- Run these debugging commands
Follow the related KB article to capture the output in the text file with Putty:
Technical Tip: How to create a log file of a session using PuTTY
diagnose debug reset
diagnose debug console timestamp enable
diagnose wad debug enable category icap
diagnose wad debug enable category http ---> This command is optional if you need to see HTTP debugging detail also.
diagnose wad debug enable level info
diagnose debug enable
-
Generate the related traffic to trigger the ICAP profile
-
Stop debugging by following the command:
diagnose debug disable
diagnose debug reset
-
Sniffer:
diagnose sniffer packet any "host <icap server ip> and port 1344" 6 0 l
Sample of the output.
Source IP address: 192.168.1.34.
Destination: https://dataleaktest.com/
ICAP server IP address: 192.168.1.220
[I]2021-08-02 16:41:52.383860 [p:8338][s:590xxxx] wad_http_full_ses_make :12678 make ok session=0x7f91082a20 server=0x7f90f82188.
[I]2021-08-02 16:41:52.384437 [p:8338][s:590xxxx][r:72] wad_dump_http_request :2548 hreq=0x7f8e40c048 Received request from client: 192.168.1.34:51608
GET / HTTP/1.1
Host: dataleaktest.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,
*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en
[I]2021-08-02 16:41:52.384522 [p:8338][s:590xxxx][r:72] wad_http_parse_host :1667
host=[16]dataleaktest.com
[I]2021-08-02 16:41:52.384537 [p:8338][s:590xxxx][r:72] wad_http_str_canonicalize :2182
enc=0 path=/ len=1 changes=0
[I]2021-08-02 16:41:52.384569 [p:8338][s:590xxxx][r:72] wad_http_connect_server :5846
[0x7f8e40c048] Use old server: N/A:0
[I]2021-08-02 16:41:52.384651 [p:8338][s:590xxxx][r:72] wad_icap_srv_conn_new :559 icap
server 0x7f9176f930 conn 0x7f90e1c048 ireq 0x7f8e4272c0 connecting
[I]2021-08-02 16:41:52.384669 [p:8338] wad_icap_create_new_tcp :782 Allocate ses_ctx 0x7f8e5276e8 -> 192.168.1.220:1344
[I]2021-08-02 16:41:52.384776 [p:8338] wad_http_clt_icap_body_done :1213 msg=0x7f8e40c048
Proc ICAP request 0x7f8e427048(0x7f8e4272c0) switch/is_req: 0/1
[I]2021-08-02 16:41:52.385027 [p:8338] wad_icap_srv_conn_on_connected :487 ICAP 0x7f90e1c048:0x7f8e4272c0:0x7f920f8c48:(:15585->192.168.1.220:1344): connected
[I]2021-08-02 16:41:52.385098 [p:8338] wad_icap_conn_timer_enable :883 ICAP req(0x7f8e4272c0)
conn(0x7f90e1c048) timer Enable.
[I]2021-08-02 16:41:52.385663 [p:8338] icap_parse_icap_start_line :28 icap stream=0x7f8e4272c0
status line ret=1 invalid=0.
[I]2021-08-02 16:41:52.385682 [p:8338] icap_parse_icap_headers :325 ICAP hdr
Server invalid/unknown: 0/1
[I]2021-08-02 16:41:52.385692 [p:8338] icap_parse_icap_headers :325 ICAP hdr ISTag
invalid/unknown: 0/1
[I]2021-08-02 16:41:52.385701 [p:8338] icap_parse_icap_headers :325 ICAP hdr X-Response-Desc
invalid/unknown: 0/1
[I]2021-08-02 16:41:52.385710 [p:8338] icap_parse_icap_headers :325 ICAP hdr X-Response-Info
invalid/unknown: 0/1
[I]2021-08-02 16:41:52.385726 [p:8338] wad_http_icap_clt_request :714 icap=0x7f8e427048
[W]2021-08-02 16:41:52.385734 [p:8338] wad_icap_srv_conn_close :377
ICAP 0x7f90e1c048:0x7f8e4272c0:0x7f920f8c48:(:15585->192.168.1.220:1344): close
[I]2021-08-02 16:41:52.385750 [p:8338] wad_http_icap_notify :937 icap=0x7f8e427048 len=422 request=1 clt_strm=0x7f8e44c778
[I]2021-08-02 16:41:52.385780 [p:8338][s:590xxxx][r:73] wad_http_icap_dyn_fwd_start_proc :246
start proc msg 0x7f8e40c4d8 icap=0x7f8e427048, len=0
[I]2021-08-02 16:41:52.385805 [p:8338][s:590xxxx][r:73] wad_dump_fwd_http_req :2554
hreq=0x7f8e40c048 Forward request to server:
GET / HTTP/1.1
Host: dataleaktest.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,
*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en
Connection: keep-alive
[I]2021-08-02 16:41:52.915582 [p:8338][s:590xxxx] wad_dump_http_resp :2569 hreq=0x7f8e40c048 Received response from server:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Mon, 02 Aug 2021 09:41:51 GMT
Content-Length: 45938
[I]2021-08-02 16:41:52.915640 [p:8338][s:590xxxx] wad_http_fwd_non_cacheable_resp :2268 resp(0x7f914085e0) starts processing.
[I]2021-08-02 16:41:52.915650 [p:8338][s:590xxxx] wad_http_resp_setup_fwd_resp :2245 msg(0x7f914085e0) build fwd resp!
[W]2021-08-02 16:41:52.915661 [p:8338][s:590xxxx] wad_http_icap_resp_enabled :1159 ICAP=0x7f923238a8 req_method: 0
[I]2021-08-02 16:41:52.915685 [p:8338][s:590xxxx] wad_icap_srv_conn_new :559 icap server 0x7f9176f930 conn 0x7f90e1c048 ireq 0x7f8e4277b0 connecting
[I]2021-08-02 16:41:52.915698 [p:8338][s:590xxxx] wad_icap_srv_conn_on_connected :487 ICAP 0x7f90e1c048:0x7f8e4277b0:0x7f920f8ca8:(:15585->192.168.1.220:1344): connected
Relevant knowledge base articles for ICAP troubleshooting: Technical Tip: How to troubleshoot ICAP.
|
