Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
5343
Views
5
Helpful
0
Comments

HTTP Packet Captures

Christopher Dreier
Level 3
Level 3

‎07-12-2010 07:26 AM - edited ‎03-01-2019 04:32 PM

google_com.png

Follow TCP Stream:

Request

GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate

  • Accept fields tell the HTTP server what the browser is willing to accept. The first line, Accept: */*, indicates acceptable Content-Types.


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152)

  • The User-Agent field identifies the browser to the web server. The web server can then make decisions on how to format the returned content. The User-Agent field can be spoofed for obsfucation.


Host: www.google.com

  • The Host field holds the domain name of the HTTP server.

Connection: Keep-Alive

  • Connection indicates the type of connection that the host would like to engage. This is often close or Keep-Alive.

Cookie: PREF=ID=1c04fd0f4d55e50e:U=7044fe833ebcf6ff:TM=1278369790:LM=1278369793:S=fzsLIaqbDZHLMwH_; NID=36=eBrL-shp5eWYPuFnevNwMD6pb3hkwNxpftCf2MtYxnFK-xDpZaDCv_EdDDhUryGcbVI2OfvNda5G-xTe3LDi-z0z9FI_-vPhPEhh7LTBCPcezvIaP-yDe0Oo1Ple7VQw

  • This indicates a cookie previously set by the server.

Response

HTTP/1.1 200 OK

Date: Mon, 12 Jul 2010 14:23:10 GMT

  • Date indicates when the response was sent by the server.

Expires: -1

Cache-Control: private, max-age=0

  • Cache-Control indicates whether the server will allow the browser to cache this content.

Content-Type: text/html; charset=UTF-8

  • This is the mime type of the content that the browser is returning.

Content-Encoding: gzip

  • This is the encoding type of the content that the server is returning. This data is compressed.

Server: gws

  • The Server identifier indicates the web server type. This may say Apache, IIS, etc. gws is Google Web Server.

Content-Length: 5012

  • Content-Length indicates the length of the response (in bytes).

X-XSS-Protection: 1; mode=block

...........ZiW....>..m....8;..3'.4....o....m%............0=...t;.TzT*.j......6...0...I....;.f..YX..C2.

D#...Y...BZ.D._X.wT..A..L..=*....F..w...v.N9).P#"!........7j...i[.%w[.g...y...XW....\........[...\mU7[r.....k....<[[...-...z...z...
.6..m...9mO..D..s..KH...L...5.
F..(Mg....../..x8..a6.......bXRl.n..(.d7....l..4..H@.'?...e.%..m
+.![...H.|.EA..... 3yCz.1-...]..`..~.$I...R

....continuation of data

Request


GET /csi?v=3&s=webhp&action=&e=17259,18168,23756,24692,24878,24879,25233,25335,25402,25529&ei=TiU7TKv1IdO6jAfQmdX4AQ&expi=17259,18168,23756,24692,24878,24879,25233,25335,25402,25529&imc=3&imn=3&imp=3&rt=prt.47,ol.109,iml.78,xjses.172,xjsee.187,xjsls.187,xjs.203 HTTP/1.1


Accept: */*

Referer: http://www.google.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152)

Host: www.google.com

Connection: Keep-Alive

Cookie: PREF=ID=1c04fd0f4d55e50e:U=7044fe833ebcf6ff:TM=1278369790:LM=1278369793:S=fzsLIaqbDZHLMwH_; NID=36=eBrL-shp5eWYPuFnevNwMD6pb3hkwNxpftCf2MtYxnFK-xDpZaDCv_EdDDhUryGcbVI2OfvNda5G-xTe3LDi-z0z9FI_-vPhPEhh7LTBCPcezvIaP-yDe0Oo1Ple7VQw

Response

HTTP/1.1 204 No Content

Content-Length: 0

Date: Wed, 21 Jan 2004 19:51:30 GMT

Pragma: no-cache

Cache-Control: private, no-cache

Expires: Wed, 17 Sep 1975 21:32:10 GMT

Content-Type: text/html

Server: Golfe

68982-google_com.pcap.zip
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents