Quoting Patrick Preuss <patrick.preuss@xxxxxxxxxxxxxx>:
Hello David,
First let me explain the Setup:
We have some clients somewhere in our network they
access a citrix based application in the internet via the squid proxy.
Due to our Policies it is not possible to install a sniffer on our
proxy servers.
We had setup some port mirrors on our switches.
The Goal is to capture the traffic witch is directed to the citrix
server before the proxy.
Behind the proxy this is not the problem.
On this System we have some gigabytes of traffic and i can not
capture this complete traffic.
Patrick Preuss
patrick.preuss@xxxxxxxxx
ICQ: 173078899
Google: patrick.preuss@xxxxxxxxx
Am 08.07.2010 um 17:24 schrieb David Alanis:
Quoting David Alanis <canito@xxxxxxxx>:
Quoting Patrick Preuss <patrick.preuss@xxxxxxxxxxxxxx>:
Hello All,
i want to capture / filter traffic on the before a squid proxy
server witch
is directed to a specific host.
Is it possible to capture this sessions only?
Cheers
Patrick
The default proxy port for Squid is 3128 I don't see why you can't
apply the following filter: tcp port.port 3128
However, if you want to see the whole conversation you many not want to
run with a filter.
If I understand your question correctly you want to run this from the
client or on the Squid proxy server?
Cheers-
David
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Please accept my apologies.
My filter came out whacky. I meant to say tcp.port 3128.
Cheers-
David
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Good Day Patrick-
We run network captures all day to solve client issues and regardless
of their environment we tend to filter a lot by port number. I can't
recall a time were a network capture has been refused due to policy
but the reason we run this on the proxy server is to see both sides of
the conversation (client/proxy proxy/server).
I guess since we don't know what issue you're trying to address am not
sure how to answer your question.
However when we look at the traffic in Wireshark or when capturing
network traffic as mentioned earlier you can focus just on the
traffic/port/protocol used by the application.
cheers-
David
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
