How is This gzip'd Stuff gunzip'd?
(No. 0) No. 1 No. 2 No. 3 No. 4
The hashes I have published some days ago at:
LINK HERE
and the data I have safely archived since. (I'm not saying it without a reason. Well it does not happen anymore, but I had seen my traffic dumps change long after captured, because, of course, I was online, but that'd be too long a digression here.)
---
- Here's some explanation in this very opening page. It's all about downloading the file palemoon_27.4.0~repack-2.dsc which is just 1.3K (net, that is... you'll see...).
- HTTP wget -- on page No. 1 I download it with wget.
- HTTP palemoon -- on page No. 2 I download it with Pale Moon.
- HTTPS wget -- on page No. 3 I download it with wget.
- HTTPS palemoon -- on page No. 4 I download it with Pale Moon. Do note that the latter two are downloads via HTTPS. And the fourth actually happened before the third, chronologically.
All the original files are produced with my (primitive) sets of scripts uncenz, and for analysis/stream extraction I used my modest and lacking in good programming practices, but doing what I created them for, scripts tshark-hosts-conv and tshark-streams.
Readers are advised to try and analyze the traffic dumps for themselves, with the above programs. There'd be too little point posting all the streams and the listings that those would produce.
WARNING: Some Unix-like OS such as GNU/Linux or BSD, (or being able to use Cygwin on Windows) is required to be able to follow.
The files necessary for this entire study are listed in:
dump_170313_2116_g0n.pcap Screen_170313_2116_g0n.webm dump_170313_2116_g0n_SSLKEYLOGFILE.txtand verify to: ls-1.sum signed by: ls-1.sum.asc
However, if you're interested in lots of details, also download these other set:
pg0/dump_170313_2116_g0n.conv-ip pg0/dump_170313_2116_g0n_FILTER.ls-1 pg0/dump_170313_2116_g0n-frame-http-request-full_uri.txt 'pg0/dump_170313_2116_g0n_frame.number==945.txt' pg0/dump_170313_2116_g0n.hosts 'pg0/dump_170313_2116_g0n_ip.addr==93.138.23.105.txt' pg0/dump_170313_2116_g0n_s001-ssl.txt pg0/dump_170313_2116_g0n.POST 'pg0/dump_170313_2116_g0n_tcp.stream==4.txt' pg0/tshark-hosts-conv_170313_213553.log pg0/tshark-hosts-conv_170313_214024.logwhich verify to: ls-1pg0.sum signed by: ls-1pg0.sum.asc
You might find dump_dLo.sh script from my uncenz program more useful then downloading each file separately.
Also it might be helpful to you to see how the files are obtained, by perusing other of my (primitive) programs: