Hi, I work in a corporate environment working with the usual firewalls and proxy servers. We have some MAC clients with a KACE agent installed on them which automates the downloading of updates etc. The update server is hosted by a 3rd party so is not within our network. The KACE agent is unable to talk to the external update server. I can see the traffic going out in wireshark but I don't know how to read the information to see if its going through the proxy server or not. I need to verify if both the outgoing and incoming trafffic is trying to access the internet directly without the proxy server. All helpo appreciated. Thank You asked 09 Jul '15, 03:49  Scott W |
One Answer:
If the destination address is an address of your local network (RFC-1918, 192.168.x.x, 10.x.x.x, etc.) then it's a proxy connection. You'll then often also see the typical TCP proxy ports (3218, 8000,8080, etc.). If the destination IP address is an address on the internet, it's either a direct connection or the connection is 'intercepted' by a transparent proxy at the gateway. You can't easily determine in a capture file if a transparent proxy is being used. Inter frame time delta could be a sign for it, but that's not reliable. Regards answered 09 Jul '15, 22:22  Kurt Knochner ♦ |
Could you share us a trace on dropbox, google, cloudshark or another publicity place?