Timeout in SNMP GET - snmp

I tested the following code of a SNMP GET command with Python using pysnmp
g = getCmd( SnmpEngine(),
CommunityData( 'escom' ),
UdpTransportTarget( ( 'localhost', 161 ) ),
ContextData(),
ObjectType( ObjectIdentity( 'SNMPv2-MIB', 'sysDescr', 0 ) ) )
next( g )
When I run it with localhost or 127.0.0.1, it works, but when I use the IP of the computer, I get a timeout error.
I also tested an example I found with Java (snmp4j) and it's the same: it works with localhost and 127.0.0.1 but not with the IP. If I make a ping to the IP, it works, so I don't understand why this happens.
I'm using Windows 10 and configured the SNMP agent following this tutorial.
Is there a way to avoid the timeout when I use the IP?

First thing first -- are you certain that your remote SNMP agent is configured to respond to you? Do you use the same SNMP community name and SNMP version as your remote agent is configured to use?
That may also be a network connectivity problem. Off the top of my head, that can be a firewall rule that drops incoming SNMP packets (e.g. responses) or asymmetrical routing meaning that you originate SNMP packet from one local interface while response comes to another.
To test the second hypotheses you could try querying public SNMP agent at demo.snmplabs.com. If it does not respond to you, that's a sign that you are not getting the response packets.
The other direction you can take is to set up Wireshark at your local machine and see if SNMP traffic (UDP, port 161) is getting back to you.

Related

Listening for UDP response from DLNA renderer with BASH on WSL

I'm attempting to write a script to connect to a DLNA audio renderer.
There are a few articles on the web giving information on how to do this using UDP and curl, however in my particular scenario I'm having some difficulties.
The first step is to send a UDP multicast announcement over the network to discover DLNA devices on the network.
The message sent to discover devices is:
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MX: 5
Man: "ssdp:discover"
ST: urn:schemas-upnp-org:device:MediaRenderer:1
All lines in this message sent over UDP should have crlf line endings and the last line should have an extra crlf according to this article
That all seems fine. And if the message above is in a file devicediscovery.txt supposedly it's possible to use netcat to send out this message:
cat devicediscovery.txt | nc -u -4 239.255.255.250 1900
239.255.255.250:1900 is the multicast address and port over which DLNA devices communicate.
This all seems fine too, however, as is pointed out in the linked article netcat ignores the response from the dlna media renderer because there is a mismatch in IP addresses the message is sent out over the dlna multicast address, though the response comes from the router. The article suggests using tcpdump to capture the response, however I'm on Windows and using Bash on Windows WSL so tcpdump is not available and such a technique would possibly be complicated when developing a script to automate the dlna connection.
Would it be possible to use two seperate instances of netcat? One instance sending the message over the dlna multicast address and the other listening for the response from the router?
I have tried to get this working, however I'm unsure which port netcat should be listening on to hear the incomming response. Is there a standard port that netcat should listen on?
I've tried commands such as: nc -luv 192.168.0.1, however I get an error Servname not supported for ai_socktype. I've tried to remedy this by playing around with /etc/services but had no luck.
What command can I use and how must I configure the system to listen for the response from the search for dlna devices? I'd like to parse the response in a script so that the dlna connection can be automated.
Although you mention issues with DLNA it looks that you are really asking for how to best troubleshoot this.
Network cards don't allow access to incoming traffic unless set in promiscuous mode. Netcat won't be able to do what you need because of this. But, you can use Wireshark to read the traffic on the interface. TCPdump and Wireshark have close ties and almost interchangeable.
https://www.wireshark.org/
I would recommend to use it to troubleshoot further. Ppost the capture (not just a picture) and show where it failed.

Is there a single snmp command to get list of snmp enabled devices in some ip address range

In my network, I want to scan for snmp enabled devices. So is there any single line snmp command, to get list of snmp enabled devices in specific range of IP Address like 172.26.1.1 to 172.26.1.255.
I found a link which says it is possible but it does not mention the command.
https://support.panorama9.com/hc/en-us/articles/203568188-Test-if-SNMP-devices-are-responding-correctly-to-SNMP-queries
Is there any generic OID to achieve this or single snmp command ?
Well, you can try to use the subnet broadcast address but from the SNMP FAQ most devices have this turned off. So this probably won't work very well.
http://www.snmp.com/FAQs/snmp-faq-part2.txt
2.60.12
SUBJECT: How should an agent respond to a broadcast request?
When an SNMP request is sent with a broadcast address, Who is
supposed to respond? Ideally every host in the subnet should respond.
But I notice that it doesn't happen. What is the expected behaviour when
a directed broadcast is done?
Depending on how the agent is written, it may respond, or
just drop the message. Many agents just drop the message.
I believe that is what the SNMP agent in cisco product do.
Another alternative is to try to use nmap to scan for hosts that respond to SNMP as well as attempt to see what community strings they respond to.
https://www.vanstechelman.eu/networking/scanning_for_snmp_services_with_default_community_strings
also
https://nmap.org/nsedoc/scripts/snmp-brute.html

