This issue needs a solution.

Upgraded SEPMs to SEP 12 RU2 - How to find whether clients are communicating on port 80

Created: 03 Jan 2013
Login to vote
0 0 Votes

I am re-asking this question now that I have upgraded the SEPMs (not the clients, only the SEPMs) to SEP 12 RU2

 

https://www-secure.symantec.com/connect/forums/how-determine-what-port-clients-are-communicating-sepm

 

Is there a simple way to find out whether clients are communicating with SEPM on port 80, other than having to use wireshark?

Filed Under

Comments

_Brian
Trusted Advisor
Certified
03
Jan
2013

If you open a client GUI and

If you open a client GUI and go to help >> troubleshooting and the connection tab, it should show what server it's connected to and the port.

Unless you want to know from the SEPM, than you need a sniffer on it.

There is no report in the SEPM you can run.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

03
Jan
2013

ok then wireshark it is!!!

ok then wireshark it is!!!

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

_Brian
Trusted Advisor
Certified
03
Jan
2013

That is the easiest. Here is

That is the easiest. Here is an article on Wireshark and SEP communication. You can modify the display filter to fit your needs though.

https://www-secure.symantec.com/connect/articles/u...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002
Symantec Employee
Accredited
03
Jan
2013

clients always initiate the

clients always initiate the connection on random ports, the port(80/8014) that needs to be open is on SEPM end.

Mithun Sanghavi
Symantec Employee
Accredited
04
Jan
2013

Hello, Did you try the Secars

Hello,

Did you try the Secars test??

Check this Article: 

Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager

http://www.symantec.com/docs/TECH102682

To Test the connectivity between the client and the management server -

You can perform several tasks to check the connectivity between the client and the management server.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST
Partner
Accredited
04
Jan
2013

My statement from the old

My statement from the old thread still stands, in that the easiest way to find which clients are is still trying to communicate with the SEPM on port 80 is to enable IIS logging.  This will give you the details on every client that makes a request on that port.

This is based on the assumption that your v11 SEPM was listening on port 80 and using the Default Website, and that the upgrade to 12.1 has taken the site within IIS and added a redirect to the port 8014 that the new apache server listens to by default (as per http://www.symantec.com/docs/TECH180596).

Does this match your situation?  If not, can you provide more details?

04
Jan
2013

Just an update ...   It is

Just an update ...

 

It is better to download both Wireshark and Windump on the SEPM server.

 

Wireshark has bugs that make it run out of memory really quickly, and Wireshark workarounds are ineffective (in my humble opinion)angry

 

It is better to run Windump and type the following at the command prompt:

 

C:\>windump -w mynetworkcapture.pcap tcp port 80

 

Also, monitor the size of your output file, mynetworkcapture.pcap, and when you are done, double-click the .pcap file and it will open in Wireshark.

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

SameerU
Partner
Accredited
22
Jan
2013

Hi Check in the

Hi

Check in the Sylink.xml

Regards

 

Ambesh_444
Partner
Accredited
22
Jan
2013

Even you can check by telnet

Even you can check by telnet through run command.

Open run and then type cmd --> Enter -->type telnet and give space then sepm server ip and then port 80 and then -->Enter.    Example ...(telnet 10.2.12.23 80)

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."