This command works
>sfk tcpdump -flat 9000 -forward home.comcast.net:80 -timeout 2000 | tee >log.txt
but the hostname is not the one that I am communicating with.
This
>sfk tcpdump -flat 9000 -forward home.comcast.net/~dyscdbc:80 -timeout 2000 | tee >log.txt
shows the address I actually need to reach but sfk generates
>>error: cannot get host: home.comcast.net/~dyscdbc
I tried adding a trailing slash and encoding the tilde and then both. Same error every time.
Am I doing something wrong?
Or is there a work-around?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-05-11
The string "67e" in the URL given above is actually "%7e".
IOW I replaced "/~dyscdbc" with "/%7edyscdbc".
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
> > sfk tcpdump -flat 9000 -forward home.comcast.net:80
> > but the hostname is not the one that I am communicating with.
By hostname you probably mean the Http header field:
> > Host: localhost:9000
which is produced by your web browser, and passed through SFK
to the target machine. It is possible that this produces
problems with virtual host resolving on that target machine.
The machine may try to resolve a document root for web pages
by that Host header, and as "localhost" is unknown,
you may end up only with an error page.
And this is not at all allowed. If SFK tcpdump gets a phrase "a:b"
then it thinks "a" is a hostname, in your case "home.comcast.net/~dyscdbc" -
but this is a mixture of a hostname and a path.
To summarize, you must send HTTP requests to SFK
containing a correct "Host:" header field.
This can be done by entering SFK as a proxy in your web browser.
In Firefox, open options/options/network/settings, set
manual proxy configuration, set http proxy "localhost" port 9000.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-05-11
Thanks for you reply.
I fully understand the proxy setup - and it works fine in a browser.
I am trying to work with a WebDAV client, however, and addresses of the form
home.comcast.net/~dyscdbc
are normal server names in the context of FrontPage extensions.
I will post again when I have a better packet sniffer and can show you what tcpdump needs to pass back and forth. At the moment I don't actually know the complete details myself, but I can tell you that when I open the site mentioned above in SharePoint Designer 2007. sfk catches no traffic at all. If I navigate to the same site in a browser, however, sfk intercepts and displays all traffic to/from that hostname .
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-05-11
OK. now I have a better idea of what is happening. And before I go on, a big "THANK YOU!" .
I couldn't find a button to add a file, so I have appended a captured conversation below.
One of my symptoms appears to be the result of my not understanding how sfk is invoked.
When I put a site name in the sfk command line then navigate to localhost:9000 in any browser, sfk is invoked and captures HTTP traffic to and from that host as expected.
SharePoint Designer 2007 doesn't work that way.
I had to configure SPD internally to use a proxy - and I wouldn't have tumbled to the fact that I might have to do that if you hadn't made the detailed comment about Firefox. Thank you!!
When I had done that, all traffic started going through sfk but when stdout from its commandlne went on to tee; nothing appeared on the screen. That made me think that it wasn't working, but my log file was created.
Basically my sfk problem is solved. I am a little puzzled as to why I'm not getting the display I expected, but the log file is more useful anyway.
Now that I think of it, I have decided not to post the entire captured text in a public forum. In the very unlikely event that you would like to see the rest of it, I can email it to you.
=== partial dump follows
waiting on port 9000 for connections, to forward to home.comcast.net:80. timeout is 2000 milliseconds.
<body>
<!- _vti_inf.html version 0.100>
<!-
This file contains important information used by the FrontPage client
(the FrontPage Explorer and FrontPage Editor) to communicate with the
FrontPage server extensions installed on this web server.
The values below are automatically set by FrontPage at installation. Normally, you do not need to modify these values, but in case
you do, the parameters are as follows:
'FPShtmlScriptUrl', 'FPAuthorScriptUrl', and 'FPAdminScriptUrl' specify
the relative urls for the scripts that FrontPage uses for remote
authoring. These values should not be changed.
'FPVersion' identifies the version of the FrontPage Server Extensions
installed, and should not be changed.
-><!- FrontPage Configuration Information
FPNoRootWeb="1"
->
<p><!-webbot bot="PurpleText"
preview="This page is placed into the root directory of your FrontPage web when FrontPage is installed. It contains information used by the FrontPage client to communicate with the FrontPage server extensions installed on this web server. You should not delete this file."
