subject:"Re\: \[discuss\] Speed question"

Re: [discuss] Speed question

2005-02-06 Thread Steven Stratford

Steve--

Here's the info for getting a tcpdump that Heath sent me last fall. Worked
fine for me. The last part about jumping to Software Update was specific for
the problem I was having, so for you you'd have to figure out how to do your
test and get your results.
--Steve


On 9/13/04 11:45 PM, Heath Raftery [EMAIL PROTECTED] wrote:

 Back to the issue with the server responding - you'll get a lot more
 information and I'll have a lot more idea of what is going on, if you
 could capture the tcp dump. I'm not sure if you're familiar with the
 tools (or even if this is appropriate in your situation), but OS X
 comes built in with a (command line) program called tcpdump, which
 dumps the raw network traffic to a file. You can then analyse the
 traffic with various tools (Ethereal being my favourite). Here's how to
 dump the information necessary to file:
 
 In an administrator account on the OS X machine, type this at the
 prompt in the Terminal (where % is your prompt):
 
 % sudo tcpdump -p -s 0 -i en0 -w networktraffic
 It should prompt you for your password, by which it means your
 admin/login password. You might get a message about not having enough
 permissions to access /dev/bpf0 or something. In that case, use this
 command first:
 % sudo chmod 777 /dev/bpf*
 to change permissions on the files required by tcpdump.
 
 Here's a breakdown of the command:
 - sudo means to do the command as the su (super user), ie. the all
 powerful root user.
 - tcpdump is an application with sniffs network traffic. It will
 record all traffic in and out of your computer.
 - -p turns off promiscuous mode so you don't see the traffic of other
 computers on the network.
 - -s 0 sets the packet collection size to unlimited, so you get all the
 data.
 - -i en0 means to use the first Ethernet interface for collection. This
 will be your built-in Ethernet connection which I'm assuming you are
 connecting to the Internet through.
 - -w networktraffic means to write the raw data to the file named
 networktraffic (make sure you don't happen to have a file already by
 that name in your home directory!). The raw data can later be
 interpreted by other applications.
 
 After entering the command, you should get a confirmation message and
 then nothing. At this point, tcpdump is recording traffic. Hopefully
 your network is not too busy with traffic, which would make the output
 rather complicated. In any case, quickly jump into Software Update and
 do an update. To start with, it might be worth waiting out the delay.
 Then jump back to the Terminal and press Control-C to stop tcpdump. You
 can start is again with another file name (say -w networktraffic2) and
 then try and update followed by a cancel.

Re: [discuss] Speed question

2004-09-20 Thread bruce

Dear Heath and Steve,
Just checked the new prefPane against our school proxy server...
works perfectly. Only tested Safari - works fine... the rest will be OK.
The log looks perfectly normal and fast.

By the way the Info version number still states 3.1.1 but I assume
that will change.

The connection was very fast BUT the school holidays have just started here
and there aren't 800plus students clammering for the proxy server.


Heath I would be very interested in finding out what changes you had
to make to cater for the difference in proxy server responses
and whether or not it was MS's pedantic error message nature.



Well it seems as though Heath you've solved it... it will be a bit sad that
this little discussion group will now terminate.
It has been nice working with you all.

Kind regards,
Bruce from a sunny 26C day downUnder - spring is here, time to to go to the
beach until February. Cheers...

Re: [discuss] Speed question

2004-09-19 Thread Heath Raftery

Bruce, Steve, others,
On 18/09/2004, at 3:29 PM, bruce wrote:
I don't mind testing 3.1.1a against a real windoze system that works 
with
the current version of authoxy... if you want to... Won't be until 
Monday
now...
Sure, that'd be very handy before I release an official version. I'll 
send it in a private email.

PS Heath, do you test against Samba?
Indeed I do!
On 19/09/2004, at 5:53 AM, Steven Stratford wrote:
I was so curious to find out if 3.1.1a works that I drove in to work 
(all of
5 minutes from where I live) to try it.

