In our organisation, we have an HTTP proxy for web traffic: proxy.mycompany.com that operates on port 8080.
Without the proxy set in IE, I ran a Wireshark whilst attempting to browse to www.google.com
I then set the proxy, and ran a Wireshark trace whilst attempting to browse to www.google.com
Capture_A I can see:
i. Server queries DNS for proxy.mycompany.com
ii. All traffic related to www.google.com
is then via the web proxy
i. Server queries DNS for www.google.com
ii. Server then attempts to make a connection directly to www.google.com
iii. I can see three SYN packets to google., but no responses
Does this sound about right?
I had some questions:
i. When searching for any traffic related to www.google.com
, is it possible to enter a display filter for any packets with the word "google" in the INFO section?
ii. It's a bit ardous to filter for DNS traffic first, grab the packet number, and then remove the filter so I can see all traffic around that time, is it not possible to try and see the conversation related to google ONLY?
iii. I used a display filter of HTTP, but this doesn't capture the SYN packets as they are TCP, how would i be able to do this?
I'm new to Wireshark so any comments would be welcome :)