Upgraded SEPMs to SEP 12 RU2 - How to find whether clients are communicating on port 80
Created: 03 Jan 2013 | 9 comments
I am re-asking this question now that I have upgraded the SEPMs (not the clients, only the SEPMs) to SEP 12 RU2
Is there a simple way to find out whether clients are communicating with SEPM on port 80, other than having to use wireshark?
Discussion Filed Under:
Comments 9 Comments • Jump to latest comment
If you open a client GUI and go to help >> troubleshooting and the connection tab, it should show what server it's connected to and the port.
Unless you want to know from the SEPM, than you need a sniffer on it.
There is no report in the SEPM you can run.
SEP Knowledge Base
Endpoint SWAT
ok then wireshark it is!!!
Marriage Made in Heaven
If God is for us, who can be against us? --- Romans 8:31
That is the easiest. Here is an article on Wireshark and SEP communication. You can modify the display filter to fit your needs though.
https://www-secure.symantec.com/connect/articles/u...
SEP Knowledge Base
Endpoint SWAT
clients always initiate the connection on random ports, the port(80/8014) that needs to be open is on SEPM end.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hello,
Did you try the Secars test??
Check this Article:
Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager
http://www.symantec.com/docs/TECH102682
To Test the connectivity between the client and the management server -
You can perform several tasks to check the connectivity between the client and the management server.
See Enabling and viewing the Access log to check whether the client connects to the management server.
Ping the management server from the client computer.
See Using the ping command to test the connectivity to the management server.
Use a Web browser on the client computer to connect to the management server.
See Using a browser to test the connectivity to the management server on the client computer.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
My statement from the old thread still stands, in that the easiest way to find which clients are is still trying to communicate with the SEPM on port 80 is to enable IIS logging. This will give you the details on every client that makes a request on that port.
This is based on the assumption that your v11 SEPM was listening on port 80 and using the Default Website, and that the upgrade to 12.1 has taken the site within IIS and added a redirect to the port 8014 that the new apache server listens to by default (as per http://www.symantec.com/docs/TECH180596).
Does this match your situation? If not, can you provide more details?
http://www.cstl.com/
Just an update ...
It is better to download both Wireshark and Windump on the SEPM server.
Wireshark has bugs that make it run out of memory really quickly, and Wireshark workarounds are ineffective (in my humble opinion)
It is better to run Windump and type the following at the command prompt:
C:\>windump -w mynetworkcapture.pcap tcp port 80
Also, monitor the size of your output file, mynetworkcapture.pcap, and when you are done, double-click the .pcap file and it will open in Wireshark.
Marriage Made in Heaven
If God is for us, who can be against us? --- Romans 8:31
Hi
Check in the Sylink.xml
Regards
Even you can check by telnet through run command.
Open run and then type cmd --> Enter -->type telnet and give space then sepm server ip and then port 80 and then -->Enter. Example ...(telnet 10.2.12.23 80)
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Would you like to reply?
Login or Register to post your comment.