(Related bug in Mozilla's Bugzilla.)
(BTW - feel free to use another packet analyzer instead of ngrep.)
HOW THIS LOG WAS CREATED (Linux):
$ mv ~/.mozilla ~/.backup-mozilla
$ su - # ngrep -tMpqld eth0 -S 1000 -W byline '((OPTIONS|HEAD|POST|GET|PUT|DELETE|TRACE|CONNECT).*HTTP)|(HTTP.*[0-9][0-9][0-9])' | tee ngrep-http.log(see documentation of ngrep for description of all options)
$ cd firefox $ ./firefox
$ ./firefox
about:blank
in address field (just in case...); wait about 2h or more; DON'T USE Firefox nor other network applications, because log-file will be harder to analyze (actually, you can use other protocols, just not plain HTTP or similar); you will observe at least:
Ctrl + c
to stop it
"sb.google.com"
, analyze requests and responses related with this server
"Cookie: " / "Set-Cookie: "
in headers
"Location: "
(use RFC2616 as your guide to HTTP (excluding cookies; for this topic see eg. RFC2109))
$ rm -rf ~/.mozilla $ mv ~/.backup-mozilla ~/.mozilla
(Actually, you can omit steps 7. and 8., it shouldn't change anything regarding issues with cookies etc.)
Below is traffic related with issue described in 9.b):
(First, Google's cookie is set on first run (after redirection from mozilla.com to google.com)...):
T 2006/12/20 23:37:57.830252 209.85.129.147:80 -> 10.0.0.2:4258 [AP] HTTP/1.1 302 Found. Location: http://www.google.pl/firefox?client=firefox-a&rls=org.mozilla:pl:official. Cache-Control: private. Set-Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com. Content-Type: text/html. Server: GWS/2.1. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Wed, 20 Dec 2006 22:37:48 GMT. . e6. ..........L..j.0.EwA.Ah.f.i...*.qq!.P.d...%."U~..~}.&C.s..{x.i.{)...I...5.1...^J..3..3.....J.pEn..MgT....u..$..{......=..............j..+3...=.n...5j.~..Q...~+.bUp>MS...;....&....9.x.1S...MrC.R...c.SEtE..vV9&.$.......'5k,.X._...... a. ..L........ 0. .
(... and then cookie is sent with each request for update of antiphishing lists):
(...) T 2006/12/20 23:43:26.489598 10.0.0.2:1593 -> 72.14.221.95:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7578,goog-black-enchash:1:14917 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/20 23:43:26.533368 72.14.221.95:80 -> 10.0.0.2:1593 [AP] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Content-Length: 0. Date: Wed, 20 Dec 2006 22:43:17 GMT. . T 2006/12/21 00:06:58.464915 10.0.0.2:2106 -> 72.14.221.95:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7578,goog-black-enchash:1:14917 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 00:06:58.509171 72.14.221.95:80 -> 10.0.0.2:2106 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Wed, 20 Dec 2006 23:06:49 GMT. Cache-Control: private, x-gzip-ok="". . 832. ..........$.........}...l...^.r.9....H.$.<.....tW.|..f....}^v.....o....b$.....g.W......p.L..KAQ.9."..R....g.?...-.R.......6*..Iw..[... lV(J..t.8Bt$.j.......B0..%..pY.!..8.2@. ..+A^..K....](.x.KV. ...-p.vLG.P..r.B.r..1.bi.9;.S..J..e"..!S..V....r....R..E.D...3d.......v8...F...?......E...4......G.,...V!.,<I...Zt.X.).0>..6m?.F...B.xmK...+.....X..0.....A...../..|..+.=KIb....gL..hf.......E......`.~.N.[.:..z.. ........f...LD....L<..xNp....pK^..2rO......uS...L/mJ....m.tlA2.'..|.".s...#...Q.Qg.$ ..olR.N9.)........ .Y_....H...LZ...h..9......)..I...d.y..=!'Wf.K.5..!%M.....6V@}.'...\}.d?P.........K1..Z.#E.a.C14.E.8R..Wd0....O..^.c^J.L........Dk.7...Q.....x.A...}..K....O.:...-...~.m....X........(.lF/+G.Q.S.K.....;.nus..(9..Q'M......o.........8-[wC4.&y.....`..(. ..m..N..p....y.........5.o.d...8.... T 2006/12/21 00:36:58.426793 10.0.0.2:4817 -> 72.14.221.95:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7578,goog-black-enchash:1:14918 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 00:36:58.470740 72.14.221.95:80 -> 10.0.0.2:4817 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Wed, 20 Dec 2006 23:36:49 GMT. Cache-Control: private, x-gzip-ok="". . 18ef. ...............L........=..E/....L.......;.."$.........8..N.8m...i.......P ...OY...........A....0O...Q....!......d.7;..,;......0q......4..!.:A@E.@=`.......h.U-.!'6}..k~./....8..,$.4.....,.#('.4.......T....q...g..;0......",....N..XR.K...Q..../QC.....<,._.qc;....P4v....jY..BH........H.Fi..a..!..9.cPP`....w.cCZ...U....*...h....*..z.......V.8.l..F.p.-....1-0...'nlLk......8r}.L."+./H.....0Q+~ou...B0....[$ ........p..a.....0I......1.......p9D..+O.M..Q..r..@ulcmJ......q.vF..~!..d-..K"...........x......%...`.cQ....%)....Ca..x.Aq.$..].....`.....Jq.......G...&W{.....lSWC......f-W..E;.r%I%.i....J.H+.....`..y... .H....fy.....p...D....5~_..j...=(..s9.....x...M.......;.([.....R....$:......C.#.c.t}(.^.....V..tv.......'.D?...7.. .)...Z. .. ..0..x..9...WKm4.=v{bG..B.6....Y5U.J...ghX8/.8A...7h........ (...) T 2006/12/21 01:06:58.571483 10.0.0.2:3920 -> 72.14.221.93:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7578,goog-black-enchash:1:14919 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 01:06:58.615370 72.14.221.93:80 -> 10.0.0.2:3920 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 00:06:49 GMT. Cache-Control: private, x-gzip-ok="". . 14bc. ...............F.Ec.+.SZ......lm.......(.*...w...m...;..b....m......1...:.e.W....p.....a gx^.Y.Ey..8.e. ...Z........{..}.. .7..-.}..-...n.c..3..5;.'......~.m.....na.h.T.......-u.Y.S\,...oG...dc.';..........U.rmNK1^8...h...%.......l......C.,.!.@a(....C4...'.......b...}L.h.Ux.=59..|.'p.C.=.>.cF.^"..U...h.=h.%y...>I.o3&....<M..bK.M....).*..........A|nL....&.Y^..d.>&..iH.....f........0^r...h..7Ew.....S...bZ.9...'. .#.0,..M...R.'.4B..H ..G*.S...hj...Q... c.<G.....G.G.2.t....MGV ..bQ... Y.f.:FRN.a\[...3...V1nLf.2l.......c..<..H.6I...T.60cAf<......%.(N"$...J $...H.,.c.."..G..k2.........4..{.`A.....A.Gf...)pZ..XEH )-..\b.]G.O|5.q.......MW.....`Q..q0...:&]&...J.....Q. .q....1XR.#.\(.......e..$...5. ...8.H.............f.^..]..z..F... .B..N\.iZ@....K.w.w......|.L?S......M....~..~%.. `t|...6f4+. T 2006/12/21 01:36:58.378729 10.0.0.2:4745 -> 72.14.221.91:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7580,goog-black-enchash:1:14920 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 01:36:58.433790 72.14.221.91:80 -> 10.0.0.2:4745 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 00:36:49 GMT. Cache-Control: private, x-gzip-ok="". . 6bb. ..........$UI..:.]....=....$..H.q.Q&Q.z!.. (.....w..".:........'....O...