tisdag 15 december 2009

What is Emerald sending

Or an explained Trafficdump, first I started with Emerald 1.23.5.950 on my mac and did a TCP dump, why beaces that was the last version I had running n tat machine, and it whas with me at work. The Dump was made using Wireshark over a bluetooth connections to the internet during lunch break.

I will try to make a view of most of the traffic, as just a short SL session have about 4500 packets, This was a login an almost ressing one self over a slow line. I can't explain all packets.


34 52.149720 192.168.20.2 80.251.192.245 DNS Standard query A modularsystems.sl
35 52.160008 192.168.20.2 80.251.192.245 DNS Standard query AAAA modularsystems.sl
36 53.115613 80.251.192.245 192.168.20.2 DNS Standard query response A 213.133.100.231
37 53.162052 192.168.20.2 80.251.192.245 DNS Standard query AAAA modularsystems.sl
38 53.414537 80.251.192.245 192.168.20.2 DNS Standard query response


This tell the computer where modularsystems.sl are, it at the address 213.133.100.231. Next a connections to modularsystem.sl is made and the following data sent and recived:

HEAD /app/login/ HTTP/1.1
Host: modularsystems.sl
Accept-Encoding: deflate, gzip
Accept: application/llsd+xml

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "3318998541"
Last-Modified: Tue, 15 Dec 2009 13:00:01 GMT
Content-Length: 6964
Date: Tue, 15 Dec 2009 13:13:08 GMT
Server: lighttpd/1.4.19


After this one more http connections is made to the modularsystems server and a few more files downloaded:


GET /app/login/?lang=en-us&firstlogin=TRUE&channel=Emerald%20Viewer&version=1%2E23%2E5%20%28950%29&grid=Agni HTTP/1.1
GET /app/login/images/back.png HTTP/1.1
GET /app/login/images/excla.jpg HTTP/1.1
GET /app/login/images/Error.jpg HTTP/1.1


Feed2js.org is used to make the LL and the Modular system blogs into one list at the login page.

GET //feed2js.php?src=http%3A%2F%2Fwww.rssmix.com%2Fu%2F285120%2Frss.xml&num=6&targ=y&utf=y HTTP/1.1

Host: feed2js.org


The client downloads, /ga.js from www.google-analytics.com,even that javascript get's downloaded over a gziped connection. The java scripts will get a small file form google, that is used for the tracking in google analytics.


Once all the normal traffic to lindenlabs have been done, and you allow the viewer to update the clients tag data base the file "GET /app/client_tags/client_list.xml HTTP/1.1" will be downloaded form the server.
Upplagd av kl.
Etiketter: , , ,

Inga kommentarer:

Skicka en kommentar

Prenumerera på: Kommentarer till inlägget (Atom)