On 10/10/2013 12:15 p.m., John Kenyon wrote:
Hi John,
As Amos mentioned, it would be great to see http payload of the
packets (use - Afnn switches for this). Also traffic on proxy itself is more interesting.
IIRC, 502 status code means that your proxy has some issues when
reading data from origin server. Do you see anything suspicious in cache.log?
Best wishes,
Pavel
Hi Pavel,
Nothing in the cache.log, I can run in debug mode, which debug section do you require?
Also here is an example when it is not working with the extra switches:
Okay, what I was requesting was a copy of the HTTP data stream.
Unfortunately this type of output for tcpdump adds more confusion
thatanythign else.
Here is what I do to get the required HTTP stream details from tcpdump:
* use the -s option to fetch unlimited packet payload (-s 0 or -s 65536
depending on your system).
* save the capture to a .cap file.
* open with wireshark
* locate any packet in the desired HTTP stream and select "follow TCP
stream"
* cut-n-paste the HTTP details out of the resulting plain text document
PS. if you happen to notice anything strange like binary characters in
amongst the HTTP protocol headers, they themselves could be the cause of
the problems. The only binary should be in payload/object/body blocks
between the message header blocks.
Amos
