CAS 2.x SNMP replies are sent from UDP Port 1

book

Article ID: 169751

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

CAS 2.x receives SNMP queries on UDP Port 161. SNMP replies are sent from CAS' UDP Port 1 back to the SNMP Agent's port.

The following is a packet capture of the SNMP traffic :
No.     Time     Source                Destination           SrcPort DstPort Protocol Info
    153 7.338    10.10.10.88           10.10.10.93           2813    161     SNMP     get-next-request SNMPv2-SMI::org
    156 7.362    10.10.10.93           10.10.10.88           1       2813    SNMP     get-response SNMPv2-MIB::sysDescr.0
    232 10.879   10.10.10.88           10.10.10.93           2814    161     SNMP     get-next-request SNMPv2-SMI::org
    235 10.900   10.10.10.93           10.10.10.88           1       2814    SNMP     get-response SNMPv2-MIB::sysDescr.0


In the example above, SNMP response are sent from UDP Port 1 to the SNMP Agent's originating ports UDP 2813 and 2814.

Cause

This is a known issue with Content Analysis 2.1.1 and 2.2.1.

Resolution

The fix for this issue will be in CAS 2.3.

The work-around is to have firewalls or other security devices should be configured to allow traffic from the CAS' IP address and UDP Port 1 in order to allow the SNMP reply to the requestor.