Re: [squid-users] Active feeding of Squid?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 25 Jan 2004 11:12:36 +0100 (CET)

On Sat, 24 Jan 2004, Henrik Nordstrom wrote:

> a) You need some kind of software capable of reassembling the TCP streams
> and pulling out the relevant HTTP request and resulting replies seen.

And when reading your question again there is one very important
complication. If you are only seeing downstream traffic then what you ask
can not be done as you must see what was sent client->server to record the
URL of the requested object.

> There is some quite cool software doing this, for example a traffic
> monitor automatically grabbing all pictures seen in web traffic.
> Unfortunately the name of such tool have slip my mind at the moment.

This can be done however with only access to the downstream. But you will
only be able to see which IP address the object (image or whatever) came
from, not the URL of the object.

You should also be able to do the same on FTP traffic, and there you may
be able to deduce a lot more information about the identity of the sniffed
objects without seeing the client->server traffic as the FTP protocol is
much more verbose than HTTP, but not all servers are so verbose.

Regards
Henrik
Received on Sun Jan 25 2004 - 03:12:47 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST