HTTP & HTTPS PROTOCOL LAB

Unit 4: Web Communications & Secure Tunneling

Protocol Objectives

Students must understand the fundamental mechanism of the World Wide Web: The Request-Response cycle.

HTTP (Insecure)

Standard protocol for transferring data. It operates in plaintext, meaning any intermediary can read the packets.

Port 80
No encryption
Fast, but vulnerable

HTTPS (Secure)

HTTP content wrapped inside a Transport Layer Security (TLS) tunnel. Ensures Privacy and Integrity.

Port 443
TLS/SSL Handshake
Required for modern SEO/Security

Visual Flow: HTTPS Handshake

TCP Handshake: Client sends [SYN] to Server to establish a connection.

Client Hello: Client sends cipher suites and TLS version.

Server Hello & Cert: Server sends its Digital Certificate for identity.

Key Exchange: Encrypted keys are generated for the session.

Encrypted HTTP: Data flows securely using symmetric encryption.

HTTP/2 Frame Inventory

Click a card to see the real-world wire format.

HEADERS Frame

Carries HTTP headers. Used to start a new stream.

DATA Frame

Carries the actual application payload (HTML/Image/JSON).

SETTINGS Frame

Initializes configuration between client and server.

The Binary Frame Header (9 Octets)

Every HTTP/2 frame starts with this precise bit layout:

Length (24 bits)

Type (8)

Flags (8)

Stream Identifier (31 bits)

Field Interpretations

Length: Unsigned 24-bit integer. Max payload = 16,384 bytes default.
Type: Identifies if this is DATA (0x0), HEADERS (0x1), etc.
Stream ID: Allows 0 to be reserved for connection-level frames.

Interactive Frame Builder

Select Frame Type:

Stream ID (1, 3, 5...):

Header Resource Path: