Posts tagged ProxySG

Packet Capture on a Blue Coat ProxySG Appliance

December 8, 2010

by Michael McNamara in BlueCoat, ProxySG

A large number of colleagues recently had their leased laptops refreshed with a new model and they chose to install Windows 7, a decision which I can’t really fault. Unfortunately as with many things these days we quickly found a few issues, one of which was with Microsoft’s Live Messenger and our Blue Coat ProxySG appliances. I almost immediately suspected the Blue Coat ProxySG appliance so I decided to look there first.

I started with a quick packet capture on the Blue Coat ProxySG appliance. I logged into the appliance and setup a filter to capture just the traffic to/from the IP address of my laptop. Our proxy servers have thousands of clients utilizing them at any one time so trying to perform a packet capture without a filter would be equivalent to trying to take a drink of water from a fire hydrant.

[root@linux ~]# telnet proxy.acme.org
Trying 10.1.2.100...
Connected to proxy.acme.org (10.1.2.100).
Escape character is '^]'.

Using telnet exposes your password. Using ssh is a safer choice.

Username: admin
Password: ********
SG800>enable
Enable Password: ********
SG800#pcap filter expr "host 10.1.1.2"
ok
SG800#pcap start
ok

With the packet trace running I went about duplicating the problem from my laptop.

SG800#pcap stop
ok
SG800#pcap info
packet capture information:
Packets captured:               76
Bytes captured:               9034
Packets written:                76
Bytes written:               11290
Max packet ram:                  0
Packet ram used:                 0
Packets filtered:             6113
Bridge capture all:       Disabled
Current state:             Stopped
Filtering:                      On
Filter expression:                 expr "host 10.1.1.2"

SG800#pcap transfer ftp://ftp.acme.org username password

ok

I retrieved the packet capture from the FTP server and used WireShark to examine the data. The packet trace showed the proxy server sending a RST packet closing the connection to the SOCKS port.

Another trick I learned a long time ago with the ProxySG appliances; try https://proxy.acme.org:8082/SYSInfo (you should obviously replace the hostname in the preceding URL if you want to try it out on your ProxySG appliance). In the IM debug information I found the following reference;

6983.574 MSN 5523C010: Can't proceed with unknown version: MMSG-VER-MSNP18
6983.574 MSN 5523C010: VER: MMSG-VER-MSNP18 not supported
6983.560 Admin: Accepted SOCKS client connection from 10.1.1.2 (policySession: 3895168, socksTrans: 7B5A004)

The log entries above suggest that this latest version of the Live Messenger is using a protocol version that isn’t yet supported by the Blue Coat ProxySG appliance, or at least isn’t supported in the 4.3.x software branch. I did a quick Google search and found a relative knowledge-base article on Blue Coat’s website that provides all the details around which IM versions are specifically supported on which ProxySG software releases. There is an option to just tunnel the SOCKS connection which I’ll need to investigate.

Cheers!

Blue Coat ProxySG Appliance – test http url

August 18, 2010

by Michael McNamara in BlueCoat, ProxySG

We recently had an issue where a few of our Blue Coat ProxySG appliances were having issues connecting to a specific URL. We would continually get the “TCP Error” banner from the Blue Coat proxy servers trying to connect to this website. We had no issues connecting directly (outside of the ProxySG appliances) so the proxy servers were assumed to be the immediate suspect in the problem.

Thankfully there’s a way to quickly and easily test access a specific URL from the CLI interface of the Blue Coat ProxySG appliances.

SG800#test http get ?
<url>

So I performed a quick test from the CLI interface;

SG800#test http get http://someurlsomewhere.com

Type escape sequence to abort.
Executing HTTP get test

* HTTP request header sent:
GET http://someurlsomewhere.com HTTP/1.0
Host: someurlsomewhere.com
User-Agent: HTTP_TEST_CLIENT

* HTTP response header recv'd:
HTTP/1.1 503 Service Unavailable
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Connection: close
Content-Length: 1329

Measured throughput rate is 0.03 Kbytes/sec
HTTP get test passed

It was easy to immediately see that the web server was returning a 503 error to the proxy server, something that was impossible to see from the client browser and difficult to locate from the log files.

The hosting company for the server in question eventually resolved the issue when they removed the automatic blacklisting that had been automatically placed on the proxy server’s public IP address after too many people failed to authenticate properly (because the website in question had a password on it).

Here’s the test when it worked properly returning a 401 error requiring the user to authenticate;

SG800#test http get http://someurlsomewhere.com

Type escape sequence to abort.
Executing HTTP get test

* HTTP request header sent:
GET http://someurlsomewhere.com HTTP/1.0
Host: someurlsomewhere.com
User-Agent: HTTP_TEST_CLIENT

* HTTP response header recv'd:
HTTP/1.1 401 Authorization Required
Date: Wed, 11 Aug 2010 15:40:31 GMT
Server: Apache/2.2.3 (CentOS)
WWW-Authenticate: Basic realm="For Acme Health only..."
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Content-Length: 479
Connection: close
Proxy-support: Session-based-authentication

Measured throughput rate is 4.50 Kbytes/sec
HTTP get test passed

Cheers!

GET HTTP PROXY ProxySG TEST URL

BlueCoat ProxySG – Flush DNS and Cache

October 2, 2008

by Michael McNamara in BlueCoat, ProxySG

There can be a few occasions where you may need to manually purge the local DNS cache and/or the actual web cache of a Blue Coat ProxySG appliance. While both the DNS cache and web cache will eventually age out it can be helpful to sometimes speed up the process by flushing/purging the DNS and web cache.

While this can all be done from the web interface I generally prefer the CLI (if available). The Blue Coat ProxySG appliances that I managed are setup for SSH access you may need to confirm that SSH is enabled (telnet might be enabled).

Let’s start by connecting to the BlueCoat ProxySG appliance (proxysg.acme.org);

[root@linuxhost etc]# ssh -l admin proxysg.acme.org
admin@proxysg.acme.org's password:

proxysg.acme.org - Blue Coat SG510 Series>

Once we’re connected we need to go into privledged mode to issue the commands;

proxysg.acme.org - Blue Coat SG510 Series>enable
Enable Password:

Now that we’re in privledged mode we can clear the web content cache with the following command;

proxysg.acme.org - Blue Coat SG510 Series#clear-cache
ok

And to clear the DNS cache we can use the following command;

proxysg.acme.org - Blue Coat SG510 Series#purge-dns-cache
ok

And don’t forget to logout when you’re all done.

proxysg.acme.org - Blue Coat SG510 Series#exit
Connection to proxysg.acme.org closed.

Cheers!

BlueCoat CACHE DNS FLUSH PROXY ProxySG PURGE

1 2 Next »

SPONSOR
Tweets
Michael McNamara 383 followers 570 tweets
- Congratulations #Giants it was a great game!1 day ago
- @CaptainHostile Its a halftime show not a strip tease. I thought it was pretty good, now Clint was looking a little worn.1 day ago
- @markstevens20 Same from my 11 year old daughter :-)1 day ago
- @fryguy_pa It was funny!1 day ago
Blogroll
LICENSE
This blog licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
This license lets others remix, tweak, and build upon my work even for commercial purposes, as long as they credit me and license their new creations under the identical terms.
You must provide attribution in the derived work and you must include a link to the original content.

Go to Top

Posts tagged ProxySG

Packet Capture on a Blue Coat ProxySG Appliance

Blue Coat ProxySG Appliance – test http url

BlueCoat ProxySG – Flush DNS and Cache

SPONSOR

Tweets

Blogroll

LICENSE