Re: [discuss] Speed question
Steve-- Here's the info for getting a tcpdump that Heath sent me last fall. Worked fine for me. The last part about jumping to Software Update was specific for the problem I was having, so for you you'd have to figure out how to do your test and get your results. --Steve On 9/13/04 11:45 PM, Heath Raftery [EMAIL PROTECTED] wrote: Back to the issue with the server responding - you'll get a lot more information and I'll have a lot more idea of what is going on, if you could capture the tcp dump. I'm not sure if you're familiar with the tools (or even if this is appropriate in your situation), but OS X comes built in with a (command line) program called tcpdump, which dumps the raw network traffic to a file. You can then analyse the traffic with various tools (Ethereal being my favourite). Here's how to dump the information necessary to file: In an administrator account on the OS X machine, type this at the prompt in the Terminal (where % is your prompt): % sudo tcpdump -p -s 0 -i en0 -w networktraffic It should prompt you for your password, by which it means your admin/login password. You might get a message about not having enough permissions to access /dev/bpf0 or something. In that case, use this command first: % sudo chmod 777 /dev/bpf* to change permissions on the files required by tcpdump. Here's a breakdown of the command: - sudo means to do the command as the su (super user), ie. the all powerful root user. - tcpdump is an application with sniffs network traffic. It will record all traffic in and out of your computer. - -p turns off promiscuous mode so you don't see the traffic of other computers on the network. - -s 0 sets the packet collection size to unlimited, so you get all the data. - -i en0 means to use the first Ethernet interface for collection. This will be your built-in Ethernet connection which I'm assuming you are connecting to the Internet through. - -w networktraffic means to write the raw data to the file named networktraffic (make sure you don't happen to have a file already by that name in your home directory!). The raw data can later be interpreted by other applications. After entering the command, you should get a confirmation message and then nothing. At this point, tcpdump is recording traffic. Hopefully your network is not too busy with traffic, which would make the output rather complicated. In any case, quickly jump into Software Update and do an update. To start with, it might be worth waiting out the delay. Then jump back to the Terminal and press Control-C to stop tcpdump. You can start is again with another file name (say -w networktraffic2) and then try and update followed by a cancel.
Re: [discuss] Speed question
Dear Heath and Steve, Just checked the new prefPane against our school proxy server... works perfectly. Only tested Safari - works fine... the rest will be OK. The log looks perfectly normal and fast. By the way the Info version number still states 3.1.1 but I assume that will change. The connection was very fast BUT the school holidays have just started here and there aren't 800plus students clammering for the proxy server. Heath I would be very interested in finding out what changes you had to make to cater for the difference in proxy server responses and whether or not it was MS's pedantic error message nature. Well it seems as though Heath you've solved it... it will be a bit sad that this little discussion group will now terminate. It has been nice working with you all. Kind regards, Bruce from a sunny 26C day downUnder - spring is here, time to to go to the beach until February. Cheers...
Re: [discuss] Speed question
Bruce, Steve, others, On 18/09/2004, at 3:29 PM, bruce wrote: I don't mind testing 3.1.1a against a real windoze system that works with the current version of authoxy... if you want to... Won't be until Monday now... Sure, that'd be very handy before I release an official version. I'll send it in a private email. PS Heath, do you test against Samba? Indeed I do! On 19/09/2004, at 5:53 AM, Steven Stratford wrote: I was so curious to find out if 3.1.1a works that I drove in to work (all of 5 minutes from where I live) to try it. It works! You're my hero, Heath. :) Awesome! That makes it all worthwhile :) Maxibidder...partly, probably it's their program, not Authoxy. RealOne player--nope. MSN Messenger--nope. Skype (VOIP)--nope. Yeah, bugger about that. I honestly don't think there's much I can do about that. I've tried to work through MSN issues before, but it is doing strange things I think. You might like to try experimenting with turning the proxy option on or off, or electing to not use HTTP ports or something. Also, as you say, these might well be specifically blocked at the firewall anyway. I notice the number of daemons gets fairly large (right now it's 36, with nothing going on net-wise). Should they go back to zero? (5 minutes after I wrote