Endpoint Protection

 View Only

  • 1.  certificate revocation list traffic identification

    Posted Aug 23, 2013 01:13 PM

    I have a request from our network admins for a way to identify Symantec Endpoint Protection (SEP) Certificate Revocation List (CRL) traffic as part of a larger troubleshooting project. 

    Is there a way to specifically identify this traffic from SEP?

     

    THank you



  • 2.  RE: certificate revocation list traffic identification

    Posted Aug 23, 2013 01:24 PM

    You can sniff the traffic using wireshark on 443, although it's encrypted obviously so you need to setup wireshark to decrypt it.



  • 3.  RE: certificate revocation list traffic identification

    Posted Aug 23, 2013 01:48 PM

    Whats the purpose of this?

    Have you manually installed any other certificate apart from the Default one. which is explained here.

    About server certificates



  • 4.  RE: certificate revocation list traffic identification

    Posted Aug 23, 2013 07:03 PM

    The network admins are looking into some traffic and congestion issues we are having.  They are trying to identify each item and eliminate them as a source of the trouble.



  • 5.  RE: certificate revocation list traffic identification

    Posted Aug 23, 2013 07:05 PM

    Usually, it comes down to content updates on port 8014. Anything like this showing?