RE: [nv-l] using tcpdump or ethereal to capture SNMP authenticati on fa

More info ...

http://www.tcpdump.org/lists/workers/2002/07/msg00100.html

Folks,

The current version of tcpdump will only print the community string found
in an SNMP packet if it is NOT "public".  I move that print-snmp.c be
modified to treat all commnity strings the same (cuts down on cpu %^).

Currently output looks like so:

# tcpdump -n -i eth0 -c 1 udp and port 161
tcpdump: listening on eth0
19:15:01.359060 192.168.114.97.36382 > 192.168.40.51.161:
GetNextRequest(16)  (DF)

It would look like this with a minor change to print-snmp.c:

# tcpdump -n -i eth0 -c 1 udp and port 161
tcpdump: listening on eth0
19:15:01.359060 192.168.114.97.36382 > 192.168.40.51.161:  C=public
GetNextRequest(16)  (DF)

Any objections?

Jason Allison
Principal Engineer
ARINC Incorporated
Office:  (410) 266-2006
FAX:  (410) 573-3026


-----Original Message-----
From: Allison, Jason (JALLISON) [mailto:JALLISON AT arinc DOT com]
Sent: Monday, January 06, 2003 3:32 PM
To: 'nv-l'
Subject: RE: [nv-l] using tcpdump or ethereal to capture SNMP
authenticati on failures


What does your output look like?  Try running this, here is an example of
some output:

# tcpdump -vv port 161
tcpdump: listening on all devices
11:40:51.570203 eth0 > nms.server.51524 > 192.168.1.14.snmp:
|30|60|02|01SNMPv1|04|09C=xxxxxxx |a0|50GetRequest(80)
|02|04|02|01|02|01|30|42 |30|11|06|0dE:cisco.9.13.1.3.1.3.1|05|00
|30|11|06|0dE:cisco.9.13.1.3.1.3.3|05|00|30|0c|06|
08system.sysUpTime.0|05|00 |30|0c|06|08system.sysName.0|05|
00 (DF) (ttl 64,id 0)

Jason Allison
Principal Engineer
ARINC Incorporated
Office:  (410) 266-2006
FAX:  (410) 573-3026


-----Original Message-----
From: Westphal, Raymond [mailto:RWestphal AT erac DOT com]
Sent: Monday, January 06, 2003 1:35 PM
To: NV List (E-mail)
Subject: [nv-l] using tcpdump or ethereal to capture SNMP authentication
failures


Hello Everyone,

NV 7.1.3 on AIX 4.3.3 ML10.

Anyone out there have some examples on how to run tcpdump or ethereal to
capture SNMP traps and get requests, etc? I'm trying to get the SNMP
community string that NV is using when it polls. 

I tried this with tcpdump but did not see the community strings:
        tcpdump -I -w /tmp/somefile.txt -i en4 \(ip host router1 or ip host
router2 or ip host router3\)

then to view the file:
        tcpdump -r /tmp/somefile.txt



Thanks,

Ray Westphal
Enterprise Rent-A-Car


---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com
For additional commands, e-mail: nv-l-help AT lists.tivoli DOT com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)

---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com
For additional commands, e-mail: nv-l-help AT lists.tivoli DOT com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
RE: [nv-l] using tcpdump or ethereal to capture SNMP authenticati on failures
