Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at

Tuesday, May 25, 2010

Peeking at Google's Secure Search Beta Traffic

Watch the new video comparing Google searches using HTTP and HTTPS -
now available at Note that the two trace files
used in the video are in the download section of that site.

If you haven't been following Google lately, you might have missed their "secure
search" announcement. It's HTTPS-based, but don't think you're totally secure
from prying eyes when you web browse (also see Chapter 23 of the Wireshark
Network Analysis book for details on HTTPS analysis).

Secure Search Doesn't Hide Target Browsing
Just because your Google search process is running with HTTPS and is
encrypted, this doesn't mean that when you click that link your browsing
session that follows is encrypted. Some chatter last week indicated that
Google's "secure search" somehow protected you more than it really does.
Sure, your browsing session is encrypted, but the minute you click on an HTTP
link, I can read the DNS query issued (if any) and the HTTP session to the target

Yes, Removing the Referrer Data will Screw up Analytics
One "side effect" of Google's secure search option is that when you click on the
target link from the Google's secure search page, the referrer information is not
sent to the target - they can't tell from whence you came. Oh, boy - this really is
going to mess up the analytics.

Analytics-hounds are going to freak out on this one!

Get an All Access Pass at
here and check out the video detailing the two Google
search processes.

Enjoy life... one bit at a time!