The essential points from this guide -- each one is explained in detail below.
curl -v is the single most useful tool for proxy debugging -- it shows every protocol step.
Test each layer independently: DNS, TCP connect, proxy auth, target reachability.
Verify IP rotation by making multiple requests to an IP-echo service.
Check geo-targeting accuracy against expected exit locations.
Log response codes and timing for every request to identify patterns in failures.
curl's verbose flag shows the complete proxy connection flow. This is the first tool to reach for when diagnosing any proxy issue:
curl -v -x http://user:pass@gw.knoxproxy.com:7000 \
https://httpbin.org/ip 2>&1The output shows: DNS resolution of the proxy hostname, TCP connection to the proxy, the CONNECT request for HTTPS tunneling, the proxy's response (HTTP 200 for success, 407 for auth failure), the TLS handshake with the target through the tunnel, and the final response.
Look for these specific lines: * Connected to gw.knoxproxy.com (TCP works), < HTTP/1.1 200 Connection established (proxy auth and tunneling work), * SSL connection using TLSv1.3 (TLS through tunnel works). If any step fails, the verbose output tells you exactly where.
To confirm IP rotation is working, make multiple requests to an IP echo service and compare the results:
for i in {1..5}; do
curl -s -x http://user:pass@gw.knoxproxy.com:7000 \
https://httpbin.org/ip | jq -r .origin
doneYou should see a different IP on each request. If you see the same IP, your provider may be assigning sticky sessions by default or your configuration is requesting session persistence.
For geo-targeting verification, use an IP geolocation service:
curl -s -x http://user-country-jp:pass@gw.knoxproxy.com:7000 \
https://ipapi.co/json/ | jq '{ip: .ip, country: .country_name, city: .city}'The response should show a Japanese IP. If the country does not match your targeting, check your username format for typos in the country code.
For issues that curl verbose mode cannot explain, capture packets with tcpdump to see the raw proxy protocol exchange:
sudo tcpdump -i any -w proxy-debug.pcap \
host gw.knoxproxy.com and port 7000Run your failing request in another terminal, then stop the capture. Open proxy-debug.pcap in Wireshark and filter by tcp.port == 7000. You can see: whether the TCP handshake completes (SYN, SYN-ACK, ACK), the CONNECT request in plaintext, the proxy's response, and the encrypted tunnel traffic.
Common findings: TCP RST (connection reset) indicates a firewall is blocking the connection. Multiple SYN packets without SYN-ACK means the proxy port is unreachable. A complete handshake followed by immediate close indicates an authentication rejection.
Follow this checklist to isolate proxy issues efficiently. Test each step independently before moving to the next.
1. DNS resolution: dig gw.knoxproxy.com -- should return an IP in under 100ms.
2. TCP connectivity: nc -zv gw.knoxproxy.com 7000 -w 5 -- should report connection succeeded.
3. Authentication: curl -v -x http://user:pass@gw.knoxproxy.com:7000 http://httpbin.org/ip -- should return HTTP 200 (test with HTTP first, not HTTPS, to eliminate TLS variables).
4. HTTPS tunneling: curl -v -x http://user:pass@gw.knoxproxy.com:7000 https://httpbin.org/ip -- should show "Connection established" and complete TLS handshake.
5. Target reachability through proxy: curl -x http://user:pass@gw.knoxproxy.com:7000 https://your-target.com -- if steps 1-4 pass but this fails, the target is blocking or the exit IP has issues.
Document the results of each step. When contacting support, this checklist output pinpoints the problem immediately.
curl -s -x http://user:pass@gw.knoxproxy.com:7000 https://httpbin.org/ip. If it returns a JSON object with an IP address, the proxy is working. If it errors, add the -v flag to see where the connection fails.Ready to put this into practice? View your HTTP headers
KnoxProxy Research Team · Technical Content
Network engineers and proxy infrastructure specialists with 10+ years in anti-bot systems, web scraping, and IP routing.
90.4M+ ethically sourced residential IPs across 195 countries. Start free -- no credit card required.