-1

I'm using a packet sniffer on Windows. How do you tell the difference between a packet that is downloading a file and a packet that is loading a website or just navigating a website? I realise that http is not a packet and it's on top of a TCP packet but how would I do this? I'm new and certainly confused! I'm using C++ and Visual Studio 2010.

Antal Spector-Zabusky
  • 36,191
  • 7
  • 77
  • 140
DSTR3
  • 31
  • 4
  • 2
    Get a book on tcp/ip and read. You got too many misconception. – J-16 SDiZ Aug 10 '11 at 05:10
  • perhaps being that you find that I have misconceptions it would be nice if you explained what really happens. I've already said I was confused, need you point it out again! – DSTR3 Aug 11 '11 at 03:58

3 Answers3

2

Assuming the 'file download' is a HTTP file download, not a SMB or FTP one (that is too easy of a question): the HTTP response of a file download may contain a content-disposition header.

Remus Rusanu
  • 288,378
  • 40
  • 442
  • 569
  • Thank you, very informative! So I could possibly filter by type of file? – DSTR3 Aug 10 '11 at 15:20
  • If the content-disposition contains a `filename` tag then you could use some heuristics based on the file extension. You also have the `content-type` header which would indicate certain file types (eg. `image/jpeg`. However, neither is truly reliable so it depends what is the end goal. – Remus Rusanu Aug 10 '11 at 16:12
  • My goal is to drop packets by content type. – DSTR3 Aug 11 '11 at 03:59
1

There's no difference because they are exactly the same thing.

Seth Carnegie
  • 73,875
  • 22
  • 181
  • 249
0

You can use Wireshark to analyse network traffic, and can apply protocol filters to view traffic by protocols.

However, protocol filters would not filter if data is a file or a page (as Seth mentioned they are the same thing)

Ozair Kafray
  • 13,351
  • 8
  • 59
  • 84