ISA Packet Information
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
ISA Packet Information
by Run with the puppies
::
Rate this Message:
Hi List,
I am doing a packet capture on a workstation that is connecting to MS-ISA 2004 server. When doing the capture I have noticed that there are 14 bytes added to the packet before the IP header starts. I have done some googling and have not had much luck finding out what those 14 bytes are. I have also converted the hex to dec and what I am getting is junk because I am not sure what the different fields mean and not making sense to my environment. I am know that the packets contain information about the proxy server, I just want to know what that information is. So I thought I would ask the list if anyone can point me to documentation that explains what those 14 bytes are. Any help would be greatly appreciated.
TIA,
RWP
|
|
|
Re: ISA Packet Information
by crazy frog crazy frog
::
Rate this Message:
14 bytes before the ip header?its the ethernet header if i m not wrong :-p
--------------------------------------- there is a contest on secgeeks: http://secgeeks.com/announcing_secgeeks_contest.html register here:- http://secgeeks.com/user/register rss feeds :- http://secgeeks.com/node/feed http://www.newskicks.com Submit and kick for new stories from all around the world. --------------------------------------- On 8/7/07, Run with the puppies <runwithpuppies@...> wrote: > Hi List, > > I am doing a packet capture on a workstation that is connecting to MS-ISA > 2004 server. When doing the capture I have noticed that there are 14 bytes > added to the packet before the IP header starts. I have done some googling > and have not had much luck finding out what those 14 bytes are. I have also > converted the hex to dec and what I am getting is junk because I am not sure > what the different fields mean and not making sense to my environment. I am > know that the packets contain information about the proxy server, I just > want to know what that information is. So I thought I would ask the list if > anyone can point me to documentation that explains what those 14 bytes are. > Any help would be greatly appreciated. > > TIA, > RWP -- |
|
|
Re: ISA Packet Information
by TheGesus
::
Rate this Message:
On 8/7/07, Run with the puppies <runwithpuppies@...> wrote:
> Hi List, > > I am doing a packet capture on a workstation that is connecting to MS-ISA > 2004 server. When doing the capture I have noticed that there are 14 bytes > added to the packet before the IP header starts. I have done some googling > and have not had much luck finding out what those 14 bytes are. I have also > converted the hex to dec and what I am getting is junk because I am not sure > what the different fields mean and not making sense to my environment. I am > know that the packets contain information about the proxy server, I just > want to know what that information is. So I thought I would ask the list if > anyone can point me to documentation that explains what those 14 bytes are. > Any help would be greatly appreciated. I assume you're using the Microsoft Firewall Client (FWC), running on port 1745? If you like browsing C source code, you might want to check out one of the older (pre-y2k) versions of the Dante SOCKS server/client code at ftp://ftp.inet.no/pub/socks/old/. The author tried to reverse engineer the older (Proxy 2.0) WinSock Proxy client/server protocol (WSP client, the grandaddy of the FWC), but later dropped support. In disgust, I might add. I recall the author had some choice words on the subject in the source code. If you're using SecureNAT or a vanilla CERN-type proxy connection to the ISA server there shouldn't (?) be any surprises in the packets, but you never know with Microsoft. |
| Free embeddable forum powered by Nabble | Forum Help |
