Ok.
Is it possible for you to dump traffic into file like this:
#tcpdump -i any 'port <your squid proxy port> or port 53 or host
66.151.79.155' -w /tmp/squid.pcap
And post the /tmp/squid.pcap into some of public hosting?
Also, please note, that your dump contains plain text passwords. This
could be unsafe ;)
Best wishes,
Pavel.
On 10/12/2013 03:34 AM, Amos Jeffries wrote:
> On 11/10/2013 5:53 p.m., John Kenyon wrote:
>>> Here is what I do to get the required HTTP stream details from tcpdump:
>>>
>>> * use the -s option to fetch unlimited packet payload (-s 0 or -s 65536
>>> depending on your system).
>>> * save the capture to a .cap file.
>>> * open with wireshark
>>> * locate any packet in the desired HTTP stream and select "follow
>>> TCP stream"
>>> * cut-n-paste the HTTP details out of the resulting plain text document
>>>
>>> PS. if you happen to notice anything strange like binary characters
>>> in amongst
>>> the HTTP protocol headers, they themselves could be the cause of the
>>> problems. The only binary should be in payload/object/body blocks
>>> between the
>>> message header blocks.
>>>
>>> Amos
>>
>> Hey Amos,
>>
>> Here is the stream content:
>
> Okay. Odd thing is these are all missing Date headers. But there is
> nothing obvious that woud lead to disconnection.
>
> Amos
>
>
>> POST /scripts/mms.dll/JAWS/MMS/acs/f_login HTTP/1.1
>>
>> Host: www.cmmsau.com
>>
>> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
>> Firefox/24.0
>>
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>
>> Accept-Language: en,en-us;q=0.5
>>
>> Accept-Encoding: gzip, deflate
>>
>> Referer: http://www.cmmsau.com/mms/mm_login.htm
>>
>> Cookie:
>> __utma=257591705.1931310241.1381466348.1381466348.1381466348.1;
>> __utmb=257591705.1.10.1381466348; __utmc=257591705;
>> __utmz=257591705.1381466348.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
>>
>> Content-Type: application/x-www-form-urlencoded
>>
>> Content-Length: 75
>>
>> Cache-Control: max-age=259200
>>
>> Connection: keep-alive
>>
>>
>>
>> as_userid=asamuels&as_dbpass=as2013&as_store=00200021&submit.x=0&submit.y=0HTTP/1.1
>> 200 OK
>>
>> Server: Jaguar Server Version 5.5.0
>>
>> Connection: Keep-Alive
>>
>> Content-Type: text/html
>>
>> Content-Length: 200
>>
>>
>>
>>
>>
>> <SCRIPT LANGUAGE="JavaScript">
>>
>> window.location.href="http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_redirect?as_sid=82A18A8F96938DA18A95737E72816AAF&as_proj=00200021&as_flag=RL";
>>
>>
>>
>>
>> </SCRIPT>GET
>> /scripts/mms.dll/JAWS/MMS/acs/f_redirect?as_sid=82A18A8F96938DA18A95737E72816AAF&as_proj=00200021&as_flag=RL
>> HTTP/1.1
>>
>> Host: www.cmmsau.com
>>
>> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
>> Firefox/24.0
>>
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>
>> Accept-Language: en,en-us;q=0.5
>>
>> Accept-Encoding: gzip, deflate
>>
>> Referer: http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_login
>>
>> Cookie:
>> __utma=257591705.1931310241.1381466348.1381466348.1381466348.1;
>> __utmb=257591705.1.10.1381466348; __utmc=257591705;
>> __utmz=257591705.1381466348.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
>>
>> Cache-Control: max-age=0
>>
>> Connection: keep-alive
>>
>>
>>
>> Cheers, John
>
Received on Sat Oct 12 2013 - 07:21:41 MDT
This archive was generated by hypermail 2.2.0 : Sun Oct 13 2013 - 12:00:05 MDT