INTERACT FORUM

More => Old Versions => Media Center 11 (Development Ended) => Topic started by: Marko on July 18, 2003, 04:10:32 am

Title: wma plugin install. what's it up to?
Post by: Marko on July 18, 2003, 04:10:32 am
Screenshot (http://www.marko121.pwp.blueyonder.co.uk/pics/wminstall.jpg)

OK, it's calling the DNS server, but then what? and why?

-marko.
Title: Re: wma plugin install. what's it up to?
Post by: loraan on July 18, 2003, 07:31:57 am
I pulled out my copy of WildPackets' EtherPeek and captured the packets.  Here's a summary:











24IP-192.168.1.103IP-209.144.50.125DNSC QUERY NAME=crl.microsoft.com
25IP-209.144.50.125IP-192.168.1.103DNSR QUERY STATUS=OK NAME=crl.microsoft.com ADDR=207.46.242.247
26IP-192.168.1.103IP-207.46.242.247HTTPSrc= 1959,Dst=   80,....S.,S= 628750463,L=    0,A=         0,W=64240
27IP-207.46.242.247IP-192.168.1.103HTTPSrc=   80,Dst= 1959,.A..S.,S=3312085499,L=    0,A= 628750464,W=17520
28IP-192.168.1.103IP-207.46.242.247HTTPSrc= 1959,Dst=   80,.A....,S= 628750464,L=    0,A=3312085500,W=64240
29IP-192.168.1.103IP-207.46.242.247HTTPC PORT=1959 GET /pki/crl/products/WindowsPCA.crl
30IP-207.46.242.247IP-192.168.1.103HTTPSrc=   80,Dst= 1959,.A....,S=3312085500,L=    0,A= 628750732,W=17252
31IP-207.46.242.247IP-192.168.1.103HTTPR PORT=1959 HTML Data
32IP-192.168.1.103IP-207.46.242.247HTTPSrc= 1959,Dst=   80,.A....,S= 628750732,L=    0,A=3312086305,W=63435


Explanation:

Packet 24: DNS lookup for crl.microsoft.com
Packet 25: DNS response
Packet 26-28: Opening TCP conversation to crl.microsoft.com (TCP three-way handshake)
Packet 29: HTTP GET for "/pki/crl/products/WindowsPCA.crl"
Packet 30: TCP ACK for packet 29
Packet 31: HTML data (response to packet 29)
Packet 32: ACK for packet 31

Here's the contents of the HTML data that was returned:


HTTP - Hyper Text Transfer Protocol
 Version:              HTTP/1.1
 Status:               200
 Reason:               OK<CR><LF>
Server:                 Microsoft-IIS/5.0<CR><LF>
Date:                   Fri, 18 Jul 2003 15:18:22 GMT<CR><LF>
Content-Type:           application/pkix-crl<CR><LF>
Accept-Ranges:          bytes<CR><LF>
Last-Modified:          Mon, 30 Jun 2003 23:36:38 GMT<CR><LF>
ETag:                   "0c74773603fc31:827"<CR><LF>
Content-Length:         569<CR><LF><CR><LF>
 Binary Data:
 0..50......0...*  30 82 02 35 30 82 01 1D 02 01 01 30 0D 06 09 2A
 .H........0..1.0  86 48 86 F7 0D 01 01 05 05 00 30 81 B3 31 0B 30
 ...U....US1.0...  09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03
 U....WA1.0...U..  55 04 08 13 02 57 41 31 10 30 0E 06 03 55 04 07
 ..Redmond1.0...U  13 07 52 65 64 6D 6F 6E 64 31 1E 30 1C 06 03 55
 ....Microsoft Co  04 0A 13 15 4D 69 63 72 6F 73 6F 66 74 20 43 6F
 rporation1+0)..U  72 70 6F 72 61 74 69 6F 6E 31 2B 30 29 06 03 55
 ..."Copyright (c  04 0B 13 22 43 6F 70 79 72 69 67 68 74 20 28 63
 ) 1999 Microsoft  29 20 31 39 39 39 20 4D 69 63 72 6F 73 6F 66 74
  Corp.1806..U...  20 43 6F 72 70 2E 31 38 30 36 06 03 55 04 03 13
 /Microsoft Windo  2F 4D 69 63 72 6F 73 6F 66 74 20 57 69 6E 64 6F
 ws Verification   77 73 20 56 65 72 69 66 69 63 61 74 69 6F 6E 20
 Intermediate PCA  49 6E 74 65 72 6D 65 64 69 61 74 65 20 50 43 41
 ..030630232636Z.  17 0D 30 33 30 36 33 30 32 33 32 36 33 36 5A 17
 .031021114636Z.5  0D 30 33 31 30 32 31 31 31 34 36 33 36 5A A0 35
 030...U.#..0....  30 33 30 1F 06 03 55 1D 23 04 18 30 16 80 14 18
 ...N............  D4 CE E2 4E 13 A1 88 E8 D0 D2 D5 AE B3 E2 A0 9F
 ...0...+.....7..  EA F2 8D 30 10 06 09 2B 06 01 04 01 82 37 15 01
 .....0...*.H....  04 03 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01
 .........0*Q.h.*  01 05 05 00 03 82 01 01 00 30 2A 51 C0 68 9A 2A
 ..E.~}i.w.m.*p}.  C0 7F 45 9F 7E 7D 69 1D 77 02 6D BC 2A 70 7D AA
 :>..,.M.g..p.X.!  3A 3E CC 92 2C F4 4D 8A 67 1C 10 70 C7 58 90 21
 ..Sg...jH.KZg.n.  9B 7F 53 67 80 FA FD 6A 48 EE 4B 5A 67 A0 6E F5
 ..e...Yw.B......  CE 10 65 E1 C4 86 59 77 C5 42 B3 8D C8 C6 9A 0F
 ...r..hq&.......  0C E3 BA 72 19 1D 68 71 26 09 CB DC 14 DD 9D AD
 ..C8....=.bH..`.  C9 BD 43 38 89 FB AD E1 3D 1D 62 48 93 F7 60 1C
 .Go4..y.yR.....M  8C 47 6F 34 17 FE 79 10 79 52 16 89 17 9C A0 4D
 ......DQ...{...2  DE C2 F1 0A DE BB 44 51 C2 BC EF 7B C3 1C 14 32
 ./..[..=..{..A".  DC 2F F6 F3 5B A9 C0 3D 01 C7 7B A8 C6 41 22 B5
 ...7U..x...[O`.9  DB D8 AF 37 55 1F 93 78 EC 82 18 5B 4F 60 09 39
 $*.).9.q........  24 2A D3 29 FC 39 1D 71 CA BA AD 92 02 1D F6 14
 K.*.:7..".o...5h  4B 15 2A AD 3A 37 D3 8D 22 1B 6F B2 A1 CD 35 68
 d&*..e...?7..Od"  64 26 2A D9 EC 65 D2 A9 BF 3F 37 81 A6 4F 64 22
 ...k.........l..  1F A6 D7 6B ED A2 A9 0A F7 DF EC B7 16 6C 89 E2
 ...$...X.CU.F...  06 0C 87 24 14 DA F5 58 AA 43 55 A6 46 8F A8 05
 .I..a..z.         DC 49 06 1E 61 CF 85 7A 1D



PKI most likely stands for Public Key Infrastructure. My guess is that CRL stands for Content Rights Licensing.

Although the TCP connection was not closed, no more traffic was sent through the end of the install. Hope this helps!
Title: Re: wma plugin install. what's it up to?
Post by: Marko on July 18, 2003, 09:13:35 am
Thanks for the feedback loraan. All of that doesn't mean a whole lot to me I'm afraid ?
Is this step crucial to the plugin setup?
What happens on systems with no internet access?
If we need these codecs to output wm files, why can't they just be installed and then do their job without chatting away to microsofts servers?
I was thinking that if jriver is including these things in the setup, they would also understand exactly how they work and why? I'm sure I'm not the only one who wonders about these things, and innocent or not, it would be nice if someone could explain it in plain english for us?
Title: Re: wma plugin install. what's it up to?
Post by: loraan on July 18, 2003, 09:39:07 am
It's probably innocent, and the install can probably complete without it. The station downloaded a little bit of information from Microsoft. At no point did it send any data.

If you want, you can unplug your system from the network when you install. That will probably stop this.
Title: Re: wma plugin install. what's it up to?
Post by: RemyJ on July 18, 2003, 01:06:37 pm
CRL stands for Certificate Revocation List which is a list of PKI certificates that have been revoked (go figure).  It's a normal part of the Public Key Infrastructure actually doesn't have anything to do with digital rights, per se.  
Title: Re: wma plugin install. what's it up to?
Post by: JimH on July 18, 2003, 04:49:03 pm
This is an area I don't know much about, but my guess is that there is some kind of key being requested so that files can be encrypted in a known way.  Public key, private key?

It doesn't look like anything sinister.
Title: Re: wma plugin install. what's it up to?
Post by: loraan on July 18, 2003, 10:21:58 pm
Quote
CRL stands for Certificate Revocation List which is a list of PKI certificates that have been revoked (go figure).


*smacks forehead* Duh.