that, it's still 36.) Yes, they should. Something is probably not right there. NTLM does rely on persistant connections, but they should still be closed eventually. As Bruce suggest, they most likely will not do any harm - Unix systems are quite good at handling lots of background processes. But I'd definately feel better if they died a fair bit more quickly than that. The behaviour in the latest log you posted definately looks normal though - there appear to be two NTLM connections, one after the other. In the first one, the server closes the connection, and in the second the client closes it, with the whole thing only lasting a few seconds. That's quite normal. The only thing Authoxy does after printing those messages is to kill the partner process (connections are handled by pairs of processes) and then kill itself. Not sure why then, your processes are not dying. I'll sleep on it... Regards, Heath -- | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net| || | *There's nothing like a depressant to cheer you up* | | - Heard at Moe's Tavern | | _\|/_ | |m(. .)m_|
Re: [discuss] Speed question
Thanks, Heath! That is very interesting, and gives me something else to try. I have some time tomorrow and will definitely send you a dump or two, maybe post a snippet or two to the list to see if someone wants to give it a shot. On 9/13/04 11:45 PM, Heath Raftery [EMAIL PROTECTED] wrote: Hey guys, Very interesting thread, and I'm happy you're helping each other out, because the fact is I really am inexperienced when it comes to NTLM authentication. Nonetheless, I'll offer my comments from the developers point of view. Incidentally, the two sites mentioned before: http://www.innovation.ch/java/ntlm.html http://davenport.sourceforge.net/ntlm.html are two of the resources I relied on most during development, so are a great place to decipher what appears in the logs! As you've clearly noted, the delay appears to occur at Step 2, so I'll break down what happens around that point: Before entering Step 1, Authoxy breaks into two processes, one to handle the client-server connection and another to handle server-client. In Step 1, one of the processes sends the client request (eg. a call to the Software Update servers to check for updates) as normal to the proxy. Well, almost as normal - NTLM requires persistant connections (basically means that the connection must be held open between requests for the authentication to work), so if the client requested non-persistant connections (by supplying the Connection: close header), Authoxy strips it out and remembers that is the case, before passing the request on. The process then informs the other pauses itself waiting for the other process to complete Step 2. The other process then starts Step 2, and waits for the proxy to return a HTTP code 407 Unauthorized back. If something arrives from the proxy which is not a 407, Authoxy will report Unexpected server response in NTLM authentication Step 2. Giving up.. That doesn't appear to be what is happening here - instead the proxy doesn't respond for 120 seconds. If the process does receive a 407, it *will* report Step 2 is complete and I'm not seeing that at all in the logs you've posted. I'll run this by my sysadmin in addition to trying out the TCPIP dump you described. I haven't mucked about in terminal before so this should be fun. --Steve If you cancel the request, that will close the connection on the client side. This should kill both processes and go back to waiting for another connection. Before the processes are killed though, they are both unpaused, to make sure you don't get stopped processes pilling up. Perhaps this is when one of the processes runs away and attempts to complete the rest of the connection. All the flags which appear from then on seem normal to me. So as far as I can tell, the issue appears to be that the proxy server is not returning the 407 error response when it should. This is a fairly fundamental step and actually occurs before any of the credentials are passed or even consulted, so should be a clear place to investigate. snip Well I'm sure that's plenty of rambling on my behalf for now. Good luck in your future investigations! Heath
Re: [discuss] Speed question
That works with Explorer but not with Safari/Shiira or Firefox. But then you don't need authoxy with Explorer so this may be an issue! Cheers, Bruce. We log in with just username and password, no domain. I'll try that Monday. --Steve On 9/12/04 5:48 AM, bruce [EMAIL PROTECTED] wrote: Actually after looking at your log again, I doubt that all of the above is relevant!!! You seemed to have made a connection to the server and it is not being completed in the way that we expect. Are you using encrypted passwords on the proxy server? Using Safari, the girls at our school have to login using the following format, WindowsDomainName/UserName password Is this the format that you are using?
