Home » Categories » Multiple Categories

SNMP Trap - Inbound UDP Traffic

Inbound TCP Traffic

These steps explain how to confirm that the Nagios server is receiving SNMP Trap traffic destined for it on the UDP port 162.

In this example, the following applies:

  • Remote computer sending SNMP Traps
    • 10.25.5.20
  • Nagios server receiving SNMP Traps
    • 10.25.5.30

The purpose of this test is to confirm that the network traffic is hitting the Nagios XI server. TCP dump displays the lower level of network traffic before it is intercepted by the Operating System (OS) firewall rules.

The OS firewall rules are not evaluated yet and hence this test allow you to clearly determine if this traffic is hitting the Nagios XI server.

If your tests show that no traffic is being received then there must be other firewall(s) between the sending device and the Nagios XI server that are blocking the traffic.

 

 

Install / Update tcpdump

Establish an SSH session to the Nagios server that receives SNMP Traps. Execute the following command to install the tcpdump program, depending on your OS:

RHEL | CentOS | Oracle Linux

yum -y install tcpdump

 

Debian | Ubuntu

apt-get install -y tcpdump

 

Wait while tcpdump is installed/updated.

 

 

Watch TCP Traffic - Reverse DNS Lookup

Execute the following command:

tcpdump src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

When an SNMP Trap is received it should product output like:

10:57:34.879662 IP snmpsender.domain.local.40410 > snmpreceiver.domain.local.snmptrap:  V2Trap(180)  system.sysUpTime.0=144810 S:1.1.4.1.0=E:20006.1.7 E:20006.1.3.1.2="CentOS" E:20006.1.3.1.6="Users" E:20006.1.3.1.7=0 E:20006.1.3.1.17="USERS OK - 0 users currently logged in"

 

When you have finished watching the network traffic press CTRL + C to kill tcpdump.

 

 

Watch TCP Traffic - NO Reverse DNS Lookup

Execute the following command:

tcpdump -n src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

When an SNMP Trap is received it should product output like:

10:59:17.614465 IP 10.25.5.20.43471 > 10.25.5.30.snmptrap:  V2Trap(185)  .1.3.6.1.2.1.1.3.0=155084 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.20006.1.7 .1.3.6.1.4.1.20006.1.3.1.2="CentOS" .1.3.6.1.4.1.20006.1.3.1.6="Users" .1.3.6.1.4.1.20006.1.3.1.7=1 .1.3.6.1.4.1.20006.1.3.1.17="USERS WARNING - 1 users currently logged in"

 

When you have finished watching the network traffic press CTRL + C to kill tcpdump.

 


Troubleshooting

If you receive this message when trying to execute tcpdump:

tcpdump: NFLOG link-layer type filtering not implemented

 

Then you will need to define the interface name with the -i xxx argument, for example:

tcpdump -i ens32 src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

 

Conclusion

With these steps you will be able to confirm that the Nagios server is correctly receiving SNMP Trap UDP traffic on port 162 from a remote server.

Your next troubleshooting step would be to confirm the firewall rules are in place.

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
SNMP Traps - Understanding Trap Variables
Viewed 7928 times since Mon, Oct 24, 2016
SNMP Traps - Standard Handler vs Embedded Handler
Viewed 5015 times since Mon, Oct 24, 2016
SNMP Trap - snmptt Service
Viewed 10587 times since Tue, Mar 24, 2015
SNMP Trap - How To Send A Test Trap
Viewed 81359 times since Fri, Apr 1, 2016
SNMP Trap - snmptrapd Service
Viewed 21970 times since Tue, Mar 24, 2015
Nagios XI - Receiving SNMP Traps From Nagios Network Analyzer
Viewed 2022 times since Mon, Oct 17, 2016
Nagios XI - SNMP Trap v3 Configuration
Viewed 9873 times since Tue, Nov 13, 2018
Nagios XI - SNMP Trap Hardening
Viewed 4572 times since Tue, Nov 6, 2018
Nagios XI - SNMP MIB Upload Problems
Viewed 3176 times since Mon, Apr 10, 2017
Nagios XI - Receiving IPv6 SNMP Traps
Viewed 3449 times since Thu, Apr 28, 2016