On Wed, Apr 11, 2012 at 12:28 PM, Philip Martin
<philip.mar...@wandisco.com> wrote:
> Johan Corveleyn <jcor...@gmail.com> writes:
>
>> I don't know what Surf-Shield does. Its description says: "Can detect
>> exploit sites and other complex online threats". There is some more
>> explanation on the AVG website, but it's still pretty vague [2]. Maybe
>> it does some throttling of requests/responses, inspecting things or
>> so, ... but whatever it does, svn+serf should probably not crash or
>> hang.
>
> You could compare the apache logs with/without Surf-Shield.

Ok, I'll try to do that tonight.

> You could
> capture the traffic with/without Surf-Shield and compare.

That might be difficult to do on my machine. I remember I had trouble
to capture network traffic on the loopback device. Tried with
WireShark, but I haven't gotten it to work.

See also the WireShark Wiki [1] ("You can't capture on the local
loopback address 127.0.0.1 with a Windows packet capture driver like
WinPcap."). I also tried the suggested RawCap [2], but that didn't
work either (its homepage says under "Raw Sockets Limitations": When
sniffing from localhost in Windows XP you will only be able to capture
UDP and ICMP traffic, and not TCP).

If anyone has any suggestions on capturing network traffic on
localhost on Windows XP ... I'm all ears.

Maybe the easiest thing to do is to set up Apache on a second machine,
so I don't have to go over the loopback device ...

> Which version
> of Apache are you using?

2.2.19

> Which MPM?

That would be the default on Win XP, which is mpm_winnt. [3]

-- 
Johan

[1] http://wiki.wireshark.org/CaptureSetup/Loopback
[2] http://www.netresec.com/?page=RawCap
[3] http://httpd.apache.org/docs/2.2/mod/mpm_winnt.html

Reply via email to