It works! You're my hero, Heath. :)
Awesome! That makes it all worthwhile :)
Maxibidder...partly, probably it's their program, not Authoxy.
RealOne player--nope.
MSN Messenger--nope.
Skype (VOIP)--nope.
Yeah, bugger about that. I honestly don't think there's much I can do 
about that. I've tried to work through MSN issues before, but it is 
doing strange things I think. You might like to try experimenting with 
turning the proxy option on or off, or electing to not use HTTP ports 
or something. Also, as you say, these might well be specifically 
blocked at the firewall anyway.

I notice the number of daemons gets fairly large (right now it's 36, 
with
nothing going on net-wise). Should they go back to zero? (5 minutes 
after I
wrote that, it's still 36.)
Yes, they should. Something is probably not right there. NTLM does rely 
on persistant connections, but they should still be closed eventually. 
As Bruce suggest, they most likely will not do any harm - Unix systems 
are quite good at handling lots of background processes. But I'd 
definately feel better if they died a fair bit more quickly than that. 
The behaviour in the latest log you posted definately looks normal 
though - there appear to be two NTLM connections, one after the other. 
In the first one, the server closes the connection, and in the second 
the client closes it, with the whole thing only lasting a few seconds. 
That's quite normal. The only thing Authoxy does after printing those 
messages is to kill the partner process (connections are handled by 
pairs of processes) and then kill itself. Not sure why then, your 
processes are not dying. I'll sleep on it...

Regards,
Heath
--
 
|   Heath Raftery[EMAIL PROTECTED] |
|   HRSoftWorks  http://www.hrsoftworks.net|
||
|   *There's nothing like a depressant to cheer you up*  |
|   - Heard at Moe's Tavern  |
| _\|/_  |
|m(. .)m_|

Re: [discuss] Speed question

2004-09-14 Thread Steven Stratford

Thanks, Heath! That is very interesting, and gives me something else to try.
I have some time tomorrow and will definitely send you a dump or two, maybe
post a snippet or two to the list to see if someone wants to give it a shot.

On 9/13/04 11:45 PM, Heath Raftery [EMAIL PROTECTED] wrote:

 Hey guys,
 
 Very interesting thread, and I'm happy you're helping each other out,
 because the fact is I really am inexperienced when it comes to NTLM
 authentication. Nonetheless, I'll offer my comments from the developers
 point of view.
 
 Incidentally, the two sites mentioned before:
 http://www.innovation.ch/java/ntlm.html
 http://davenport.sourceforge.net/ntlm.html
 are two of the resources I relied on most during development, so are a
 great place to decipher what appears in the logs!
 
 As you've clearly noted, the delay appears to occur at Step 2, so I'll
 break down what happens around that point:
 
 Before entering Step 1, Authoxy breaks into two processes, one to
 handle the client-server connection and another to handle
 server-client. In Step 1, one of the processes sends the client
 request (eg. a call to the Software Update servers to check for
 updates) as normal to the proxy. Well, almost as normal - NTLM requires
 persistant connections (basically means that the connection must be
 held open between requests for the authentication to work), so if the
 client requested non-persistant connections (by supplying the
 Connection: close header), Authoxy strips it out and remembers that is
 the case, before passing the request on.
 
 The process then informs the other pauses itself waiting for the other
 process to complete Step 2. The other process then starts Step 2, and
 waits for the proxy to return a HTTP code 407 Unauthorized back. If
 something arrives from the proxy which is not a 407, Authoxy will
 report Unexpected server response in NTLM authentication Step 2.
 Giving up.. That doesn't appear to be what is happening here - instead
 the proxy doesn't respond for 120 seconds. If the process does receive
 a 407, it *will* report Step 2 is complete and I'm not seeing that at
 all in the logs you've posted.

I'll run this by my sysadmin in addition to trying out the TCPIP dump you
described. I haven't mucked about in terminal before so this should be fun.

--Steve

 
 If you cancel the request, that will close the connection on the client
 side. This should kill both processes and go back to waiting for
 another connection. Before the processes are killed though, they are
 both unpaused, to make sure you don't get stopped processes pilling up.
 Perhaps this is when one of the processes runs away and attempts to
 complete the rest of the connection. All the flags which appear from
 then on seem normal to me.
 
