Re: Connection reset by peer

[Pavel Kazlenka <pavel.kazlenka@xxxxxxxxxxxxxxxxxxxxxxx>]

Ok.

Is it possible for you to dump traffic into file like this:

#tcpdump -i any 'port <your squid proxy port> or port 53 or host 
66.151.79.155' -w /tmp/squid.pcap
And post the /tmp/squid.pcap into some of public hosting?
Also, please note, that your dump contains plain text passwords. This 
could be unsafe ;)

Best wishes,
Pavel.

On 10/12/2013 03:34 AM, Amos Jeffries wrote:
> On 11/10/2013 5:53 p.m., John Kenyon wrote:
> > > Here is what I do to get the required HTTP stream details from tcpdump:
> > >
> > > * use the -s option to fetch unlimited packet payload (-s 0 or -s 65536
> > > depending on your system).
> > > * save the capture to a .cap file.
> > > * open with wireshark
> > > * locate any packet in the desired HTTP stream and select "follow 
> > > TCP stream"
> > > * cut-n-paste the HTTP details out of the resulting plain text document
> > >
> > > PS. if you happen to notice anything strange like binary characters 
> > > in amongst
> > > the HTTP protocol headers, they themselves could be the cause of the
> > > problems. The only binary should be in payload/object/body blocks 
> > > between the
> > > message header blocks.
> > >
> > > Amos
> >
> > Hey Amos,
> >
> > Here is the stream content:
>
> Okay. Odd thing is these are all missing Date headers. But there is 
> nothing obvious that woud lead to disconnection.
>
> Amos
>
>
> > POST /scripts/mms.dll/JAWS/MMS/acs/f_login HTTP/1.1
> >
> > Host: www.cmmsau.com
> >
> > User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 
> > Firefox/24.0
> >
> > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >
> > Accept-Language: en,en-us;q=0.5
> >
> > Accept-Encoding: gzip, deflate
> >
> > Referer: http://www.cmmsau.com/mms/mm_login.htm
> >
> > Cookie: 
> > __utma=257591705.1931310241.1381466348.1381466348.1381466348.1; 
> > __utmb=257591705.1.10.1381466348; __utmc=257591705; 
> > __utmz=257591705.1381466348.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
> >
> > Content-Type: application/x-www-form-urlencoded
> >
> > Content-Length: 75
> >
> > Cache-Control: max-age=259200
> >
> > Connection: keep-alive
> >
> >
> >
> > as_userid=asamuels&as_dbpass=as2013&as_store=00200021&submit.x=0&submit.y=0HTTP/1.1 
> > 200 OK
> >
> > Server: Jaguar Server Version 5.5.0
> >
> > Connection: Keep-Alive
> >
> > Content-Type: text/html
> >
> > Content-Length: 200
> >
> >
> >
> >
> >
> > <SCRIPT LANGUAGE="JavaScript">
> >
> > window.location.href="http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_redirect?as_sid=82A18A8F96938DA18A95737E72816AAF&as_proj=00200021&as_flag=RL";; 
> >
> >
> >
> >
> > </SCRIPT>GET 
> > /scripts/mms.dll/JAWS/MMS/acs/f_redirect?as_sid=82A18A8F96938DA18A95737E72816AAF&as_proj=00200021&as_flag=RL 
> > HTTP/1.1
> >
> > Host: www.cmmsau.com
> >
> > User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 
> > Firefox/24.0
> >
> > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >
> > Accept-Language: en,en-us;q=0.5
> >
> > Accept-Encoding: gzip, deflate
> >
> > Referer: http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_login
> >
> > Cookie: 
> > __utma=257591705.1931310241.1381466348.1381466348.1381466348.1; 
> > __utmb=257591705.1.10.1381466348; __utmc=257591705; 
> > __utmz=257591705.1381466348.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
> >
> > Cache-Control: max-age=0
> >
> > Connection: keep-alive
> >
> >
> >
> > Cheers, John