User login

Weekly Report

08

Dec

2015

Last week I had been looking at some traffic that had been coming from Taobao servers (a shopping site in china that rivals aliexpress and ebay), that were using port 80, but weren't necessarily doing HTTP traffic.

I downloaded a few taobao applications on an android emulator to capture some traffic to try and replicate the traces we have been observing. It seemed promising as we were seeing traffic that was almost following the same trends being observed.

When I ran these traces through libprotoident this week, they were being classified as SPDY, which is used over HTTP to decrease loading time for web pages. Looking at their protocol manual, it appears that the traffic was conforming to ping packets for SPDY. I have now extended the module to account for this type of packet.

Woohoo!