SNMP Trap to defined sink - snmp

I am using snmp traps and i am able to send the traps from the commandline with snmptrap. There i need to define the sink for the snmp trap but the IP address is configurable via a configuration. The configuration writes the IP address in the snmp.conf file as trap2sink. Is there a possibility to call the snmptrap command without an ip address and that the trap is then automatically send to the defined sink in the config file?!

Try In your snmp.conf:
defTarget snmptrap domain ip:port
,where
domain is protocol (tcp\udp\IPv6\ssh and so on)
ip:port is IP and port (127.0.0.1:162)

Related

How to spoof source address when using snmptrap to use a different IP other than localhost

I am using following snmptrap command to generate v2 traps. This generates a trap and it's received on Manager. However, the received trap has source address as sender's machine IP address. My requirement is to send the trap with someother IP
'''
snmptrap -v 2c -c abcd 1.1.1.1 '' '.1.3.6.1.6.3.1.1.5.4' .1.3.6.1.6.3.1.1.5.4 s "Interface-name" ifAdminStatus i 1 ifOperStatus i 1
'''
Can someone please guide me how to do modify the source IP in snmptrap command for v2?

MAC Address Blocking/Filtering on Wifi Access Point using command line terminal

I am able to get Wifi connection in Raspberry Pi from wifi card acting as Access Point in Jatson Nano.
But now i want to continuously look into devices that are getting connected to Jatson Nano AP and kick off other than Raspberry Pi. If i assume, i know the MAC Address of Pi, is it possible to kick off any device that does not match that MAC Address?
Note : This AP is wifi card and not router, so do not have Settings Panel to filter MAC address and can only be done using terminal command by either ssh or some bash/python script
Is it possible to block/filter specific MAC Address using terminal?
You can try using iptables to filter by MAC address. Check out this answer.
# Create the DHCP_clients chain in the 'raw' table
iptables -t raw -N DHCP_clients
# Incoming DHCP, pass to chain processing DHCP
iptables -t raw -A PREROUTING -p udp --dport 67 -j DHCP_clients
# Allowed DHCP clients
iptables -t raw -A DHCP_clients -m mac --mac-source <ALLOWED MAC> -j ACCEPT
# Deny other clients not listed above
iptables -t raw -A DHCP_clients -j DROP
Specify the raw table with -t.
raw: This table is used mainly for configuring exemptions from connection tracking in combination with the NOTRACK target. It registers at the netfilter hooks with higher priority and is thus called before ip_conntrack, or any other IP tables. It provides the following built-in chains: PREROUTING (for packets arriving via any network interface) OUTPUT (for packets generated by local processes)
-t, --table table
This option specifies the packet matching table which the command should operate on.
and create a new chain name to reference.
-N, --new-chain chain
Create a new user-defined chain by the given name. There must be no target of that name already.
the raw table provides PREROUTING(for packets arriving via any network interface), -A appends the rule to your chain.
DHCP uses ports 67 and 68 and the UDP protocol. You can prevent DHCP requests by blocking communication on these ports.
-A, --append chain rule-specification
Append one or more rules to the end of the selected chain.
then you have rules to ACCEPT only the MAC addresses you want and DROP all others.
iptables manual

Jmeter slaves nodes: one in same subnet and second in other subnet

I am using below command to execute the test using two slaves where one slave is in same subnet as master and second slave is in different region from Master machine.
Jmeter -Djava.rmi.server.hostname=127.0.0.1 -n -t 192.168.XX.XX:24001,127.0.0.1:24002 -o c:\Users\a106275\Desktop\result1.csv
192.168.XX.XX: Slave in same subnet
127.0.0.1:24002: Slave in different subnet
I am unable to see results from slave 192.168.90.XX which is same region. Can you please help me understand how do I get the results from slave in same region?
As per Special-Use IPv4 Addresses
127.0.0.0/8 - This block is assigned for use as the Internet host
loopback address. A datagram sent by a higher level protocol to an
address anywhere within this block should loop back inside the host.
This is ordinarily implemented using only 127.0.0.1/32 for loopback,
but no addresses within this block should ever appear on any network
anywhere
So double check available IP addresses on the machine, my expectation is that you should be using other interface instead (unless you have master and slave running on the same node)
Your command line is missing -R switch, it should look like:
Jmeter -Djava.rmi.server.hostname=127.0.0.1 -n -t -R 192.168.XX.XX:24001,127.0.0.1:24002 -o c:\Users\a106275\Desktop\result1.csv
^ mind this key
See the following reference material for more information:
Remote Testing
How to Perform Distributed Testing in JMeter
JMeter Distributed Testing Step-by-step

snmpwalk shows no response but another SNMP client & Wireshark works fine

I am not getting SNMP traps using snmpwalk. However another SNMP client ("ManageEngine") on the same Windows PC, easily gets all the traps. Also the Wireshark shows that the traps are arriving quite fine.
Please guide me, am I doing something wrong?.
the command:
snmpwalk.exe -v 2c -c public -t 10 IP:Port
Timeout: No Response from IP:Port
You are able to receive trap because your manager on local machine is listening to traps send by remote machine , at port 162.
This does not mean snmpwalk will work. Because in that you are client and sending snmp query to remote host at port 161.
Reason for not responding May be access control list at remote end.
Wrong community string..
Please check at very first that your server is actively listening for query
Check can be done by nmap for listening
Nmap -sU ip -p 161
snmpwalk is not suppose to receive any traps by design. It is used to traverse the MIB tree using GET-NEXT, GET-BULK requests.
Instead you should be using snmptrapd to receive traps.

how to capture network traffic in the pcap file using tcpdump command?

I want to capture network trafic of my application using tcpdump command.
I'm implemented the Websocket client and server, in which server is sending messages to the connected clients continously. So in that scenario I just want to capture this messages in one pcap file.
previously I used this command which is not working properly :
sudo tcpdump -ni eth0 -s0 -w mycap.pcap
Can anyone told me how to capture such type of network traffic using tcpdump command?
Your syntax is correct.
Are you receiving an error, or is your file "mycap.pcap" empty?
If your file is unexpectedly empty, check if you have another interface that is receiving the traffic.
If all else fails, try -i any for the interface.

Resources