How does the multicast discovery for Aclient and Dagent work?

Article Id: 181909
Status: Published
Updated On: 07-04-2009 08:27
Legacy Id: HOWTO9990
Products:
Deployment Solution
Issue/Introduction:

 

Resolution:

Question
When aclient and dagent multicast for the deployment server what traffic goes out over the wire?

Answer

Attached are reference log and .pcap files.  The following example was built using a similar setup.

The following settings are used in this example:
Client Agent: Dagent 6.9.371
Client IP: 10.1.1.101
Client MAC: 00:0C:29:33:50:95
DS IP: 10.1.1.6
DS MAC: 00:0c:29:4b:22:37
Multicast IP: 255.1.2.3

Client communication should go something like the following (note we are mostly concerned about UDP / ARP / IGMP traffic):
Note: Checksum errors are removed

Packet are summarized as follows:
Pack Number | Time (from start of recording) | Source | Destination | Protocol | Info

The client first sends a message to the multicast group looking for the server.
1 0.000000 10.1.1.101 225.1.2.3 UDP Source port: genie  Destination port: genie 
Packet data:
Request=GetServer
MAC-Address=00FF8884B085
Addl-MAC-Address=00111115B622
Node-Type=Workstation

Note: Dagent has a bug in 6.9 sp1 where this information is static.  These values should represent the data on the client.

Then the client subscribes to the IGMP group
2 0.000645 10.1.1.101 224.0.0.22 IGMP V3 Membership Report / Join group 225.1.2.3 for any sources

The server replies to the multicast group
3 0.011585 10.1.1.6 225.1.2.3 UDP Source port: genie  Destination port: genie
Packet data:
Reply=GetServer
Server-Name=PBSV-DPLYEUT2
TCP-Address=10.1.1.6
Port=402
MAC-Address=00FF8884B085
Known=No

Client does a membership update
4 0.017226 10.1.1.101 224.0.0.22 IGMP V3 Membership Report / Leave group 225.1.2.3

Client then checks ARP to find who has the IP that replied to the broadcast
5 0.035484 Vmware_33:50:95 Broadcast ARP Who has 10.1.1.6?  Tell 10.1.1.101

The server replies to the ARP query
6 0.036603 Vmware_4b:22:37 Vmware_33:50:95 ARP 10.1.1.6 is at 00:0c:29:4b:22:37

The client then begining syn, syn/ack, ack handshake.  See Connection establishment at http://en.wikipedia.org/wiki/Transmission_Control_Protocol
7 0.037852 10.1.1.101 10.1.1.6 TCP 49174 > genie [SYN] Seq=0 Win=8192

The server send back an syn/ack to the request
8 0.038517 10.1.1.6 10.1.1.101 TCP genie > 49174 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0

The client finishes ack
9 0.044179 10.1.1.101 10.1.1.6 TCP 49174 > genie [ACK] Seq=1 Ack=1 Win=65536  Len=0

Once communication with the server is confirmed the client leaves IGMP
10 0.329383 10.1.1.101 224.0.0.22 IGMP V3 Membership Report / Leave group 225.1.2.3

Client sends up inventory to server
11 2.286284 10.1.1.101 10.1.1.6 TCP 49174 > genie [ACK] Seq=1 Ack=1 Win=65536 Len=2920
Some Pack data for example:
Request=UpdateComputer
Agent-Settings=Included
AllowRemoteControl=0
Asset-Tag-Number=No Asset Tag
Auto-Update-Count=8
Auto-Update-Current0=altiris-dagent-6.9.371.X86.exe

Server says thank you
12 2.287501 10.1.1.6 10.1.1.101 TCP genie > 49174 [ACK] Seq=1 Ack=2921 Win=64240 Len=0

Client continues to send inventory
13 2.292929 10.1.1.101 10.1.1.6 TCP 49174 > genie [PSH, ACK] Seq=2921 Ack=1 Win=65536 Len=617

Server says thanks again
14 2.467505 10.1.1.6 10.1.1.101 TCP genie > 49174 [ACK] Seq=1 Ack=3538 Win=63623 Len=0

Server replies to client with work to do or next task
15 3.329709 10.1.1.6 10.1.1.101 TCP genie > 49174 [PSH, ACK] Seq=1 Ack=3538 Win=63623 Len=188
Packet data:
Reply=UpdateComputer
ID=5000021
Boot=Production
Server-Name=PBSV-DPLYEUT2
Result=Success
Work-To-Do=No
DSVersion=6.9.365
UpdateSettings=No
Request=TimeSync
UTC-Time=2009-04-06T16:16:43Z

Client lets the server know he got the info
16 3.536332 10.1.1.101 10.1.1.6 TCP 49174 > genie [ACK] Seq=3538 Ack=189 Win=65280 Len=0

insert_drive_file Dagent_broadcast.zip
arrow_downward Download