}_........=n.~(....L8............\". F.....U5.7.M.%..Th....P...u....$Z4...k......u..HAz.N...Rd..AH..{.m..-..d.>..aeT..}...m...(y.|h.Za.12.>3.._....3*.......$.Y.%t....'.=.B.Z(..G....6g.....`.,...;.Y.x..k.......z.T...K......5...XVW.....i...}O'..rr....z..KU.N....v...i$...I .HH.....2.2$...D)..OX.m...."..sf.....P.,l..c&..%....p...Q.....H.8...v..ih.-j..q3......i.C....8..u../.q.n.7u.~=..p...F...........a.z....j8....&.G..=5....Q...d:T....,E,[.,...........A..U..V....|..Yv.v..A.....s..<.#.".6-b/9.............y.....L....-.5,..1.X.j....B.~.k..U.K..[.neVk......x...X_Y..f..c...........|&o.n....W..~..G....=......}.H....].-'$...g.*....R..[..*.V.......\2A..,...z......F.1...p.y.p..K.'0C.....t..YL62y1.(....)....>...9..wymfet..uv.... (...) T 2006/12/21 02:06:58.408848 10.0.0.2:2795 -> 72.14.221.91:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7580,goog-black-enchash:1:14921 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 02:06:58.452077 72.14.221.91:80 -> 10.0.0.2:2795 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 01:06:49 GMT. Cache-Control: private, x-gzip-ok="". . 7c9. ..........LV.....\..)......Ru....`0..........O..,R.K.n}..........Y......^.?..h(.........?.%02..B.d -"Z.D.0..T......K.&y.....<+Q..*...Y. ..e.S.*....."Nm.......F...)..1..\-.2.G.TVq....Us....!.E.D.r....W...XH.*.X....*....k.~......4.)dfJ#..).T...)..[.e..l9fI...V.g.YA....l.8.......T.....|I....O....#>...7~._........K.e..f...2F.E]}..F..L~Tk..tC*....(.F.9.u8......2.2z....\.....n...2/..e..i.#.?..V.p9U.......,....,.......3snp.}..O....a.......S.;......*.....=7.....}._.S8..8...'@R...s.R...nz.i....52.gm...Bz&..[..B...A8.H7..r.....G..~.1.....x..Rw.`ui..~+....:...j.DlXN'......h..^..z..jLXc...9NWn....\.~D.(..9.....BF.}D....FkPy..`o`......".,..3.'.l...B...%..Z.._.:.5.#+.._z..>...q..U.U`=.....!7.H.....Xe.}8..N...... ....k..n.Z.W.&....(..{..[.....5...z....k..H...zW..y.^..u.].X........W..2.m....Y.N....(W T 2006/12/21 02:36:58.430013 10.0.0.2:2497 -> 72.14.221.93:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7581,goog-black-enchash:1:14922 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 02:36:58.474311 72.14.221.93:80 -> 10.0.0.2:2497 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 01:36:49 GMT. Cache-Control: private, x-gzip-ok="". . 18ed. ...............F.D........A.....=.=.~..5...DWwU..._.,._...._.\........h......Q..?....Ep4.....0..4..,..........%R.i..Z%../!6.,y......B.g.4.&.......Q....\u.E. .\.L....mf.da..2..5.....[.a..(.cQ.Gh..8..Q........l..d2.4v"..Jwx.....s..z......$U...G6P.q..P......lK..[...!s9~'_+..vdkR.@T.........PSs.h...Al.A....`..yT...,..<...f....4.6F....n...i.s.0.D,..+...hp%6.1....(N"$...J $...H.,.c.."..G..[2........!4..{.`A.....A.Gf...)pY..XEH )-..\b.]G.O|4.q.......]W.....`Q..q0...>']&./....s!(.*A~.,.9\c.....z.x...p.((..$1.4.)...Y.<#.O....?s_.N....z..w...k`4...U`..fp.*M...$_8...`x.o..YQ...t....P-Pm.....&j.H.SA...|..m.hV..s...h.VI.N.c.V,..r...Zp(..7.s......#=.......8..B..j.29._.XR..A....,%5.....ik.Z%..--.cMD.?..Mf.F........]..rMl.9.Zz.......}/\.-8P2'A.*.gq..J~....y.<l.....-........|=;V.t.V..{...[.Id)w.....