I am using following snmptrap command to generate v2 traps. This generates a trap and it's received on Manager. However, the received trap has source address as sender's machine IP address. My requirement is to send the trap with someother IP
'''
snmptrap -v 2c -c abcd 1.1.1.1 '' '.1.3.6.1.6.3.1.1.5.4' .1.3.6.1.6.3.1.1.5.4 s "Interface-name" ifAdminStatus i 1 ifOperStatus i 1
'''
Can someone please guide me how to do modify the source IP in snmptrap command for v2?
Related
I am trying to make a program that automatically lists all of the connections to my computer from outside of the router. The end goal of this script is that I would like to be able to have a clean list of the external IP addresses of every server/website I am connecting to. I am also trying to use this as a way to learn more about how networks, websites, and servers work so I am sorry for any mistakes I make with terminology and general knowledge!
My tcpdump bash script:
while :
do
# get myip and assign it to a variable
myip="$(ifconfig wlp2s0 | grep -E -o -m 1 "inet................" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")"
# tcpdump on my ip for all packets going to or from my ip address. the ipaddress of the packets is placed in IP Address.txt
sudo tcpdump -c 1 -nn host "$myip" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" >> IPaddress.txt
done
I thought that tcpdump would be the tool for this however I confess that I do not know how tcpdump works. This script is a bash file that I am running through ubuntu. How would I use tcpdump to collect the IP address of every website that I am connecting to? I read the tcpdump documentation and believe it can help me achieve my goal however if there are better tools out there I would love to hear it! Currently, this code only displays internal IP addresses. ;(
I'd lean more towards using ss or netstat.
ss --all --ipv4
Would show all IPv4 connections.
The same works for IPv6 of course; and you could add one of many arguments to get more detailed information if you want, such as --processes, --extended, or --info.
There's also a few more arguments to control the output format, making it more suitable for parsing:
ss --all --ipv4 --processes --no-header --oneline
Suggest to follow ss command .
Learn about ss command here.
I am using snmp traps and i am able to send the traps from the commandline with snmptrap. There i need to define the sink for the snmp trap but the IP address is configurable via a configuration. The configuration writes the IP address in the snmp.conf file as trap2sink. Is there a possibility to call the snmptrap command without an ip address and that the trap is then automatically send to the defined sink in the config file?!
Try In your snmp.conf:
defTarget snmptrap domain ip:port
,where
domain is protocol (tcp\udp\IPv6\ssh and so on)
ip:port is IP and port (127.0.0.1:162)
I am using Linux based snmp (net-snmp) in my Linux device. To receive snmp trap on Linux host machine, I have configured snmptrapd in /etc/snmp/snmptrapd.conf file as below (After stopping snmpd daemon)
createUser user MD5 "password123" DES "encrypt123"
authuser log user authPriv
Above configuration allow me to receive snmp trap on Linux host machine when I execute below command from my Linux device
snmptrap -Ci -v3 -u user -a MD5 -A password123 -x DES -X encrypt123 -l authPriv 10.103.0.110 '' Test-MIB::statusChangeNotification Test-MIB::statusChangeAlarm s 'status change'
Now if I execute above snmptrap command with same user and SHA/DES configuration (as below) then in that case snmptrap command is failing with "snmpinform: Authentication failure (incorrect password, community or key)" error message. (snmptrapd is stopped and started after SHA/DES configuration as above.)
snmptrap -Ci -v3 -u user -a SHA -A password123 -x DES -X encrypt123 -l authPriv 10.103.0.110 '' Test-MIB::statusChangeNotification Test-MIB::statusChangeAlarm s 'status change'
Can anybody suggest possible reason behind this error?
Does snmptap command maintain usmUser table which not allow same user entry with different authentication type?
Is there any way to reset usmUser table?
Is there any additional configuration required?
Have you tried removing the quotation marks from both your username and password in the snmptrapd.conf?
It should not work. This is absolutely expected behavior. The user configuration should match on both sides (trap sender and trap receiver).
The SHA1 and MD5 are totally different auth protocols. They do produce different hash codes for the same input data.
I am not getting SNMP traps using snmpwalk. However another SNMP client ("ManageEngine") on the same Windows PC, easily gets all the traps. Also the Wireshark shows that the traps are arriving quite fine.
Please guide me, am I doing something wrong?.
the command:
snmpwalk.exe -v 2c -c public -t 10 IP:Port
Timeout: No Response from IP:Port
You are able to receive trap because your manager on local machine is listening to traps send by remote machine , at port 162.
This does not mean snmpwalk will work. Because in that you are client and sending snmp query to remote host at port 161.
Reason for not responding May be access control list at remote end.
Wrong community string..
Please check at very first that your server is actively listening for query
Check can be done by nmap for listening
Nmap -sU ip -p 161
snmpwalk is not suppose to receive any traps by design. It is used to traverse the MIB tree using GET-NEXT, GET-BULK requests.
Instead you should be using snmptrapd to receive traps.
I'm trying to send a snmp trap with these command line :
snmptrap -v 1 -c public host '1.2.3.4.5.6' '192.193.194.195' 6 99 '55' 1.11.12.13.14.15 s "teststring"
or
snmptrap -v 2c -c public host "" UCD-NOTIFICATION-TEST-MIB::demoNotif \
SNMPv2-MIB::sysLocation.0 s "Just here"
But I get this error message :
getaddrinfo: host Name or service not known
getaddrinfo("host", NULL, ...): Name or service not known
snmptrap:
zsh: exit 1 snmptrap -v 1 -c public host '1.2.3.4.5.6' '192.193.194.195' 6 99 '55' s
What's wrong ? It seems I don't get something..
My final aim is just to send a trap on localhost on a specific port in a shell script..
EDIT : I have a new error :
read_config_store open failure on /var/lib/snmp/snmpapp.conf
How can I fix that ? I can't modify any files on the computer. I just can write some lines in a shell script to send a trap..
I think the host "host" does not exist on your network. Try putting in the IP address or existent host name of the trap destination, instead.
BTW, you don't need to put quotes around the OID strings.
There is more info about the syntax of the command on the man page, "man snmptrap"
Edit:
Your second error looks like the result of a misconfiguration of the machine you're working on. Either the person who built (compiled) the program made a mistake, or the sysadmin has set unusual permissions on some files/directories.
Assuming it's some sort of Unix/Linux, I've searched the web for suggestions, and you could try setting the shell variable SNMP_PERSISTENT_DIR to a directory writable for the user (e.g. /tmp). Then try the command again.
I.e. if using Bash:
# SNMP_PERSISTENT_DIR=/tmp
# export SNMP_PERSISTENT_DIR
# snmptrap <etc>