How to capture SNMP request and response using snoop

Question

Using the following command I can capture SNMP requests to my server, is there a way I can also capture the response my SNMP agent sends?

snoop -o snmp.cap udp port 161

Thanks for any thoughts

What I do is capture everything in the snoop.cap file and then use wireshark to filter. — gm3dmo, May 14 '13 at 07:51

score 1 · Answer 1 · answered Aug 15 '11 at 18:25

1

I guess what you want to do is capture traps. The standard trap port is 162, so your command likely should look like this:

snoop -o trap.cap udp port 162

answered Aug 15 '11 at 18:25

Sven

97,248
13
177
225

score 0 · Answer 2 · answered Dec 27 '11 at 03:02

Usually SNMP agents reply via 161, so it is strange that you said snoop did not capture the responses.

Is it OK that you run "snoop -o snmp.cap" to capture all packets and then filter out SNMP packets from the big capture? In that way you can see details on the SNMP replies (SNMP RESPONSE messages) and you will know whether the SNMP agent you use sends them out via port 161.

Yes, port 162 is for TRAP and NOTIFICATION messages, but I think that's not what you want to capture, right?

How to capture SNMP request and response using snoop

2 Answers2