tcpdump analysis of ADE4

0-readme.md

After reading Adobe is Spying on Users, Collecting Data on Their eBook Libraries article by Nate Hoffelder, I didnt an test my self to see how it is effecting Internet Archive's Open Library lending program.

Here are the things that I did, in this order.

• borrowed a book from OL in epub format
• started tcpdump
• started ADE
• opened the book in ADE
• read it
• read some other epub book
• returned it
• closed ADE

Here are the commands used to capture the data.

tcpdump -A -lq -nnvSs 0 src or dst port 80 or src or dst port 443 | tee tcpdump-output8.txt
grep -B3 -A10 -i host ~/tcpdump-output8.txt > ade4-tcpdump.txt

I didn't find any suspicious data collecting activity.

ade4-tcpdump.txt

    192.168.0.100.59433 > 118.214.130.70.80: tcp 252
..gMd.`3K..W..E..06F@.@.IY...dv..F.).Pt...QN.... ........
,"....C.GET /get/breezeplayer/digitaleditions_data.xml HTTP/1.1
Host: fpdownload.macromedia.com
Referer: file:///Macintosh%20HD/Applications/Adobe%20Digital%20Editions.app
User-Agent: Adobe Flash Player 9
x-flash-version: 9,0,1131,27
Connection: close


21:58:36.478097 IP (tos 0x0, ttl 59, id 21683, offset 0, flags [DF], proto TCP (6), length 52)
    118.214.130.70.80 > 192.168.0.100.59433: tcp 0
`3K..W..gMd...E..4T.@.;.0.v..F...d.P.)QN..t........u.....
..Dr,"..
--
--
    192.168.0.100.59435 > 207.241.226.189.80: tcp 297
..gMd.`3K..W..E..]p.@.@.U....d.....+.P.>.s.,.... .[......
,"../3).POST /fulfillment/Fulfill HTTP/1.1
Host: lending.us.archive.org
Referer: file:///Macintosh%20HD/Applications/Adobe%20Digital%20Editions.app
Content-Type: application/vnd.adobe.adept+xml
Content-Length: 1717
Connection: close
x-flash-version: 9,0,1131,27
User-Agent: Adobe Flash Player 9


21:58:45.942467 IP (tos 0x0, ttl 64, id 29040, offset 0, flags [DF], proto TCP (6), length 1480)
    192.168.0.100.59435 > 207.241.226.189.80: tcp 1428
--
--
,".

i.jGET /download/acs4_data_586/5865ec59-aa37-47bb-827a-f760d4033b3b.epub HTTP/1.1
Host: www.archive.org
User-Agent: Adobe Flash Player 9
x-flash-version: 9,0,1131,27
Connection: close


21:58:53.928479 IP (tos 0x0, ttl 50, id 50683, offset 0, flags [DF], proto TCP (6), length 52)
    207.241.224.2.80 > 192.168.0.100.59436: tcp 0
`3K..W..gMd...E..4..@.2..........d.P.,\v8!.......z.C.....

i..,".
--
--
..gMd.`3K..W..E.....@.@../...d.....-.P:K*..z.4.. ..d.....
,"..
i.xGET /download/acs4_data_586/5865ec59-aa37-47bb-827a-f760d4033b3b.epub HTTP/1.1
Host: archive.org
User-Agent: Adobe Flash Player 9
x-flash-version: 9,0,1131,27
Connection: close


21:58:55.360615 IP (tos 0x0, ttl 50, id 4583, offset 0, flags [DF], proto TCP (6), length 52)
    207.241.224.2.80 > 192.168.0.100.59437: tcp 0
`3K..W..gMd...E..4..@.2..........d.P.-.z.4:K+[...z.......

i.E,"..
--
--
    192.168.0.100.59438 > 207.241.227.215.80: tcp 196
..gMd.`3K..W..E...`.@.@.do...d.......P..6@...;.. .p
.....
,"..Wy..GET /10/items/acs4_data_586/5865ec59-aa37-47bb-827a-f760d4033b3b.epub HTTP/1.1
Host: ia600405.us.archive.org
User-Agent: Adobe Flash Player 9
x-flash-version: 9,0,1131,27
Connection: close


