0

Here is a link to a .pcapng file which holds the first 30 seconds of a single youtube video. It was preprocessed in the following way:

  1. I used the display filter http.request.uri contains "crossdomain.xml" to learn the ip address of the client and the server.
  2. Using those addresses, I singled out the video stream with the following display filter ip.addr == ip1 && ip.addr == ip2 and uploaded the resulting capture file.

The original video is this one.

Now the questions:

  1. There are two ports used by the client: 57057 and 57058 (and the first one is used for much less traffic than the second). Why are there two ports?

  2. The conversation via 57057 starts with a weird GET /generate_204 request which gets a 204 No Content response. Yet a few packets later there is a GET /videoplpayback* request which seems to be fullfilled. What does this 204 No Content mean?

Please note I am a network noob

alisianoi
  • 2,003
  • 3
  • 31
  • 46
  • 1
    204 is standard HTTP response code. It means the response does not contain any data. – Matjaz Muhic Feb 28 '15 at 09:39
  • @MatjazMuhic yes, but then a whole video starts to be transmitted. Isn't that wrong? I would expect a `204 No Content` mean there is no further content to be transmitted. – alisianoi Feb 28 '15 at 09:41
  • FYI See [RFC 2616](https://tools.ietf.org/html/rfc2616#section-10.2.5): 204 No Content. The server has fulfilled the request but does not need to return an entity-body, and might want to return updated metainformation. The response MAY include new or updated metainformation in the form of entity-headers, which if present SHOULD be associated with the requested variant. –  Mar 01 '15 at 11:54

0 Answers0