Can you identify telepathically received messages sent through spells like Sending as magical via Detect Magic?

An enemy casts Sending to communicate with a player from far away. In this example, the player character doesn’t know anything about the Sending spell and he might think he is just hearing voices or going crazy.

Another player casts Detect Magic to scan the area. Can this player detect the presence of the telepathic message inside the first players head via Detect Magic as an evocation spell.

I am seeing ICMP type 3 error message from my firewall logs. However , I am unable to find the original request sent to that external IP [closed]

No matching connection for ICMP error message: icmp src inside: X.X.X.98 dst outside: X.X.X.11 (type 3, code 2) on inside interface. Original IP payload: udp src X.X.X.11/53 dst X.X.X.98/52906.

Can somebody please help me understand the cause.

CSRF token not sent when calling the back-end?

My system composes of NuxtJs and AdonisJs application. Adonis handles csrf tokens for us by sending:

set-cookie: adonis-session=XXX; Path=/; HttpOnly set-cookie: XSRF-TOKEN=XXX; Max-Age=7200; Path=/; SameSite=Strict set-cookie: adonis-session-values=XXX; Path=/; HttpOnly 

Now from what I can see, it will set a cookie that can be sent only by a browser. And only if the host is the same. From my understanding, from that point on, browser is the one who will auto attach cookies like that to each request. The problem is, when Nuxt application is making an API request to the back-end I do not see any csrf token being sent when looking at the traffic trough BurpSuite.

And naturally adonis will reply with "Invalid CSRF Token", and respond with status code 500.

I’m not sure what am I missing, I fail to understand why browser is not sending that cookie. And just as the extra information I’ve failed to find it trough browser’s inspector window (Storage tab). Is it possible that the cookie is not set or?

I’ve seen other posts regarding this issue, but they where not helpful because the solution was composed of reading a cookie and manually sending it as the header. Which I do not advise, and is not the model I’m going to implement. I would rather leave it to the back-end framework and browser to do the job for me, because as we all know, there would be less room for me to make a mistake.

Thank you for reading this.

What’s the term for a hash sent early and plain text revealed later?

I think there is a known pattern where you post the hash of a document, e.g. on Twitter, in order to have its time registered. You could then later publish the document and have it accredited for the time of the hash.

I’m sure someone gave this procedure a name. What is that name?

I found trusted timestamping, but that is a thing for digital certificates, which do not come into play here.

Email sent to 2 addresses with shared same organization domain and one bounced back. Was it successfully delivered to the other address?

It is my first time asking questions, so my apologies if there is any mistakes. I sent an email to 2 addresses (2 different departments in same organization with shared, one bounced back from due to ‘address not found’. I later found out it was a generated email address. Could someone please tell me if my email was successfully delivered to the other ‘good’ address (the other department)? Thank you very much for your great help in advance.

What happens if no CertificateVerify is sent in TLS?

I know in TLS, the client would send a CertificateVerify message for the server to confirm the client’s identity through means such as CA but what if the client never sent this information?

Is it possible for an attacker to use this opportunity to hijack the client’s session through packet sniffing and create it’s own "pre-master secret" to communicate with the server?

How is the digital certificate sent alongside digital signatures?

Most tutorials on the net only mention sending the digital signature attached to the document, but without the digital signature certificate, it’ll be impossible for receivers to verify the signature. I’m assuming that the digital certificate is somehow sent alongside the signature but I can’t seem to find any source mentioning that.

Why are DNS prefetch requests sent in clear text with DNS over HTTPS enabled?

I am trying to understand how DNS-over-HTTPS (DoH) works in both Chrome and Firefox browsers.

To do so, I have enabled DoH on each browser and set the DNS provider to Cloudflare DNS servers ( and, at both browser and operating system level (Windows 10 in my case).

However, the traffic captured by Wireshark shows that there are still multiple DNS request that are made in clear text:

clear text DNS requests

While some of those requests are probably issued by other desktop applications that do not implement DoH, there is one request pattern which seems strange to me:

DNS Prefetch request

Everytime I search some text (say foo for example) in the URL search bar and press Enter, a DNS request is made to the Cloudflare resolver with the domain name foo.lan. Unsurprisingly, the server answers with a No such name DNS response.

After doing some research, this behaviour actually appears to be linked with DNS prefetching.

To make sure of that, I disabled the DNS prefetch flags in both Firefox (network.dns.disablePrefetch) and Chrome (Use a prediction service to load pages more quickly option toggled off), but the prefetch requests are still being sent as before.

This raises three questions to me:

  • Why DNS prefetch requests still occur when the feature is disabled ?
  • Why are those requests made with the .lan suffix ?
  • Why DNS prefetch requests are sent in clear text even though DoH is enabled ?

Please note that I have also tried to change the default search engine from Google to Bing, but the results are unchanged.

Any help would be very appreciated.