Picture issues
- Thread starter 87manche
- Start date
Re: Important
just did it from the work machine in IE9. That browser had never been on naxja.org. I tried it in naxja.net as well. Not logged in.
No picture in Dan's tonight post.
http://naxja.net/forum/showpost.php?p=245745252&postcount=39467
So I logged in, went to the album and viewed the picture.
Then I went back to the post in the thread and refreshed. Still no image.
Next time I think about it I'll grab some wireshark data and repeat this stuff when I get home.
just did it from the work machine in IE9. That browser had never been on naxja.org. I tried it in naxja.net as well. Not logged in.
No picture in Dan's tonight post.
http://naxja.net/forum/showpost.php?p=245745252&postcount=39467
So I logged in, went to the album and viewed the picture.
Then I went back to the post in the thread and refreshed. Still no image.
Next time I think about it I'll grab some wireshark data and repeat this stuff when I get home.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
Im not super concerned with it. Somewhat annoying is all.
I turned my referrers back on and it didnt change anything.
Im not super concerned with it. Somewhat annoying is all.
I turned my referrers back on and it didnt change anything.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
178 1.155381000 192.168.0.3 67.228.170.170-static.reverse.softlayer.com HTTP 408 GET /forum/picture.php?albumid=156&pictureid=2482 HTTP/1.1
If I copy the
/forum/picture.php?albumid=156&pictureid=2482
Add naxja.org to it, and paste it into my browser, it works fine.
I pinged naxja and got the IP, If I do this:
http://67.228.170.170/forum/picture.php?albumid=156&pictureid=2482
The titlebar says picture.php GIF 1x1Pixels and I get a gray background.
178 1.155381000 192.168.0.3 67.228.170.170-static.reverse.softlayer.com HTTP 408 GET /forum/picture.php?albumid=156&pictureid=2482 HTTP/1.1
If I copy the
/forum/picture.php?albumid=156&pictureid=2482
Add naxja.org to it, and paste it into my browser, it works fine.
I pinged naxja and got the IP, If I do this:
http://67.228.170.170/forum/picture.php?albumid=156&pictureid=2482
The titlebar says picture.php GIF 1x1Pixels and I get a gray background.
Last edited:
Re: Important
For Wireshark use, start a capture on all interfaces, with "host naxja.org" as the capture filter. That'll ignore all other traffic. If you put 'display contains "pictureid=2482"' in the display filter, then click Apply, it'll only display packets containing Dan's picture. Go to "http://naxja.org/forum/showthread.php?p=245745253#post245745253" and force a full refresh. You should see a few packets show up. Select one, choose Analyze from the menu, then "Follow TCP stream". That'll bring up a new window with all of the data in that transfer session.
If you don't get any packets displayed, either the display filter isn't quite right, or the data isn't coming back to your station.
Here's something else to check. Right click any graphic element (an avatar is good,) and pick View Image Info. Is the "Block Images from naxja.org" checked or unchecked?
For Wireshark use, start a capture on all interfaces, with "host naxja.org" as the capture filter. That'll ignore all other traffic. If you put 'display contains "pictureid=2482"' in the display filter, then click Apply, it'll only display packets containing Dan's picture. Go to "http://naxja.org/forum/showthread.php?p=245745253#post245745253" and force a full refresh. You should see a few packets show up. Select one, choose Analyze from the menu, then "Follow TCP stream". That'll bring up a new window with all of the data in that transfer session.
If you don't get any packets displayed, either the display filter isn't quite right, or the data isn't coming back to your station.
Here's something else to check. Right click any graphic element (an avatar is good,) and pick View Image Info. Is the "Block Images from naxja.org" checked or unchecked?
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
Ill do the wireshark.
Blocked images was unchecked.
Noticed this too:
1x1pix
Ill do the wireshark.
Blocked images was unchecked.
Noticed this too:
1x1pix
Re: Important
I've got no image blocking or anything setup in Opera. It's just as Opera installed it.
my IE9 doesn't even get used, so it's all defaults as well.
I'll dig into it some this weekend when I have the time, and I'm back on a machine with a proper operating system.
I've got no image blocking or anything setup in Opera. It's just as Opera installed it.
my IE9 doesn't even get used, so it's all defaults as well.
I'll dig into it some this weekend when I have the time, and I'm back on a machine with a proper operating system.
Re: Important
That's bloomin' goofy. I get a 600x450 image out of that. Something is rewriting the image data on the way through.
