If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
How to interprete newsgroup headers
Below are some typical headers. I'm just wondering what each group of characters means. Some change during use, some change when the power is turned off. Others stay the same. Just curious.
If there is a newsgroups specific to headers, I would ask someone to pls let me know. Thanks in advance. Art Typical examples... I added the spaces to separate the groups... Day 1 news:rJr dn YhJkuryj T G RhD5iwII3- Ru r ... news:scD dn EfUhIKWU 1 G RhD5iwII3- fH r ... news:yuN dn TsDf7ttH l G RhD5iwII3- a2 r ... Computer off Day 2 news:PRA dn S9Fj_Dz6 S 3 RhD5iwII3- bF J |
Ads |
#2
|
|||
|
|||
How to interprete newsgroup headers
PS - It's easier to see the character grouping with a fixed font.
"Arthur McLain" wrote in message ... Below are some typical headers. I'm just wondering what each group of characters means. Some change during use, some change when the power is turned off. Others stay the same. Just curious. If there is a newsgroups specific to headers, I would ask someone to pls let me know. Thanks in advance. Art Typical examples... I added the spaces to separate the groups... Day 1 news:rJr dn YhJkuryj T G RhD5iwII3- Ru r ... news:scD dn EfUhIKWU 1 G RhD5iwII3- fH r ... news:yuN dn TsDf7ttH l G RhD5iwII3- a2 r ... Computer off Day 2 news:PRA dn S9Fj_Dz6 S 3 RhD5iwII3- bF J |
#3
|
|||
|
|||
How to interprete newsgroup headers
Arthur McLain wrote:
Below are some typical headers. I'm just wondering what each group of characters means. Some change during use, some change when the power is turned off. Others stay the same. Just curious. If there is a newsgroups specific to headers, I would ask someone to pls let me know. Thanks in advance. Art Typical examples... I added the spaces to separate the groups... Day 1 news:rJr dn YhJkuryj T G RhD5iwII3- Ru r ... news:scD dn EfUhIKWU 1 G RhD5iwII3- fH r ... news:yuN dn TsDf7ttH l G RhD5iwII3- a2 r ... Computer off Day 2 news:PRA dn S9Fj_Dz6 S 3 RhD5iwII3- bF J Let's look at the message you sent. http://al.howardknight.net/msgid.cgi...rthlink.com%3E The Message-ID or MID, must be guaranteed to not collide with the MID of any other message. If your NNTP client software accepts the "suggested" MID value coming from the server, then it's up to earthlink in this case, to use a pseudo-random number generator, to generate a MID. Such a MID, makes it hard for someone to predict that the next value might be, and forge one or otherwise cause to be produced, a conflicting number. Message-ID: The next suggested MID from that server, does not end in "e" :-) But the news client software, is also allowed to generate its own MID. For example, there is a dude who wrote his own news client software, and his MID is client-generated. The server does not "override" this practice, and so the vanity MID travels through the system just fine. In fact, I found this dude in Google Groups first, then looked up the message on Howard, to make a web link for it. http://al.howardknight.net/msgid.cgi?STYPE=msgid&A=0&MSGI=%3CJeff-Relf.Me%40Nov.27{6.59P.Seattle.2015}%3E Message-ID: } If Jeff sent two messages within the same 60 second interval, there is a chance his scheme would conflict and two messages would have the same MID. So at least in terms of the method used to generate that MID, on the surface this method it's flawed. (Of course, his software could always modify the scheme slightly, or even keep track of all the messages sent, as a means to guarantee uniqueness.) If the time stamp had a "seconds" field, then the message would have a greater chance of being unique. If every USENET user in the world with a name of Jeff Relf started doing it this way, you can again see the limitations of systematic or vanity MID methods. Using server generated numbers is a cleaner approach. Other fields in the header, include things like X-Trace or Cancel-Lock, where the details of the user are hashed together to make a unique identifier. Such numbers will also include other elements, in order to prevent other users from decoding the strings. But even with that protection, some server admins design their tracing methods, so a hashed client IP address field is present. This allows other users, to tell when some user has socked up and used a fake name, or frogged someone. In fact, for the more dedicated mental cases, quite a lot of information can be extracted from the publicly accessible info provided by server admins. For example, one news server provided a "web log" of traffic, from which a great deal of (correlative) tracing was possible. Paul |
#4
|
|||
|
|||
How to interprete newsgroup headers
On Fri, 26 Feb 2016 09:38:43 -0500, Paul wrote:
The Message-ID or MID, must be guaranteed to not collide with the MID of any other message. If your NNTP client software accepts the "suggested" MID value coming from the server, then it's up to earthlink in this case, to use a pseudo-random number generator, to generate a MID. My understanding, and I could well be wrong, is that NNTP clients are allowed to generate a MID. If they do, then the server *may* honor it, or the server may replace it with a server-generated MID. If the client does not generate a MID, then the server *must* do so. I don't think there's a scenario where the server "suggests" a MID back to the client. The mechanism is simpler than that. The server has no idea that you're creating a new message until you actually submit it. By that point, either the client generated a MID or it didn't, and the server simply reacts to that, on the server itself and not by engaging the client in any way, before completing its processing of the message. But the news client software, is also allowed to generate its own MID. By default, messages created with Forte Agent use the 4ax.com domain, for example, but in the Agent newsgroup I've seen methods posted where the user can change it to anything they want. While they're at it, they can change most of the other headers, as well, creating their own custom formats and text strings. |
#5
|
|||
|
|||
How to interprete newsgroup headers
Char Jackson wrote:
On Fri, 26 Feb 2016 09:38:43 -0500, Paul wrote: The Message-ID or MID, must be guaranteed to not collide with the MID of any other message. If your NNTP client software accepts the "suggested" MID value coming from the server, then it's up to earthlink in this case, to use a pseudo-random number generator, to generate a MID. My understanding, and I could well be wrong, is that NNTP clients are allowed to generate a MID. If they do, then the server *may* honor it, or the server may replace it with a server-generated MID. If the client does not generate a MID, then the server *must* do so. I don't think there's a scenario where the server "suggests" a MID back to the client. The mechanism is simpler than that. The server has no idea that you're creating a new message until you actually submit it. By that point, either the client generated a MID or it didn't, and the server simply reacts to that, on the server itself and not by engaging the client in any way, before completing its processing of the message. But the news client software, is also allowed to generate its own MID. By default, messages created with Forte Agent use the 4ax.com domain, for example, but in the Agent newsgroup I've seen methods posted where the user can change it to anything they want. While they're at it, they can change most of the other headers, as well, creating their own custom formats and text strings. From a Wireshark trace. 192.168.22.33 news.eternal-september.org POST news.eternal-september.org 192.168.22.33 Response: 340 Ok, recommended message-ID 192.168.22.33 news.eternal-september.org Request: Date: Fri, 26 Feb 2016 15:41:39 -0500\r\n From: Paul \r\n User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)\r\n MIME-Version: 1.0\r\n Newsgroups: alt.test\r\n Subject: protocol check\r\n Content-Type: text/plain; charset=ISO-8859-1; format=flowed\r\n Content-Transfer-Encoding: 7bit\r\n ... .\r\n news.eternal-september.org 192.168.22.33 Response: 240 Article received It would appear, my client did not send a MID, so the server used the MID it had already recommended. I would need to test Forte Agent, to see whether it sends a MID field under those circumstances. As that would show a second case, where the client isn't using the recommended value. The server wouldn't send a recommended value, unless there were two potential protocol paths. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|