Simulate SNMP traps to test surveillance

snmp oid surveillance

I'm trying to use Net-SNMP on Windows to emulate a trap that should trigger an alarm on our surveillance system.

This is the setup:

  • Windows 7 client that sends the trap
  • Net-SNMP as software for sending the trap
  • Linux with Adventnet ManageEngine OpManager as NMS (not relevant)

This is what I'm trying to accomplish

send trap with OID .1.3.6.1.4.1.5089.1.0.1 (according to the MIB I have loaded into my NMS) and just some sort of message into it to see if I can get any alarm in my NMS. I can see that I actually send a trap in my firewall, but I have no idea what it contains.

This is my attempt so far:

snmptrap.exe -v 2c -c xxxxxxx 192.168.100.65 '' 6 0 .1.3.6.1.4.1.5089.1.0.1 s "123456"

However, I can't seem to find any reasonable documentation with examples for snmptrap. Basically, I need to know what:

  • '' <- why do I need this? I can omit it and it will still send a trap
  • 6 <- Enterprise gneric trap, I assume. Is this correct?
  • 0 <- I have no idea, I need some sort of value for this
  • .1.3.6.1.4.1.5089.1.0.1 <- the enterprise specific OID I assume, should this be followed by some more numbers
  • s <- indicates string
  • "123456" <- just a random test-string...

This doesn't make much sense to me, and if anyone can shed some light on this I would be very grateful.


Try the following:

snmptrap.exe -v 2c -c xxxxxxx 192.168.100.65 
'' .1.3.6.1.4.1.5089.1.0.1 .1.3.6.1.4.1.5089.2.0.999 s "123456"

  • '' <- the first parameter for v2c trap is the agent uptime, it is mandatory and empty parameter will be replaced with current value

  • .1.3.6.1.4.1.5089.1.0.1 <- trap OID

  • .1.3.6.1.4.1.5089.2.0.999 <- varbind (this needs to be defined as a string value in MIB)

  • s <- indicates string

  • "123456" <- just a random test-string...

This generates a SNMPv2c trap with the following content (as seen in wireshark):

      variable-bindings: 3 items
            1.3.6.1.2.1.1.3.0: 878104
            1.3.6.1.6.3.1.1.4.1.0: 1.3.6.1.4.1.5089.1.0.1 (iso.3.6.1.4.1.5089.1.0.1)
            1.3.6.1.4.1.5089.2.0.999: 31323334353 (this is 123456 octet string)

This output comes from snmptrap on Linux, but it seems to be the same as on Windows.


Man forget the Net- SNMP there is to much hassle using it ... just download MIB browser from http://ireasoning.com/mibbrowser.shtml ... load up a mib file and u could see and send all SNMP traps.

Related

How to let users change linux password from web browser? [closed]
rsync --files-from or --include-from
Configure initramfs-tools to add curl to the initramfs, and run curl in a script at boot while in intitrd in Ubuntu 10.04 Server
How to view the localhost of another computer in the same network?
Are there any benefits to running Subversion server on Linux as opposed to Windows?
Simulate 502 & 504 on nginx
Chunking large rsync transfers?
Understanding Exim4's /etc/aliases
Are there any programs that log all activity on a Windows 2003 file share?
Malformed rsync command on ReadyNAS
VirtualBox Import & Same Mac Address
Export VM from Proxmox