On Fri, 21 Apr 2000 [EMAIL PROTECTED] wrote:
> My point/question is that I know tcpdump can see the packets. tcpdump tcp
> host foo gives an error message. tcpdump ip host foo finally gives me the
> arp, smb traffic, as well as the port 80 traffic. But it still doesn't
> give me the traffic directed thru the gateway to the firewall.
You mentioned a proxy server. We aware that running a proxy server changes
the rules entirely. HTTP may no longer be directed at port 80, rather, it may
be using a different TCP port to talk to the proxy server, and then the proxy
issues the HTTP request on 80. However, the proxy port is often 80, so if
you're not looking at what appears to be local HTTP traffic, double check it
and make sure it isn't the proxy protocol.
Even more fun, the proxy may not be running over IP at all. Many sites use
a proxy running over NetBEUI, IPX, or some other protocol, either for
backwards compatibility with old clients, or for security (real or imagined),
or both. The only way you'll see that is with a layer two analyzer like
ethereal (highly recommended, BTW).
You also mentioned a switch. Be aware that if the workstation you are
trying to debug and the machine running the packet sniffer are not in the same
ethernet (as will be the case with most switch configurations), you'll never
see the traffic you are trying to monitor. The switch knows the traffic
doesn't need to go to your sniffer, and won't send it on that port.
Hope this helps.
--
Ben Scott <[EMAIL PROTECTED]>
| "He who fights monsters should see to it that in the process he himself |
| does not become a monster." -- Frederick Wilhelm Nietzsche |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
