Also I’m seeing k2 appear to connect to hosts on p...
# kolide
Also I’m seeing k2 appear to connect to hosts on port 9?
Our servers (K2) don't actually initiate any connections to hosts, the hosts poll the servers over standard TLS/HTTPs ports via TCP. You should see traffic over 443. I can confirm that IP address is our k2device load balancer. This IP only listens to 80/443. I'm not aware of any explicit code in our agent that would cause the agent to attempt to connect on port 9. That being said, Port 9 is sometimes used to active Wake-On-LAN on a remote server. It can also be used to troubleshoot connectivity (since it's the TCP/UDP equivalent of
) My theory, is that our agent's TCP library may attempt to send traffic over this port as part of a series of steps to troubleshoot connectivity issues. I will speak more to our agent engineers to validate that theory, but I wouldn't be alarmed. If you'd rather block that port, feel free our agent works correctly with just outbound 443 enabled. See for more details.
I don’t know how to read that — is that udp or tcp?