The HTTP packet includes the following:

• Request Line: Contains the GET/POST request type or other HTTP options followed by the requested resource, which is cloudquery.php in our case, supported by HTTP/1.1, which is the version of the HTTP protocol.
• Request Message Headers: This section contains all the header information, such as general headers, request headers, and entity headers.
• Message Body: The sent data to the endpoint, such as files, parameters, and images, is placed here.

In our case, we can see that the data is a POST request type that posts data to the cloudquery.php page on the 54.255.213.29 IP address. We can also see that the data posted contains some file data. We can see the message body:

We can see that the data being sent looks gibberish. We will see more on the decryption, decoding, and decompression of data in the upcoming chapters.

So far, we saw how a frame on the wire encapsulated a variety of data meant for the various layers of the TCP/IP model. We also saw how a frame jolted down right to the HTTP request that contained some encrypted data. Let's move further and figure out what is sometimes referred to as unknown protocols and how to make them recognizable in Wireshark.