I Smell Packets

Another Solution to Where in The World is Chris?
July 28, 2009, 5:22 pm
Filed under: Berlin, Packet Challenge, WinHex, Wireshark

I wanted to share another solution I received to the ‘Where in The World is Chris?’ packet challenge. This one comes from Justin Acquaro.

Justin writes:

Short Answer:

Mohrenstrabe 30
10117 Berlin, Germany

The long answer:

Using wireshark it appears that the packet is a http session to twitter ( http://twitter/cchristianson )


Follow the TCP stream shows this conversation followed by a GZIP download:


Using the save as function I save the file to packets.bin I then open packets.bin up in a hex editor (winHex). According to the RFC for gzip (http://tools.ietf.org/html/rfc1952) the start of a gzip file is always β€œ1f 8b”. I then locate these two values in WinHex.


I then deleted all the data above this magic value and saved the results as packets.bin.gz


When I opened the file I was presented with the original contents.


Opening the file up it appears to be the HTML source of a twitter page.


Rendering the HTML yields:


Which once plugged into google maps yields:


Chris writes:

Thanks for the write-up Justin (jacquaro on twitter.)
If anyone else would like share how they solved this or any of the other challenges, please feel free to send me a message. It’s always nice to see how others go about it.