Home » Categories » Multiple Categories

SNMP Trap - Inbound UDP Traffic

Inbound TCP Traffic

These steps explain how to confirm that the Nagios server is receiving SNMP Trap traffic destined for it on the UDP port 162.

In this example, the following applies:

  • Remote computer sending SNMP Traps
    • 10.25.5.20
  • Nagios server receiving SNMP Traps
    • 10.25.5.30

The purpose of this test is to confirm that the network traffic is hitting the Nagios XI server. TCP dump displays the lower level of network traffic before it is intercepted by the Operating System (OS) firewall rules.

The OS firewall rules are not evaluated yet and hence this test allow you to clearly determine if this traffic is hitting the Nagios XI server.

If your tests show that no traffic is being received then there must be other firewall(s) between the sending device and the Nagios XI server that are blocking the traffic.

 

 

Install / Update tcpdump

Establish an SSH session to the Nagios server that receives SNMP Traps. Execute the following command to install the tcpdump program, depending on your OS:

RHEL | CentOS | Oracle Linux

yum -y install tcpdump

 

Debian | Ubuntu

apt-get install -y tcpdump

 

Wait while tcpdump is installed/updated.

 

 

Watch TCP Traffic - Reverse DNS Lookup

Execute the following command:

tcpdump src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

When an SNMP Trap is received it should product output like:

10:57:34.879662 IP snmpsender.domain.local.40410 > snmpreceiver.domain.local.snmptrap:  V2Trap(180)  system.sysUpTime.0=144810 S:1.1.4.1.0=E:20006.1.7 E:20006.1.3.1.2="CentOS" E:20006.1.3.1.6="Users" E:20006.1.3.1.7=0 E:20006.1.3.1.17="USERS OK - 0 users currently logged in"

 

When you have finished watching the network traffic press CTRL + C to kill tcpdump.

 

 

Watch TCP Traffic - NO Reverse DNS Lookup

Execute the following command:

tcpdump -n src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

When an SNMP Trap is received it should product output like:

10:59:17.614465 IP 10.25.5.20.43471 > 10.25.5.30.snmptrap:  V2Trap(185)  .1.3.6.1.2.1.1.3.0=155084 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.20006.1.7 .1.3.6.1.4.1.20006.1.3.1.2="CentOS" .1.3.6.1.4.1.20006.1.3.1.6="Users" .1.3.6.1.4.1.20006.1.3.1.7=1 .1.3.6.1.4.1.20006.1.3.1.17="USERS WARNING - 1 users currently logged in"

 

When you have finished watching the network traffic press CTRL + C to kill tcpdump.

 


Troubleshooting

If you receive this message when trying to execute tcpdump:

tcpdump: NFLOG link-layer type filtering not implemented

 

Then you will need to define the interface name with the -i xxx argument, for example:

tcpdump -i ens32 src host 10.25.5.20 and udp dst port 162 and dst host 10.25.5.30 

 

 

Conclusion

With these steps you will be able to confirm that the Nagios server is correctly receiving SNMP Trap UDP traffic on port 162 from a remote server.

Your next troubleshooting step would be to confirm the firewall rules are in place.

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
SNMP Traps - Nagios XI and NSTI - MIB Uploading
Viewed 3059 times since Tue, Apr 28, 2015
Nagios XI - SNMP Trap v3 Configuration
Viewed 13436 times since Tue, Nov 13, 2018
Nagios XI - SNMP Trap Hardening
Viewed 5747 times since Tue, Nov 6, 2018
SNMP Traps - Understanding Trap Variables
Viewed 10242 times since Mon, Oct 24, 2016
Nagios XI - SNMP Traps with NXTI
Viewed 2155 times since Tue, Sep 18, 2018
SNMP Traps - Standard Handler vs Embedded Handler
Viewed 6599 times since Mon, Oct 24, 2016
SNMP Trap - snmptrapd Service
Viewed 28830 times since Tue, Mar 24, 2015
SNMP traps are now showing UNKNOWN for the sender IP
Viewed 373 times since Tue, Jan 19, 2021
Nagios XI - Update Default snmptt.conf EVENT
Viewed 5048 times since Mon, Nov 28, 2016
SNMP Trap - snmptt Service
Viewed 14154 times since Tue, Mar 24, 2015