This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What does cookie pair: [email protected] signify

0

I've just recently started playing around with Wireshark using pre-captures pcap files and running through various scenarios. At the moment I am attempting to find identifying data for an ip address - I can see facebook sessions and gmail sessions using the filter ip.addr="xxx.xxx.xxx.xxx" && http.request.method == "POST", but being encrypted I am unable to view their username.

However, looking through the HTTP POST packets for gmail I see a packet entry under the cookie as "Cookie Pair: [email protected]". My question - does this cookie pair indicate the user that is logged in to Gmail? Or is it indicating a chat started between the person logged in with the [email protected]?

asked 22 Oct '14, 10:53

moriarty's gravatar image

moriarty
1111
accept rate: 0%


One Answer:

1

Could you trace your own google account chatting with someone else? Then you could check the cookies in your own traffic.

answered 16 Nov '14, 02:39

PaulOfford's gravatar image

PaulOfford
131283237
accept rate: 11%