INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: wma plugin install. what's it up to?  (Read 1652 times)

Marko

  • Guest
wma plugin install. what's it up to?
« on: July 18, 2003, 04:10:32 am »
Screenshot

OK, it's calling the DNS server, but then what? and why?

-marko.
Logged

loraan

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 320
Re: wma plugin install. what's it up to?
« Reply #1 on: July 18, 2003, 07:31:57 am »
I pulled out my copy of WildPackets' EtherPeek and captured the packets.  Here's a summary:











24IP-192.168.1.103IP-209.144.50.125DNSC QUERY NAME=crl.microsoft.com
25IP-209.144.50.125IP-192.168.1.103DNSR QUERY STATUS=OK NAME=crl.microsoft.com ADDR=207.46.242.247
26IP-192.168.1.103IP-207.46.242.247HTTPSrc= 1959,Dst=   80,....S.,S= 628750463,L=    0,A=         0,W=64240
27IP-207.46.242.247IP-192.168.1.103HTTPSrc=   80,Dst= 1959,.A..S.,S=3312085499,L=    0,A= 628750464,W=17520
28IP-192.168.1.103IP-207.46.242.247HTTPSrc= 1959,Dst=   80,.A....,S= 628750464,L=    0,A=3312085500,W=64240
29IP-192.168.1.103IP-207.46.242.247HTTPC PORT=1959 GET /pki/crl/products/WindowsPCA.crl
30IP-207.46.242.247IP-192.168.1.103HTTPSrc=   80,Dst= 1959,.A....,S=3312085500,L=    0,A= 628750732,W=17252
31IP-207.46.242.247IP-192.168.1.103HTTPR PORT=1959 HTML Data
32IP-192.168.1.103IP-207.46.242.247HTTPSrc= 1959,Dst=   80,.A....,S= 628750732,L=    0,A=3312086305,W=63435


Explanation:

Packet 24: DNS lookup for crl.microsoft.com
Packet 25: DNS response
Packet 26-28: Opening TCP conversation to crl.microsoft.com (TCP three-way handshake)
Packet 29: HTTP GET for "/pki/crl/products/WindowsPCA.crl"
Packet 30: TCP ACK for packet 29
Packet 31: HTML data (response to packet 29)
Packet 32: ACK for packet 31

Here's the contents of the HTML data that was returned:


HTTP - Hyper Text Transfer Protocol
 Version:              HTTP/1.1
 Status:               200
 Reason:               OK<CR><LF>
Server:                 Microsoft-IIS/5.0<CR><LF>
Date:                   Fri, 18 Jul 2003 15:18:22 GMT<CR><LF>
Content-Type:           application/pkix-crl<CR><LF>
Accept-Ranges:          bytes<CR><LF>
Last-Modified:          Mon, 30 Jun 2003 23:36:38 GMT<CR><LF>
ETag:                   "0c74773603fc31:827"<CR><LF>
Content-Length:         569<CR><LF><CR><LF>
 Binary Data:
 0..50......0...*  30 82 02 35 30 82 01 1D 02 01 01 30 0D 06 09 2A
 .H........0..1.0  86 48 86 F7 0D 01 01 05 05 00 30 81 B3 31 0B 30
 ...U....US1.0...  09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03
 U....WA1.0...U..  55 04 08 13 02 57 41 31 10 30 0E 06 03 55 04 07
 ..Redmond1.0...U  13 07 52 65 64 6D 6F 6E 64 31 1E 30 1C 06 03 55
 ....Microsoft Co  04 0A 13 15 4D 69 63 72 6F 73 6F 66 74 20 43 6F
 rporation1+0)..U  72 70 6F 72 61 74 69 6F 6E 31 2B 30 29 06 03 55
 ..."Copyright (c  04 0B 13 22 43 6F 70 79 72 69 67 68 74 20 28 63
 ) 1999 Microsoft  29 20 31 39 39 39 20 4D 69 63 72 6F 73 6F 66 74
  Corp.1806..U...  20 43 6F 72 70 2E 31 38 30 36 06 03 55 04 03 13
 /Microsoft Windo  2F 4D 69 63 72 6F 73 6F 66 74 20 57 69 6E 64 6F
 ws Verification   77 73 20 56 65 72 69 66 69 63 61 74 69 6F 6E 20
 Intermediate PCA  49 6E 74 65 72 6D 65 64 69 61 74 65 20 50 43 41
 ..030630232636Z.  17 0D 30 33 30 36 33 30 32 33 32 36 33 36 5A 17
 .031021114636Z.5  0D 30 33 31 30 32 31 31 31 34 36 33 36 5A A0 35
 030...U.#..0....  30 33 30 1F 06 03 55 1D 23 04 18 30 16 80 14 18
 ...N............  D4 CE E2 4E 13 A1 88 E8 D0 D2 D5 AE B3 E2 A0 9F
 ...0...+.....7..  EA F2 8D 30 10 06 09 2B 06 01 04 01 82 37 15 01
 .....0...*.H....  04 03 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01
 .........0*Q.h.*  01 05 05 00 03 82 01 01 00 30 2A 51 C0 68 9A 2A
 ..E.~}i.w.m.*p}.  C0 7F 45 9F 7E 7D 69 1D 77 02 6D BC 2A 70 7D AA
 :>..,.M.g..p.X.!  3A 3E CC 92 2C F4 4D 8A 67 1C 10 70 C7 58 90 21
 ..Sg...jH.KZg.n.  9B 7F 53 67 80 FA FD 6A 48 EE 4B 5A 67 A0 6E F5
 ..e...Yw.B......  CE 10 65 E1 C4 86 59 77 C5 42 B3 8D C8 C6 9A 0F
 ...r..hq&.......  0C E3 BA 72 19 1D 68 71 26 09 CB DC 14 DD 9D AD
 ..C8....=.bH..`.  C9 BD 43 38 89 FB AD E1 3D 1D 62 48 93 F7 60 1C
 .Go4..y.yR.....M  8C 47 6F 34 17 FE 79 10 79 52 16 89 17 9C A0 4D
 ......DQ...{...2  DE C2 F1 0A DE BB 44 51 C2 BC EF 7B C3 1C 14 32
 ./..[..=..{..A".  DC 2F F6 F3 5B A9 C0 3D 01 C7 7B A8 C6 41 22 B5
 ...7U..x...[O`.9  DB D8 AF 37 55 1F 93 78 EC 82 18 5B 4F 60 09 39
 $*.).9.q........  24 2A D3 29 FC 39 1D 71 CA BA AD 92 02 1D F6 14
 K.*.:7..".o...5h  4B 15 2A AD 3A 37 D3 8D 22 1B 6F B2 A1 CD 35 68
 d&*..e...?7..Od"  64 26 2A D9 EC 65 D2 A9 BF 3F 37 81 A6 4F 64 22
 ...k.........l..  1F A6 D7 6B ED A2 A9 0A F7 DF EC B7 16 6C 89 E2
 ...$...X.CU.F...  06 0C 87 24 14 DA F5 58 AA 43 55 A6 46 8F A8 05
 .I..a..z.         DC 49 06 1E 61 CF 85 7A 1D



PKI most likely stands for Public Key Infrastructure. My guess is that CRL stands for Content Rights Licensing.

Although the TCP connection was not closed, no more traffic was sent through the end of the install. Hope this helps!
Logged

Marko

  • Guest
Re: wma plugin install. what's it up to?
« Reply #2 on: July 18, 2003, 09:13:35 am »
Thanks for the feedback loraan. All of that doesn't mean a whole lot to me I'm afraid ?
Is this step crucial to the plugin setup?
What happens on systems with no internet access?
If we need these codecs to output wm files, why can't they just be installed and then do their job without chatting away to microsofts servers?
I was thinking that if jriver is including these things in the setup, they would also understand exactly how they work and why? I'm sure I'm not the only one who wonders about these things, and innocent or not, it would be nice if someone could explain it in plain english for us?
Logged

loraan

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 320
Re: wma plugin install. what's it up to?
« Reply #3 on: July 18, 2003, 09:39:07 am »
It's probably innocent, and the install can probably complete without it. The station downloaded a little bit of information from Microsoft. At no point did it send any data.

If you want, you can unplug your system from the network when you install. That will probably stop this.
Logged

RemyJ

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1245
Re: wma plugin install. what's it up to?
« Reply #4 on: July 18, 2003, 01:06:37 pm »
CRL stands for Certificate Revocation List which is a list of PKI certificates that have been revoked (go figure).  It's a normal part of the Public Key Infrastructure actually doesn't have anything to do with digital rights, per se.  
Logged
Fedora 38 x86_64 Xfce

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 71675
  • Where did I put my teeth?
Re: wma plugin install. what's it up to?
« Reply #5 on: July 18, 2003, 04:49:03 pm »
This is an area I don't know much about, but my guess is that there is some kind of key being requested so that files can be encrypted in a known way.  Public key, private key?

It doesn't look like anything sinister.
Logged

loraan

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 320
Re: wma plugin install. what's it up to?
« Reply #6 on: July 18, 2003, 10:21:58 pm »
Quote
CRL stands for Certificate Revocation List which is a list of PKI certificates that have been revoked (go figure).


*smacks forehead* Duh.
Logged
Pages: [1]   Go Up
« previous next »