Home » Categories » Multiple Categories

SNMP Trap - Inbound UDP Traffic

Inbound TCP Traffic

These steps explain how to confirm that the Nagios server is receiving SNMP Trap traffic destined for it on the UDP port 162.

In this example, the following applies:

  • Remote computer sending SNMP Traps
    • 10.25.5.20
  • Nagios server receiving SNMP Traps
    • 10.25.5.30

The purpose of this test is to confirm that the network traffic is hitting the Nagios XI server. TCP dump displays the lower level of network traffic before it is intercepted by the Operating System (OS) firewall rules.

The OS firewall rules are not evaluated yet and hence this test allow you to clearly determine if this traffic is hitting the Nagios XI server.

If your tests show that no traffic is being received then there must be other firewall(s) between the sending device and the Nagios XI server that are blocking the traffic.

 

 

Install / Update tcpdump

Establish an SSH session to the Nagios server that receives SNMP Traps. Execute the following command to install the tcpdump program, depending on your OS:

RHEL | CentOS | Oracle Linux

yum -y install tcpdump

 

Debian | Ubuntu

apt-get install -y tcpdump

 

Wait while tcpdump is installed/updated.

 

 

Watch TCP Traffic - Reverse DNS Lookup

Execute the following command:

tcpdump src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

When an SNMP Trap is received it should product output like:

10:57:34.879662 IP snmpsender.domain.local.40410 > snmpreceiver.domain.local.snmptrap:  V2Trap(180)  system.sysUpTime.0=144810 S:1.1.4.1.0=E:20006.1.7 E:20006.1.3.1.2="CentOS" E:20006.1.3.1.6="Users" E:20006.1.3.1.7=0 E:20006.1.3.1.17="USERS OK - 0 users currently logged in"

 

When you have finished watching the network traffic press CTRL + C to kill tcpdump.

 

 

Watch TCP Traffic - NO Reverse DNS Lookup

Execute the following command:

tcpdump -n src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

When an SNMP Trap is received it should product output like:

10:59:17.614465 IP 10.25.5.20.43471 > 10.25.5.30.snmptrap:  V2Trap(185)  .1.3.6.1.2.1.1.3.0=155084 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.20006.1.7 .1.3.6.1.4.1.20006.1.3.1.2="CentOS" .1.3.6.1.4.1.20006.1.3.1.6="Users" .1.3.6.1.4.1.20006.1.3.1.7=1 .1.3.6.1.4.1.20006.1.3.1.17="USERS WARNING - 1 users currently logged in"

 

When you have finished watching the network traffic press CTRL + C to kill tcpdump.

 


Troubleshooting

If you receive this message when trying to execute tcpdump:

tcpdump: NFLOG link-layer type filtering not implemented

 

Then you will need to define the interface name with the -i xxx argument, for example:

tcpdump -i ens32 src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

 

Conclusion

With these steps you will be able to confirm that the Nagios server is correctly receiving SNMP Trap UDP traffic on port 162 from a remote server.

Your next troubleshooting step would be to confirm the firewall rules are in place.

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
SNMP Traps - Nagios XI and NSTI - MIB Uploading
Viewed 4717 times since Tue, Apr 28, 2015
Nagios XI - SNMP MIB Upload Problems
Viewed 5704 times since Mon, Apr 10, 2017
SNMP traps are now showing UNKNOWN for the sender IP
Viewed 1915 times since Tue, Jan 19, 2021
Nagios XI - SNMP Trap Hardening
Viewed 8182 times since Tue, Nov 6, 2018
Nagios XI - SNMP Traps with NXTI
Viewed 3250 times since Tue, Sep 18, 2018
SNMP Trap - snmptt Service
Viewed 19404 times since Tue, Mar 24, 2015
Nagios XI - How SNMP Traps Work
Viewed 3488 times since Mon, Nov 18, 2019
Nagios XI - Receiving IPv6 SNMP Traps
Viewed 6207 times since Thu, Apr 28, 2016
Nagios XI - SNMP Trap v3 Configuration
Viewed 19742 times since Tue, Nov 13, 2018
SNMP Trap - Firewall Rules
Viewed 18848 times since Tue, Mar 24, 2015