-></p>
<h1>FrontPage Configuration Information </h1>
<p>In the HTML comments, this page contains configuration
information that the FrontPage Explorer and FrontPage Editor need to
communicate with the FrontPage server extensions installed on
this web server. Do not delete this page.</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD><BODY>
<H1>Authorization Required</H1>
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
</BODY></HTML>
This command works
>sfk tcpdump -flat 9000 -forward home.comcast.net:80 -timeout 2000 | tee >log.txt
but the hostname is not the one that I am communicating with.
This
>sfk tcpdump -flat 9000 -forward home.comcast.net/~dyscdbc:80 -timeout 2000 | tee >log.txt
shows the address I actually need to reach but sfk generates
>>error: cannot get host: home.comcast.net/~dyscdbc
I tried adding a trailing slash and encoding the tilde and then both. Same error every time.
Am I doing something wrong?
Or is there a work-around?
The string "67e" in the URL given above is actually "%7e".
IOW I replaced "/~dyscdbc" with "/%7edyscdbc".
> > sfk tcpdump -flat 9000 -forward home.comcast.net:80
> > but the hostname is not the one that I am communicating with.
By hostname you probably mean the Http header field:
> > Host: localhost:9000
which is produced by your web browser, and passed through SFK
to the target machine. It is possible that this produces
problems with virtual host resolving on that target machine.
The machine may try to resolve a document root for web pages
by that Host header, and as "localhost" is unknown,
you may end up only with an error page.
> > sfk tcpdump -flat 9000 -forward home.comcast.net/~dyscdbc:80
And this is not at all allowed. If SFK tcpdump gets a phrase "a:b"
then it thinks "a" is a hostname, in your case "home.comcast.net/~dyscdbc" -
but this is a mixture of a hostname and a path.
To summarize, you must send HTTP requests to SFK
containing a correct "Host:" header field.
This can be done by entering SFK as a proxy in your web browser.
In Firefox, open options/options/network/settings, set
manual proxy configuration, set http proxy "localhost" port 9000.
Then type http://home.comcast.net/~dyscdbc within Firefox,
and it should send the request to SFK with correct Host: header.
Thanks for you reply.
I fully understand the proxy setup - and it works fine in a browser.
I am trying to work with a WebDAV client, however, and addresses of the form
home.comcast.net/~dyscdbc
are normal server names in the context of FrontPage extensions.
I will post again when I have a better packet sniffer and can show you what tcpdump needs to pass back and forth. At the moment I don't actually know the complete details myself, but I can tell you that when I open the site mentioned above in SharePoint Designer 2007. sfk catches no traffic at all. If I navigate to the same site in a browser, however, sfk intercepts and displays all traffic to/from that hostname .
OK. now I have a better idea of what is happening. And before I go on, a big "THANK YOU!" .
I couldn't find a button to add a file, so I have appended a captured conversation below.
One of my symptoms appears to be the result of my not understanding how sfk is invoked.
When I put a site name in the sfk command line then navigate to localhost:9000 in any browser, sfk is invoked and captures HTTP traffic to and from that host as expected.
SharePoint Designer 2007 doesn't work that way.
I had to configure SPD internally to use a proxy - and I wouldn't have tumbled to the fact that I might have to do that if you hadn't made the detailed comment about Firefox. Thank you!!
When I had done that, all traffic started going through sfk but when stdout from its commandlne went on to tee; nothing appeared on the screen. That made me think that it wasn't working, but my log file was created.
Basically my sfk problem is solved. I am a little puzzled as to why I'm not getting the display I expected, but the log file is more useful anyway.
Now that I think of it, I have decided not to post the entire captured text in a public forum. In the very unlikely event that you would like to see the rest of it, I can email it to you.
=== partial dump follows
waiting on port 9000 for connections, to forward to home.comcast.net:80. timeout is 2000 milliseconds.
