[Snort-users] HTTP Protocol Analysis
sonikam at ...4044...
Thu May 13 23:27:03 EDT 2004
I faced a recurrent problem in my network that any request to
www.google.com , www.rediff.com .. etc was getting redirected to
So the http traffic dump was taken using Snort. ( logger mode of Snort)
The following was found in the HTTP session dump and it can be observed
that the reply packet had extra appended tags as follows
... rediff Page contents....
<META HTTP-EQUIV=Refresh Content="0; URL=http://www.coolsavings.com">
Now this page is cached at our proxy and so all the requests are
redirected to new url.
when we disable the caching at proxy the problem is taken care of, but
the mechanism of doing this is still not known.
I shall be grateful it anybody can explain this process.
More information about the Snort-users