[SunHELP] proxy tunnel traffic


Tue Mar 25 14:49:59 CST 2003


The following is tcpdump output indicating traffic tunnelled between to
squid accellerators.
Basically webserver pages are being cached from apache running on port 8003
through a proxy
tunnel using port 1181.

15:44:55.379700 10.10.1.77.1181 > 10.10.1.73.8003: S 423849514:423849514(0)
win 5840 <mss 1460,sackOK,timestamp 2540396 0,nop,wscale 0> (DF)
15:44:55.379809 10.10.1.73.8003 > 10.10.1.77.1181: S 111480558:111480558(0)
ack 423849515 win 5792 <mss 1460,sackOK,timestamp 2539038 2540396,nop,wscale
0> (DF)
15:44:55.380105 10.10.1.77.1181 > 10.10.1.73.8003: . ack 1 win 5840
<nop,nop,timestamp 2540396 2539038> (DF)
15:44:55.391906 10.10.1.77.1182 > 10.10.1.73.8003: S 423592908:423592908(0)
win 5840 <mss 1460,sackOK,timestamp 2540397 0,nop,wscale 0> (DF)
15:44:55.391982 10.10.1.73.8003 > 10.10.1.77.1182: S 120196532:120196532(0)
ack 423592909 win 5792 <mss 1460,sackOK,timestamp 2539039 2540397,nop,wscale
0> (DF)

Is there anyway I can take things a step further and view the packets within
the tunnel?  What I need to determin is whether the packets are encrypted
with SSL or not.


More information about the SunHELP mailing list