Re: [discuss] Speed question
Title: Re: [discuss] Speed question OK I changed NTLM Host/Workstation from sstratpbook (me) to 10.2.0.2 (our proxy server), and here's my result (better but not optimum) accessing Software Update. Takes 2 minutes for step 2 to complete, dont know enough about NTLM to know why. That seems to be the exact holdup. In the following, the delay is marked in red. Sep 7 10:32:16 : Authoxy has started successfully Sep 7 10:32:27 : Ready to NTLM! Sep 7 10:32:27 : Entering Step 1 Sep 7 10:32:27 : Entering Step 2 Sep 7 10:32:27 : Found Connection: close. Hiding for NTLM Authentication Sep 7 10:32:27 : Waiting for Step 2 Sep 7 10:34:27 : Step 2 is complete Sep 7 10:34:27 : Entering Step 3 Sep 7 10:34:27 : Created Type 1 string of 60 characters Sep 7 10:34:27 : Pausing in Step 3 Sep 7 10:34:27 : Entering Step 4 Sep 7 10:34:27 : Content-Length: 0 Sep 7 10:34:27 : NTLM: Target length is 4 Sep 7 10:34:27 : NTLM: Target length 2 is 4 Sep 7 10:34:27 : NTLM: Target offset is 56 Sep 7 10:34:27 : NTLM Flag: Negotiate OEM Sep 7 10:34:27 : NTLM Flag: Request Target Sep 7 10:34:27 : NTLM Flag: Negotiate NTLM Sep 7 10:34:27 : NTLM Flag: Target Type Domain Sep 7 10:34:27 : NTLM Flag: Negotiate Target Info Sep 7 10:34:27 : NTLM Flag: UNKNOWN5 Sep 7 10:34:27 : NTLM: Target is: MBBC Sep 7 10:34:27 : NTLM: Target length is 98 Sep 7 10:34:27 : NTLM: Target length 2 is 98 Sep 7 10:34:27 : NTLM: Target offset is 60 Sep 7 10:34:27 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^e^d^u^^E^^P^m^b^b^c^.^e^d^u^ Sep 7 10:34:27 : The nonce is: y^[k6. Sep 7 10:34:27 : Finished Step 4 Sep 7 10:34:27 : Entering Step 5 Sep 7 10:34:27 : Got Type 3 msg of 176 characters. Sep 7 10:34:27 : Finished NTLM! H I did it again and it again took exactly 120 seconds to complete step 2... Sounds like a timeout or something is in operation here... Settings: Authoxy on port 8081, points to proxy 10.2.0.2:8080, NTLM on, domain mbbc host/workstation 10.2.0.2 Network settings point to proxies to 127.0.0.1:8081, *.mbbc.edu is bypassed H again. I blanked out the NTLM host/workstation, left mbbc in the domain, and restarted Authoxy, same result... Testing... OK I KNOW I have to use NTLM, because if its not checked, Authoxy doesnt work, and if it is checked, Authoxy DOES work. However, no matter what I put in the blanks for BOTH domain and host/workstation dont seem to matter, I get a 120 second timeout in step 2. Testing I left both fields blank for NTLM, and this is what happened: Sep 7 11:08:37 : Authoxy has started successfully Sep 7 11:08:46 : Ready to NTLM! Sep 7 11:08:46 : Entering Step 1 Sep 7 11:08:46 : Entering Step 2 Sep 7 11:08:46 : Found Connection: close. Hiding for NTLM Authentication Sep 7 11:08:46 : Waiting for Step 2 Sep 7 11:10:46 : Step 2 is complete Sep 7 11:10:46 : Entering Step 3 Sep 7 11:10:46 : Created Type 1 string of 44 characters Sep 7 11:10:46 : Pausing in Step 3 Sep 7 11:10:46 : Entering Step 4 Sep 7 11:10:46 : Content-Length: 2639 Sep 7 11:10:46 : No authentication challenge in NTLM authentication Step 4. Giving up. I will consult with my system administrator, or maybe someone has an idea. Thanks for your help. Sooo close. :) --Steve On 9/6/04 5:07 PM, bruce [EMAIL PROTECTED] wrote: Set in the NTLM your windows domain name eg for us its curriculum2 and in the host, its NOT you/your workstation but the IP address of your proxy server 10.2.0.1 or whatever, Well thats what we do... Try that. Cheers, Bruce. -- NTLM Authentication is on, set to my domain (mbbc) and my computer name (sstratpbook)--I'm checking with our system admin to be sure that's correct Note: In Authoxy control panel, the number of daemons running increases with each web access, but doesn't seem to decrease back to 1 after the web page finishes loading. Don't know if that's normal. Any ideas? Thanks for your help--this tool has great potential for me to provide a higher level of compatibility with our MS network, so I'm not willing to give up yet! --Steve
