Ask Your Question
0

which wireshark filter shall i use to check if some ip is blocked at the server end

asked 2020-10-11 11:27:30 +0000

Jyoti gravatar image

My traffic is going like client __> proxy __> server. There is one external site which is running on https protocol which I am able to access but when I am login in its showing me error " something went wrong". And I can access and login same using my personnel laptop. So whats going wrong when the traffic is going to proxy, i captured packet through Wireshark. I can see in that tcp and ssl handshake is occuring with no error. But there is nothing related to login and authentication, What filter shall I use to check why server is rejecting my credentials over proxy. How can i check if they have been blocked the zscaler ip address at their server end.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-10-12 07:59:13 +0000

hugo.vanderkooij gravatar image

Does the proxy do SSL Intercept? If not, Then the best thing is just to run your browser in debug mode. Otherwise let the proxy capture the packets unencrypted and see what is going on there. But proxy troubleshooting is usually done on the proxy.

edit flag offensive delete link more

Comments

Hey, my office is using zscaler proxy, on the zscaler portal, i can clearly see this specific url is not ssl inspected through zscaler and there is no block. Thing is I am able to access the website but when i am login/authenticated in it showing me -something went wrong error though I am putting the correct credentials. If I am connected to my office network, that time traffic does not go through the proxy, and my credentials on that website is working fine. May I ask you what could be the possible reason about not able to authenticate when traffic going through proxy.

Jyoti gravatar imageJyoti ( 2020-10-13 15:07:09 +0000 )edit
0

answered 2020-10-12 07:26:58 +0000

grahamb gravatar image

As it's https, the traffic will be encrypted so you will need to decrypt it to see any credentials being passed.

See the Wiki page on TLS for details on how to to decrypt TLS traffic.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-10-11 11:27:30 +0000

Seen: 1,913 times

Last updated: Oct 12 '20