## tshark- bzw. grep-Terminal-Ein- und Ausgabe der Webseite: http://www.bbc.co.uk/news/magazine-16957988 , 2. Versuch ~ $ tshark -i eth1 -s 0 -B 50 -V -P -l | grep -E --context=1 "GET|POST|URI|baseURL|statuscode|/type|/title|detail|assetId|originChannelId|originChannelTitle|/channel|duration|/length|airtime|timetolive|/fsk|hasCaption|vcmsUrl|formitaet|/quality|url|/ratio|height|width|videoBitrate|audioBitrate|filesize|facet|mms|rtsp|rtmp|llnwd.net|core-cdn.net|beitragsDetails|host|hostname|socks|protocol|playpath|path|playlist|swfUrl|tcUrl|pageUrl|app|swfhash|hexstring|swfsize|swfVfy|swfAge|days|auth|string|conn|type:data|flashVer|subscribe|resume|timeout|start|stop|token|key|jtv|JSON|hash|hashes|buffer|skip|conndata|subscription|swfHash|swfSize|output|SOCKS4|proxy|connection attempt|version|set_playlist|SecureToken|authentication|NetStream.Authenticate.UsherToken|SWF Verification|SWF player|src|edgefcs.net|dataURL|cdn-vod-fc|vars_player.videorefFileUrl|video lang|url quality=|arte_vp_url=|streamer|videothek|json|m3u8|asx|mov|smil|\.avi|3gp|aac|flac|flv|h264|mkv|mp2|mp3|mp4|ogg|\.ts|vorbis|vp8|webm|wma|wmv|image/x-icon|stream|videoplayback|annotations_invideo|application/json|json|TCP Retransmission|application/octet-stream|Encrypted Handshake Message|Application Data|Client Hello|deleteStream|User Control Message|metadata_time|Handshake|connect|Window Acknowledgement Size|Set Peer Bandwidth|Set Chunk Size|NetConnection|createStream|FCSubscribe|onBWCheck|_result()|Stream Begin|NetStream.Play|RtmpSampleAccess|metadata1()|onBWDone|Set Buffer Length|Stream Is Recorded|NetStream.Data|onMetaData()|Video Data|Audio Data|Aggregate|setBandwidthLimit|Acknowledgement|LIVE|server|mediaType|mimeType|videoPlayerUrl|RTMP [[:alnum:]]* play|Playing|Started|playing" Capturing on 'eth1' 15 .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http] [Message: Connection establish request (SYN): server port http] [Severity level: Chat] -- .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http] [Message: Connection establish acknowledge (SYN+ACK): server port http] [Severity level: Chat] -- 2.702966 77.20.162.172 -> 54.225.167.195 HTTP 578 GET /ping?h=bbc.co.uk&p=%2Fnews%2Fmagazine-16957988&u=bmt74nh4pgfrvaxh&d=bbc.co.uk&g=50924&g0=magazine&n=0&f=00001&c=31.5&x=0&y=2626&o=1264&w=831&j=270&R=0&W=0&I=1&E=63&e=0&b=2543&t=19svfuo9k9ecww4x&V=16&_ HTTP/1.1 Frame 13: 578 bytes on wire (4624 bits), 578 bytes captured (4624 bits) on interface 0 -- Hypertext Transfer Protocol GET /ping?h=bbc.co.uk&p=%2Fnews%2Fmagazine-16957988&u=bmt74nh4pgfrvaxh&d=bbc.co.uk&g=50924&g0=magazine&n=0&f=00001&c=31.5&x=0&y=2626&o=1264&w=831&j=270&R=0&W=0&I=1&E=63&e=0&b=2543&t=19svfuo9k9ecww4x&V=16&_ HTTP/1.1\r\n [[truncated] Expert Info (Chat/Sequence): GET /ping?h=bbc.co.uk&p=%2Fnews%2Fmagazine-16957988&u=bmt74nh4pgfrvaxh&d=bbc.co.uk&g=50924&g0=magazine&n=0&f=00001&c=31.5&x=0&y=2626&o=1264&w=831&j=270&R=0&W=0&I=1&E=63&e=0&b=2543&t=19svfuo9k9ecww4x] [Message: GET /ping?h=bbc.co.uk&p=%2Fnews%2Fmagazine-16957988&u=bmt74nh4pgfrvaxh&d=bbc.co.uk&g=50924&g0=magazine&n=0&f=00001&c=31.5&x=0&y=2626&o=1264&w=831&j=270&R=0&W=0&I=1&E=63&e=0&b=2543&t=19svfuo9k9ecww4x&V=16&_ HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: GET Request URI: /ping?h=bbc.co.uk&p=%2Fnews%2Fmagazine-16957988&u=bmt74nh4pgfrvaxh&d=bbc.co.uk&g=50924&g0=magazine&n=0&f=00001&c=31.5&x=0&y=2626&o=1264&w=831&j=270&R=0&W=0&I=1&E=63&e=0&b=2543&t=19svfuo9k9ecww4x&V=16&_ Request Version: HTTP/1.1 -- \r\n [Full request URI [truncated]: http://ping.chartbeat.net/ping?h=bbc.co.uk&p=%2Fnews%2Fmagazine-16957988&u=bmt74nh4pgfrvaxh&d=bbc.co.uk&g=50924&g0=magazine&n=0&f=00001&c=31.5&x=0&y=2626&o=1264&w=831&j=270&R=0&W=0&I=1&E=63&e=0&b=2543&t=19svfu] [HTTP request 1/1] 18 -- Version: GIF89a Screen width: 1 Screen height: 1 Global settings: (Global color table present) (1 bit per color) (1 bit per pixel) -- Image top position: 0 Image width: 1 Image height: 1 Local settings: (1 bit per color) (1 bit per pixel) -- Data block (length = 0) Trailer (End of the GIF stream) -- .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http] [Message: Connection establish request (SYN): server port http] [Severity level: Chat] -- .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http] [Message: Connection establish acknowledge (SYN+ACK): server port http] [Severity level: Chat] -- 3.574268 77.20.162.172 -> 212.58.244.70 HTTP 1067 GET /news/magazine-16957988 HTTP/1.1 Frame 22: 1067 bytes on wire (8536 bits), 1067 bytes captured (8536 bits) on interface 0 -- Hypertext Transfer Protocol GET /news/magazine-16957988 HTTP/1.1\r\n [Expert Info (Chat/Sequence): GET /news/magazine-16957988 HTTP/1.1\r\n] [Message: GET /news/magazine-16957988 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: GET Request URI: /news/magazine-16957988 Request Version: HTTP/1.1 -- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-US,en;q=0.5\r\n -- \r\n [Full request URI: http://www.bbc.co.uk/news/magazine-16957988] [HTTP request 1/1] -- 3.635524 77.20.162.172 -> 92.122.207.122 RTMP 109 deleteStream() Frame 45: 109 bytes on wire (872 bits), 109 bytes captured (872 bits) on interface 0 -- [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:rtmpt] Ethernet II, Src: Micro-St_b6:2a:fb (00:13:d3:b6:2a:fb), Dst: Cisco_66:61:d9 (64:9e:f3:66:61:d9) -- [Bytes in flight: 43] Real Time Messaging Protocol (AMF3 Command deleteStream()) RTMP Header -- RTMP Body String 'deleteStream' AMF0 type: String (0x02) String length: 12 String: deleteStream Number 0 -- [A segment before this frame wasn't captured] [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)] [Message: Previous segment not captured (common at capture start)] [Severity level: Warn] -- 3.726116 212.58.244.70 -> 77.20.162.172 TCP 1514 [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 120: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0 -- \r\n \r\n \r\n -- \r\n