21:58:56.488270 IP (tos 0x0, ttl 50, id 49757, offset 0, flags [DF], proto TCP (6), length 52)
    207.241.227.215.80 > 192.168.0.100.59438: tcp 0
`3K..W..gMd...E..4.]@.2..........d.P.....;..7....z.......
Wy.k,"..
21:58:56.488527 IP (tos 0x0, ttl 50, id 49758, offset 0, flags [DF], proto TCP (6), length 347)
--
--
    192.168.0.100.59439 > 207.241.226.189.80: tcp 312
..gMd.`3K..W..E..l..@.@......d...../.P...4.T.... .=W.....
,#.//30.POST /fulfillment/FulfillmentNotification HTTP/1.1
Host: lending.us.archive.org
Referer: file:///Macintosh%20HD/Applications/Adobe%20Digital%20Editions.app
Content-Type: application/vnd.adobe.adept+xml
Content-Length: 770
Connection: close
x-flash-version: 9,0,1131,27
User-Agent: Adobe Flash Player 9


21:59:02.948632 IP (tos 0x0, ttl 64, id 46272, offset 0, flags [DF], proto TCP (6), length 822)
    192.168.0.100.59439 > 207.241.226.189.80: tcp 770
--
--
..gMd.`3K..W..E..O?~@.@..*...d.....0.PR..|...F.. ..-.....
,#..
j..POST /borrow-notify.php HTTP/1.1
Host: archive.org
Referer: file:///Macintosh%20HD/Applications/Adobe%20Digital%20Editions.app
Content-Type: application/vnd.adobe.adept+xml
Content-Length: 816
Connection: close
x-flash-version: 9,0,1131,27
User-Agent: Adobe Flash Player 9


21:59:03.924408 IP (tos 0x0, ttl 64, id 46764, offset 0, flags [DF], proto TCP (6), length 868)
    192.168.0.100.59440 > 207.241.224.2.80: tcp 816
--
--
21:59:28.848043 IP (tos 0x0, ttl 64, id 38604, offset 0, flags [DF], proto TCP (6), length 623)
    192.168.0.100.59441 > 17.254.32.16.80: tcp 583
..gMd.`3K..W..E..o..@.@......d.. ..1.P.r..:...P.......POST /dgw?imei=0000000000000004&apptype=weather&t=25 HTTP/1.1
Host: iphone-wu.apple.com
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Accept-Encoding: gzip, deflate
Content-Type: text/xml
Origin: file://
Content-Length: 355
X-Client-ID: IMSI=0000000000000004
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko)
--
--
    192.168.0.100.59442 > 207.241.226.189.80: tcp 299
..gMd.`3K..W..E.._.j@.@.)s...d.....2.P+../Q.Mc.. ........
,%../3q.POST /fulfillment/LoanReturn HTTP/1.1
Host: lending.us.archive.org
Referer: file:///Macintosh%20HD/Applications/Adobe%20Digital%20Editions.app
Content-Type: application/vnd.adobe.adept+xml
Content-Length: 528
Connection: close
x-flash-version: 9,0,1131,27
User-Agent: Adobe Flash Player 9


22:01:50.058099 IP (tos 0x0, ttl 64, id 30412, offset 0, flags [DF], proto TCP (6), length 580)
    192.168.0.100.59442 > 207.241.226.189.80: tcp 528
--
--
..gMd.`3K..W..E..OoS@.@.YU...d.....3.PV....T.... ..I.....
,%.-
j..POST /borrow-notify.php HTTP/1.1
Host: archive.org
Referer: file:///Macintosh%20HD/Applications/Adobe%20Digital%20Editions.app
Content-Type: application/vnd.adobe.adept+xml
Content-Length: 815
Connection: close
x-flash-version: 9,0,1131,27
User-Agent: Adobe Flash Player 9


22:01:52.002918 IP (tos 0x0, ttl 64, id 43041, offset 0, flags [DF], proto TCP (6), length 867)
    192.168.0.100.59443 > 207.241.224.2.80: tcp 815