 So as far as I can tell, the issue appears to be that the proxy server
 is not returning the 407 error response when it should. This is a
 fairly fundamental step and actually occurs before any of the
 credentials are passed or even consulted, so should be a clear place to
 investigate.
 
snip

 Well I'm sure that's plenty of rambling on my behalf for now. Good luck
 in your future investigations!
 Heath

Re: [discuss] Speed question

2004-09-12 Thread bruce

That works with Explorer but not with Safari/Shiira or Firefox.
But then you don't need authoxy with Explorer so this may be an issue!
Cheers,
Bruce.


We log in with just username and password, no domain. I'll try that Monday.

--Steve


On 9/12/04 5:48 AM, bruce [EMAIL PROTECTED] wrote:

 Actually after looking at your log again, I doubt that all of the above
 is relevant!!! You seemed to have made a connection to the server
 and it is not being completed in the way that we expect. Are you
 using encrypted passwords on the proxy server?

 Using Safari, the girls at our school have to login using the following
 format,

 WindowsDomainName/UserName
 password

 Is this the format that you are using?

Re: [discuss] Speed question

2004-09-07 Thread Steven Stratford

Title: Re: [discuss] Speed question



OK I changed NTLM Host/Workstation from sstratpbook (me) to 10.2.0.2 (our proxy server), and here's my result (better but not optimum) accessing Software Update. Takes 2 minutes for step 2 to complete, dont know enough about NTLM to know why. That seems to be the exact holdup. In the following, the delay is marked in red.

Sep 7 10:32:16 : Authoxy has started successfully
Sep 7 10:32:27 : Ready to NTLM!
Sep 7 10:32:27 : Entering Step 1
Sep 7 10:32:27 : Entering Step 2
Sep 7 10:32:27 : Found Connection: close. Hiding for NTLM Authentication
Sep 7 10:32:27 : Waiting for Step 2
Sep 7 10:34:27 : Step 2 is complete
Sep 7 10:34:27 : Entering Step 3
Sep 7 10:34:27 : Created Type 1 string of 60 characters
Sep 7 10:34:27 : Pausing in Step 3
Sep 7 10:34:27 : Entering Step 4
Sep 7 10:34:27 : Content-Length: 0
Sep 7 10:34:27 : NTLM: Target length is 4
Sep 7 10:34:27 : NTLM: Target length 2 is 4
Sep 7 10:34:27 : NTLM: Target offset is 56
Sep 7 10:34:27 : NTLM Flag: Negotiate OEM
Sep 7 10:34:27 : NTLM Flag: Request Target
Sep 7 10:34:27 : NTLM Flag: Negotiate NTLM
Sep 7 10:34:27 : NTLM Flag: Target Type Domain
Sep 7 10:34:27 : NTLM Flag: Negotiate Target Info
Sep 7 10:34:27 : NTLM Flag: UNKNOWN5
Sep 7 10:34:27 : NTLM: Target is: MBBC
Sep 7 10:34:27 : NTLM: Target length is 98
Sep 7 10:34:27 : NTLM: Target length 2 is 98
Sep 7 10:34:27 : NTLM: Target offset is 60
Sep 7 10:34:27 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^e^d^u^^E^^P^m^b^b^c^.^e^d^u^
Sep 7 10:34:27 : The nonce is: y^[k6.
Sep 7 10:34:27 : Finished Step 4
Sep 7 10:34:27 : Entering Step 5
Sep 7 10:34:27 : Got Type 3 msg of 176 characters.
Sep 7 10:34:27 : Finished NTLM!

H I did it again and it again took exactly 120 seconds to complete step 2... Sounds like a timeout or something is in operation here...

Settings: Authoxy on port 8081, points to proxy 10.2.0.2:8080, NTLM on, domain mbbc host/workstation 10.2.0.2
Network settings point to proxies to 127.0.0.1:8081, *.mbbc.edu is bypassed

H again. I blanked out the NTLM host/workstation, left mbbc in the domain, and restarted Authoxy, same result...

Testing...

