[NTLUG:Discuss] snmptrap not appearing
jeremyb@univista.com
jeremyb at univista.com
Sun Sep 8 10:52:18 CDT 2002
hey folks,
I'm tinkering with ettercap and have been watching traffic between my
web server and
the Linksys router I've got in front of this LAN. I'm seeing an
snmp-trap datagram
every couple of seconds originating from the router to the web server.
I'm not converned about why the router is doing this at the moment...
what I'm curious about is why I can't see ANY trace of these connections
on the web server.
I've tried the following commands:
netstat -an --inet
netstat -an
lsof | grep IPv4
lsof | grep 162
lsof | less
Here's a snip of what ettercap is showing me:
101) 192.168.1.1:2395 <--> 192.168.1.2:162 ? UDP ?
snmptrap
Here are corosponding entries in /var/log/messages:
Sep 8 10:40:22 localhost kernel: Suspect short first fragment.
Sep 8 10:40:22 localhost kernel: eth0 PROTO=1 192.168.1.1:0
192.168.1.2:0 L=20 S=0x00 I=0 F=0x0000 T=150 (#0)
For every ettercap snmptrap entry there are two messages entries like
those above.
Is this really snmp-trap or just some junk that the router is coughing
up because it's
got issues? My next step is to bind port 162 using a little Perl script
and just see what's what. ...may do that just for kicks anyhow :)
-Jeremy
More information about the Discuss
mailing list