Troubleshooting Mangled Packet

Document ID : KB000023673
Last Modified Date : 14/02/2018
Show Technical Document Details


Troubleshooting Mangled Packet ports conflict




1. Generally, the mangled packet and bad header errors mean that some device is broadcasting on a UDP port that is already being used by Network Health. By default, the eHealth pollers use UDP ports above port 1024. If a device is broadcasting on a port that the eHealth pollers are utilizing, you will see the Mangled Packet errors. This is due to the fact that when the poller receives the broadcasts, it gets confused because the information of that broadcast doesn't correspond to any SNMP responses. If this is the case, a network configuration change will need to be made to assure these ports are not used by other devices on the network, or the eHealth host machine can be re-booted so that eHealth utilizes different ports (This is generally temporary as the broadcasting should be addressed).

2. A protocol that has been known to cause such conflicts is GDP (Gateway Discovery Protocol) Some Cisco Routers broadcast on UDP 1997 for this protocol. This protocol has known conflicts with the UDP ports used by Network Health during its polling cycle. This configuration can be determined by contacting the Network Administrator. Note that there is a command that can be run to configure the UDP ports used by eHealth to run on a different variance of ports, but this is only for Solaris systems. The ndd command sets driver configuration parameters so the UDP ports which the poller uses to listen are above UDP 2000:
ndd -set /dev/udp udp_smallest_anon_port 2000

3. There may be an issue with the SNMP agent on the device. This may be detected by running a full MIB walk of the device using the following command (If this is a device which you are polling). If the agent is bad then we shouldn't be able to dump it successfully. There maybe errors in what the dump that point to this. Run the following command and contact Concord Technical Support: "nhSnmpTool -c <community_string> [-Server] -f <PATH>/walk.out <ip_address>"

4. Include the following information when contacting Technical Support:
$NH_HOME/poller/pollerStatus/*.log $NH_HOME/poller/pollerStatus/*.log.bak.
On NT, if "Accept SNMP packets from these hosts" is selected then verify the sending host is listed in the SNMP Services applet, Security tab - lower portion of window has host entered