Thanks for your reply Cris. We need to use pcap in our project for IP spoofing as adding the extra varbind "snmpTrapAddress” is not recognized by few NMS we have in our stack. But I am not sure how to convert SNMP4J pdu and community target in some form that can be consumed by pcap API for sending the packet.
Regards, Shivi From: Chris Janicki [mailto:[email protected]] Sent: Thursday, February 12, 2015 8:19 PM To: Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) Subject: Re: [SNMP4J] how to create IP packet using SNMP4J Hi Shivi, Years ago we tried pcap for spoofing and ran into headaches reliably routing the spoofed address through the network, unless both the original and spoofing (proxy) machine's addresses were on the same subnet. Since we couldn't always guarantee that, we didn't go further. Instead we've been following RFC 3584<https://tools.ietf.org/html/rfc3584> (see Section 3.1.4). It specifies an extra varbind "snmpTrapAddress" to hold the original/spoofed address. This RFC was written for converting v1 traps to v2/3, but the logic still works for spoofing since most NMS applications can recognize snmpTrapAddress. There may be a few NMS that don't automatically recognize snmpTrapAddress, but usually their rules can be customized to handle it anyway. (If not, you can tell your NMS vendor to read RFC 3584 to remind them that they *should* handle it per the official SNMP standards! :-) If you're working on the project for fun or a custom project, I hope that's helpful. But if you really just need a solution, check out our TrapStation<http://www.augur.com> product... It's not free, but it is supported, and avoids the frustration of starting from scratch. Regards, Chris Chris Janicki ≡ [email protected]<mailto:[email protected]> ≡ www.augur.com<http://www.augur.com> On Feb 12, 2015, at 3:50 AM, Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) <[email protected]<mailto:[email protected]>> wrote: Hi, I need to do IP spoofing while sending out the snmp trap. ? I can't use the snmp.send(pdu, target) for sending trap as I need to modify the source IP in the outgoing trap. I am using jnet pcap librabry for IP spoofing which creates an IP packet and sends it. I need to understand how can I form an IP packet from snmp pdu and target. Does SNMP4J provides some API for this Regards, Shivi _______________________________________________ SNMP4J mailing list [email protected]<mailto:[email protected]> https://oosnmp.net/mailman/listinfo/snmp4j _______________________________________________ SNMP4J mailing list [email protected] https://oosnmp.net/mailman/listinfo/snmp4j