Re: [discuss] Speed question
I turned on system logging. Here's part of a session log. Two things were going on: Entourage was accessing the exchange server, and there was a web page request using Mozilla. Both requests completed eventually, though this is not the complete session. --Steve Sep 6 09:26:29 : Authoxy has started successfully Sep 6 09:27:27 : Ready to NTLM! Sep 6 09:27:27 : Entering Step 1 Sep 6 09:27:27 : Content Length of request: 0 Sep 6 09:27:27 : Waiting for Step 2 Sep 6 09:27:27 : Entering Step 2 Sep 6 09:28:41 : Ready to NTLM! Sep 6 09:28:41 : Entering Step 1 Sep 6 09:28:41 : Content Length of request: 0 Sep 6 09:28:41 : Waiting for Step 2 Sep 6 09:28:41 : Entering Step 2 Sep 6 09:28:41 : Ready to NTLM! Sep 6 09:28:41 : Entering Step 1 Sep 6 09:28:41 : Waiting for Step 2 Sep 6 09:28:41 : Entering Step 2 Sep 6 09:28:41 : Ready to NTLM! Sep 6 09:28:41 : Entering Step 1 Sep 6 09:28:41 : Waiting for Step 2 Sep 6 09:28:41 : Entering Step 2 Sep 6 09:28:48 : Ready to NTLM! Sep 6 09:28:48 : Entering Step 1 Sep 6 09:28:48 : Waiting for Step 2 Sep 6 09:28:48 : Entering Step 2 Sep 6 09:29:27 : Step 2 is complete Sep 6 09:29:27 : Entering Step 3 Sep 6 09:29:27 : Created Type 1 string of 64 characters Sep 6 09:29:27 : Pausing in Step 3 Sep 6 09:29:27 : Entering Step 4 Sep 6 09:29:27 : Content-Length: 0 Sep 6 09:29:27 : NTLM: Target length is 4 Sep 6 09:29:27 : NTLM: Target length 2 is 4 Sep 6 09:29:27 : NTLM: Target offset is 56 Sep 6 09:29:27 : NTLM Flag: Negotiate OEM Sep 6 09:29:27 : NTLM Flag: Request Target Sep 6 09:29:27 : NTLM Flag: Negotiate NTLM Sep 6 09:29:27 : NTLM Flag: Target Type Domain Sep 6 09:29:27 : NTLM Flag: Negotiate Target Info Sep 6 09:29:27 : NTLM Flag: UNKNOWN5 Sep 6 09:29:27 : NTLM: Target is: MBBC Sep 6 09:29:27 : NTLM: Target length is 98 Sep 6 09:29:27 : NTLM: Target length 2 is 98 Sep 6 09:29:27 : NTLM: Target offset is 60 Sep 6 09:29:27 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^ e^d^u^^E^^P^m^b^b^c^.^e^d^u^ Sep 6 09:29:27 : The nonce is: (I_^T^G[. Sep 6 09:29:27 : Finished Step 4 Sep 6 09:29:27 : Entering Step 5 Sep 6 09:29:27 : Got Type 3 msg of 176 characters. Sep 6 09:29:27 : Finished NTLM! Sep 6 09:29:27 : SEARCH http://mail.mbbc.edu/exchange/sstratford/ HTTP/1.1 Sep 6 09:30:41 : Step 2 is complete Sep 6 09:30:41 : Entering Step 3 Sep 6 09:30:41 : Created Type 1 string of 64 characters Sep 6 09:30:41 : Pausing in Step 3 Sep 6 09:30:41 : Entering Step 4 Sep 6 09:30:41 : Content-Length: 0 Sep 6 09:30:41 : NTLM: Target length is 4 Sep 6 09:30:41 : NTLM: Target length 2 is 4 Sep 6 09:30:41 : NTLM: Target offset is 56 Sep 6 09:30:41 : NTLM Flag: Negotiate OEM Sep 6 09:30:41 : NTLM Flag: Request Target Sep 6 09:30:41 : NTLM Flag: Negotiate NTLM Sep 6 09:30:41 : NTLM Flag: Target Type Domain Sep 6 09:30:41 : NTLM Flag: Negotiate Target Info Sep 6 09:30:41 : NTLM Flag: UNKNOWN5 Sep 6 09:30:41 : NTLM: Target is: MBBC Sep 6 09:30:41 : NTLM: Target length is 98 Sep 6 09:30:41 : NTLM: Target length 2 is 98 Sep 6 09:30:41 : NTLM: Target offset is 60 Sep 6 09:30:41 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^ e^d^u^^E^^P^m^b^b^c^.