On Sat, Jul 19, 2008 at 3:32 PM, Michael Alger <squid_at_mm.quex.org> wrote:
> The absolute best thing you could do is to perform a packet capture
> from the client and see exactly what it's sending to squid. You can
> use ethereal/wireshark or tcpdump for this; at least one must be
> available for OSX.
Thanks, good suggestion (FMI: see below).
> I wonder if the above is verbatim, i.e. no copy/paste errors, and if
> so, if what squid is spitting out is *exactly* what the client sent?
> There's some obvious problems with headers wrapping to the next
> line, but that may just be because of how squid displays it and how
> it was copied.
the original post was a direct cut and paste, no editing, however
there is line wrapping on most email clients and I think there are two
wrapped lines because of that, ie break on "cgiProxy-" and wrapped
"User-Agent" & "Accept:".
I just check the output again, and indeed there is some "quirked"
output, with the line starting "Referer:" also containing the
"Proxy-Connection:keep-alive". The same happens on other pages that
error.
Could this have something to do with why squid is having an error,
with that data, it would make it impossible to retrieve the url, IF
the browser was sending "linked lines" as it were. OR is it just a
malformed output from an iteration in squid. Without access to packet
capture I can not find out, but the following url does work when
constructed by hand:
http://www.squid-cache.org/cgi-bin/swish-query.cgi?keywords=Invalid%20Request%20with%20Mozilla%20Firefox%202
Thanks for the help though, at least I can make a suggestion when next
I meet a sys admin..
(OK, now one of the iMac OSX FF2 clients IS working, that means it
something to do with this installation of FF2, bah humbug.. thanks
anyway..)
Paul
For Future Reference:
--------------------------------
WIRESHARK: "Wireshark 1.0.2 Intel.dmg" from any SourceForge mirror
--------------------------------
SHELL: The shell is accessed through the Terminal program, which you
will find under Applications->Utilities.
--------------------------------
TCPDUMP: This command line tool is included with all versions of Mac
OS X, and is also available on many other Unix platforms. To get
started, try the following command.
sudo tcpdump -i en0 -s 0 -w DumpFile.dmp
The sudo command causes tcpdump to run with privileges, which is
necessary in order to capture network traffic.
The -i en0 option tells tcpdump to capture packets on the first
Ethernet interface. By default, tcpdump will use the first
non-loopback interface it can find (usually en0). For a list of
interfaces, type ifconfig -a. Mac OS X 10.1 and later provide packet
capture support on PPP, so you can also specify a PPP interface here
(for example, -i ppp0).
Note: The AirPort interface is typically en1. You can get a list of
network interface user-visible names and their corresponding BSD-style
names by running networksetup -listallhardwareports.
The -s 0 option requests the full packet rather than just the first 68 bytes.
The -w DumpFile.dmp parameter tells tcpdump to dump the packets to a
file called DumpFile.dmp.
In response to this command, tcpdump will begin to capture packets and
put them in the DumpFile.dmp file. When you want to stop capturing,
interrupt tcpdump by typing ^C. You can then display the contents of
the packets as text using the following command.
tcpdump -s 0 -n -e -x -vvv -r DumpFile.dmp
The -n option means that addresses are not converted to domain names,
which speeds things up considerably.
The -e option causes tcpdump to display the link-level header for each packet.
The -x option causes the contents of the packet to also be displayed in hex.
The -vvv option makes tcpdump's output as verbose as possible.
By specifying -r DumpFile.dmp option you tell tcpdump to read packets
from the file DumpFile.dmp rather than from a network interface. Note
that you don't need privileges to do this, so running tcpdump using
sudo is not required.
You can also combine these steps, as shown below, but if you do this
you don't get a high-fidelity record of the packets that you captured.
sudo tcpdump -i en0 -s 0 -n -e -x -vvv
--------------------------------
On Sat, Jul 19, 2008 at 3:32 PM, Michael Alger <squid_at_mm.quex.org> wrote:
Received on Mon Jul 21 2008 - 03:42:33 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 21 2008 - 12:00:05 MDT