Ask Your Question
0

Follow 2 conversations in the same tcptrace graph

asked 2020-12-16 11:54:18 +0000

Hi all

I love the tcptrace graph, great to understand what is going on between Client and Server.

Now I want to follow a flow between a client and a server but this one going through a proxy.

To understand what is happing in the proxy I would love to be able to follow the 2 conversations [Client->Proxy] and [Proxy->Server] in the same tcptrace graph.

It seems it is not possible, right ? Is it an identified feature to be developed in a future release ?

Thank you all

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-16 12:43:01 +0000

hugo.vanderkooij gravatar image

If you look at the packet stream how can you match the stream from client to proxy to the stream from proxy to server?

In my experience there is no garantueed 1 on 1 match to start with. And I have been troubleshooting Blue Coat Proxies for over a decade so I have seen my share of cases where something like that might be useful.

But it requires a good chucnk of deduction to match requests in a client to proxy stream to a proxy to server stream. And often enough I get half a dozen requests in the same stream from proxy to server as there are other users on the same proxy going to the same webserver.

The most useful way to work with such packet captures is tracking http requests. (Assuming it is not HTTPS where you are effectively blind anyway.)

So I would say there is no (clear) way to define the behaviour and get a proper match. This is where you have to provided the craftsmanship and show your knowledge of packets and protocols.

Regards, Hugo.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-12-16 11:54:18 +0000

Seen: 63 times

Last updated: Dec 16 '20