000038857 - Use tcpdump to confirm if RSA Authentication Manager can receive UDP packets on a certain port

Document created by RSA Customer Support Employee on May 15, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038857
Applies ToRSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
 
IssueThis article provides steps to test whether the following agents that reside on a Linux box can receive UDP packets on a certain port number.
This can help determine if the issue is on the RSA Authentication Manager side or on the agent side.
ResolutionIn the following scenario, test if the RSA Authentication Manager can receive UDP packets on port 5500. UDP 5500 is the default port and protocol that is used for agent authentication for RSA. The port number and the protocol can both be changed.
  1. SSH or directly access a Linux machine (which may have the client on it) that can reach the RSA Authentication Manager server.
  2. Run the command echo "This is my data" > /dev/udp/<IP address>/<port> on the Linux machine. Be sure to change the IP address in the command to your RSA Authentication Manager IP address and change 5500 to the port being tested. For example,


echo "This is my data" > /dev/udp/192.168.231.5/5500


  1. Launch an SSH client, such as PuTTY.
  2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup, another username may have been selected. Use that username to log in.


login as: rsaadmin
Using keyboard-interactive authentication.
Password:<enter operating system password>
Last login: Tue May 12 21:39:41 2020 from 192.168.231.1
RSA Authentication Manager Installation Directory: /opt/rsa/am


  1. Elevate privileges to root to run tcpdump.
  2. On the RSA Authentication Manager side, capture all traffic coming on port 5500 using the command tcpdump -i eth0 -n -vv -s 0 port 5500 and host <IP address>.
  3. After starting the tcpdump with the correct IP address for the agent, run the echo command from step 2:


rsaadmin@am82sp1:~> sudo su -
rsaadmin's password: <enter operating system password>
am82sp1:~ # tcpdump -i eth0 -n -vv -s 0 port 5500 and host 192.168.231.192
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:01:25.296635 IP (tos 0x0, ttl 64, id 31186, offset 0, flags [DF], proto UDP (17), length 44)
192.168.231.192.41668 > 192.168.231.5.5500: [udp sum ok] UDP, length 16




 

This shows that the RSA Authentication Manager server received the UDP packets.
NotesTo test sending TCP packets, change the udp in the echo command to tcp, as shown:

echo "This is my data" > /dev/tcp/192.168.231.5/5500

Attachments

    Outcomes