Member Avatar for Griff0527

I've been tasked to attempt something far outside of my normal realm, but don't know where to start. Due to the fact that my logs are work related, I cannot/will not post the logs here, but I'm hoping I can still get pointed in the right direction to find information on how to interpret, compare, and contrast the logs I'm gathering. In other words, can someone tell me of a good resource for learning how to read and interpret .pcapng or .json logs?

Issue: using a work VPN pointed at a network proxy, IE and Firefox block correctly. However, Google Chrome bypasses the proxy and no one knows why. Proxy settings are set in the IE and Firefox browsers, Chrome utilizes the Windows settings, so I set the proxy in the Windows network (Internet Options -> Connection Tab -> LAN Settings) to "use proxy server for your LAN", and set the correct address. HOWEVER, as Windows states in the settings "These settings will not apply to dial-up or VPN connections".

My thought is that if I can do a capture using WireShark and close all network programs possible (Outlook, all browsers except what I am testing), clean the cache and history, then send request to sites that are supposed to be blocked while using Chrome, then a separate log using IE which does block the traffic, I should be able to capture some information which might lead to a diagnosis of why Chrome bypasses the proxy.

Another possibility is that I am unaware of a different setting in Chrome to force the proxy to be used during VPN.
I cannot set a FW rule as that is blocked from my abilities. My Security and FW team are of no help at this time and I have a week to attempt to investigate this and possibly resolve.

This may not be the right forum for this question, and if it isn't, please point me in the right direction and I will close this post and open a new one in the right forum...

Thank you all.

Recommended Answers

All 3 Replies

Are the logs from a Linux system? What kind of data do they contain (you just need to provide a general description of what they are)? Are they consistently formatted (at least by type)?

Member Avatar for Griff0527

The logs are from my Windows 7 system. I am collecting them using WireShark and Net-Internals from Chrome. They are in .json (net-internals) and .pcapng (WireShark) formats. The logs show all of the network traffic. What I am trying to determine is why the traffic is blocked via IE and Fireforx, but Chrome allows the traffic to pass through and gain access to websites that should be blocked by the proxy.

Sorry, but though I have quite a bit of experience working with Wireshark (and the associated tcpdump tool), I have not knowleged of (that I am aware of) of .pcapng, and certainly no experience with .json formats; however, it wouldn't take me long to figure them out, which is what you need to do. This may take a bit of effort, and/or google searches to find some appropriate documentation and such for them.

Also, did you install this Chrome instance yourself, or did someone else do it? If someone else, are you sure they didn't install a proxy bypass tool or configure it to tell the proxy to let it pass? On the systems for my old company (Nokia) we had to configure it to allow the proxy to allow us to bypass the firewall - necessary for developers who were writing web browser tools...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.