^e^d^u^ Sep 6 09:30:41 : The nonce is: ~c1^\S. Sep 6 09:30:41 : Finished Step 4 Sep 6 09:30:41 : Entering Step 5 Sep 6 09:30:41 : Got Type 3 msg of 176 characters. Sep 6 09:30:41 : Finished NTLM! Sep 6 09:30:41 : Step 2 is complete Sep 6 09:30:41 : Step 2 is complete Sep 6 09:30:41 : Entering Step 3 Sep 6 09:30:41 : Created Type 1 string of 64 characters Sep 6 09:30:41 : Entering Step 3 Sep 6 09:30:41 : Created Type 1 string of 64 characters Sep 6 09:30:41 : Pausing in Step 3 Sep 6 09:30:41 : Pausing in Step 3 Sep 6 09:30:41 : Entering Step 4 Sep 6 09:30:41 : Entering Step 4 Sep 6 09:30:41 : Content-Length: 0 Sep 6 09:30:41 : NTLM: Target length is 4 Sep 6 09:30:41 : NTLM: Target length 2 is 4 Sep 6 09:30:41 : NTLM: Target offset is 56 Sep 6 09:30:41 : NTLM Flag: Negotiate OEM Sep 6 09:30:41 : NTLM Flag: Request Target Sep 6 09:30:41 : NTLM Flag: Negotiate NTLM Sep 6 09:30:41 : NTLM Flag: Target Type Domain Sep 6 09:30:41 : NTLM Flag: Negotiate Target Info Sep 6 09:30:41 : NTLM Flag: UNKNOWN5 Sep 6 09:30:41 : NTLM: Target is: MBBC Sep 6 09:30:41 : NTLM: Target length is 98 Sep 6 09:30:41 : NTLM: Target length 2 is 98 Sep 6 09:30:41 : NTLM: Target offset is 60 Sep 6 09:30:41 : NTLM: TargetInfo is: ^B^^H^M^B^B^C^^A^^H^I^N^E^T^^D^^P^m^b^b^c^.^e^d^u^^C^^Z^i^n^e^t^.^m^b^b^c^.^ e^d^u^^E^^P^m^b^b^c^.^e^d^u^ Sep 6 09:30:41 : The nonce is: -B[. Sep 6 09:30:41 : Finished Step 4 Sep 6 09:30:41 : Content-Length: 0 Sep 6 09:30:41 : NTLM: Target length is 4 Sep 6 09:30:41 : NTLM: Target length 2 is 4 Sep 6 09:30:41 : NTLM: Target offset is 56 Sep 6 09:30:41 : NTLM Flag: Negotiate OEM Sep 6 09:30:41 : NTLM Flag: Request Target Sep 6 09:30:41 : NTLM Flag: Negotiate
Re: [discuss] Speed question
on 03/09/04 11:43, Steven Stratford at [EMAIL PROTECTED] wrote: Question: Seems slow. Are there ways/tricks for speeding things up? Our network is 100baseT so it¹s not slow when I connect directly to our proxy server. I've been using Authoxy since version 2.1 (or 2.2 maybe) and I've never noticed any slowdown. Not that there isn't any, just that I've never noticed them if there are some. I regularly transfer files from my PeeCee to my PowerBook, also over a 100BaseT connection, through a DHCP setup. -Laurent. -- Laurent Daudelin AIM/iChat: LaurentDaudelinhttp://nemesys.dyndns.org Logiciels Nemesys Software mailto:[EMAIL PROTECTED] fudge: 1. vt. To perform in an incomplete but marginally acceptable way, particularly with respect to the writing of a program. I didn't feel like going through that pain and suffering, so I fudged it -- I'll fix it later. 2. n. The resulting code.
Re: [discuss] Speed question
on 03/09/04 20:04, Steven Stratford at [EMAIL PROTECTED] wrote: It might be because I have to use NTLM? --Steve On 9/3/04 5:44 PM, Laurent Daudelin [EMAIL PROTECTED] wrote: on 03/09/04 11:43, Steven Stratford at [EMAIL PROTECTED] wrote: Question: Seems slow. Are there ways/tricks for speeding things up? Our network is 100baseT so it¹s not slow when I connect directly to our proxy server. I've been using Authoxy since version 2.1 (or 2.2 maybe) and I've never noticed any slowdown. Not that there isn't any, just that I've never noticed them if there are some. I regularly transfer files from my PeeCee to my PowerBook, also over a 100BaseT connection, through a DHCP setup. -Laurent. Quite possible but only Heath would be able to tell for sure... -Laurent. -- Laurent Daudelin AIM/iChat: LaurentDaudelinhttp://nemesys.dyndns.org Logiciels Nemesys Software mailto:[EMAIL PROTECTED] Brooks's Law prov.: Adding manpower to a late software project makes it later -- a result of the fact that the expected advantage from splitting development work among N programmers is O(N) (that is, proportional to N), but the complexity and communications cost associated with coordinating and then merging their work is O(N^2) (that is, proportional to the square of N). The quote is from Fred Brooks, a manager of IBM's OS/360 project and author of The Mythical Man-Month (Addison-Wesley, 1975, ISBN 0-201-00650-2), an excellent early book on software engineering.