INTRO
well for this I am going to write this in English because it was difficult to get this to work properlythe business rule is as follows:
let's get some traps from a device to our machine to port 8080 and we have to stored in a file somewhere.
Install the snmpd im using ubuntu so:
apt-get install snmpd
Save the traps in a file:
we need to modify the file
/etc/default/snmpd
and change the variables to this:TRAPDRUN=yes TRAPDOPTS='-A -Lf /var/log/snmptrapd.log -p /var/run/snmptrapd.pid’the traps are stored in
/var/log/snmptrapd.log
Configure the "community string" and the port for listen:
we need to open the file
/etc/snmp/snmptrapd.conf
and write this.snmpTrapdAddr udp:8080 authCommunity log public
we are listen in the 8080 via udp package.
"public" is the community string ,change this to match with your case scenario.
Restart the service
service snmpd restart
Simulate traps
we can do this with this command if we are in the machine(localhost).snmptrap -v 1 -c public 127.0.0.1:8080 .1.3.6.1 localhost 6 17 '' .1.3.6.1 s "Just a test"
you can change the
127.0.0.1
for the address of the machine if you are trying to test from another machineTroubleshooting
check if indeed it is listening for the corresponding port:
netstat -lnp | grep snmp
and we get something like this:
udp 0 0 0.0.0.0:42385 0.0.0.0:* 957/snmpd
udp 0 0 127.0.0.1:161 0.0.0.0:* 957/snmpd
udp 0 0 0.0.0.0:164 0.0.0.0:* 962/snmptrapd
unix 2 [ ACC ] STREAM LISTENING 9632 957/snmpd /var/agentx/master
other way is using
nmap
nmap -sU localhost
the output is something like this:
Starting Nmap 5.21 ( http://nmap.org ) at 2015-12-21 01:51 CLT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000080s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
68/udp open|filtered dhcpc
161/udp open snmp
162/udp open|filtered snmptrap
Nmap done: 1 IP address (1 host up) scanned in 1.24 seconds
anyway you can hear the port to see if it reaches something and verify that the community string is the same, we lost so much time because of a bad string they gave us
fuente1
fuente2
No comments:
Post a Comment