Packet Sniffing Data Sent from a Shockwave File

Frylock
Frylock used Ask the Experts™
on
I am using a shockwave program that is apparently sending some of my personal data that I enter up to a database somewhere.

I am trying to see and read what it is sending. I have downloaded Microsoft Network Monitor and can see the frames but am having trouble interpreting the variables in the packets/framse. I am seeing a lot of hex details and those look like giberish to me.

Any hints?





Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
I would use wireshark (http://www.wireshark.org/) and type:
tcp.port == 80
in the filter and then click apply, then click Start a new live capture.  Then do something in the web browser so that data is sent.

You can post anything you get.
Farhan KaziSystems Engineer
Top Expert 2007

Commented:
You can also use Ethereal for the same purpose.
Ethereal is Open Source software released under the GNU General Public License.
You can download it from following website.
http://www.ethereal.com/download.html

Commented:
Ethereal *is* wireshark.  They changed the name a few months ago due to a trademark dispute.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Farhan KaziSystems Engineer
Top Expert 2007

Commented:
Oh I see! then all credit goes to ChetOS82.

Author

Commented:
Unlike the Microsoft product, this one doesn't seem to be capturing anything. It's a lot harder to manage. I'm not sure how to start it correctly.

Commented:
Hmm, I find it quite intuitive.

Click on Edit -> Preferences and choose Capture from the list.  Make sure your normal network card is selected (there are odd ones in there for dialup, etc). And then click "Update list of packets in real time" if it isn't already selected.

Type tcp.port == 80 in the filter box and click apply.

Then click on Capture->Start and it should start sniffing.  Click on Capture->Stop to end it.  Since the filter is on, it won't display anything until you referesh the web page (or send data using the shockwave app).

Author

Commented:
I'm not an expert so I am missing out on the intuitiveness. So itis capturing and it's still notmaking any sense to me. It looks like the same stuff I am getting from the Microsoft product. How can I interpret it?

What I'dlike to be able to do it edit the values coming out of the shockwave file and submit them myself, maybe through posting them in a browser address bar.

Commented:
Ok, when you submit something via the form (with the sniffer capturing) you will see a line come up that says "HTTP" in the Protocol column and the Info column will start with "POST".  Right click on that line and select "Follow TCP Stream".  Copy the contents of the window that pops up, and paste it in here.

Most likely you will not be able to submit it via the address bar (since that is a "GET" request), it is probably submitted using a POST request, in which case you will have to create a HTML form on a website and use the input boxes to mimic the request.

Author

Commented:
Hi.

It seems not to be submitting the informationi n a protocol that is http but in a protocol that is tcp. The beginning of the info line says 3805 > http [ack]

Commented:
That is something else, but if that is all it says then you are right, it isn't being submitted via HTTP.

Might try removing the filter and running it, see if it sends the data across a different port.
Its most likely an https form

Author

Commented:
I haven't gotten an answer or solved this issue.
Try sniffing port 443 and seeing if any packets are being transmitted (NOTE: You will not be able to read them they are encrypted)
tcp.port == 443
solution was given....waiting for authors response
PAQed with points refunded (500)

Computer101
EE Admin

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial