Hi Guys.
I have BigFix clients on windows listening to IPV4 loopback UDP random port “not 52311”, any one has the same behavior ? and any idea why ?
Thanks
silly question. How do you know this is the case?
I’m not certain why this would be. Does it seem to be there all the time on these systems?
This might be explainable if the system in question is a BigFix relay. I also wonder if Wake-On-Lan forwarding would cause this. This could be an unintended consequence of the BigFix client calling a windows API, but if so, I would expect it’s effect to be temporary and only happen when the client is evaluating the relevance that would cause that API to be called. If so, then I would try >this< client setting to see if it has an effect because it will cause the client eval loop to stop for 10 minutes at a time. ( Side Note: I recommend this setting for all VMs & Laptops )
I asked the platform team if this could somehow relate to the BigFix ClientUI and/or SSA app, but that doesn’t seem to be the case either based upon how that works. They also didn’t see other instances of the client opening a UDP socket, which makes me wonder more about a WinAPI call being responsible.
###Does this relevance detect this case on systems that you know to have this state?
(local ports of it, local addresses of it, (if udp of it then "UDP" else "TCP:" & (tcp state of it as string)) ) of sockets whose(exists processes whose(name of it = "BESClient.exe") of it) of networks
If so, this will help me find systems that I may have that have this state so I can investigate further.
@jgstew Thanks for your answer !
Unfortunately this is not a temporary situation, I monitor it on more than one windows machine with and without relay installed.
Yes this relevance detected all the windows systems with such behavior, one example is as the following:
52311, 0.0.0.0, UDP
56959, 127.0.0.1, UDP
52311, 0:0:0:0:0:0:0:0, UDP
1 Like