Here is two parallel blocks of data: sniffing session from proxy box,
and the same time squid access.log entries:
root @ cthulhu / # snoop 192.168.100.103|grep icq
Using device aggr1 (promiscuous mode)
192.168.100.103 -> bos-m028c-rdr1.blue.icq.net HTTPS C port=9040
bos-m028c-rdr1.blue.icq.net
On 27/10/2015 9:36 a.m., Yuri Voinov wrote:
>
> The problem is: I can't see most part of ICQ traffic. Because of it uses
> non-HTTP/HTTPS/FTP ports. Only with sniffer.
Okay, that should not matter much. That part of the traffic there is
nothing we can do about in Squid.
>
> Looks like this:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The problem is: I can't see most part of ICQ traffic. Because of it uses
non-HTTP/HTTPS/FTP ports. Only with sniffer.
Looks like this:
1. Login starts over 5190 port with CONNECT method. And normal squid's
config blocks it - this is non-SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi gents.
There is a good contest for all squidmans ;)
So.
We have wey idiotic protocol - OSCAR, and very antique IM client.
This is ICQ.
So what - it's work via Squid 3.4.x (both transparent and forwarding)
using proxy settings by client.
On 27/10/2015 4:54 a.m., Yuri Voinov wrote:
>
> Hi gents.
>
> There is a good contest for all squidmans ;)
>
> So.
>
> We have wey idiotic protocol - OSCAR, and very antique IM client.
>
> This is ICQ.
>
> So what - it's work via Squid 3.4.x (both transparent and forwarding)
> using proxy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think the right question is not "What headers pass through Squid" and
"Why did they pass through a transparent proxy, if the port that is
used, not 80 or 443?"
26.10.15 23:26, Amos Jeffries пишет:
> On 27/10/2015 4:54 a.m., Yuri Voinov wrote:
On 27/10/2015 6:30 a.m., Yuri Voinov wrote:
>
> I think the right question is not "What headers pass through Squid" and
> "Why did they pass through a transparent proxy, if the port that is
> used, not 80 or 443?"
>
ICQ speaks HTTP on port 80. Not sure about 443, it should at least speak
TLS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ICQ, like Skype later, uses special technique to bypass
proxies/firewalls, and conventionally checks, after it native port 5190,
other ports: 80,443,110,25 and other before it can connect to it's load
balancer. Moreover, when use 443, it CONNECT