ControlUp Community

Connect, Learn, and Grow

IGEL thin clients using port 44484 for trace routes in Edge DX

Posted on

According to the source code, Edge DX uses traceroute or tracepath to perform trace routes, depending on which one exists. For IGEL devices, only tracepath seems to be available. The port used is random, but usually starts at 44444 and adds a varying modifier based on the version. It is possible that IGEL or the underlying OS uses a static offset. On 12/31, the security team noticed traffic on port 44484 from our IGEL thin clients, which may be caused by additional Network Latency targets set in Edge DX settings. To confirm, they will disable the targets and monitor the traffic.

Read the entire ‘IGEL thin clients using port 44484 for trace routes in Edge DX’ thread below:

Does Edge DX use port 44484 to perform trace routes? Our security team reached out because all our IGEL thin clients starting on 12/31 are reaching out to Google DNS and one of our Horizon URLs over port 44484.

Could it be possible that someone configure additional Network Latency targets in Edge DX settings?

It looks like those are configured, yes. These are set to run every 15 minutes but we’re seeing the traffic just about every second. I wonder if it’s retrying the traffic because it’s being blocked. I will disable and see if the traffic disappears.

Does that port make sense for that type of traffic?

Perhaps.

EdgeDX uses traceroute (/usr/bin/traceroute) or tracepath (/usr/bin/tracepath) depending on which one exist. Traceroute is checked first.

Checking an IGEL device in our demo environment, it looks like only tracepath exists for IGEL.

According to the tracepath docs the port is random. But looking at the source code it appears they start at 44444 and add some modifier to it. The modifier appears to change depending on version. So hard to tell. But seeing as the source port is 44444 is only 40 off of 44484, seems likely.

It’s weird that it always results in the same port. But perhaps IGEL or that particular version of IGEL uses a static offset? Or the version of the underlying OS does?

Continue reading and comment on the thread ‘IGEL thin clients using port 44484 for trace routes in Edge DX’.  Not a member? Join Here!

Categories: All Archives, ControlUp Edge DX
Topics: , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!