TechEd Tip: Use the FIND Command to View Strings in the Cache File
At TechEd last week I took some time to do the new ISA 2006 hands on labs created by Ronald Beekelaar. If you haven’t done any of the ISA firewall hands on labs, you’re missing out on a good thing. The hands on labs are good for both beginners and veteran ISA firewall admins. For ISA firewall fledglings, the hands on labs provide a controlled environment where you can learn and test the ISA firewall’s core features in a safe and reusable environment. For the veteran ISA firewall pros, Ronald includes a number of exceptionally useful and clever tips and tricks you can use in your every day practice as ISA firewall admin.
For example, one neat trick I learn from Ronald’s labs last week was that you can use the FIND command at the command prompt to search for strings contained within the ISA firewall’s cache file. While this doesn’t provide the same utility as that provided by the CacheDir utility (http://www.microsoft.com/downloads/details.aspx?FamilyId=88117626-D72C-4CC8-A15F-C1FBDBCFF688&displaylang=en), it allows you to quickly search for strings contained within the cache file.
For example, I was beta testing Collective Software’s amazing ClearTunnel application (http://www.collectivesoftware.com/Products/ ) that enables the ISA firewall to perform application layer inspection on outbound SSL connections (I call this app the Blue Coat killer). Not only does ClearTunnel enable application layer inspection on outbound Web connections, it also enables you to cache those connections! I wanted to confirm that my SSL connections we’re actually cached and this is where I found Ronald’s trick with the FIND command really useful, since I didn’t want to have to wait for the CacheDir app to completely load my cache.
In order to search the cache file, use the following command:
find /i <search_string> <file_name>
Where search_string is the string you want to search for and the <file_name> is the name of the cache file you want to search.
For example, I was checking to see if ClearTunnel was able to cache SSL pages delivered by a banking site, so I first changed the focus to the cache file directory (urlcache) and entered the following command:
find /i "service.capitalone.com" dir1.cdat
This was the output:
Pretty impressive, eh? Compare the insane price you would have to pay for a Blue Coat solution to what you’ll pay for the ClearTunnel application filter and you’ll wonder why anyone with less money than Bill Gates would ever consider buying a Blue Coat box.
Thomas W Shinder, M.D.
MVP -- ISA Firewalls