Reputation: 35285
XMPP network traffic analysis
I am capturing network packets of Gtalk using Microsoft Network Monitor. Very often I see small sessions of communication where a packet with TCP payload of 37 is sent by me to dst port 5222 and I receive an ACK for it. I can't see the contents of this packet because it is encrypted using TLS. Gtalk uses XMPP protocol. Any experts know what does this small session represent? Is it part of protocol specifications? Is there any way I can see the contents of this packet?
Upvotes: 1
Views: 1836
Answers (1)
Reputation: 10414
Is this being sent periodically, like every 30s, 1m, etc? If so, it's likely one space character, after it's been (potentially compressed then) encrypted. Many XMPP endpoints will do this to keep the socket open in the face of the large number of odd middleboxes that assume that if you haven't sent data in a while, the socket is dead.
Upvotes: 2
Related Questions
- analyze network traffic to and from the process
- Xdp how to determine traffic direction?
- Monitoring of network traffic
- Adding Enhanced Debugger to view packet level information for Smack android based XMPP client
- How to capture xmpp traffic by tool
- How to analyze captured network traffic?
- How to manage XMPP connection
- Wireshark Traffic Analysis for File type
- Analyze Network events with xperf
- XMPP background traffic analysis