+ (...) T 2006/12/21 03:06:58.416347 10.0.0.2:3813 -> 72.14.221.93:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7581,goog-black-enchash:1:14923 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 03:06:58.460172 72.14.221.93:80 -> 10.0.0.2:3813 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 02:06:49 GMT. Cache-Control: private, x-gzip-ok="". . fd7. ...........W...L.^.s......i.b..&)I.q.Y 9 ..\.........zC..x..?.6N.?Y.......o ...k..x...KP.EA.SH.Y. ..d P....!..?q....O...r.........#.[..z.....j.....'RO..W.......hzx.-..E...}..V.7..;.q.a...J<.5.r@..g.....t..D<.7....0%".x9c.]....U.6. ..a.....4^l..sB.:..;....D....._.F.R.V..J.y.R.AFPae.@A.........u%v..6..O~.@...w....e.u......#.K....N...u.Y.OE.;ge].|^lic..u..<..........lJ..@.E...vc.o2:.........cP.'..@...E..=.i.xJd...g.|N.....lJ....y.U......Q........_5.Q...../V..i..o.j.@..........}.....?.3S......z. .F3....(O[.9.o....uo......W..X/.u.G.....tE...XIH_.T.,. ~....y..J.....R.~GQ..4YW.A....Ow\..=..D..O.IO.s.M.5?..!.n4T..NE....J....$...(..( #.......j.&.{^_.2.|.).....v...%.V<..R ...k'....R.nZ..m,.ucF.K.Q.{..ZF..Q.&..m.'..!.._.aE...$. Q.UIf8A.!/..>....v.....;...C...wE8..+..qF...ahhf..a.\G.3'.WH..l.wK.. T 2006/12/21 03:36:58.512347 10.0.0.2:1882 -> 72.14.221.91:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7581,goog-black-enchash:1:14924 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 03:36:58.555587 72.14.221.91:80 -> 10.0.0.2:1882 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 02:36:49 GMT. Cache-Control: private, x-gzip-ok="". . 8a0. ............I..<.....+z.y.L@....$2."."}z.....8..o.^dC..@....s.....K^......?......!._.......5..I.0.T....fr...I.-.0~V...x}.^...e..k.A:..8.Z.}.]6...-.d...T.~..m].............uM..........Y.....Ps2._o{...1hr~p.{.(O.7B.M.zz...h...?X..q/.#.[S\...v+O....GW8a..p.-...k=......N.j..n+NtN.....E.....&...D}2..Er-..*..]=.......I\.q..P..'.z.3.1...;..y.y....A.....rN.......I....1....0G.@..:4.i..`X.D.?.3w..D.4.E.nvw*..2.....qu....T...b.2.._Qd....Ms..........w'.6..)........,8. `f~..^.P.fH...Db6..*).2.7.sGY....*.......[K&.6..5.......3.`.|....^.#...}..jf.......Qk..M.j......._m...".-@.......m.]J5..?k...)..u...reV....d...:.r....wJ..70Y..[..'.~....999p..g.......:.]wr........6..N .XI...@..2,....vI.....$M...3.#\h.{.,.[{..|bi.zA^g.u....5>..cq;........A:O...l.'.kF.+..x]g\.:....C...x.`...LA.b.^.p.I@uI......+>...... (...) T 2006/12/21 04:06:58.473703 10.0.0.2:2751 -> 72.14.221.91:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7581,goog-black-enchash:1:14925 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 04:06:58.517061 72.14.221.91:80 -> 10.0.0.2:2751 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 03:06:49 GMT. Cache-Control: private, x-gzip-ok="". . 534. ...........UI..8.\....{.6....HH..". |..........x{.,r.=..n.......]WY~.-...{....C,...u.d.......qG3.-..( ...q...$.v..3.......".8....aST....J.p.3..l..Gu.v...>..q}.K.N.k.j1...[..+;.....+R..... .J.pf.......0`.r.v..:...\"...6.k..Mz...=^.c!.%....h?.....[...F.A.{..IS.=..........t...--?uF/..z..7........2.n.S...e....q.r...w..a.s. .G....f.(,..d...8....*....$>Q...r....gA....7.1.uku....h.._QxMG...."Y,^A...+.. ~..'H=......fO.WQ.....^:.]...$DVK-...E.q...1..p....Y.'}....a.uY.h...;..0...z...W.j..`.....E................oz~..lq.F;=...S{.%N.#....3gE...D...