CAS 2.x SNMP replies are sent from UDP Port 1


Article ID: 169751


Updated On:


Content Analysis Software - CA


CAS 2.x receives SNMP queries on UDP Port 161. SNMP replies are sent from CAS' UDP Port 1 back to the SNMP Agent's port.

The following is a packet capture of the SNMP traffic :
No.     Time     Source                Destination           SrcPort DstPort Protocol Info
    153 7.338            2813    161     SNMP     get-next-request SNMPv2-SMI::org
    156 7.362            1       2813    SNMP     get-response SNMPv2-MIB::sysDescr.0
    232 10.879            2814    161     SNMP     get-next-request SNMPv2-SMI::org
    235 10.900            1       2814    SNMP     get-response SNMPv2-MIB::sysDescr.0

In the example above, SNMP response are sent from UDP Port 1 to the SNMP Agent's originating ports UDP 2813 and 2814.


This is a known issue with Content Analysis 2.1.1 and 2.2.1.


The fix for this issue will be in CAS 2.3.

The work-around is to have firewalls or other security devices should be configured to allow traffic from the CAS' IP address and UDP Port 1 in order to allow the SNMP reply to the requestor.