Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


tcpdump

311 posts

Ultimate Geek


#92580 2-Nov-2011 10:07
Send private message

Hi,

I recall the last time I checked I was using Telecom's transparent proxy but it seems it's no longer the case:

# telnet 1.1.1.1 80
Trying 1.1.1.1...
^C

 
My network knowledge tells me that transparrent proxies capture all traffic, including the one for IP addresses that don't run a web server and/or are down.

Am I mistaken?

Thanks. 

PS: I am comfortable not using their proxies so I'm not looking to have it enabled, I am just wondering if they have disabled the "feature" or they are using a different method. I'm on a Total Home 60GB broadband plan. 

Create new topic
BarTender
3219 posts

Uber Geek

Trusted
Lifetime subscriber

  #540226 2-Nov-2011 10:23
Send private message

tcpdump: Hi,

I recall the last time I checked I was using Telecom's transparent proxy but it seems it's no longer the case:

# telnet 1.1.1.1 80
Trying 1.1.1.1...
^C

 
My network knowledge tells me that transparrent proxies capture all traffic, including the one for IP addresses that don't run a web server and/or are down.

Am I mistaken?


Yes, you are.

Transparent proxies only cache http traffic to allow for faster browsing experience and reduced usage of international connectivity.  It won't cache https or any other traffic such as vpn's or tcp sessions that are reset due to the remote site being down.

tcpdump: PS: I am comfortable not using their proxies so I'm not looking to have it enabled, I am just wondering if they have disabled the "feature" or they are using a different method. I'm on a Total Home 60GB broadband plan. 


You can request a static IP, and have that IP added to the no-proxy list.

Transparent proxies by their nature shouldn't be affecting your browsing experience in any other way than a positive one by making it go faster.  That is of course if the cache hasn't got corrupted and the proxies are all bent out of shape :)




and


tcpdump

311 posts

Ultimate Geek


  #540231 2-Nov-2011 10:34
Send private message

I have a remote linux machine and I launched a tcpdump -n port 80 and host $telecom_ip

10:29:34.858398 IP $telecom_ip.36881 > $remote_server.80: Flags [S], seq 1524399974, win 14600, options [mss 1340,sackOK,TS val 208051953 ecr 0,nop,wscale 5], length 0
10:29:34.859587 IP $remote_server:80 > $telecom_ip.36881: Flags [R.], seq 0, ack 1524399975, win 0, length 0
 
This would point to a transparent proxy not being used, correct?

Thanks.

PS: Based on http://www.telecom.co.nz/packages/packages/plansandpricing/totalhomebroadband - does the "static ip address - included" mean it's free? :) 

 
 
 
 


BarTender
3219 posts

Uber Geek

Trusted
Lifetime subscriber

  #540336 2-Nov-2011 14:02
Send private message

tcpdump: I have a remote linux machine and I launched a tcpdump -n port 80 and host $telecom_ip

10:29:34.858398 IP $telecom_ip.36881 > $remote_server.80: Flags [S], seq 1524399974, win 14600, options [mss 1340,sackOK,TS val 208051953 ecr 0,nop,wscale 5], length 0
10:29:34.859587 IP $remote_server:80 > $telecom_ip.36881: Flags [R.], seq 0, ack 1524399975, win 0, length 0
 
This would point to a transparent proxy not being used, correct?

Thanks.

PS: Based on http://www.telecom.co.nz/packages/packages/plansandpricing/totalhomebroadband - does the "static ip address - included" mean it's free? :) 


You wouldn't be able to tell if you are going via the transparent proxy unless you took a trace on both end and saw different sequence numbers between source and destination.  You might see additional http headers injected into the payload but that's at layer 5 rather than 3.

I suggest you request a static IP, to me I don't see a issue with it since it only improves browsing, but if you have a specific business need / reason then put in the request and see how you go.




and


codyc1515
1598 posts

Uber Geek
Inactive user


  #540352 2-Nov-2011 14:31
Send private message

BarTender:
tcpdump: I have a remote linux machine and I launched a tcpdump -n port 80 and host $telecom_ip

10:29:34.858398 IP $telecom_ip.36881 > $remote_server.80: Flags [S], seq 1524399974, win 14600, options [mss 1340,sackOK,TS val 208051953 ecr 0,nop,wscale 5], length 0
10:29:34.859587 IP $remote_server:80 > $telecom_ip.36881: Flags [R.], seq 0, ack 1524399975, win 0, length 0
 
This would point to a transparent proxy not being used, correct?

Thanks.

PS: Based on http://www.telecom.co.nz/packages/packages/plansandpricing/totalhomebroadband - does the "static ip address - included" mean it's free? :) 


You wouldn't be able to tell if you are going via the transparent proxy unless you took a trace on both end and saw different sequence numbers between source and destination.  You might see additional http headers injected into the payload but that's at layer 5 rather than 3.

I suggest you request a static IP, to me I don't see a issue with it since it only improves browsing, but if you have a specific business need / reason then put in the request and see how you go.

Would I be correct in saying that you couldn't use an Alternate DNS if you we're on the transparent proxy?

tcpdump

311 posts

Ultimate Geek


  #540354 2-Nov-2011 14:35
Send private message


Would I be correct in saying that you couldn't use an Alternate DNS if you we're on the transparent proxy?


Not necessarily. They are two different things as the transparent proxy intercepts requests at the IP level (layer 3) , not on the DNS level (layer 7).
 
However, I have read quite a few topics on various issues when using non-Telecom provided DNS servers.

 

Ragnor
8035 posts

Uber Geek

Trusted

  #540361 2-Nov-2011 14:51
Send private message

My understanding is that Telecom use a large cluster of Bluecoat devices for caching (some of the newer Cacheflow, some of the older Proxy SG).

In practice they only intercept international http requests (not https or other protocols) and serve those from the cache.

I believe a http request served from the cache will have an the cache domain name added to the http headers in the server field.  You can inspect the response headers in the dev tools in any modern browser (IE9, Chrome, Firefox + Firebug addon).

It will look something like this (this is Firefox w/ Firebug addon), except the server field will have additional text like: AKmdrL2CacheBC4.telecom.co.nz



So you will probably need to inspect a http request for a static resource eg: css, js, images from an international site where the cache-control headers have been set for caching in order to see this in action.

ptinson
677 posts

Ultimate Geek

Trusted

  #540536 2-Nov-2011 23:48
Send private message

Ragnor is pretty much on the money, with the exception that the the high end cacheflows didnt allow the insertion of the via header, so if you pass through one of those you wont see it.

The Telecom cache was setup so that if your HTTP request didnt match certain criteria it would bypass the cache farm, this was to catch port 80 international traffic that wasnt actually HTTP, so if you simply open a telnet connection to international IP on port 80 and send any random char down it you will bypass the cache:)

There are other tricks you can try and use to see if you are being proxy cached, some are reliable and others arent, things like window scaling size etc. All depends on the cache...

The Telecom caches do secondary DNS resolution before filling a request (it is also a dns cache) so if you use a DNS cache other than the one the caches do then it will screw with your requests.
Common things like requesting facetube from google dns returning a server in the states and the cache seeing it as some where a lot closer, you start getting responses from servers you didnt request them from.

Also be wary of testing to a server the is international, always make sure both the request and response paths are international routes, they are not always and this causes other issues...

Paul (please Telecom, help me purge the cache from my brain:))




meat popsicle

 
 
 
 


plambrechtsen
1948 posts

Uber Geek
Inactive user


  #540563 3-Nov-2011 07:56
Send private message

ptinson: Paul (please Telecom, help me purge the cache from my brain:))


Cheers Paul for the insightful response... And no.. you won't ever be able to purge the cache ;).

ptinson
677 posts

Ultimate Geek

Trusted

  #540567 3-Nov-2011 08:16
Send private message

Insightful? mmm, just factual i think, nothing in that post is new.
I would still be pushing for a big change in how they run if I was still there, ah well. Such is life.




meat popsicle

Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.