I've been tasked to attempt something far outside of my normal realm, but don't know where to start. Due to the fact that my logs are work related, I cannot/will not post the logs here, but I'm hoping I can still get pointed in the right direction to find information on how to interpret, compare, and contrast the logs I'm gathering. In other words, can someone tell me of a good resource for learning how to read and interpret .pcapng or .json logs?
Issue: using a work VPN pointed at a network proxy, IE and Firefox block correctly. However, Google Chrome bypasses the proxy and no one knows why. Proxy settings are set in the IE and Firefox browsers, Chrome utilizes the Windows settings, so I set the proxy in the Windows network (Internet Options -> Connection Tab -> LAN Settings) to "use proxy server for your LAN", and set the correct address. HOWEVER, as Windows states in the settings "These settings will not apply to dial-up or VPN connections".
My thought is that if I can do a capture using WireShark and close all network programs possible (Outlook, all browsers except what I am testing), clean the cache and history, then send request to sites that are supposed to be blocked while using Chrome, then a separate log using IE which does block the traffic, I should be able to capture some information which might lead to a diagnosis of why Chrome bypasses the proxy.
Another possibility is that I am unaware of a different setting in Chrome to force the proxy to be used during VPN.
I cannot set a FW rule as that is blocked from my abilities. My Security and FW team are of no help at this time and I have a week to attempt to investigate this and possibly resolve.
This may not be the right forum for this question, and if it isn't, please point me in the right direction and I will close this post and open a new one in the right forum...
Thank you all.