I've also decided that I do *NOT* like the latest Windoze version of Wireshark. Capture filtering is turning into a PITA.
That's bloomin' goofy. I get a 600x450 image out of that. Something is rewriting the image data on the way through.
I've also decided that I do *NOT* like the latest Windoze version of Wireshark. Capture filtering is turning into a PITA.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
I was going to mention that, I cant figure it out.
I did what you said and its not filtering anything...
I was going to mention that, I cant figure it out.
I did what you said and its not filtering anything...
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
slowly figuring it out... Im using "ip.src == 67.228.170.170 or ip.dst == 67.228.170.170"
slowly figuring it out... Im using "ip.src == 67.228.170.170 or ip.dst == 67.228.170.170"
Re: Important
That looks like a display filter.
There's 2 major filter sections in wireshark, capture and display. In a lot of cases, capturing all of the traffic on an interface will kill a machine in pretty short order. The display filters are good for fine analysis of that captured traffic. Unfortunately, the syntax is different for capture and display filters.
I doubt anything on a home system would stress a full capture, though.
That looks like a display filter.
There's 2 major filter sections in wireshark, capture and display. In a lot of cases, capturing all of the traffic on an interface will kill a machine in pretty short order. The display filters are good for fine analysis of that captured traffic. Unfortunately, the syntax is different for capture and display filters.
I doubt anything on a home system would stress a full capture, though.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
I couldnt get the capture filter to work so I used the display filter...
Still dont really know what Im looking at. lol
From what I can tell I have it narrowed down to 11 packets to do with the image...
I couldnt get the capture filter to work so I used the display filter...
Still dont really know what Im looking at. lol
From what I can tell I have it narrowed down to 11 packets to do with the image...
Last edited:
Re: Important
Try using "(ip.src == 67.228.170.170 or ip.dst == 67.228.170.170) and image-jfif.marker" to display only the packets that contain the start of an inline JPEG.
Edit: You can select the packets, and run Analyze/Follow TCP Stream to see the entire HTTP conversation for that image.
Try using "(ip.src == 67.228.170.170 or ip.dst == 67.228.170.170) and image-jfif.marker" to display only the packets that contain the start of an inline JPEG.
Edit: You can select the packets, and run Analyze/Follow TCP Stream to see the entire HTTP conversation for that image.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
286 13:38:11.495562000 67.228.170.170-static.reverse.softlayer.com 192.168.0.3 HTTP 1514 HTTP/1.1 200 OK (JPEG JFIF image)
286 13:38:11.495562000 67.228.170.170-static.reverse.softlayer.com 192.168.0.3 HTTP 1514 HTTP/1.1 200 OK (JPEG JFIF image)
Re: Important
You'll actually need to follow the TCP stream, find the right packets for the image that's not displaying, and look at the JPEG data to figure out if it's getting rewritten before it gets to your computer, or after.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
working on it.
working on it.
*89Laredo*
NAXJA Forum User
- Location
- Sheffield, IA
Re: Important
K... When I use this filter "(ip.src == 67.228.170.170 or ip.dst == 67.228.170.170) and image-jfif.marker"
I get one packet.
Right click on the packet and follow stream.
"Stream Content" shows this:
Edit: naxja.org/forum/customavatars/avatar12_9.gif is Dans avatar...
K... When I use this filter "(ip.src == 67.228.170.170 or ip.dst == 67.228.170.170) and image-jfif.marker"
I get one packet.
Right click on the packet and follow stream.
"Stream Content" shows this:
That looks like an avatar to me... Does that mean im not even receiving Dans image in the first place?
Edit: naxja.org/forum/customavatars/avatar12_9.gif is Dans avatar...
Re: Important
That's an avatar URL. Replace the display filter with the one I suggested, and pick another packet, then follow that TCP stream. Somewhere in there, as long as you're fully refreshed the browser display with Dan's pic during the capture, you'll get an inline image. Yeah, I know, it can be a needle in a haystack, but considering that you've found it as a 1x1 image, it's gotta be in there someplace. The binary data for the image will tell you if it's a 1x1 or a 600x450 image.
That's an avatar URL. Replace the display filter with the one I suggested, and pick another packet, then follow that TCP stream. Somewhere in there, as long as you're fully refreshed the browser display with Dan's pic during the capture, you'll get an inline image. Yeah, I know, it can be a needle in a haystack, but considering that you've found it as a 1x1 image, it's gotta be in there someplace. The binary data for the image will tell you if it's a 1x1 or a 600x450 image.
