it gave the following errors when passing it the stream (of the 3689 traffic) i tried it three times on three seperate streams, first two were when playing a track, last one was on a full ‘read’ of the library when itunes client connects. each time i get no output to disk.
The ones it decodes are the ones *from* the itunes server.
The first one is from 3218 to 3269, that’s a request, not the reply, so it won’t be decoded.
The second one looks like it decodes, but perhaps it’s just something like a song fetch.
The third one is also a request, not a reply.
The only interesting thing is the initial connect. Everything else isn’t very interesting. So ideally, you would start dumping (with a large snaplen!) and connect and disconnect. That’s all you need. Then flow it, and decode the response. You should see two pairs with 3689… one is xxxx -> 3689, the other is 3689 -> xxxx. You want to decode 3689 -> xxxx. If you edit the *other* one, it should look like a bunch of http headers… something like:
GET /server-info HTTP/1.1
user-agent: itunes 6.0