Using WireShark on the Windows client: - I can see that the OSSEC agent send the UPD message to the right IP: 10.1.5.111 - WireShark spots an error in the IP header checksum ,which is null and should not. I don't know if it is important.
- 25 UDP paquets are sent to the server (source port change every 5 try). - then starting with the 26th the server respond (WireShark doesn't spot any problem in the server's paquets). - it continues with request / response (source port continue to change every 5 exchanges) But it doesn't change anything to my problem (same logs, same "Never connected") I am lost.
