I have a couple of questions about streaming and security.

Streaming media protocols ( http, UDP, RTSP, ....and pretty much all of them). When one watches content delivered by these methods; is there any difference from watching the content within the applet on the website and actually downloading the content from the url ? If there is a difference, do methods exist for the data's origin (meaning the sender) to differentiate between content played on an applet and content going to a hard disk ( on the receivers end)?

Any help would be appreciated or if someone could point me in the right direction.

The question is large so I'll answer what I think and wait for any additional questions. First, you are mixing transport and application layer protocols (see here). The two mostly used transport protocols are TCP and UDP.

Most steaming protocols use UDP because it allows faster throughput since it has less overhead, but the is no way for the sending to know if all packets got the the destination, nor is there a way for the client to know he missed one (unless covered in the application layer). Most of the time this is acceptable as losing a frame once in a while isn't a big issue when streaming video (for example).

When downloading a file, most of the time you get it through a TCP connection so you can be sure that unless there is undetected corruption, you will get ALL the data as it is stored on the server.

Therefore is a real possibility that a downloaded media file has better quality than the same one that would be streamed.

Hope this answers some of your questions.

Thank you Zenthar , pardon my stupidity. I am a hardware person and software is not my forte.

I think you answered an aspect of my question but plainly I'm just curious: If say person x is watching streaming content coming from a certain URL and person y is downloading this content from that same URL ( and storing that on their hard drive ) would the server sending this information know if it was just being watched ( presumably being cashed by your browser) or being stored on your hard drive?

Your answer was in reference to the sender not knowing if the receiver got all the data but what I really wanna know is destination. Meaning do they know if you are casheing data or storing it permanently or are x/y just ip address and they have no idea what the data does one it gets to x/y? That being said, if you know more id appreciate the info.

It's not stupidity, it just happens that these networking notions you didn't know. You didn't know something, you asked, nothing wrong there; it's not information that can be obtained quickly through google so I'm happy to help.

The ambiguous answer to that is "they could if they wanted to", it depends on the protocol being used. For example, when your browser requests a page to a web server, it normally sends information on it's "type" (IE, Firefox, ...), version, HTTP protocol supported version and some others I don't remember. So any given protocol could have a request field "what you intend to do with it", but such information would be unreliable because it could be forged.

Strictly speaking tho, a server has no way of knowing if the information sent will simply be temporarily buffered for streaming or stored on a hard drive. That is why some people were able to make software that "captures" media that were intended for streaming.

I see, so you are saying (depending on protocol) senders have a way of knowing where data is going ,meaning particular location on a machine, but cannot be assured of it's authenticity. Hence the ambiguity.

Do you how the "what you intend to do with it" works with these rtmp:// type of steams?
From Wikipedia the different types of rtmp are:

1. The "plain" protocol which works on top of TCP and uses port number 1935
2. RTMPT which is encapsulated within HTTP requests to traverse firewalls
3. RTMPS which works just like RTMPT, but over a secure HTTPS connection.

I'm really not familiar with the RTMPT protocol (as in "didn't know it existed 2 minutes ago). What I quickly gathered is that the RTMP protocol seem, at one point, send the player's name and version. As I said before, these info could be forged (by custom software) if someone wanted to save the data when the provider didn't want to. One thing I'm pretty sure of is that the provider will not know "where" (ex: C:\myMp3\song.mp3) you store the file if you do, he might only know that you did.

There are several applications that allow you to save streaming media from web pages to a disk. Most of them use something like the WireShark/Ethereal IP capturing software to "rip" media content from webstreams.

Even if they(server/media provider) wanted to know what your intent with the content is these rippers work just like a browser or are plugins for browsers.

Basicly you can click and watch a media stream from a web site and run WireShark during the stream and rebuild the media file from WireShark's logs if you want to. There is no way for the server/provider to know you "captured" the stream.

Hope this helps with the other part of the question.

Ok so Zenthar I would assume, the server would be none the wiser to what method you used to *receive* it. Meaning a website player applet or a like andrius said above WireShark. Because as it appears to me ( for particularly) rtmp:// travels over TCP only ,so putting aside the end location forgery talk, if the media only travels one way then to the server it would appear as just information going out the door now matter whats happening on the other end at the receiver?
I guess what I am trying to say is "end location spoofing aside", the service provider has no way of knowing if WireShark for example is being used or a legit website.

WireShark runs locally (on your computer). It logs all traffic that comes through your NIC in raw binary form.
You can log any type/application/port/address specific traffic. It runs in the background/on demanad.
All you need to do is "play" content in your browser and unless it's encrypted you can recreate the stream file.

The host/server/provider knows some browser downloaded the content.
They have no way of knowing what happend to it afterwords, unless they use DRM/trojans/spyware (who doesn't these days)?