Understanding Explicit HTTP Intercept Proxy Protocol

I need a solution

So I’m new to Blue Coat Proxy and proxies in general, but am an experienced network person. I work in a (new) environment where we use BC proxies; and browsers are essentially setup to use proxy TCP port 74. Likewise, in our BC, our proxy services Predefinied Service Group Explicit HTTP iis setup for Explicit port 74 and to intercept. 

If I look at my browser traffic on wireshark, I see unreadable/undecoded payload within TCP port 74. Is this SOCKS protocol? Or just HTTP within port 74 and wireshark doesn’t know how to decode it because it isn’t in it’s library? I believe the IT forefathers simply picked TCP port 74 as a tunneling protocol due to it’s liklihood of being unique in our environment. I’m just trying to understand what the protocol is between the browser and BC Proxy, or whether it’s simply HTTP tunneled between TCP port 74.

This is really bothering me that I don’t understand.




Leave a Reply