Triage and troubleshoot Payment Security network latency or connection issues for AfM
search cancel

Triage and troubleshoot Payment Security network latency or connection issues for AfM


Article ID: 274236


Updated On:


CA Payment Security


The following steps outline steps required to be carried out by an AfM customer and the output of which would help Arcot technical support to assist customer and debug network latency or network connection issues that can arise and impact Arcot Services integrity. 

The steps used to gather and capture debug information require the following linux utilities; tcpdump, traceroute, cURL.

When tcpdump and tracecurl output capture is completed post the output file  to the open Arcot support case for AfM.


AfM - Production


Internet connectivity, latency, provider routing issues



  • Access to subnet where Arcot client callouts services are initiated
  • Access to linux utilities tcpdump, traceroute, cURL are installed.
  • Access to (client PEM) certificate
  • Root or sudo privileges to server/component where Arcot client callouts services are initiated


1. As root or sudo user start a tcpdump session;

To determine the tcpdump network interface; # ip a |egrep "mtu|inet "
For definitions of tcpdump flags; see FAQ’s “tcpdump switch definitions” below 

[root@ ~]# tcpdump -i ens33 -c 3000 host -s 65535 -w /tmp/arcot-case12345678.pcap-`date +%d%m%y%H%M`.out &


2. Send tcpdump (started step 1 above) to background;

press <return> in terminal session to send to background; command prompt appears

3. As root or sudo user; run following (tracecurl) commands:

[root@ ~]#  for i in {1..100}; do ( printf "\n"; echo "DATE:  `date -u`"; traceroute -p 443 -T; echo "DNS:  ";nslookup; printf "\n"; echo "CURL:  ";curl -sv --cacert 2>&1; printf "\n\n" ) ;done > /tmp/arcot-case12345678.tracecurl-`date +%d%m%y%H%M`.out

Note: threedsecure.clienttest.pem is attached in this KB Article as 1695806789203__threedsecure.clienttest.pem. Rename the file name to threedsecure.clienttest.pem once downloaded. 

4. When tracecurl command (step 3 above) completes; foreground the tcpdump session

type “fg” (without quote “  “) in terminal session; the command prompt appears

5. Collect both /tmp/arcot-case12345678.pcap and /tmp/arcot-case12345678.tracecurl.out file and post to Arcot via a support case.

Additional Information

How to install required Linux utilities

Install tcpdump

Ubuntu (Fedora):                   # sudo apt install tcpdump
CentOS/RedHat:                    # yum install tcpdump -y

Install traceroute

Ubuntu (Fedora):                   # sudo apt install traceroute
CentOS/RedHat:                    # yum install traceroute -y

Install curl

Ubuntu (Fedora):                   # sudo apt install curl
CentOS/RedHat:                    # yum install curl -y


tcpdump flag (switch) definitions

Check the latest Arcot Services Status maintenance information:

Upload Files to Broadcom Support Portal Case:



1695806789203__threedsecure.clienttest.pem get_app