ProTip: when whiting out your wireshark packet captures, always remember your hexdump:
dst=17.130.16.4
$ whois 17.130.16.4
...
NetRange: 17.0.0.0 - 17.255.255.255
CIDR: 17.0.0.0/8
OriginAS:
NetName: APPLE-WWNET
NetHandle: NET-17-0-0-0-1
Parent:
NetType: Direct Assignment
RegDate: 1990-04-16
Updated: 2012-04-02
Ref: http://whois.arin.net/rest/net/NET-17-0-0-0-1
OrgName: Apple Inc.
OrgId: APPLEC-1-Z
Address: 20400 Stevens Creek Blvd., City Center Bldg 3
City: Cupertino
StateProv: CA
PostalCode: 95014
Country: US
RegDate: 2009-12-14
Updated: 2011-03-08
Ref: http://whois.arin.net/rest/org/APPLEC-1-Z
OrgTechHandle: ZA42-ARIN
OrgTechName: Apple Computer Inc
OrgTechPhone: +1-408-974-7777
OrgTechEmail: droot@apple.com
OrgTechRef: http://whois.arin.net/rest/poc/ZA42-ARIN
OrgAbuseHandle: APPLE11-ARIN
OrgAbuseName: Apple Abuse
OrgAbusePhone: +1-408-974-7777
OrgAbuseEmail: abuse@apple.com
OrgAbuseRef: http://whois.arin.net/rest/poc/APPLE11-ARIN
RTechHandle: ZA42-ARIN
RTechName: Apple Computer Inc
RTechPhone: +1-408-974-7777
RTechEmail: droot@apple.com
RTechRef: http://whois.arin.net/rest/poc/ZA42-ARIN
...
EDIT:
also
subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592/C=US/postalCode=95014/ST=California/L=Cupertino/street=1 Infinite Loop/O=Apple Inc./OU=Siri/CN=guzzoni.apple.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA
I don't understand. What does dst being apple's IP imply? It's connecting to Siri server which is supposed to be an Apple's server. Am I missing something?
dst=17.130.16.4
EDIT:also