[SoCoSA/discuss] snmpd

Eric Eisenhart freiheit at gmail.com
Mon Dec 31 15:30:26 PST 2007 

I have to agree with Bill; sounds like you have a connectivity problem.

Forget hostnames for now; what are the IPs?  Can you ping one host  
from the other?  ("ping 1.2.3.4")  What about traceroute?

Are you running any other services (such as sshd) that you can test?   
(on either server)  For instance, one server is running cacti -- I  
assume that means it's also running apache or some other HTTP  
service.  From the other, can you run "telnet 1.2.3.5 80"?  What  
happens?

SNMP runs over UDP, not TCP, so you can't test it with telnet.  But  
you can test most other services that way.

It's also possible (but unusual) to set up snmpd to only listen on the  
"local" interface via command-line options.  What does "netstat -lun |  
grep :161" tell you?

On Dec 31, 2007, at 10:45 AM, Sean wrote:

> After working with wireshark and tshare (the GUI and command line
> successor to ethereal), I found that both systems are receiving
> packets from the other for snmp. What doesn't happen is an actual
> connection. This traffic occurs on only the destination port of 161
> (UPD). Because of this I think we can rule out the possibility of an
> interfering firewall.
>
> Upon further digging of the logs, I found that when I perform a local
> querry, an snmp connection is logged, but nothing is logged from an
> external querry. From this I figure that the connection is either
> being silently denied due to a configuration problem, or there is
> something else happening that I cannot think of.
>
> Below is an updated snmpd.conf file that I put together from a sample
> from a forum post I found. I saved the copy I put together from Eric's
> suggestions for future use/reference. At this point I have no idea
> what else to do, so I'll wait for suggestions.
>
> Thank you for your help, and I apologize for my sporadic information.
>
> snmpd.conf:
>
> com2sec local 127.0.0.1/32 public
> com2sec localnetwork 192.168.1.0/24 public
>
> group MyRWGroup v1 local
> group MyRWGroup v2c local
> group MyRWGroup usm local
>
> group MyROGroup v1 localnetwork
> group MyROGroup v2c localnetwork
> group MyROGroup usm localnetwork
>
> ## name incl/excl subtree mask(optional)
>
> view all included .1 80
>
> ## group context sec.model sec.level prefix read write notif
>
> access MyROGroup "" any noauth exact all none none
> access MyRWGroup "" any noauth exact all all all
>
>
> syslocation Server OFFICE
>
> _______________________________________________
> SoCoSA discuss mailing list
> discuss at socosa.org
> Your address: freiheit at socosa.org
> http://socosa.org/mailman/listinfo/discuss
> http://socosa.org/mailman/options/discuss/freiheit%40socosa.org
>

More information about the discuss mailing list