This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I've just recently started playing around with Wireshark using pre-captures pcap files and running through various scenarios. At the moment I am attempting to find identifying data for an ip address - I can see facebook sessions and gmail sessions using the filter ip.addr="xxx.xxx.xxx.xxx" && http.request.method == "POST", but being encrypted I am unable to view their username.

However, looking through the HTTP POST packets for gmail I see a packet entry under the cookie as "Cookie Pair: [email protected]". My question - does this cookie pair indicate the user that is logged in to Gmail? Or is it indicating a chat started between the person logged in with the [email protected]?

asked 22 Oct '14, 10:53

moriarty's gravatar image

moriarty
1111
accept rate: 0%


Could you trace your own google account chatting with someone else? Then you could check the cookies in your own traffic.

permanent link

answered 16 Nov '14, 02:39

PaulOfford's gravatar image

PaulOfford
131273237
accept rate: 11%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×5
×4

question asked: 22 Oct '14, 10:53

question was seen: 3,098 times

last updated: 16 Nov '14, 02:39

p​o​w​e​r​e​d by O​S​Q​A