Communication fails between clients and servers for Symantec Data Loss Prevention (DLP) or other Symantec products. Learn how to determine if a server is listening on a specific port in this scenario.
Determine if the port has a listener on the server you want to connect to:
netstat -an | find "<port number>"
You should see an online TCP listener for 0.0.0.0 on port 10443; the IP can be 0.0.0.0 or any of the local IP addresses.
After you confirm that the server is listening on the port, go to a client and use one of the following methods to see if the port is open over the network.
This method is recommended because other application like telnet can have their specific type of communication blocked rather than just their port.
Save the following script as checkport.ps1:
$socket = new-object Net.Sockets.TcpClient
This script will test to see if IP 192.168.2.100 is listening on port 80.
Run the following command line to test this script:
powershell -ExecutionPolicy Bypass -file ".\checkport.ps1"
If the test is successful it will return "True". If unsuccessfull, there will be a red error and report that "the target machine actively refusted it".
(Optional) If needed, go to the target machine and use the following PowerShell command to start a listener (only do this if a service is not already listening on the port, verify with 'netstat -an' command):
$Listener = [System.Net.Sockets.TcpListener]80;
Once the test is complete run the following command to stop the listener:
Using the telnet client can be used if PowerShell is not available or telnet is already enabled on the machine. The main drawback of using telnet is that you can get a false negative result because some routers can specifically block telnet traffic even if the port is open.
Follow these steps to test a TCP connection with telnet:
telnet 192.168.2.100 10443
To enable the telnet client:
Also note: Source ports on client machines with DLP agent (and most other applications) are dynamic and may need to be factored in when it comes to firewall rules.