Can I kindly request help in troubleshooting an issue I am having with a win
client connecting to a server.
My win client is configured as such:
<client>
<!-- IP address of the Ossec HIDS server. -->
<server-ip>10.17.X.X</server-ip>
</client>
My server is as such:
<remote>
<connection>secure</connection>
<port>1514</port>
<allowed-ips>10.16.X.X</allowed-ips>
<local-ip>10.17.X.X</local-ip>
</remote>
Everything seems like it's running fine. I have a test trigger in performance
monitor to generate a log entry every few seconds for testing.
If I start tethereal on the server I get:
[EMAIL PROTECTED] myname]# /usr/sbin/tethereal -f src host 10.16.X.X or dst
host 10.16.X.X
Capturing on eth0
0.000000 10.16.X.X -> 10.17.X.X UDP Source port: 1634 Destination port: 1514
0.001290 10.17.X.X -> 10.16.X.X ICMP Destination unreachable (Port
unreachable)
104.001045 10.16.X.X -> 10.17.X.X UDP Source port: 1634 Destination port:
1514
104.001082 10.17.X.X -> 10.16.X.X ICMP Destination unreachable (Port
unreachable)
And if I check if there's anything running on 1514 I get:
[EMAIL PROTECTED] myname]# netstat -l -p | grep 1514
[EMAIL PROTECTED] myname]#
Any ideas what I should check ?
Thanks !
Philippe.
--
Philippe Béchamp
Senior Security Analyst
Openwave Systems
+1-819-334-3434 (@bell.ca for sms)
