Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Capture/Filter Squid Session

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Patrick Preuss <patrick.preuss@xxxxxxxxxxxxxx>
Date: Thu, 8 Jul 2010 19:26:45 +0200
Hello David,

First let me explain the Setup:

We have some clients somewhere in our network they 
access a citrix based application in the internet via the squid proxy.
Due to our Policies it is not possible to install a sniffer on our proxy servers.

We had setup some port mirrors on our switches. 

The Goal is to capture the traffic witch is directed to the citrix server before the proxy. 
Behind the proxy this is not the problem.

On this System we have some gigabytes of traffic  and i can not capture this complete traffic.


Patrick Preuss
patrick.preuss@xxxxxxxxx

ICQ: 173078899
Google: patrick.preuss@xxxxxxxxx

Am 08.07.2010 um 17:24 schrieb David Alanis:

> Quoting David Alanis <canito@xxxxxxxx>:
> 
>> Quoting Patrick Preuss <patrick.preuss@xxxxxxxxxxxxxx>:
>> 
>>> Hello All,
>>> 
>>> i want to capture / filter traffic on the before a squid proxy server witch
>>> is directed to a specific host.
>>> Is it possible to capture this sessions only?
>>> 
>>> Cheers
>>> Patrick
>>> 
>> 
>> The default proxy port for Squid is 3128 I don't see why you can't
>> apply the following filter: tcp port.port 3128
>> 
>> However, if you want to see the whole conversation you many not want to
>> run with a filter.
>> 
>> If I understand your question correctly you want to run this from the
>> client or on the Squid proxy server?
>> 
>> Cheers-
>> David
>> 
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
> 
> Please accept my apologies.
> 
> My filter came out whacky. I meant to say tcp.port 3128.
> 
> Cheers-
> David
> 
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube