Difference between revisions of "Snmp"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
Trying to build an SNMP prototype
+
SNMP allows you to monitor hardware. To do this, there are objects that will be monitored: computers, network switches, storages and so on. These are called agents. They communicate with a "manager" which displays their status. The agents can be queried for their status by a get/set request/response. Or they can alert about a critical status by initiating a communication, this is called a "trap".
 +
 
 +
* let's see if the snmp port is open
 +
tweedleburg:~ # lsof -i |grep snmp
 +
* it is not. So let's start the snmp daemon:
 +
tweedleburg:~ # /etc/init.d/snmpd start
 +
redirecting to systemctl start snmpd.service
 +
tweedleburg:~ # lsof -i |grep snmp
 +
snmpd    9531  root    7u  IPv4 405253      0t0  UDP *:snmp
 +
snmpd    9531  root    8u  IPv4 405255      0t0  TCP localhost:smux (LISTEN)
 +
* Now the port is open. Let's confirm this with nmap:
 +
tweedleburg:~ # nmap localhost -p 161
 +
 +
Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-22 11:33 CET
 +
Nmap scan report for localhost (127.0.0.1)
 +
Host is up (0.000027s latency).
 +
PORT    STATE  SERVICE
 +
161/tcp closed snmp
 +
 +
Nmap done: 1 IP address (1 host up) scanned in 1.08 seconds
 +
* it seems closed. That is a common mistake, SNMP communication happens over UDP, not TCP. Check it like that:
 +
tweedleburg:~ # nmap -sU localhost
 +
 +
Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-22 11:33 CET
 +
Nmap scan report for localhost (127.0.0.1)
 +
Host is up (0.0000070s latency).
 +
Not shown: 996 closed ports
 +
PORT    STATE        SERVICE
 +
123/udp  open          ntp
 +
161/udp  open          snmp
 +
631/udp  open|filtered ipp
 +
5353/udp open|filtered zeroconf
 +
 +
Nmap done: 1 IP address (1 host up) scanned in 3.55 seconds
 +
* let's confirm with telnet there is no TCP port open on 161:
 +
tweedleburg:~ # telnet localhost 161
 +
Trying ::1...
 +
telnet: connect to address ::1: Connection refused
 +
Trying 127.0.0.1...
 +
telnet: connect to address 127.0.0.1: Connection refused
 +
 
 +
= Trying to build an SNMP prototype =
  
 
SUSE Linux:
 
SUSE Linux:
Line 36: Line 77:
 
  12:09:02.418760 IP source.domain.45398 > hostname.domain.snmptrap:  V2Trap(77)  system.sysUpTime.0=60543145 S:1.1.4.1.0=[|snmp]
 
  12:09:02.418760 IP source.domain.45398 > hostname.domain.snmptrap:  V2Trap(77)  system.sysUpTime.0=60543145 S:1.1.4.1.0=[|snmp]
  
But I cannot receive it with [[netcAt]].
+
But I cannot receive it with [[netcAt]]. And it does not work on localhost.
 +
 
 +
Using this command I can sniff and display the snmp trap:
 +
 
 +
tcpdump -A port 162 -l | hexdump -C
 +
 
 +
or this command:
 +
 
 +
netcat -u -l 162 | hexdump -C
  
 
= See also =
 
= See also =
Line 43: Line 92:
 
* http://www.linuxforums.org/forum/gentoo-linux/108864-net-snmp.html
 
* http://www.linuxforums.org/forum/gentoo-linux/108864-net-snmp.html
 
* http://paulgporter.net/2013/09/16/nagios-snmp-traps/
 
* http://paulgporter.net/2013/09/16/nagios-snmp-traps/
 +
 +
[[Category:Networking]]
 +
[[Category:Concept]]

Latest revision as of 10:45, 22 January 2015

SNMP allows you to monitor hardware. To do this, there are objects that will be monitored: computers, network switches, storages and so on. These are called agents. They communicate with a "manager" which displays their status. The agents can be queried for their status by a get/set request/response. Or they can alert about a critical status by initiating a communication, this is called a "trap".

  • let's see if the snmp port is open
tweedleburg:~ # lsof -i |grep snmp
  • it is not. So let's start the snmp daemon:
tweedleburg:~ # /etc/init.d/snmpd start
redirecting to systemctl start snmpd.service
tweedleburg:~ # lsof -i |grep snmp
snmpd     9531  root    7u  IPv4 405253      0t0  UDP *:snmp 
snmpd     9531  root    8u  IPv4 405255      0t0  TCP localhost:smux (LISTEN)
  • Now the port is open. Let's confirm this with nmap:
tweedleburg:~ # nmap localhost -p 161 

Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-22 11:33 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000027s latency).
PORT    STATE  SERVICE
161/tcp closed snmp 

Nmap done: 1 IP address (1 host up) scanned in 1.08 seconds
  • it seems closed. That is a common mistake, SNMP communication happens over UDP, not TCP. Check it like that:
tweedleburg:~ # nmap -sU localhost

Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-22 11:33 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 996 closed ports
PORT     STATE         SERVICE
123/udp  open          ntp
161/udp  open          snmp
631/udp  open|filtered ipp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 3.55 seconds
  • let's confirm with telnet there is no TCP port open on 161:
tweedleburg:~ # telnet localhost 161
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

Trying to build an SNMP prototype

SUSE Linux:

yast -i nagios apache2
/etc/init.d/nagios start
/etc/init.d/apache2 start

Remember your login nagiosadmin:nagiosadmin and point your browser to http://127.0.0.1/nagios

/etc/init.d/snmptrapd
tail -f /var/log/net-snmpd.log
snmptrap -v 2c -c public localhost "" NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 42
No access configuration - dropping trap.

So it seems I have to

cat /etc/snmp/snmptrapd.conf
disableAuthorization yes
traphandle default /bin/snmppl
/etc/init.d/snmptrapd restart
cat /bin/snmppl
#!/bin/bash
date >>/tmp/dates

2014-05-06

Ok, the following command

snmptrap -v 2c -c public hostname "" NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 42

works and I can see on hostname

hostname:~ # tcpdump port 162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:09:02.418760 IP source.domain.45398 > hostname.domain.snmptrap:  V2Trap(77)  system.sysUpTime.0=60543145 S:1.1.4.1.0=[|snmp]

But I cannot receive it with netcAt. And it does not work on localhost.

Using this command I can sniff and display the snmp trap:

tcpdump -A port 162 -l | hexdump -C

or this command:

netcat -u -l 162 | hexdump -C

See also