(..u(R.2...-.......J....33..t......]D......^P.~..w>......:OJ?x.f..G1.......{..<X|..G..`..{...:.."........]y...O.cUt.Q.#o:9....s7.-.._=.+.yW44o...`.* ....\F...`..E...v&Q._.V..Z-.}......>.T..^2..M..i..j..h...W.G5..W.."....U.*a..4.{u6K....?.U.L(...B....... T 2006/12/21 04:36:58.431947 10.0.0.2:1863 -> 72.14.221.91:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7581,goog-black-enchash:1:14926 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 04:36:58.475040 72.14.221.91:80 -> 10.0.0.2:1863 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 03:36:49 GMT. Cache-Control: private, x-gzip-ok="". . 82c. ...........V..............+R..v........>.^3:...?.q...ui..S.y......P.`...T.[... ..%..x..<.... ..H@.I.`$.'E,.......W.1$+..I"$'.$Or..(...........b..v..u...-....2ba............-..=.../s..2 .).q.C]x.IJ..W{.......BIB H. .AJ<.1...........O..'.H-..+0.0...oH....l."O.O.@.`.k...v/.0......l+.{:...Jx.....n.:.s.d.},.d/...MC..;..VL2...........9.A%.....4G.8.D..$E...K7.`.{...j..y.0.Sv....DV....[-.c.z. ...dc...'\G.....t.i.L.....n....{..X5D-.6.u.K..._Y....x5....[..{.I.!..9..7...#g...]E.S......8.A..I..).....1..$F....H.C.?.c-q.Y.^....M.$s..[..y..c..<....%.aG.k...%@... z. U..t.v..6>Z#z......G....H8<.....B+..d.._..2..<Q....Y"..N.O...K.[.ARx.cs...Q...~s.....}x..y........2..z.......w......R....._hz... nS..;..'....!....94h]. {f.d.-..s=.KJu..v...w.n....I.B 6".......k.-....}...K2.-..}.f.".(..\j.r>R%......Z..E.c. (...) T 2006/12/21 05:06:58.501883 10.0.0.2:3918 -> 72.14.221.95:80 [AP] GET /safebrowsing/update?client=navclient-auto-ffox2.0.0.1&mozver=1.8.1.1-2006120814&version=goog-white-domain:1:18,goog-white-url:1:371,goog-black-url:1:7581,goog-black-enchash:1:14927 HTTP/1.1. Host: sb.google.com. User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1. Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5. Accept-Language: pl,en-us;q=0.7,en;q=0.3. Accept-Encoding: gzip,deflate. Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7. Keep-Alive: 300. Connection: keep-alive. Cookie: PREF=ID=4c5d39473ccb5765:TM=1166654268:LM=1166654268:S=wF0xD9_lsWpeHRc5. . T 2006/12/21 05:06:58.545058 72.14.221.95:80 -> 10.0.0.2:3918 [A] HTTP/1.1 200 OK. Content-Type: text/plain. Server: TrustRank Frontend. Transfer-Encoding: chunked. Content-Encoding: gzip. Date: Thu, 21 Dec 2006 04:06:49 GMT. Cache-Control: private, x-gzip-ok="". . b78. ...........W...:......].A...n...x`4._u......c..q.%*U..=........u.T.Y......./.%..3.i<f.....b.QN!,....D.!+JTU5DX.. ..E[..\.S..t4.0..B.w..s2..S{.J.. ...Bh.{.*.1.#..........C....{.a.........5..h......SJOv......?e...vo{uJ...Z....ci'R..j.I.V.2..'~5...J.n_..j2..(.....B(.).d....s..OFk/=.\H.5.*...c........B..oK.7.1.L.@J.,j.L...v.?.la.B.$A..X..[ .B$c..P.H.q..uK{u.......i:N.q.>...y.....T9..:..[4.C^....z.D.\V^I.7...vtM.=.....x.....z...}.RQ.@%.@ .L..Q,.,/......?..a...[+.....?...:.o.}."..My..".?..-.EJ.......h....P2?..A.........'.....".. .*?..q.\.x...........Pa.l..1.=&+fy.......WF.G.w.........7...~......P...p.>....b1.n...Y...x.(..6n.o......Y..1Imwi xH.....".n.. .po....U...n...%./qW..1...X...X.......y|........X..U.s........o...n.,ct...*k+.V....%r.G.k...!.;..Ld.......P......c.3.v|K$.....S...f....fK.%.