Article expires: 2008-04-03 01:00:00
How to easily determine if Port 49221 is configured and working correctly on two subnets where the SnapServers are situated?<br><br><AS HTML><FONT color="red"><B>OPERATING SYSTEMS AFFECTED</B></FONT></AS HTML><br>This issue is not Operating System Specific.
To determine if it is possible for communications through Port 49221 to pass through from a problem subnet in which the Agent SnapServer cannot be configured correctly to the subnet where the Console SnapServer is functioning, use TELNET to determine if communications are even possible through Port 49221.<br><br>
To do this, open up a CLI, either on a WINDOWS workstation or on a LINUX workstation on the same subnet as the problem SnapServer host and enter the following command:<br><br>
telnet xxx.xxx.xxx.xxx 49221<br><br>- where "xxx.xxx.xxx.xxx" is either the IP Address or the Name of the SnapServer.<br><br>And execute this command.
Eventually the command will time out but before doing so and give out the following results:<br><br>dds_pc: _ms=SNAPxxxxxxx¦_si=Process controller¦_mid=9016¦_sev=0¦_dt=2008/02/22¦_tm=19:59:41¦_pkg=¦<br><br>- where "SNAPxxxxxxx" is the Host Name of the SnapServer configured as the Console in the EDR configuration.<br><br>
If these results are present as shown above, then communications through that port from the subnet where the problem server exists and the EDR Console server can take place and that part of the configuration has been proven.<br><br>
Now troubleshoot communications through this port from the SnapServers directly by setting up a "tcpdump" capture on Console Server. Just get into that server via SSH and enter the following command:<br><br>
/usr/bin/tcpdump -vvv host SNAPxxxxxxx<br><br>- where "SNAPxxxxxxx" is the Host Name of the SnapServer configured as the Console in the EDR configuration.<br><br>And that will start the capture from the NIC(s) on the EDR Console Server.<br><br>
Then open an SSH session on the problem SnapServer that will be the Agent and run this command:<br><br>
ssh -p 49221 xxx.xxx.xxx.xxx<br><br>- where "xxx.xxx.xxx.xxx" is the IP Address of the SnapServer configured as the Console in the EDR Configuration.<br><br>And get the command to time out and get you the following error message:
<br><br>ssh_exchange_identification: Connection closed by remote host<br><br>Once you see that, go back to the SSH session of the Console server and stop the "tcpdump" command with the [Ctrl-C] Key Combination and get the prompt.<br><br>
Scroll through the "tcpdump" results to find the entries for the SSH attempt from the Agent. They should resemble the following:<br><br>
20:58:45.033436 SNAPxxxxxxx.32933 > SNAPyyyyyyy.49221: S 1707140623:1707140623(0) win 5840 <mss 1460,sackOK,timestamp 684336[|tcp]> (DF) (ttl 64, id 38719, len 60)<br>20:58:45.033476 SNAPyyyyyyy.49221 > SNAPyyyyyyy.32933: S 2492467995:2492467995(0) ack 1707140624 win 5792 <mss 1460,sackOK,timestamp 867388[|tcp]> (DF) (ttl 64, id 0, len 60)<br>20:58:45.033572 SNAPxxxxxxx.32933 > SNAPyyyyyyy.49221: . [tcp sum ok] 1:1(0) ack 1 win 5840 <nop,nop,timestamp 684336 867388> (DF) (ttl 64, id 38720, len 52)<br>20:59:04.228991 SNAPxxxxxxx.2599 > 184.108.40.206.2599: udp 266 (DF) (ttl 16, id 0, len 294)<br>20:59:14.427104 SNAPxxxxxxx.netbios-dgm > 10.10.255.255.netbios-dgm: <br>>>> NBT UDP PACKET(138) Res=0x110A ID=0x367A IP=10 (0xa).10 (0xa).1 (0x1).225 (0xe1) Port=138 (0x8a) Length=182 (0xb6) Res2=0x0<br>SourceName=<br>WARNING: Short packet. Try increasing the snap length<br><br>- where "SNAPxxxxxxx" is the name of the EDR Console Server and "SNAPyyyyyyy" is the name of the problem Agent Server.<br><br>If the results are similar to what is seen above, then there is communication definitely taking place between both SnapServers through Port 49221.