I Smell Packets


Another Solution to Where in The World is Chris?
July 28, 2009, 5:22 pm
Filed under: Berlin, Packet Challenge, WinHex, Wireshark

I wanted to share another solution I received to the ‘Where in The World is Chris?’ packet challenge. This one comes from Justin Acquaro.

Justin writes:

Short Answer:

Mohrenstrabe 30
10117 Berlin, Germany

The long answer:

Using wireshark it appears that the packet is a http session to twitter ( http://twitter/cchristianson )

8-2-1.jpg

Follow the TCP stream shows this conversation followed by a GZIP download:

8-2-2.jpg

Using the save as function I save the file to packets.bin I then open packets.bin up in a hex editor (winHex). According to the RFC for gzip (http://tools.ietf.org/html/rfc1952) the start of a gzip file is always “1f 8b”. I then locate these two values in WinHex.

8-2-3.jpg

I then deleted all the data above this magic value and saved the results as packets.bin.gz

8-2-4.jpg

When I opened the file I was presented with the original contents.

8-2-5.jpg

Opening the file up it appears to be the HTML source of a twitter page.

8-2-6.jpg

Rendering the HTML yields:

8-2-7.jpg

Which once plugged into google maps yields:

8-2-8.jpg

Chris writes:

Thanks for the write-up Justin (jacquaro on twitter.)
If anyone else would like share how they solved this or any of the other challenges, please feel free to send me a message. It’s always nice to see how others go about it.

Advertisement
Leave a Comment

Leave a Comment so far
Leave a comment

RSS feed for comments on this post.


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s



%d bloggers like this: