You may work with a partner on this assignment.
Submit your PDF via Moodle.
If you have a website, you can password-protect any resource on your site via HTTP's "basic access authentication" model. If your site's web server is Apache, you can protect a subdirectory by putting a file called ".htaccess" in the directory you want protected and a file called ".htpasswd" somewhere else in your account. The details are nicely explained in this tutorial.
I have set up Apache password protection on http://sandbox.ultralingua.com/jeff/secrets/. Just betwen you and me, the user name is "cs231" and the password is the exceptionally secure "pw".
Your job for this assignment is to use Wireshark to tell the story of what happens when you access my secrets folder via a web browser. You should provide as much detail as you can figure out about the interactions between the browser and cs.carleton.edu's Apache server. What queries are sent from the browser, and what responses does it receive? After the password is typed by the user, what sequence of queries and responses do you see? Is the password sent by the browser to the server, or does the browser somehow do the password checking itself? If the former, is the password sent in clear text or is it encrypted? If it's encrypted, where did the encryption key come from? If it's in clear text, are you able to observe the password from a different computer on the same Ethernet? etc.
I'm not going to give you an exhaustive list of questions to address (though the ones in the previous paragraph are a pretty good start). I want you to do everything you can to understand what's going on in this browser/server interaction, and tell me the story of the interaction and your understanding of its mechanisms. You can get a lot of that understanding by doing research online, of course, and that's a good idea. But you should supplement that research by doing direct observations with a browser and Wireshark. Nothing cements knowledge like putting it to practical use.
Hand in a PDF file telling your story. Include links and references as appropriate, and also screenshots and/or text from Wireshark to illustrate your observations. Consider the audience for this story-telling to be other CS majors who have not yet studied Apache's password protection. Depending on your expository style and the extent to which you include screenshots or text captures, I imagine your PDF will be between 3 and 10 pages.
Use your head. Be creative. Make this system cough up its secrets, and then tell me all about it. Also, have fun!