Wireshark mailing list archives
Re: invalid request
From: mustafa <mustafarajimusa () gmail com>
Date: Wed, 14 Mar 2012 09:42:14 +0300
On 3/14/2012 9:34 AM, Guy Harris wrote:
it might be the problem is sending ssl over http because i configure squid in the intercept mode, but squid know how to deal with ssl, i want to know what is the cause to block it , or find solution to it using squidOn Mar 13, 2012, at 11:20 PM, mustafa wrote:*Internet Protocol, Src: 192.168.40.3 (192.168.40.3), Dst: 10.10.10(10.10.10.53) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 96 Identification: 0x23e0 (9184) Flags: 0x02 (Don't Fragment Fragment offset: 0 Time to live : 127 Protocol : TCP (6) Header checksum: 0xdacd [correct] source 10.10.10.53 (10.10.10.53 Destination: 192.168.40.3 (192.168.40.3) *Transmission Control Protocol, Src Port:49869 (49869), Dst Port: http (80), seq: Source port: 49869 (49869) Destination port: http (80) [Stream index: 240] Sequence number: 1 (relative squence number) [NEXT squence number: 57 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) window size: 17520 (scaled) Checksum: 0xba28 [validation disabled] [SEQ/ACK analysis] *Hypertext Transfer Protocol *DATA (56 bytes) Data:0569ff24fdd6dbd18ffe4d2f2fffaa9020alae217a53923a.. [Length: 56]OK, so the two sequence numbers indicate that there should, in fact, be 56 bytes of data in the TCP segment. If that's the *first* TCP segment sent from host 192.168.40.3 port 49869 to host 10.10.10.53 port 80, then that is reported by Wireshark as an invalid request, and rejected by Squid as an invalid request, because it *IS* an invalid request! It looks like a bunch of random binary data, but an HTTP request needs to look like {command} {path} HTTP/1.1 or something such as that, for example GET / HTTP/1.1 Is somebody trying to send encrypted HTTP-over-SSL/HTTP-over-TLS to port 80?
thanks Best regards
___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- invalid request mustafa alhussona (Mar 13)
- Re: invalid request Martin Visser (Mar 13)
- Re: invalid request Guy Harris (Mar 13)
- Re: invalid request mustafa (Mar 13)
- Re: invalid request Guy Harris (Mar 13)
- Re: invalid request mustafa (Mar 13)
- Re: invalid request Guy Harris (Mar 14)
- Re: invalid request mustafa (Mar 14)
- Re: invalid request mustafa (Mar 13)