How to capture and display WCCP negotiation packets

book

Article ID: 166315

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The proxy is configured to use WCCP but does not appear to be receiving any traffic. This can be due to an error in the WCCP communication between the proxy and the router(s). Monitoring the WCCP negotiation packets ("Here I am" and "I see you") can help to identify problems.

Resolution

Configure the proxy to capture only WCCP traffic (UDP port 2048).

Download the packet capture and view in Wireshark. Apply a filter of "wccp.message".

If you only see "Here I am" messages coming from the proxy but no "I see you" being returned then there is a mismatch in the configuration of WCCP between the proxy and the router. 

Attachments