From wei.dai at 263.net Wed Jul 2 09:36:56 2008 From: wei.dai at 263.net (=?gb2312?B?tPrOsCA=?=) Date: Wed, 2 Jul 2008 17:36:56 +0800 Subject: Two questions about Web Polygraph report. Need you help. Message-ID: <20080702093655.61CC016E5D6@smtp.263.net> An HTML attachment was scrubbed... URL: From wei.dai at 263.net Fri Jul 18 10:02:19 2008 From: wei.dai at 263.net (=?gb2312?B?tPrOsCA=?=) Date: Fri, 18 Jul 2008 18:02:19 +0800 Subject: [WebPolygraph] s3_pkt.c:297: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Message-ID: <20080718100219.3BDC616E5D0@smtp.263.net> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: client.pg Type: application/octet-stream Size: 1525 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: server.pg Type: application/octet-stream Size: 1345 bytes Desc: not available URL: From macdutra at gmail.com Fri Jul 18 22:01:32 2008 From: macdutra at gmail.com (Marcos Dutra) Date: Fri, 18 Jul 2008 19:01:32 -0300 Subject: polygraph and NTLMSSP auth Message-ID: <764ed9b40807181501x198202eds60296ae6aa82d635@mail.gmail.com> Hi guys, I tested polygraph in squid with ntlmssp auth and don't work. I just modify the file simple.pg with option : credentials = ["domain+user at mymachine:mypassword"]; And i've tested with: credentials = ["domain\user at mymachine:mypassword"]; I don't have any ideas, thanks in advice and sorry for my poor english, I'm from Brazil. I run follow command.... ./polyclt --config /usr/local/polygraph/workloads/simple.pg --verb_lvl 10 --log /tmp/srv.log --proxy 127.0.0.1:3128more Bellow the output: 000.01| group-id: 121fc331.6c230466:00000002 pid: 1126 000.01| current time: 1216417151.749467 or Fri, 18 Jul 2008 21:39:11 GMT 000.01| registered client-side session watches: 0 000.01| registered client-side data filters: 0 000.01| fyi: PGL configuration stored (426bytes) 000.01| fyi: no bench selected with use() 000.01| created 1 agents total 000.01| Robot R101 [1 / 121fc331.6c230466:00000006] at 127.0.0.1 via 127.0.0.1:3128 000.01| fyi: current state (1) stored 000.01| fyi: max local population size: 1 robots 000.01| fyi: reached max local population size: 1 robots 1216417151.799753# obj: http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: basic,GET, size: 0/-1 xact: 121fc331.6c230466:0000000a GET http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 HTTP/1.1 Accept: */* Host: 127.0.0.1:9090 X-Xact: 121fc331.6c230466:00000002 121fc331.6c230466:0000000a X-Loc-World: 121fc331.6c230466:00000008 -1/0 0 X-Rem-World: 121fc331.6c230466:00000008 -1/0 0 X-Target: 127.0.0.1:9090 X-Abort: 1412400744 2082554117 X-Phase-Sync-Pos: 0 Proxy-Connection: close 1216417151.800516# obj: http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: basic,GET,chb, size: 0/1849 xact: 121fc331.6c230466:0000000a HTTP/1.0 407 Proxy Authentication Required Server: squid Date: Fri, 18 Jul 2008 21:39:11 GMT Content-Type: text/html Content-Length: 1477 Expires: Fri, 18 Jul 2008 21:39:11 GMT X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Proxy-Authenticate: NTLM X-Cache: MISS from proxy X-Cache-Lookup: NONE from proxy:3128 Proxy-Connection: close -------------- next part -------------- An HTML attachment was scrubbed... URL: From rousskov at measurement-factory.com Sat Jul 19 00:22:57 2008 From: rousskov at measurement-factory.com (Alex Rousskov) Date: Fri, 18 Jul 2008 18:22:57 -0600 Subject: polygraph and NTLMSSP auth In-Reply-To: <764ed9b40807181501x198202eds60296ae6aa82d635@mail.gmail.com> References: <764ed9b40807181501x198202eds60296ae6aa82d635@mail.gmail.com> Message-ID: <1216426977.16231.637.camel@pail> On Fri, 2008-07-18 at 19:01 -0300, Marcos Dutra wrote: > I tested polygraph in squid with ntlmssp auth and don't work. I just > modify the file simple.pg with option : > credentials = ["domain+user at mymachine:mypassword"]; > > And i've tested with: > credentials = ["domain\user at mymachine:mypassword"]; The first 407 response in your console output is normal. It is an invitation for the client to send credentials. However, I think you need to enable persistent connections for NTLM to work. By default, Polygraph Robots do not use persistent connections. To enable pconns, search for "NTLM and Negotiate authentication require" at the following page and follow the link: http://www.web-polygraph.org/docs/userman/auth.html FWIW, we are adding code to warn users if they are running NTLM tests with persistent connections off as it is a common problem. HTH, Alex. > I run follow command.... > ./polyclt --config /usr/local/polygraph/workloads/simple.pg --verb_lvl > 10 --log /tmp/srv.log --proxy 127.0.0.1:3128more > > Bellow the output: > > 000.01| group-id: 121fc331.6c230466:00000002 pid: 1126 > 000.01| current time: 1216417151.749467 or Fri, 18 Jul 2008 21:39:11 > GMT > 000.01| registered client-side session watches: 0 > 000.01| registered client-side data filters: 0 > 000.01| fyi: PGL configuration stored (426bytes) > 000.01| fyi: no bench selected with use() > 000.01| created 1 agents total > 000.01| Robot R101 [1 / 121fc331.6c230466:00000006] at 127.0.0.1 via > 127.0.0.1:3128 > 000.01| fyi: current state (1) stored > 000.01| fyi: max local population size: 1 robots > 000.01| fyi: reached max local population size: 1 robots > 1216417151.799753# obj: > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: > basic,GET, size: 0/-1 xact: 121fc331.6c230466:0000000a > GET http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 > HTTP/1.1 > Accept: */* > Host: 127.0.0.1:9090 > X-Xact: 121fc331.6c230466:00000002 121fc331.6c230466:0000000a > X-Loc-World: 121fc331.6c230466:00000008 -1/0 0 > X-Rem-World: 121fc331.6c230466:00000008 -1/0 0 > X-Target: 127.0.0.1:9090 > X-Abort: 1412400744 2082554117 > X-Phase-Sync-Pos: 0 > Proxy-Connection: close > > > 1216417151.800516# obj: > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: > basic,GET,chb, size: 0/1849 xact: 121fc331.6c230466:0000000a > HTTP/1.0 407 Proxy Authentication Required > Server: squid > Date: Fri, 18 Jul 2008 21:39:11 GMT > Content-Type: text/html > Content-Length: 1477 > Expires: Fri, 18 Jul 2008 21:39:11 GMT > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > Proxy-Authenticate: NTLM > X-Cache: MISS from proxy > X-Cache-Lookup: NONE from proxy:3128 > Proxy-Connection: close From macdutra at gmail.com Mon Jul 21 15:41:11 2008 From: macdutra at gmail.com (Marcos Dutra) Date: Mon, 21 Jul 2008 12:41:11 -0300 Subject: polygraph and NTLMSSP auth In-Reply-To: <1216426977.16231.637.camel@pail> References: <764ed9b40807181501x198202eds60296ae6aa82d635@mail.gmail.com> <1216426977.16231.637.camel@pail> Message-ID: <764ed9b40807210841nace9a76h2c0be104ce5d9baa@mail.gmail.com> Hi Alex, Thanks for the answer but, I think Polygraph not autenticate in my AD schema yet. How do I do? Well, when execute polysrv and I use a links browser in shell to connect in localhost:9090, polysrv output the connection, but when use polyclt, the polysrv don't output nothing. According the site I put in simple.pg: credentials = ["domain+user at machine:password"]; -> don't work to autenticate pconn_use_lmt = zipf(64); What's happen? I think this is a correct not? Thanks in advice. Marcos 2008/7/18 Alex Rousskov : > On Fri, 2008-07-18 at 19:01 -0300, Marcos Dutra wrote: > > > I tested polygraph in squid with ntlmssp auth and don't work. I just > > modify the file simple.pg with option : > > credentials = ["domain+user at mymachine:mypassword"]; > > > > And i've tested with: > > credentials = ["domain\user at mymachine:mypassword"]; > > The first 407 response in your console output is normal. It is an > invitation for the client to send credentials. However, I think you need > to enable persistent connections for NTLM to work. By default, Polygraph > Robots do not use persistent connections. > > To enable pconns, search for "NTLM and Negotiate authentication require" > at the following page and follow the link: > http://www.web-polygraph.org/docs/userman/auth.html > > FWIW, we are adding code to warn users if they are running NTLM tests > with persistent connections off as it is a common problem. > > HTH, > > Alex. > > > > I run follow command.... > > ./polyclt --config /usr/local/polygraph/workloads/simple.pg --verb_lvl > > 10 --log /tmp/srv.log --proxy 127.0.0.1:3128more > > > > Bellow the output: > > > > 000.01| group-id: 121fc331.6c230466:00000002 pid: 1126 > > 000.01| current time: 1216417151.749467 or Fri, 18 Jul 2008 21:39:11 > > GMT > > 000.01| registered client-side session watches: 0 > > 000.01| registered client-side data filters: 0 > > 000.01| fyi: PGL configuration stored (426bytes) > > 000.01| fyi: no bench selected with use() > > 000.01| created 1 agents total > > 000.01| Robot R101 [1 / 121fc331.6c230466:00000006] at 127.0.0.1 via > > 127.0.0.1:3128 > > 000.01| fyi: current state (1) stored > > 000.01| fyi: max local population size: 1 robots > > 000.01| fyi: reached max local population size: 1 robots > > 1216417151.799753# obj: > > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: > > basic,GET, size: 0/-1 xact: 121fc331.6c230466:0000000a > > GET http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 > > HTTP/1.1 > > Accept: */* > > Host: 127.0.0.1:9090 > > X-Xact: 121fc331.6c230466:00000002 121fc331.6c230466:0000000a > > X-Loc-World: 121fc331.6c230466:00000008 -1/0 0 > > X-Rem-World: 121fc331.6c230466:00000008 -1/0 0 > > X-Target: 127.0.0.1:9090 > > X-Abort: 1412400744 2082554117 > > X-Phase-Sync-Pos: 0 > > Proxy-Connection: close > > > > > > 1216417151.800516# obj: > > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: > > basic,GET,chb, size: 0/1849 xact: 121fc331.6c230466:0000000a > > HTTP/1.0 407 Proxy Authentication Required > > Server: squid > > Date: Fri, 18 Jul 2008 21:39:11 GMT > > Content-Type: text/html > > Content-Length: 1477 > > Expires: Fri, 18 Jul 2008 21:39:11 GMT > > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > > Proxy-Authenticate: NTLM > > X-Cache: MISS from proxy > > X-Cache-Lookup: NONE from proxy:3128 > > Proxy-Connection: close > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rousskov at measurement-factory.com Mon Jul 21 22:01:20 2008 From: rousskov at measurement-factory.com (Alex Rousskov) Date: Mon, 21 Jul 2008 16:01:20 -0600 Subject: polygraph and NTLMSSP auth In-Reply-To: <764ed9b40807210841nace9a76h2c0be104ce5d9baa@mail.gmail.com> References: <764ed9b40807181501x198202eds60296ae6aa82d635@mail.gmail.com> <1216426977.16231.637.camel@pail> <764ed9b40807210841nace9a76h2c0be104ce5d9baa@mail.gmail.com> Message-ID: <1216677680.16231.936.camel@pail> On Mon, 2008-07-21 at 12:41 -0300, Marcos Dutra wrote: > Thanks for the answer but, I think Polygraph not autenticate in my AD > schema yet. How do I do? Well, when execute polysrv and I use a links > browser in shell to connect in localhost:9090, polysrv output the > connection, but when use polyclt, the polysrv don't output nothing. > > According the site I put in simple.pg: > credentials = ["domain+user at machine:password"]; -> don't work to > autenticate > pconn_use_lmt = zipf(64); > > What's happen? I think this is a correct not? The above portions of the Robot configuration and the console output you sent earlier look correct to me. You will not get a connection on the server side until the proxy authenticates the Polygraph robot. Since it is the proxy doing authentication with your AD, I would recommend looking in the proxy logs for more clues. For Squid support, see www.squid-cache.org; there may even be an FAQ entry for NTLM authentication there. If Squid logs convince you that Polygraph is at fault, please send your Polygraph workload, Squid configuration file, and a few packets captured on the client side to bugs at web-polygraph.org. Good luck, Alex. > 2008/7/18 Alex Rousskov : > On Fri, 2008-07-18 at 19:01 -0300, Marcos Dutra wrote: > > > I tested polygraph in squid with ntlmssp auth and don't > work. I just > > modify the file simple.pg with option : > > credentials = ["domain+user at mymachine:mypassword"]; > > > > And i've tested with: > > credentials = ["domain\user at mymachine:mypassword"]; > > > The first 407 response in your console output is normal. It is > an > invitation for the client to send credentials. However, I > think you need > to enable persistent connections for NTLM to work. By default, > Polygraph > Robots do not use persistent connections. > > To enable pconns, search for "NTLM and Negotiate > authentication require" > at the following page and follow the link: > http://www.web-polygraph.org/docs/userman/auth.html > > FWIW, we are adding code to warn users if they are running > NTLM tests > with persistent connections off as it is a common problem. > > HTH, > > Alex. > > > > > I run follow command.... > > ./polyclt --config /usr/local/polygraph/workloads/simple.pg > --verb_lvl > > 10 --log /tmp/srv.log --proxy 127.0.0.1:3128more > > > > Bellow the output: > > > > 000.01| group-id: 121fc331.6c230466:00000002 pid: 1126 > > 000.01| current time: 1216417151.749467 or Fri, 18 Jul 2008 > 21:39:11 > > GMT > > 000.01| registered client-side session watches: 0 > > 000.01| registered client-side data filters: 0 > > 000.01| fyi: PGL configuration stored (426bytes) > > 000.01| fyi: no bench selected with use() > > 000.01| created 1 agents total > > 000.01| Robot R101 [1 / 121fc331.6c230466:00000006] at > 127.0.0.1 via > > 127.0.0.1:3128 > > 000.01| fyi: current state (1) stored > > 000.01| fyi: max local population size: 1 robots > > 000.01| fyi: reached max local population size: 1 robots > > 1216417151.799753# obj: > > > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: > > basic,GET, size: 0/-1 xact: 121fc331.6c230466:0000000a > > GET > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 > > HTTP/1.1 > > Accept: */* > > Host: 127.0.0.1:9090 > > X-Xact: 121fc331.6c230466:00000002 > 121fc331.6c230466:0000000a > > X-Loc-World: 121fc331.6c230466:00000008 -1/0 0 > > X-Rem-World: 121fc331.6c230466:00000008 -1/0 0 > > X-Target: 127.0.0.1:9090 > > X-Abort: 1412400744 2082554117 > > X-Phase-Sync-Pos: 0 > > Proxy-Connection: close > > > > > > 1216417151.800516# obj: > > > http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags: > > basic,GET,chb, size: 0/1849 xact: 121fc331.6c230466:0000000a > > HTTP/1.0 407 Proxy Authentication Required > > Server: squid > > Date: Fri, 18 Jul 2008 21:39:11 GMT > > Content-Type: text/html > > Content-Length: 1477 > > Expires: Fri, 18 Jul 2008 21:39:11 GMT > > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > > Proxy-Authenticate: NTLM > > X-Cache: MISS from proxy > > X-Cache-Lookup: NONE from proxy:3128 > > Proxy-Connection: close > > > > > From rousskov at measurement-factory.com Mon Jul 21 23:08:09 2008 From: rousskov at measurement-factory.com (Alex Rousskov) Date: Mon, 21 Jul 2008 17:08:09 -0600 Subject: s3_pkt.c:297: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number In-Reply-To: <20080721165430.U26793@measurement-factory.com> References: <20080721165430.U26793@measurement-factory.com> Message-ID: <1216681689.16231.959.camel@pail> > I use web polygraph to generate HTTPS traffic. > I study the guide http://www.web-polygraph.org/docs/reference/models/ssl.html. > And make two pg file, please refer to the attachment. Making two workload files is usually a bad idea. In your specific case, the client-side workload file does not tell robots that servers are using SSL. Thus, robots are establishing plain connections to SSL servers and you are getting that cryptic SSL library error. Use a single workload file to describe your test. Feed it to both polyclt and polysrv. HTH, Alex. > 000.01| Server PolyMix-4-srv [1 / 121f16b4.15f859d0:00000006] at 10.10.1.1:9999 HTTP/1.1 SSL > 000.01| fyi: current state (1) stored > 000.01| starting 1 HTTP agents... > 000.08| error: SSL read failure with err=-1/SSL_ERROR_SSL/0 > 000.08| SSL error stack: > s3_pkt.c:297: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number From rousskov at measurement-factory.com Tue Jul 22 04:01:33 2008 From: rousskov at measurement-factory.com (Alex Rousskov) Date: Mon, 21 Jul 2008 22:01:33 -0600 Subject: Two questions about Web Polygraph report. Need you help. In-Reply-To: <20080702093655.61CC016E5D6@smtp.263.net> Message-ID: <1216699293.16231.1027.camel@pail> Hello, [ Sorry for the delay with this response. It looks like your mailer or its HTML attachments do not get through to me and others have not responded. ] > The Web Polygraph version is 3.1.5.
> > In the traffic Stream/Object table, what do "all replies" and "page" > mean? Do they have any relation between the two items?
The "all replies" line corresponds to any response message. In other words, that line combines statistics for all kinds of HTTP transactions. Most other lines in the same tables depict stats for a given kind of response message or a group of message. The "all replies" line is used when you want to answer a question like "what is the mean size of an average response" or "how long does an average HTTP transaction take"? The "page" stats accumulate measurements from multiple HTTP transactions that work on delivering a single page. There is one transaction that fetches the markup container and then zero of more transactions that fetch embedded objects such as images, referenced in that container. All these individual HTTP transactions can run in parallel. Since some of the HTTP responses deliver markup container or embedded objects, some of the "all replies" stats contribute to "page" stats. When embedded object are fetched in parallel with the container or each other, the exact relationship between "all replies" and "page" stats becomes rather complex. HTTP transactions that do not fetch HTML containers or embedded objects do not contribute to "page" stats at all. >
Question 2:
Form the Web Polygraph side, How to count the > unique urls which request by Web Polygraph client?
I use the > entered times of the open Connection state in the Concurrent HTTP/TCP > connection level table to multiply the (1 - recurrence, recurrence was > a parameter in the robot configuration file).
Am I right?
A single connection can be used for many requests and for requests with repeated URLs so connection stats will not help you here. To estimate how many unique URLs where requested you can compute this: (1 - recurrence ratio) * number of transactions You can get the number of transactions from the total count on "all replies" line in the report or at the end of the polyclt console output. In production tests, the number of URLs in a working set (i.e., URLs that may be requested at a given time) is usually more important than the total number of unique URLs because the working set size is limited while the total number of unique URLs (and even host names in unreleased versions!) can grow without limits. To achieve perfect hit ratio, a cache needs to store (the cachable part of) the working set and not necessarily all the unique URLs. HTH, Alex. From arkin.yang at gmail.com Fri Jul 18 14:54:40 2008 From: arkin.yang at gmail.com (Arkin Y) Date: Fri, 18 Jul 2008 14:54:40 -0000 Subject: Urgent Help on Web Polygraph HTTPS configuration Message-ID: Hey ,Guys , I am so interested in the web polygraph HTTPS configration . I did some pratice on HTTPS config as metioned in http://www.web-polygraph.org/docs/reference/models/ssl.html But it failed , I even couldn't send a successful request and get a response . Could someone post me a copy of successful *.pg file ? Thanks a lot! BR . -Arkin