jueves, junio 21, 2007

Howto debug network errors in squid with wireshark

If you see in the squid logs errors such as:

> 2007/06/12 11:15:45| parseHttpRequest: Unsupported method '^C'
> 2007/06/12 11:15:45| clientReadRequest: FD 145 (x.x.x.x:62332) Invalid
> Request
> 2007/06/12 11:15:48| parseHttpRequest: Requestheader contains NULL
> characters
> 2007/06/12 11:15:48| parseHttpRequest: Unsupported method '^C'
> 2007/06/12 11:15:48| clientReadRequest: FD 1611 (x.x.x.x:60853) Invalid
> Request
> 2007/06/12 11:15:49| parseHttpRequest: Requestheader contains NULL
> characters
> 2007/06/12 11:15:49| parseHttpRequest: Unsupported method '^C'

You could do some debug with utils such as ethereal/wireshark:

PROCEDURE:

1. Start wireshart, and start a new packet capture.

2. When seeing the error in cache.log, enter the filter
ip.address == YYYYYY && tcp.port == XXXXX

where YYYYY is the IP and XXXXX is the port number from the Invalid
Request log line.

Then select the first packet shown (should be a SYN), and choose Analyze
-> Follow TCP Stream. This opens a new window with the TCP stream
decoded. In this area you'll have all important data about the problem.