[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Transparent Proxy detection (was Re: Introduction_

From: Kirby C. Bohling <kbohling_at_birddog.com>
Date: 2003-02-05 23:37:11 CET

On Wed, 2003-02-05 at 15:42, mark benedetto king wrote:
> On Wed, Feb 05, 2003 at 04:29:09PM -0500, Hensley, Richard wrote:
> > $ svn co http://svn.collab.net/repos/svn/trunk
> > <http://svn.collab.net/repos/svn/trunk> subversion
> > svn: RA layer request failed
> > svn: PROPFIND of /: 501 Not Implemented
> >
>
> This looks suspiciously like an intervening proxy. Does that ring
> true for you?
>
> Resolutions are discussed in detail at:
>
> http://subversion.tigris.org/project_faq.html#proxy

Way off topic, but in theory a distilled version of this could help
people figure out if they are proxied upstream, and might be useful
either on the FAQ, or on a link from the FAQ.

If you are running Linux (maybe other platforms?) a handy piece of
software to detect if an upstream ISP is running a transparent proxy is:

http://michael.toren.net/code/tcptraceroute/

> tcptraceroute servername

will do a TCP traceroute on port 80.

> tcptraceroute servername 25

will do a TCP traceroute on port 25 to tell you what hops your TCP
packets take to get to the host. Because the ICMP route, and the TCP
route might be a bit different because of router configs.

> tcptraceroute www.slashdot.org

 1 * * *
 2 slashdot.org (66.35.250.150) [open] 0.983 ms 0.838 ms 0.347 ms

Hmmm, only two hops from me to slashdot, not right, I should at least
see the IP's to get to my upstream provider.... Proxy server before I
even get to my gateway.

> tcptraceroute -n unproxiedhost
 1 10.15.0.1 (10.15.0.1) 0.219 ms 0.145 ms 0.148 ms
 2 10.10.0.1 (10.10.0.1) 0.468 ms 0.271 ms 0.307 ms
 3 63.125.164.129 (63.125.164.129) 1.085 ms 1.022 ms 0.990 ms
 4 137.39.4.245 (137.39.4.245) 44.897 ms 22.477 ms 23.010 ms
 5 152.63.90.118 (152.63.90.118) 40.847 ms 22.441 ms 22.969 ms
 6 152.63.88.241 (152.63.88.241) 41.011 ms 23.645 ms 22.991 ms
 7 152.63.0.46 (152.63.0.46) 40.973 ms 37.972 ms 45.918 ms
 8 152.63.0.194 (152.63.0.194) 40.741 ms 36.951 ms 49.101 ms
 9 152.63.99.2 (152.63.99.2) 43.469 ms 65.263 ms 36.943 ms
10 144.232.9.133 (144.232.9.133) 182.051 ms 206.100 ms 203.378 ms
11 144.232.20.145 (144.232.20.145) 110.276 ms 225.314 ms 267.943 ms
...
...

We have certain sites configured not to be proxied, this is the sample
partial output of one of them.

Hey, look the TCP traceroute looks like the packets actually travel off
our network and across the Internet, and follow same basic route as an
ICMP traceroute. Probably not proxied.

I thought before it told me the IP of the proxy server, but I can't seem
to get that out of it at the moment. That might be because my local
gateway is doing the forced redirection on the local LAN, before it was
a gateway or two away.

Richard probably don't care, he can just use port 81 more then likely,
but in case he really wants to know, and Net Admin or upstream provider
isn't very forth coming. A person can use this to figure out a lot of
network problems that are TCP port specific.

Kirby

-- 
Real Programmers view electronic multimedia files with a hex editor.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 5 23:38:03 2003

This is an archived mail posted to the Subversion Dev mailing list.