this information.

Exercise 1

Click on the above link, scan through the information that it presents, and copy the IP address of the computer you are working on to the clipboard.

Because Internet communication requires an Internet Protocol Number (sometimes called an IP number or an IP address), it is hardly surprising that the server knows this information.

Exercise 2

The American Registry for Internet Numbers (ARIN) is a nonprofit organization chartered to manage Internet numbers for North America, a portion of the Caribbean, and sub-equatorial Africa; and ARIN maintains a database of which IP addresses are allocated to whom.

ARIN maintains a "WHOIS" service for its database of IP addresses. In the upper-right corner of the ARIN page, you should find a query textbox you can use to search the WHOIS database.
Paste (or type) in the IP address given in step 1 for your computer and press enter or click the ">" search button.
Based on the results you see, to what extent can a Web server identify you based on an IP address?

Exercise 3

Other groups build upon ARIN's database and other network services to provide further information regarding IP addresses. Two typical sources follow. In each case, try the tool, and describe what information the Web server can locate about your browser and computer.

Broadband Media, Inc maintains an IP Location Finder.
You Get Signal maintains a Network Location Tool.
To what extent do these additional groups provide information beyond that available from ARIN?

Part II: Packet Routing

As we discussed in lecture, messages that are sent over the internet make several "hops" from router to router before reaching their destination. Linux provides a command traceroute that can be used to determine the IP address of each router that the message visits along the way.

For example, the command

$ sudo traceroute -I www.cs.smith.edu

will send an (essentially empty) message to the domain www.cs.smith.edu and then output information about each router that passes the message along. This information usually includes the router's name and IP address; however, the owners of some routers block this information from being reported, in which case the output will include a string of asterisks instead. When that output is included (instead of asterisks), three round-trip times are reported for each of three separate trials, so you can see how long it takes (and what variation the packets might experience).

Exercise 1

Open a terminal window and try the traceroute command given above. It should provide a list of routers visited by the query packet, perhaps 20 or so.

Exercise 2

It is likely that you will be able to trace most of the geographic path followed by your traceroute message from the domain names of the routers along the path.

For those routers that only give you the IP or do not otherwise indicate their location in the host name, complete the geographic path followed by your traceroute message by searching the ARIN database for the location of organization owning each router in question. (Note that if a sequence of IP addresses along the path begin with the same first three numbers, they belong to the same network, so you really only need to look up one of them.)

If you are interested in tracing the route of packets as they travel to a domain you frequently communicate with, you can do that too. Based on my experience, you may be more successful tracing the path to "small" domains (such as email addresses) than "large" ones (such as hugely successful websites). There are likely to be routers along the way to hugely successful websites that do not allow traceroute to display their IP addresses.

Does the path seem logical? Why or why not?

Part III: Cookies

When a browser accesses a Web page, the Web server can request that your browser store a small piece of information, called a cookie, on your machine. When you go to this Web page again, the Web server can ask for the cookie and can use the cookie in processing.

Exercise 1

Check whether your browser is set to accept cookies. (In the MathLAN, we use IceWeasel, but you can follow the directions below for Mozilla. The directions for other computers may be useful if you would like to do this at home also.)
- If you use the Iceweasel browser, this information can be found by looking under "Preferences" in the "Edit" menu, and then going to "Privacy". Set the "Iceweasel will:" option to "Use custom settings for history" and ensure "Accept cookies from sites" is checked.
- If you use a different browser or platform (Windows or Mac), the process will be similar, but the specifics are necessarily somewhat different.
If your browser does not usually accept cookies, please change the setting so that it does accept cookies for this lab. You can change the settings back at the end of the lab.
Locate and browse through the list of cookies that are stored on your machine. (In Iceweasel, you can do this by clicking on the "Show Cookies" button, located on the same dialog box where you just found your other cookie settings.)
Use your web browser to delete the cookies that are currently stored. You should be able to do this in the same dialog window.

Exercise 2

Return to the page, http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php, and find the "History Information" section (about in the middle of the page, before a rather long table).
Reload the page a few times, and notice what changes. In Mozilla/Iceweasel this can be done by clicking "Reload" to the left of the URL near the top of the window.
The Web page web-info.php tries to save a cookie to keep track of whether or not you have visited this page previously. Return to your browser and locate the cookie(s) saved for this Web page, as described in Steps (a) and (c) above. Click on it to see further details about what the cookie contains.
Describe what information is set by web-info.php.
Use your browser to delete the cookie associated with web-info.php, and access that page again. Describe what appears now in the "History Information" section of that page.

Part IV: Privacy Statements

This lab has highlighted some information transmitted to a Web server from you browser whenever you access a Web page. Also, when cookies are enabled, the Web server can record some data about you for future reference. Of course, if you provide additional information about yourself through a Web form (perhaps when you are making a purchase over the Web), then a Web server will be able to link that personal data with your browser and computer information. The use of that data is left to the discretion of those running the Web server.

Many institutions and companies state their privacy policies regarding any data they collect.

Exercise 1

Find and read the privacy policy for one or two websites that you frequent, which you also give information to. Examples could include sites from which you make purchases (perhaps www.amazon.com) and social networking sites (perhaps www.facebook.com).

You might want to consider reading the privacy policy for any Web site before filling out forms on that site.

Created: 30 December 2003 by Henry Walker
Revised: 9 May 2007 by Marge Coahran
Revised: 7 May 2008 by Marge Coahran
Revised: 17 March 2009 by Jerod Weinman
Revised: 4 May 2011 by Jerod Weinman Revised: 8 Apr 2014 by Jerod Weinman