Commands and/or utility information to capture SNMP packets

Document ID : KB000019511
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

It is often useful or necessary to see the content, sequence and timing of SNMP requests, replies and traps. Here are quick directions for capturing them.

Solution:

The following commands will save the content in binary format, which is ideal for portability (imports to other utilities on other machines). If you ftp them, make sure you are first in binary mode in the ftp session. The command to enter binary mode, from the ftp command line, is 'binary' or simply 'bi'

You can alternatively view the capture in real time, in standard out or in the capture utility. You can save the output to text. Wireshark allows exports to csv files, which can be handy for sorting and for analyzing patterns.

The aim of this document is, however, to convey simple SNMP capture methods/commands:

Solaris

snoop -v -o troubleshoot.pcap host <SpectroSERVER IP> and port 162 or port 161

Linux

tcpdump ip host <SpectroSERVER IP> and 'port 161 or port 162'

Windows

No packet capture tools are installed with Windows by default. Microsoft Network Monitor is free for download from Microsoft, and Wireshark, also free, is at wireshark.org.

The capture filter for Wireshark would be:
host <SpecroSERVER IP> && (udp port 161 or udp port 162)

In Network Monitor. use the display filter:
udp.port == 161 OR udp.Port== 162 AND IPv4.address == <SpecroSERVER IP>