OK I KNOW I have to use NTLM, because if its not checked, Authoxy doesnt work, and if it is checked, Authoxy DOES work. However, no matter what I put in the blanks for BOTH domain and host/workstation dont seem to matter, I get a 120 second timeout in step 2.

Testing I left both fields blank for NTLM, and this is what happened:

Sep 7 11:08:37 : Authoxy has started successfully
Sep 7 11:08:46 : Ready to NTLM!
Sep 7 11:08:46 : Entering Step 1
Sep 7 11:08:46 : Entering Step 2
Sep 7 11:08:46 : Found Connection: close. Hiding for NTLM Authentication
Sep 7 11:08:46 : Waiting for Step 2
Sep 7 11:10:46 : Step 2 is complete
Sep 7 11:10:46 : Entering Step 3
Sep 7 11:10:46 : Created Type 1 string of 44 characters
Sep 7 11:10:46 : Pausing in Step 3
Sep 7 11:10:46 : Entering Step 4
Sep 7 11:10:46 : Content-Length: 2639
Sep 7 11:10:46 : No authentication challenge in NTLM authentication Step 4. Giving up.

I will consult with my system administrator, or maybe someone has an idea. Thanks for your help. Sooo close. :)

--Steve

On 9/6/04 5:07 PM, bruce [EMAIL PROTECTED] wrote:

 Set in the NTLM your windows domain name eg for us its curriculum2
 and in the host, its NOT you/your workstation but the IP address of
 your proxy server 10.2.0.1 or whatever,
 
 Well thats what we do...
 
 Try that.
 
 Cheers,
 Bruce.
 
 
 -- NTLM Authentication is on, set to my domain (mbbc) and my computer name
 (sstratpbook)--I'm checking with our system admin to be sure that's correct
 
 Note: In Authoxy control panel, the number of daemons running increases with
 each web access, but doesn't seem to decrease back to 1 after the web page
 finishes loading. Don't know if that's normal.
 
 Any ideas? Thanks for your help--this tool has great potential for me to
 provide a higher level of compatibility with our MS network, so I'm not
 willing to give up yet!
 
 --Steve

Re: [discuss] Speed question

2004-09-06 Thread Steven Stratford

I turned on system logging. Here's part of a session log. Two things were
going on: Entourage was accessing the exchange server, and there was a web
page request using Mozilla. Both requests completed eventually, though this
is not the complete session.

