tags:

views:

45

answers:

2
Q: 

how to know if a packet sniffed is accessed from a website directly and not linked?

is there any way to know if a certain tcp segment which has a request message to a server is directly accessed by a user through a browser. not just that its linked by the browser itself to complete the requested page. like for example, a web page with images, when one browses this page, the sniffer tends to get all this urls including the web page's and that of the images. what factors would let me identify which is which?!...

thanks alot in advance:)

+1  A: 

Nope.

I just confirmed this using the Ethereal packet sniffer on a 1996-style brochureware site that had a few embedded gifs. There is nothing about the secondary HTTP GET request packets that distinguish them from my original GET.

If you want to get meta-analytic, I'd be impressed if someone could click as fast as the browser issues the subsequent auto-requests, but wget would be as fast. I wouldn't use this evidence to hang a man nor exonerate him.

msw  2010-03-01 08:26:16
A: 

There is an HTTP header for that that a browser can set to tell the server which page the requested URL appeared on:

http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14

I believe the major browsers set this header when requesting resources (images, css, js), as well as when one clicks on a link, but I'm not sure. Browsers aren't required to set this header. Even when the header is set, the browser could be lying. There's no way for anyone else to know, at least not that I know of.

allyourcode  2010-03-01 08:31:00
Relying on a referer is a very bad idea - where the borwser does return data, it will also return a referer for web pages themselves. The nearest you'll get to what the OP is looking for is by sniffing the mime-type - typically only text/html mime types are returned by the requested URL whereas they are rarely requested by the user selected document - however this presupposes that the server is correctly configured to return the right mimetype.
symcbean  2010-03-07 00:25:42
I believe he is basically asking if there's a way to tell whether the user clicked on a link vs. typing the URL in the url bar or using a bookmark. When Referer is set, you can infer that that the user clicked on a link to get to the page as opposed to some other method.
allyourcode  2010-03-07 03:29:26

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS