Hi,
I just tried that, made an snmpwalk and i see:
Lots of SNMP answers. But i don't see the outgoing SNMP packets.
Of course not - your Filter let pass only packets with source port 161
or 162. And those are coming from the destination SNMP Agent!
If you open a socket and point it to an SNMP Agent, the kernel on your
server will use a random source port, to send your packets from. The
destination port is 161. So your tcpdump will filter those packets out.
You MIGHT be able, to tell snmpwalk, to use port 161 as source port.
But only one process can do that (as far, as i know, but i don't know
all - See SO_REUSEADDR)
When the SNMP Agent on the other side answers, it will use the open
socket with port 161, which will then be the source port - those
packets are then accepted by your tcpbump filter.
If the remote machine sends SNMP Traps, the same will happen - the
kernel will use a random source port and port 162 as destination port.
So ALL traps will be filtered out!
It MIGHT be, that the trap agent uses port 162 as source port too...
In that case, you will see incoming traps.
The reason, why you don't see any packets will most probably be, that
the remote device, that you have been sending SNMP requests to, is not
answering.
Replace the "src port" by "port" and you will see something - i am
almost sure...
On Tue, 18 Oct 2011 11:52:22 +0530
Ravi Kumar <mynets...@gmail.com> wrote:
> I am not getting SNMP packets dump by using above filter.
>
>
> Thanks,
> Shardul
>
> On Mon, Oct 17, 2011 at 11:43 PM, Steve Friedl <st...@unixwiz.net>
> wrote:
>
> >
> > ** **
> >
> > *From:* Ravi Kumar [mailto:mynets...@gmail.com]
> > *Sent:* Monday, October 17, 2011 5:07 AM
> > *To:* net-snmp-coders
> > *Subject:* tcpdump for snmp packets****
> >
> > ** **
> >
> > Hi All,****
> >
> > Can any one tell me how can i filter snmp packets using tcpdump ?
> > Following command does not work from me.****
> >
> > tcpdump -i eth1 -T snmp "(src port 161 or 162)" -w test.log****
> >
> >
> >
> > ****
> >
> > Thanks.****
> >
>
--
mit freundlichen Gruessen / with friendly regards
Michael Buchholz michael.buchh...@de.verizonbusiness.com MSAS Support
Verizon Business Sebrathweg 20 44149 Dortmund Germany Vnet: 3171192
Tel: +492319721192 Fax: +492319722508 Home-Office: +492319479858
Verizon Deutschland GmbH - Sebrathweg 20, 44149 Dortmund, Germany - Amtsgericht
Dortmund, HRB 14952 - Geschäftsführer: Detlef Eppig - Vorsitzender des
Aufsichtsrats: Dominique Gaillard
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