--Steve

Sep  6 09:26:29 : Authoxy has started successfully
Sep  6 09:27:27 : Ready to NTLM!
Sep  6 09:27:27 : Entering Step 1
Sep  6 09:27:27 : Content Length of request: 0
Sep  6 09:27:27 : Waiting for Step 2
Sep  6 09:27:27 : Entering Step 2
Sep  6 09:28:41 : Ready to NTLM!
Sep  6 09:28:41 : Entering Step 1
Sep  6 09:28:41 : Content Length of request: 0
Sep  6 09:28:41 : Waiting for Step 2
Sep  6 09:28:41 : Entering Step 2
Sep  6 09:28:41 : Ready to NTLM!
Sep  6 09:28:41 : Entering Step 1
Sep  6 09:28:41 : Waiting for Step 2
Sep  6 09:28:41 : Entering Step 2
Sep  6 09:28:41 : Ready to NTLM!
Sep  6 09:28:41 : Entering Step 1
Sep  6 09:28:41 : Waiting for Step 2
Sep  6 09:28:41 : Entering Step 2
Sep  6 09:28:48 : Ready to NTLM!
Sep  6 09:28:48 : Entering Step 1
Sep  6 09:28:48 : Waiting for Step 2
Sep  6 09:28:48 : Entering Step 2
Sep  6 09:29:27 : Step 2 is complete
Sep  6 09:29:27 : Entering Step 3
Sep  6 09:29:27 : Created Type 1 string of 64 characters
Sep  6 09:29:27 : Pausing in Step 3
Sep  6 09:29:27 : Entering Step 4
Sep  6 09:29:27 : Content-Length: 0
Sep  6 09:29:27 : NTLM: Target length is 4
Sep  6 09:29:27 : NTLM: Target length 2 is 4
Sep  6 09:29:27 : NTLM: Target offset is 56
Sep  6 09:29:27 : NTLM Flag: Negotiate OEM
Sep  6 09:29:27 : NTLM Flag: Request Target
Sep  6 09:29:27 : NTLM Flag: Negotiate NTLM
Sep  6 09:29:27 : NTLM Flag: Target Type Domain
Sep  6 09:29:27 : NTLM Flag: Negotiate Target Info
Sep  6 09:29:27 : NTLM Flag: UNKNOWN5
Sep  6 09:29:27 : NTLM: Target is: MBBC
Sep  6 09:29:27 : NTLM: Target length is 98
Sep  6 09:29:27 : NTLM: Target length 2 is 98
Sep  6 09:29:27 : NTLM: Target offset is 60
Sep  6 09:29:27 : NTLM: TargetInfo is:
^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^
e^d^u^^E^^P^m^b^b^c^.^e^d^u^
Sep  6 09:29:27 : The nonce is: (I_^T^G[.
Sep  6 09:29:27 : Finished Step 4
Sep  6 09:29:27 : Entering Step 5
Sep  6 09:29:27 : Got Type 3 msg of 176 characters.
Sep  6 09:29:27 : Finished NTLM!
Sep  6 09:29:27 : SEARCH http://mail.mbbc.edu/exchange/sstratford/ HTTP/1.1
Sep  6 09:30:41 : Step 2 is complete
Sep  6 09:30:41 : Entering Step 3
Sep  6 09:30:41 : Created Type 1 string of 64 characters
Sep  6 09:30:41 : Pausing in Step 3
Sep  6 09:30:41 : Entering Step 4
Sep  6 09:30:41 : Content-Length: 0
Sep  6 09:30:41 : NTLM: Target length is 4
Sep  6 09:30:41 : NTLM: Target length 2 is 4
Sep  6 09:30:41 : NTLM: Target offset is 56
Sep  6 09:30:41 : NTLM Flag: Negotiate OEM
Sep  6 09:30:41 : NTLM Flag: Request Target
Sep  6 09:30:41 : NTLM Flag: Negotiate NTLM
Sep  6 09:30:41 : NTLM Flag: Target Type Domain
Sep  6 09:30:41 : NTLM Flag: Negotiate Target Info
Sep  6 09:30:41 : NTLM Flag: UNKNOWN5
Sep  6 09:30:41 : NTLM: Target is: MBBC
Sep  6 09:30:41 : NTLM: Target length is 98
Sep  6 09:30:41 : NTLM: Target length 2 is 98
Sep  6 09:30:41 : NTLM: Target offset is 60
Sep  6 09:30:41 : NTLM: TargetInfo is:
^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^
e^d^u^^E^^P^m^b^b^c^.^e^d^u^
Sep  6 09:30:41 : The nonce is: ~c1^\S.
Sep  6 09:30:41 : Finished Step 4
Sep  6 09:30:41 : Entering Step 5
Sep  6 09:30:41 : Got Type 3 msg of 176 characters.
Sep  6 09:30:41 : Finished NTLM!
Sep  6 09:30:41 : Step 2 is complete
Sep  6 09:30:41 : Step 2 is complete
Sep  6 09:30:41 : Entering Step 3
Sep  6 09:30:41 : Created Type 1 string of 64 characters
Sep  6 09:30:41 : Entering Step 3
Sep  6 09:30:41 : Created Type 1 string of 64 characters
Sep  6 09:30:41 : Pausing in Step 3
Sep  6 09:30:41 : Pausing in Step 3
Sep  6 09:30:41 : Entering Step 4
Sep  6 09:30:41 : Entering Step 4
Sep  6 09:30:41 : Content-Length: 0
Sep  6 09:30:41 : NTLM: Target length is 4
Sep  6 09:30:41 : NTLM: Target length 2 is 4
Sep  6 09:30:41 : NTLM: Target offset is 56
Sep  6 09:30:41 : NTLM Flag: Negotiate OEM
Sep  6 09:30:41 : NTLM Flag: Request Target
Sep  6 09:30:41 : NTLM Flag: Negotiate NTLM
Sep  6 09:30:41 : NTLM Flag: Target Type Domain
Sep  6 09:30:41 : NTLM Flag: Negotiate Target Info
Sep  6 09:30:41 : NTLM Flag: UNKNOWN5
Sep  6 09:30:41 : NTLM: Target is: MBBC
Sep  6 09:30:41 : NTLM: Target length is 98
Sep  6 09:30:41 : NTLM: Target length 2 is 98
Sep  6 09:30:41 : NTLM: Target offset is 60
Sep  6 09:30:41 : NTLM: TargetInfo is:
^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^
e^d^u^^E^^P^m^b^b^c^.^e^d^u^
Sep  6 09:30:41 : The nonce is: -B[.
Sep  6 09:30:41 : Finished Step 4
Sep  6 09:30:41 : Content-Length: 0
Sep  6 09:30:41 : NTLM: Target length is 4
Sep  6 09:30:41 : NTLM: Target length 2 is 4
Sep  6 09:30:41 : NTLM: Target offset is 56
Sep  6 09:30:41 : NTLM Flag: Negotiate OEM
Sep  6 09:30:41 : NTLM Flag: Request Target
Sep  6 09:30:41 : NTLM Flag: Negotiate

Re: [discuss] Speed question

2004-09-03 Thread Laurent Daudelin

on 03/09/04 11:43, Steven Stratford at [EMAIL PROTECTED] wrote:

 Question: Seems slow. Are there ways/tricks for speeding things up? Our
 network is 100baseT so it¹s not slow when I connect directly to our proxy
 server.

I've been using Authoxy since version 2.1 (or 2.2 maybe) and I've never
noticed any slowdown. Not that there isn't any, just that I've never noticed
them if there are some. I regularly transfer files from my PeeCee to my
PowerBook, also over a 100BaseT connection, through a DHCP setup.

-Laurent.
-- 

Laurent Daudelin   AIM/iChat: LaurentDaudelinhttp://nemesys.dyndns.org
Logiciels Nemesys Software   mailto:[EMAIL PROTECTED]

fudge: 1. vt. To perform in an incomplete but marginally acceptable way,
particularly with respect to the writing of a program. I didn't feel like
going through that pain and suffering, so I fudged it -- I'll fix it later.
2. n. The resulting code.

Re: [discuss] Speed question

2004-09-03 Thread Laurent Daudelin

on 03/09/04 20:04, Steven Stratford at [EMAIL PROTECTED] wrote:

 It might be because I have to use NTLM?
 
 --Steve
 
 
 On 9/3/04 5:44 PM, Laurent Daudelin [EMAIL PROTECTED] wrote:
 
 on 03/09/04 11:43, Steven Stratford at [EMAIL PROTECTED] wrote:
 
 Question: Seems slow. Are there ways/tricks for speeding things up? Our
 network is 100baseT so it¹s not slow when I connect directly to our proxy
 server.
 
 I've been using Authoxy since version 2.1 (or 2.2 maybe) and I've never
 noticed any slowdown. Not that there isn't any, just that I've never noticed
 them if there are some. I regularly transfer files from my PeeCee to my
 PowerBook, also over a 100BaseT connection, through a DHCP setup.
 
 -Laurent.
 

Quite possible but only Heath would be able to tell for sure...

-Laurent.
-- 

Laurent Daudelin   AIM/iChat: LaurentDaudelinhttp://nemesys.dyndns.org
Logiciels Nemesys Software   mailto:[EMAIL PROTECTED]

Brooks's Law prov.: Adding manpower to a late software project makes it
later -- a result of the fact that the expected advantage from splitting
development work among N programmers is O(N) (that is, proportional to N),
but the complexity and communications cost associated with coordinating and
then merging their work is O(N^2) (that is, proportional to the square of
N). The quote is from Fred Brooks, a manager of IBM's OS/360 project and
author of The Mythical Man-Month (Addison-Wesley, 1975, ISBN
0-201-00650-2), an excellent early book on software engineering.

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

Re: [discuss] Speed question

9 matches

Site Navigation

Mail list logo

Footer information