I've just recently started playing around with Wireshark using pre-captures pcap files and running through various scenarios. At the moment I am attempting to find identifying data for an ip address - I can see facebook sessions and gmail sessions using the filter ip.addr="xxx.xxx.xxx.xxx" && http.request.method == "POST", but being encrypted I am unable to view their username. However, looking through the HTTP POST packets for gmail I see a packet entry under the cookie as "Cookie Pair: [email protected]". My question - does this cookie pair indicate the user that is logged in to Gmail? Or is it indicating a chat started between the person logged in with the [email protected]? asked 22 Oct '14, 10:53  moriarty |
One Answer:
Could you trace your own google account chatting with someone else? Then you could check the cookies in your own traffic. answered 16 Nov '14, 02:39  PaulOfford |
