Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Radio Signaling Link Protocol (RSL) used by NATS Traffic

Solved2.53K views19th July 2023#communication NATS
1
Ryan Beevers [DevOps Member]64 12th July 2023 0 Comments

While investigating a connection issue between two DMAs in our cluster, we observed traffic with source port 4222 using a protocol called Radio Signalling Link. Many of the packets using this protocol are malformed. I did some research on this protocol and it seems to be a protocol used in telecommunications networks between transceiver stations and station controllers. It seems odd that this traffic is being seen between two Windows server hosted DMAs on an enterprise network. We also do not see this traffic between all of our DMAs, just ones in particular security zones.

I am curious about the function of this protocol within NATS.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 19th July 2023

2 Answers

  • Active
  • Voted
  • Newest
  • Oldest
3
Michiel Vanthuyne [SLC] [DevOps Enabler]4.10K Posted 13th July 2023 2 Comments

Hi Ryan, I'm not aware of the RSL protocol being used by NATS or DataMiner, would it be possible that there is another application on those servers or a device in those security zones that is using this RSL protocol? Would it be possible that the network traffic monitor is incorrectly recognizing some messages as RSL while they are actually NATS messages?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 19th July 2023
Floris Cockaerts [SLC] [DevOps Advocate] commented 13th July 2023

This seems like the most plausible scenario to me too. A tool like Wireshark will assume the communication protocol based on the network port, and not the packet contents, and a port like 4222 isn’t a well-established protocol port and is used by multiple protocols.

EDIT:
Updated my local Wireshark to the latest version and captured a bit more traffic. It seems like Wireshark recognizes some of the packets as RSL, even though they’re all part of a single NATS TCP stream. Presumably the raw contents of these packets are tripping up the protocol detection in Wireshark.

Ryan Beevers [DevOps Member] commented 17th July 2023

@Floris Cockaerts: That is interesting that you observed the same phenomenon after updating WireShark to the latest version. We just updated WireShark as well, and I had not noticed this traffic prior to the update.

After doing more investigation into this traffic, which is present on our other clusters, I agree that the most plausible scenario seems to be WireShark misidentifying packets. Thank you everyone for answering and looking into this!

0
Arunkrishna Shreeder [SLC] [DevOps Advocate]4.00K Posted 13th July 2023 0 Comments

Hi Ryan, I am unable to find this protocol in our Catalog. Is this your own protocol ?
The best way to check this would be using Wireshark. You can easily see what frames are being sent over the port 4222 between DataMiner and the device running this protocol. Have you already tried this ?

Arunkrishna Shreeder [SLC] [DevOps Advocate] Answered question 13th July 2023
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Web Applications exception in Cube due to invalid certificate 0 Answers | 0 Votes
Redundancy Groups and Alarming – Duplicate Alarms 0 Answers | 0 Votes
Correlation Engine: “Test rule” doesn’t result in a hit, despite functional rule 1 Answer | 3 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (109) Correlation (69) Correlation rule (52) Cube (151) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (140) driver (65) DVE (56) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (152) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin