3rd Party Tools

lslocum_ironport · ‎09-14-2007

Empowering IPN Citizens through tools! IronPort’s 3rd Party Tools are listed below. Reply to this post to share your favorite 3rd party tools. For IronPort Unsupported Contributed Tools visit the Support Portal: http://tinyurl.com/3c5l8r

IRONPORT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, WITH RESPECT TO THE PACKAGES, POSTS OR THIRD PARTY TOOLS, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. IRONPORT DOES NOT PROVIDE ANY SUPPORT SERVICES FOR THE PACKAGES, POSTS OR THIRD PARTY TOOLS.

1) Wireshark Protocol Analyzer - analyze HTTP packets
http://www.wireshark.org/download.html

jowolfer · ‎05-20-2008

For those interested, the following Wireshark filter colors file has been tuned to troubleshoot issues regarding HTTP, HTTPS, and proxy types of issues.

I have fine tuned it over several years. Here it is:

(please note that each line needs to start with the @ symbol, no wrapping!)

# DO NOT EDIT THIS FILE! It was created by Wireshark
@tcp.port==3454@tcp.port==3454@[17969,17969,17969][65535,65535,65535]
@WCCP I See You@wccp.message==11@[0,14392,2570][65535,62131,38551]
@WCCP Here I am@wccp.message==10@[0,14392,2570][65535,44807,9477]
@WCCP@wccp@[0,14460,2721][65535,65535,65535]
@ICMP@icmp@[62382,65535,62388][0,1755,65534]
@smtp@smtp@[65535,65120,57464][0,0,0]
@LDAP Add object@ldap.protocolOp==8 || ldap.protocolOp==9@[33979,46409,46255][0,19691,2625]
@ldap search@ldap.protocolOp==3 || ldap.protocolOp==5@[41653,50553,44212][49,11534,0]
@LDAP Bind@ldap.protocolOp==0 || ldap.protocolOp==1@[22836,34561,26186][498,13973,0]
@ldap@ldap@[59721,59721,59721][0,14765,534]
@AD auth@kerberos@[59881,59881,59881][63216,0,609]
@HTTP 500@http.response.code==500@[54964,27365,0][65535,65535,65535]
@HTTP 502@http.response.code==502@[60250,30125,0][65535,65535,65535]
@HTTP 503 Internal Server Error @http.response.code==503 @[53908,26954,0][65535,65535,65535]
@HTTP 504 Gateway Error@http.response.code==504@[44923,22462,0][65535,65535,65535]
@HTTP 404 Object not found@http.response.code==404@[0,1554,38657][65535,65535,65535]
@HTTP 403 DENIED@http.response.code==403@[43991,0,0][65535,65535,65535]
@http.response.code==400@http.response.code==400@[65535,0,0][65535,65535,65535]
@HTTP 407 Explicit Auth@http.response.code==407@[57522,52090,57160][0,0,0]
@HTTP 401 Transparent Auth@http.response.code==401@[59527,53402,59206][0,0,0]
@HTTP 302 Redirect @http.response.code==302@[64090,59269,59015][0,0,0]
@HTTP 307 Redirect @http.response.code==307@[60637,53281,53033][0,0,0]
@HTTP 301 Redirect @http.response.code==301@[65535,53593,53593][0,0,0]
@HTTP 206@http.response.code==206@[44461,49344,56283][0,0,0]
@HTTP 200 @http.response.code==200@[44435,49246,56233][0,0,0]
@HTTP 100 Continue@http.response.code==100@[0,29225,12181][65535,65535,65535]
@HTTP GET@http.request.method=="GET"@[42180,43678,52670][0,0,0]
@HTTP OPTIONS@http.request.method==OPTIONS@[48059,49344,58339][0,26214,156]
@HTTP POST@http.request.method=="POST"@[48059,49344,58339][40653,0,0]
@HTTP CONNECT@http.request.method=="CONNECT"@[48059,49344,58339][0,7199,30828]
@HTTPS@ssl@[56540,56797,60138][0,7196,30840]
@HTTP@http@[56540,56797,60138][0,0,0]
@AIM@aim@[56030,55858,49914][0,0,0]
@MSN Messenger@msnms@[56026,56026,49858][1206,0,34420]
@RTSP (Real / Quicktime Streaming)@rtsp@[9859,25977,36537][65535,65535,65535]
@MS Streaming (WMP)@mms || msmms@[29859,12894,13724][65535,65535,65535]
@SOCKS@socks@[63569,62954,62954][0,24105,32462]
@BCAAA NTLM / IWA@tcp.port==16101@[49878,57034,59069][0,0,0]
@radius reject@radius.code==3@[49858,57054,59110][65535,0,0]
@radius@radius@[49858,57054,59110][10042,10042,10042]
@DNS@dns@[37297,50603,54405][0,0,0]
@FTP Data port@ftp-data@[65535,55769,42405][0,4946,53597]
@FTP@ftp@[65535,55747,42283][0,0,0]
@TCP FIN@tcp.flags.fin==1@[57473,65535,56333][0,0,0]
@TCP RST@tcp.flags.reset==1@[43996,57774,42218][0,0,0]