Content & Malware Analysis

Hi;

When I try to telnet to the IP address of the CAS system on port 1344, it fails. Is telnet disabled by default?

Kindly

Wasfi

Hi Wasfi,

            Telnet is not active on the CAS device. if you are looking to open a tcp connection via telnet, it should open up. You may run a pcap on the CAS to identify.

Hi Aravind;

When took a packet capture, the CAS was receiving the SYN but not sending a SYN/ACK. The same thing happens when it receives a TCP connection from an ICAP client. It simply not sending a SYN/ACK. The ICAP client here is not a Proxy SG but a Linux server. I am logging a support case.

Kindly

Wasfi

Hi,

this thread is a bit older but what was the solution?

I might have a similar case.

The ICAP connection no longer works since an unplanned software update to 2.4.1.3. Plain and secure connections no longer work. There is no tcp 3-way handshake just ping works fine.

oh and happy holidays!

Hi Wasfi,

              Do collect with an unfiltered pcap when building the case. Couple of things to check on this

1)    See whether the CAS is having unsecured ICAP on port 1344 enabled. Check this at CAS UI > Settings > ICAP and under Service. It is possible that only Secure ICAP on port 11344 is enabled

2)     Checking ARP will show up some routing issues. Also trying a telnet to port 1344 from same subnet could be helpful to confirm this.