0
`▒▒+Q4▒▒POST/nspversion=1.0&op=notify&sid=966ca56d500083a311eab9c8af564b1a` `HTTP/1.0^M`
User-Agent: mealso/1.0 (I; en-US)^M

Host: google.com:5001^M

X-Tellme-FetchGUID: 870ee784-b9da-11ea-d9ae-00005e0001ca^M

Content-Type: text/xml^M

Content-Length: 1592^M

X-Tellme-DID: 6247b3b10d76de4facf9ff7bb4c4c7ea^M

this code is present in .pcap file of tcpdump, what is the functionality of this code exactly?

Ross Jacobs
  • 2,962
  • 1
  • 17
  • 27
bhargav kumar
  • 9
  • 3
  • when performed vi filename.pcap saw the above code in cap file, I'm curious what would be functionality of the code – bhargav kumar Jun 29 '20 at 08:26
  • This is an HTTP request taken out of any useful context. It is unclear in what environment it was captured and when, what the response was, what the source and destination for the request where etc. It looks suspicious for me in that it claims to connect to google.com:5001 but that's all I can get from this few information. – Steffen Ullrich Jun 29 '20 at 12:08
  • @SteffenUllrich for source, destination and environment details are here, https://stackoverflow.com/questions/62679340/what-is-the-role-of-http-header-in-tcpdump-and-pcap-file – bhargav kumar Jul 02 '20 at 04:27

1 Answers1

0

This is going to be in the HTTP layer of some packet in the packet capture.

All of these are HTTP headers, and not code per se. User-Agent, Host, Content-Type, and Content-Length are all HTTP request headers, so this is an HTTP request. X-TellmeFetchGUID and X-Tellme-DID are non-standard headers, and you can tell this because they start with X-.

Ross Jacobs
  • 2,962
  • 1
  • 17
  • 27
  • this is what im trying to do - https://stackoverflow.com/questions/62679340/what-is-the-role-of-http-header-in-tcpdump-and-pcap-file. – bhargav kumar Jul 02 '20 at 04:25