« Return to Thread: ISA Packet Information
Re: ISA Packet Information
by TheGesus
::
Rate this Message:
On 8/7/07, Run with the puppies <runwithpuppies@...> wrote:
> Hi List,
>
> I am doing a packet capture on a workstation that is connecting to MS-ISA
> 2004 server. When doing the capture I have noticed that there are 14 bytes
> added to the packet before the IP header starts. I have done some googling
> and have not had much luck finding out what those 14 bytes are. I have also
> converted the hex to dec and what I am getting is junk because I am not sure
> what the different fields mean and not making sense to my environment. I am
> know that the packets contain information about the proxy server, I just
> want to know what that information is. So I thought I would ask the list if
> anyone can point me to documentation that explains what those 14 bytes are.
> Any help would be greatly appreciated.
I assume you're using the Microsoft Firewall Client (FWC), running on
port 1745?
If you like browsing C source code, you might want to check out one of
the older (pre-y2k) versions of the Dante SOCKS server/client code at
ftp://ftp.inet.no/pub/socks/old/. The author tried to reverse
engineer the older (Proxy 2.0) WinSock Proxy client/server protocol
(WSP client, the grandaddy of the FWC), but later dropped support. In
disgust, I might add.
I recall the author had some choice words on the subject in the source code.
If you're using SecureNAT or a vanilla CERN-type proxy connection to
the ISA server there shouldn't (?) be any surprises in the packets,
but you never know with Microsoft.
> Hi List,
>
> I am doing a packet capture on a workstation that is connecting to MS-ISA
> 2004 server. When doing the capture I have noticed that there are 14 bytes
> added to the packet before the IP header starts. I have done some googling
> and have not had much luck finding out what those 14 bytes are. I have also
> converted the hex to dec and what I am getting is junk because I am not sure
> what the different fields mean and not making sense to my environment. I am
> know that the packets contain information about the proxy server, I just
> want to know what that information is. So I thought I would ask the list if
> anyone can point me to documentation that explains what those 14 bytes are.
> Any help would be greatly appreciated.
I assume you're using the Microsoft Firewall Client (FWC), running on
port 1745?
If you like browsing C source code, you might want to check out one of
the older (pre-y2k) versions of the Dante SOCKS server/client code at
ftp://ftp.inet.no/pub/socks/old/. The author tried to reverse
engineer the older (Proxy 2.0) WinSock Proxy client/server protocol
(WSP client, the grandaddy of the FWC), but later dropped support. In
disgust, I might add.
I recall the author had some choice words on the subject in the source code.
If you're using SecureNAT or a vanilla CERN-type proxy connection to
the ISA server there shouldn't (?) be any surprises in the packets,
but you never know with Microsoft.
« Return to Thread: ISA Packet Information
| Free embeddable forum powered by Nabble | Forum Help |
