Automic Service Packet Capture Messages

Document ID : KB000122968
Last Modified Date : 14/12/2018
Show Technical Document Details
Introduction:
When performing a packet capture for the network, messages were observed which appear to be coming from Automic Agents. There is a requirement to verify whether this is actually the case, so network traffic can be properly confirmed and monitored. 
Question:
The following messages are repeated throughout the capture (external to Automic), and it appears to be occurring at the beginning of every capture that has a 3-way handshake:

00000199UC4:global001GSSQ3

00001750UC4:global001NAT 

00002694UC4:global001NAT 

00000197UC4:global001NAT 

00000164UC4:global001NAT 

00000694UC4:global001NAT 

The numbers ahead of *UC4 appear to change frequently, but not the "global001NAT" portion. How can we verify that this traffic is coming from an Automic Agent? 
Environment:
Any Automation Engine network may potentially see this type of message in its traffic. 
Answer:
This can likely be determined via the following method: 

1) Set TCP/IP=9 on one of the suspected Agents (this can be accomplished directly via the AWI, or the Agent's .ini file which requires a restart of the Agent). 

2) Start the Agent - a trace file should generate. 

3) Traffic should be fairly consistent - run a few test jobs (such as "dir" or "ls" commands) and this should be enough. 

4) Search the generated Trace file for the "global001NAT" (or any other message in question) to confirm what time you are seeing this message (or, if you are seeing it at all). 

If the messages in question are not found, provide the latest Agent log/trace log file set for review when you open a ticket with Support and reference this knowledge article.