Wireshark mailing list archives
Re: Capture/Filter Squid Session
From: David Alanis <canito () dalan us>
Date: Thu, 08 Jul 2010 13:08:11 -0500
Quoting Patrick Preuss <patrick.preuss () googlemail com>:
Hello David, First let me explain the Setup: We have some clients somewhere in our network they access a citrix based application in the internet via the squid proxy. Due to our Policies it is not possible to install a sniffer on our proxy servers. We had setup some port mirrors on our switches. The Goal is to capture the traffic witch is directed to the citrix server before the proxy. Behind the proxy this is not the problem. On this System we have some gigabytes of traffic and i can not capture this complete traffic. Patrick Preuss patrick.preuss () gmail com ICQ: 173078899 Google: patrick.preuss () gmail com Am 08.07.2010 um 17:24 schrieb David Alanis:Quoting David Alanis <canito () dalan us>:Quoting Patrick Preuss <patrick.preuss () googlemail com>:Hello All, i want to capture / filter traffic on the before a squid proxy server witch is directed to a specific host. Is it possible to capture this sessions only? Cheers PatrickThe default proxy port for Squid is 3128 I don't see why you can't apply the following filter: tcp port.port 3128 However, if you want to see the whole conversation you many not want to run with a filter. If I understand your question correctly you want to run this from the client or on the Squid proxy server? Cheers- David ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.Please accept my apologies. My filter came out whacky. I meant to say tcp.port 3128. Cheers- David ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Good Day Patrick- We run network captures all day to solve client issues and regardless of their environment we tend to filter a lot by port number. I can't recall a time were a network capture has been refused due to policy but the reason we run this on the proxy server is to see both sides of the conversation (client/proxy proxy/server). I guess since we don't know what issue you're trying to address am not sure how to answer your question. However when we look at the traffic in Wireshark or when capturing network traffic as mentioned earlier you can focus just on the traffic/port/protocol used by the application. cheers- David ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Capture/Filter Squid Session Patrick Preuss (Jul 08)
- Re: Capture/Filter Squid Session David Alanis (Jul 08)
- Re: Capture/Filter Squid Session David Alanis (Jul 08)
- Re: Capture/Filter Squid Session Patrick Preuss (Jul 08)
- Re: Capture/Filter Squid Session David Alanis (Jul 08)
- Re: Capture/Filter Squid Session Patrick Preuss (Jul 10)
- Re: Capture/Filter Squid Session David Alanis (Jul 10)
- Re: Capture/Filter Squid Session Sake Blok (Jul 12)
- Re: Capture/Filter Squid Session David Alanis (Jul 08)
- Re: Capture/Filter Squid Session David Alanis (Jul 08)