Re: [squid-users] Problem with cache poisoning

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 20 Jan 2004 19:07:05 +0100 (CET)

On Tue, 20 Jan 2004, Hans-Christian Prytz wrote:

> I'm trying to do this now, but I haven't been able to reproduce the
> problem in a controlled environment so far.

If you can I would be very interested in tcpdump captures including
payload of the client and server traffic where this poisoning gets
inserted into the cache (clients requests after the cache has been
poisoned is not interesting)

On the proxy

  tcpdump -i any -s 1600 -w dump.out

Then use ngrep to find the relevant TCP sessions, and isolate these by
using tcpdump on the same file..

  tcpdump -r dump.out -w session-X.tcpdump host x.x.x.x port xxxx

Regards
Henrik
Received on Tue Jan 20 2004 - 11:07:08 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:07 MST