1 | initial version |
If you look at the packet stream how can you match the stream from client to proxy to the stream from proxy to server?
In my experience there is no garantueed 1 on 1 match to start with. And I have been troubleshooting Blue Coat Proxies for over a decade so I have seen my share of cases where something like that might be useful.
But it requires a good chucnk of deduction to match requests in a client to proxy stream to a proxy to server stream. And often enough I get half a dozen requests in the same stream from proxy to server as there are other users on the same proxy going to the same webserver.
The most useful way to work with such packet captures is tracking http requests. (Assuming it is not HTTPS where you are effectively blind anyway.)
So I would say there is no (clear) way to define the behaviour and get a proper match. This is where you have to provided the craftsmanship and show your knowledge of packets and protocols.
Regards, Hugo.