GET http://home.comcast.net/_vti_inf.html HTTP/1.0
Date: Fri, 11 May 2012 21:12:12 GMT
MIME-Version: 1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MS FrontPage 12.0)
Host: home.comcast.net
Accept-Language: en-us, en;q=0.1
Accept: auth/sicily
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: s_vi=v1|26EA59BF85149187-4000016A60032D92
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 May 2012 21:12:17 GMT
Server: Apache
Last-Modified: Fri, 15 Jun 2007 18:08:23 GMT
ETag: "888450-60e-4672d597"
Accept-Ranges: bytes
Content-Type: text/html
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<title> FrontPage Configuration Information </title>
</head>
<body>
<!- _vti_inf.html version 0.100>
<!-
This file contains important information used by the FrontPage client
(the FrontPage Explorer and FrontPage Editor) to communicate with the
FrontPage server extensions installed on this web server.
The values below are automatically set by FrontPage at installation. Normally, you do not need to modify these values, but in case
you do, the parameters are as follows:
'FPShtmlScriptUrl', 'FPAuthorScriptUrl', and 'FPAdminScriptUrl' specify
the relative urls for the scripts that FrontPage uses for remote
authoring. These values should not be changed.
'FPVersion' identifies the version of the FrontPage Server Extensions
installed, and should not be changed.
-><!- FrontPage Configuration Information
FPNoRootWeb="1"
->
<p><!-webbot bot="PurpleText"
preview="This page is placed into the root directory of your FrontPage web when FrontPage is installed. It contains information used by the FrontPage client to communicate with the FrontPage server extensions installed on this web server. You should not delete this file."
-></p>
<h1>FrontPage Configuration Information </h1>
<p>In the HTML comments, this page contains configuration
information that the FrontPage Explorer and FrontPage Editor need to
communicate with the FrontPage server extensions installed on
this web server. Do not delete this page.</p>
</body>
</html>
POST http://home.comcast.net/~dyscdbc/_vti_bin/shtml.exe/_vti_rpc HTTP/1.0
Date: Fri, 11 May 2012 21:12:19 GMT
MIME-Version: 1.0
User-Agent: MSFrontPage/12.0
Host: home.comcast.net
Accept-Language: en-us, en;q=0.1
Accept: auth/sicily
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
X-Vermeer-Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: s_vi=v1|26EA59BF85149187-4000016A60032D92
method=server+version%3a12%2e0%2e0%2e6500
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 May 2012 21:12:22 GMT
Server: Apache
Content-Type: application/x-vermeer-rpc
<html><head><title>vermeer RPC packet</title></head>
<body>
<p>method=server version:5.0.2.2634
<p>server version=
<ul>
<li>major ver=5
<li>minor ver=0
<li>phase ver=2
<li>ver incr=2634
</ul>
<p>source control=1
</body>
</html>
POST http://home.comcast.net/~dyscdbc/_vti_bin/_vti_aut/author.exe HTTP/1.0
Date: Fri, 11 May 2012 21:12:24 GMT
MIME-Version: 1.0
User-Agent: MSFrontPage/12.0
Host: home.comcast.net
Accept-Language: en-us, en;q=0.1
Accept: auth/sicily
Content-Length: 68
Content-Type: application/x-www-form-urlencoded
X-Vermeer-Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: s_vi=v1|26EA59BF85149187-4000016A60032D92
method=open+service%3a5%2e0%2e2%2e2634&service%5fname=%2f%7edyscdbc
HTTP/1.1 401 Authorization Required
Connection: close
Date: Fri, 11 May 2012 21:12:27 GMT
Server: Apache
WWW-Authenticate: Basic realm="home.comcast.net"
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD><BODY>
<H1>Authorization Required</H1>
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
</BODY></HTML>
POST http://home.comcast.net/~dyscdbc/_vti_bin/_vti_aut/author.exe HTTP/1.0
Date: Fri, 11 May 2012 21:12:24 GMT
MIME-Version: 1.0
User-Agent: MSFrontPage/12.0
Host: home.comcast.net
Accept-Language: en-us, en;q=0.1
Accept: auth/sicily
Content-Length: 68
Content-Type: application/x-www-form-urlencoded
X-Vermeer-Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: s_vi=v1|26EA59BF85149187-4000016A60032D92
Authorization: Basic
=== partial dump ends