Decoded Methods

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Decoded sections in this reference do not show the code you actually see when you use a program such as Network Monitor, which allows examination of network traffic to and from the server at the packet level, capturing packets between FrontPage Server Extensions from Microsoft and a client application such as Microsoft Office FrontPage2003. This topic describes the code you observe in a packet-capturing program and the steps taken in this reference to make examples readable.

Note

Depending on the operating system and the program you use, you can filter packets either as HTTP or TCP packets. If you use TCP as the filter, you must inspect each TCP packet for the HTTP POST command. For instance, on UNIX systems, the HTTP protocol is always embedded in the TCP packet.

The first packet you capture is usually the HTTP POST. It is followed by a Keep-Alive packet. The last packet or set of packets to be transmitted contain the return code for the method. The return code is always in the form of one or more HTML pages. Most return codes include meta-keys that carry information about the data that is being transmitted.

Each POST request sent by a client application using Windows SharePoint Services or FrontPage Server Extensions from Microsoft includes a string that specifies the RPC method to execute and any parameters required for the method. For example, here is a sample POST that implements FrontPage Server Extensions:

POST./site_url/_vti_bin/_vti_aut/author.dll 
HTTP/1.0CRLF
Date: Thu, 03 Dec 2003 19:09:16 GMTCRLF
MIME-Version: 1.0CRLF
User-Agent: MSFrontPage/6.0CRLF
Host: server_nameCRLF
Accept: auth/sicilyCRLF
Authorization: Basic cm9iZjpUS3NvKjUwCRLF
Content-Length: 343CRLF
Content-Type: application/x-www-form-urlencodedCRLF
X-Vermeer-Content-Type: application/x-www-form-urlencodedCRLF
method=list+documents%3a6%2e0%2e2%2e5420service%5
fname=%2fallnew&listHiddenDocs=false&listExplorerDocs=
   false&listRecurse=false&listFiles=true&listFolders=true
&listLinkInfo=true&listIncludeParent=true&listDerived=
   false&listBorders=false&listChildWebs=true
&initialUrl=&platform=WinI386&folderList=
   %5b%3bTW%7c09+Nov+1998+17%3a03%3a25+%2d0000%5d.LF

The previous example demonstrates the format sent by the client application. However, when you capture a POST using a program such as Network Monitor, it is displayed as follows:

POST./site_url/_vti_bin/_vti_aut/author.dll.HTTP/1.0..Date:.Tue,.19.Jan.2003.19:58:GMT.. 
MIME-Version:.1.0..User-Agent:.MSFrontPage/6.0..Host:.v-rfrank3.. 
Accept:.auth/sicily..Authorization:.Basic.di1yZnJhbms6VEtzbzUwKg==.. 
Content-Length:.317..Content-Type:.application/x-www-form-urlencode.. 
X-Vermeer-Content-Type:.application/x-www-form-urlencoded.... 
method=list+documents%3a6%2e0%2e2%2e5420&service%5fname=&listHiddenDocs=false 
&listExplorerDocs=false&listRecurse=false&listFiles=true&listFolders=true 
&listLinkInfo=true&listIncludeParent=true&listDerived=false&listBorders=false 
&listChildWebs=true&initialUrl=&folderList=%5b%3bTW%7c13+Jan+2003+16%3a16%3a17+%2d0000%5d.

The previous example shows a stream of data that is initially embedded in other code, as follows:

00000030 50 4F 53 54 20 2F 70 72 6F 64 
POST./site_url/ 00000040 39 38 2F 5F 76 74 69 5F 62 69 6E 2F 5F 76 74 69 
98/_vti_bin/_vti 00000050 5F 61 75 74 2F 61 75 74 68 6F 72 2E 64 6C 6C 20 
_aut/author.dll. 00000060 48 54 54 50 2F 31 2E 30 0D 0A 44 61 74 65 3A 20 
HTTP/1.0..Date:. 00000070 54 75 65 2C 20 31 39 20 4A 61 6E 20 31 39 39 39 
Tue,.19.Jan.2003 00000080 20 32 30 3A 33 35 3A 32 36 20 47 4D 54 0D 0A 4D 
.19:58:GMT..M

To make this type of code more readable for use in the reference, several changes are made. First, code at the start of each line is stripped away to reveal the POST command. Then all the remaining line breaks are removed to form a stream of data. Next, line breaks are added back in to make it more readable. The periods (.) in this stream represent control characters or spaces and they too are removed. The following example shows the result of these changes, which still remains difficult to understand.

method=list+documents%3a6%2e0%2e2%2e5420&service%5fname=%2fallnew&listHiddenDocs=false 
&listExplorerDocs=false&listRecurse=false&listFiles=true&listFolders=true 
&listLinkInfo=true&listIncludeParent=true&listDerived=false&listBorders=false 
&listChildWebs=true &initialUrl=&platform=WinI386 
&folderList=%5b%3bTW%7c09+Nov+2003+17%3a03%3a25+%2d0000%5d.

In final preparation for use in the Decoded section of a method topic, several more changes are made, resulting in the following format:

POST./allnew/_vti_bin/_vti_aut/author.dll 
HTTP/1.0CRLF
.
.
.
method=list+documents:6.0.2.5420 &service_name=/allnew 
&listHiddenDocs=false &listExplorerDocs=false 
&listRecurse=false &listFiles=true 
&listFolders=true &listLinkInfo=true 
&listIncludeParent=true 
&listDerived=false &listBorders=false 
&listChildWebs=true &initialUrl= 
&platform=WinI386 &folderList=[;TW|09+Nov+2003+17:03:25+-0000]

The example shows the POST command as well as the method, and in this case the path for the POST command directs the post to author.dll. Ellipses (...) represent removed HTTP header lines. The method and its parameter values follow in a readable format.

Line breaks have been added to the Decoded sections for purposes of display in method topics.

For more information about the format in which to send a POST command, see Method Syntax.