This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What does referer field not being present mean?

0

Hi everyone. I am kind of noob to wireshark so please bear with me for stupidity or obvious things. I am examining a network flow in WireShark which causes a drive by download. In some http (GET request) packets, the "Referer" field is not present. What does this mean? I mean how is the user getting to these pages? Is he/she entering it manually?

Edit:

The URLs full request are of a PNG images. So, I don't think that entering these URLs manually would have happened.

asked 08 Sep '13, 15:04

TheRookieLearner's gravatar image

TheRookieLea...
16226
accept rate: 0%

edited 08 Sep '13, 15:10


One Answer:

1

If the referrer header is not present, the URL could either have been entered manually or some script was doing the request which did not adde the referrer header. Is the User-Agent header the same for all requests?

answered 08 Sep '13, 15:37

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Ya, its the same (which is Mozilla/4.0). Does this mean a script is making those requests? How do I verify that?

(08 Sep '13, 15:50) TheRookieLea...