Automatically send magic package on access

I configured my Windows 8 machine that it listens to magic packages send from other PCs to start it. It works very good. BUT I don't want to explicitly send a magic package, I would rather prefer it if I could send a magic package automatically when I try to access the PC over network.
I tryed using an smbclient event (30803). I configured this event to trigger a command line WOL. But This command will be triggered each time I get this event, no matter which PC I try to reach. I don't want to wake up PC-X when I actually try to access PC-Y.
Is there another way?
This sounds interesting... a possible solution would be, create a windows service and install it on the server or a computer that uses to be up. This service basically would be a network sniffer that captures all tcp traffic in network. It would have a table with ips and MAC addresses (to get MAC from an IP) that should be filled previously with manually or better... from ARP table (I did a program that gets IP / MAC from ARP table but has its issues... so each machine plugged on the LAN will get its MAC / IP), also this service would have last date ping done to each IP.
Then... how it would work... the service would capture all TCP packets and make a list of distinct IP, then each second or two get all distinct IPs (this will guarantee that the service is not consuming a lot of system resources), and on each distinct ip check last ping: if last ping was done successfully in last 5 or 10 minutes nothing is done (machine is guessed up), if no ping done or success in 5-10 minutes a ping is made. Based on ping response... if the machine is not responging magic packet is sent to MAC (provided from ARP when machine is up or manually as commented before). If ping responds nothing is done. Ping result and date is stored to avoid pings to all machines every time. Instead of ping also its possible to do it reading ARP table.
I this approach, system resources are preserved, and pings are made with sense, also magic packets are not sent if machine is up or guessed up.
Note that firewall should allow ICMP.

How to set up a ping tunnel without a host and a proxy

I have been reading about setting up a ping tunnel to access the internet when you can only send ICMP packets. Ptunnel seems to be a popular program and the instructions to use it can be found here http://www.cs.uit.no/~daniels/PingTunnel/. The instructions to this program say that you must have both a client and proxy computer.
I do not understand the benefit of a ping tunnel if you must have a proxy computer that can send TCP/IP packets. If I had a computer that could do that, I wouldn't need to set up the tunnel in the first place. Can someone please explain this to me, why is a proxy necessary and if it is how is ping tunneling useful then?
NSNolan
Well, let's assume you have a server (PC running linux for example) in your home where it has total internet access and now you are at work/airport/hotel with your laptop where you have no access to tcp without paying.By setting an icmp or dns tunnel you can "encode" your packets to appear as if they were pings/nslookup, those packets destination is always your server. When the server recieves those pings from you, it "decodes" them and totally understand what you are trying to reach (like a website or download a file as an example).
Then your server serves you and get the information you are seeking and "encode" them again into icmp/nslookup like packets. Those packets can reach you without any problem and once they do, your laptop can decode them back into useful information (just like the ones it would recieve with tcp). That encoding & decoding are what the Ptunnel do. Though I'm not professional I think that is the total point.

Boost-ASIO simple echo client-server cannot establish connection?

I'm using BOOST-ASIO for a simple echo client-server (there is a separate link for the client and server). When I try to run the server I use this async_tcp_echo_server 4000. For the client I use blocking_tcp_echo_client #.#.#.# 4000 (with #.#.#.# as the ip address). I'm on XP-SP3 with my computer connected to my wireless dsl modem using a usb card. After a few seconds on the client side I get this error:
Exception: connect: A connection attempt failed because the connected party did
not properly respond after a period of time, or established connection failed be
cause connected host has failed to respond
Any ideas what it could be? I turned off my firewall including the windows firewall and still I get no response. Could my port be in the incorrect range? Do I need to include a computer name to specify the machine on the network( there are other machines on the network sometimes active)? I did try running this on another computer directly connected to the dsl modem and same issue. I did ping my address and that did work for 4/4 packets.
It could be a variety of issues. Thus, it can be worthwhile to use lower level networking tools, such as netcat to serve a port on the server, and try connecting with netcat from the client side. This can help simplify the problem by removing any potential problems introduced by an application's network programming code. If the problem is identified as being a network issue, then there are a few things to check:
Verify firewall exceptions on the server.
Verify firewall exceptions in the server's network gateway.
If the server and client are on different networks, with the client trying to connect to the server's external IP, then verify that the server's gateway knows what traffic to route to the server. This may require setting up rules, such as port forwarding, in the routing device.
If the server and client are on the same network, but the client is trying to connect to the server through the network's external IP, then verify that the gateway supports looping back internal traffic destined to the external IP.
Use a network analyzer tool, such as Wireshark, to verify that the time to live field in the packets is high enough that it will not be discarded.
you could try
$ telnet server-ip 4000
from your client and see if it is possible to establish the tcp connection.

Resources