Hi Shivi, A PDU can be easily encoded to an BER byte stream which represents exactly the SNMP message. Then you only have to add the IP header and compute payload length etc. and you are done.
Best regards. Frank > On 13 Feb 2015, at 04:47, Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES > PRIVATE LIMITED at Cisco) <[email protected]> wrote: > > Thanks for your reply Cris. > We need to use pcap in our project for IP spoofing as adding the extra > varbind "snmpTrapAddress” is not recognized by few NMS we have in our stack. > But I am not sure how to convert SNMP4J pdu and community target in some form > that can be consumed by pcap API for sending the packet. > > Regards, > Shivi > > From: Chris Janicki [mailto:[email protected]] > Sent: Thursday, February 12, 2015 8:19 PM > To: Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) > Subject: Re: [SNMP4J] how to create IP packet using SNMP4J > > Hi Shivi, > > Years ago we tried pcap for spoofing and ran into headaches reliably routing > the spoofed address through the network, unless both the original and > spoofing (proxy) machine's addresses were on the same subnet. Since we > couldn't always guarantee that, we didn't go further. > > Instead we've been following RFC 3584<https://tools.ietf.org/html/rfc3584> > (see Section 3.1.4). It specifies an extra varbind "snmpTrapAddress" to hold > the original/spoofed address. This RFC was written for converting v1 traps > to v2/3, but the logic still works for spoofing since most NMS applications > can recognize snmpTrapAddress. > > There may be a few NMS that don't automatically recognize snmpTrapAddress, > but usually their rules can be customized to handle it anyway. (If not, you > can tell your NMS vendor to read RFC 3584 to remind them that they *should* > handle it per the official SNMP standards! :-) > > If you're working on the project for fun or a custom project, I hope that's > helpful. But if you really just need a solution, check out our > TrapStation<http://www.augur.com> product... It's not free, but it is > supported, and avoids the frustration of starting from scratch. > > Regards, > Chris > > Chris Janicki ≡ [email protected]<mailto:[email protected]> ≡ > www.augur.com<http://www.augur.com> > > > > > > > On Feb 12, 2015, at 3:50 AM, Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES > PRIVATE LIMITED at Cisco) <[email protected]<mailto:[email protected]>> > wrote: > > Hi, > > I need to do IP spoofing while sending out the snmp trap. ? I can't use the > snmp.send(pdu, target) for sending trap as I need to modify the source IP in > the outgoing trap. > I am using jnet pcap librabry for IP spoofing which creates an IP packet and > sends it. I need to understand how can I form an IP packet from snmp pdu and > target. Does SNMP4J provides some API for this > > Regards, > Shivi > > _______________________________________________ > SNMP4J mailing list > [email protected]<mailto:[email protected]> > https://oosnmp.net/mailman/listinfo/snmp4j > > _______________________________________________ > SNMP4J mailing list > [email protected] > https://oosnmp.net/mailman/listinfo/snmp4j _______________________________________________ SNMP4J mailing list [email protected] https://oosnmp.net/mailman/listinfo/snmp4j
