SNMPV3 Trap listner

Hello,
I’m looking for some help on receiving and processing of SNMPV3 traps with authPriv protocol. I got to read that the…

  1. Trap receiver would need to know the sender’s engineID.
  2. Trap receiver will use this engineID to fetch the authPriv details to read the SNMPv3 trap.

I’m not quite sure about the things in order to successfully process the SNMPv3 trap with authPriv protocol. Could you please help me with the steps? Or some page that I can start with.

Thanks in advance!

Hello,

  1. There are two options for the trap receiver: If the discovery mode of the USM is disabled, you have to add the localized users to the USM with the engineId of the trap sender. If you enable the discovery mode of the USM and add the users with passwords to the USM, then the USM is able to create the localized users, whenever a trap is received.
  2. Yes, it is tried to fetch the user information using the user name and engine id. In other words, as in the first question: If you want to keep the discovery mode disabled, you will have to find out the engineId and add the users for each engineId to the USM. With enabled discovery mode, only the users with their passwords have to be added to the USM and the localized users are created automatically.

Edit: The following is related to snmp++ and not to SNMP4J:

You can have a look at consoleExamples/receive_trap.cpp which receives SNMPv3 traps that can be sent using the consoleExamples/snmpTraps.cpp with the following command line:
./snmpTraps 127.0.0.1 -P10162 -v3 -snMD5DES -authMD5 -privDES -uaMD5DESUserAuthPassword -upMD5DESUserPrivPassword

Kind regards,
Jochen

Thanks Jochen for your response. Per your response few more concerns…

You can have a look at consoleExamples…

Sorry, not sure how to access these console examples.

In case of disabled discovery mode, you will have to find out the trap sender’s engineId.

Could you please help me how do I get the SNMPv3 trap sender’s engineId. If there is any code example in JAVA that I can go thru? I read somewhere that snmp GET can be used to request sender for it’s engineId. any code examples if you can provide?

Thanks Jochen!

Hello,

I have to say sorry, as the consoleExamples are part of snmp++. I did not see that the question is within the SNMP4J section.

For SNMP4J there is a tool in .../tools/console/SnmpCommand.java that demonstrates many parts of SNMP4J.

You can also have a look at https://doc.snmp.app/pages/viewpage.action?pageId=393256

Kind regards,
Jochen

Thanks Jochen.
What I understood so far is, we can do snmp#GET call with targetAddress and in the response received in ResponseListener, we can fetch the target’s engineID. Am I right?

Also, I see there is {{Snmp#discoverAuthorititiveEngineId}} method is available with targetAddress as parameter. Can we simply use this to get the target’s engineID?

Yes, you can simply use Snmp.discoverAuthorititiveEngineId to discover the engine ID of a SNMP entity.

Hello again,
Continuing to this topic, What I’ve observed is Snmp.discoverAuthorititiveEngineId is returning Null most of the times.
Since it returns the EngineID sometimes I believe there is nothing wrong with the code. Could it be due to the sender’s issue? May be like sender is not a valid V3 trap sender?

Maybe the sender accepts SNMPv3 discovery packets only when it is sending traps itself. But that is only guessing.
A trap sender that is not an agent at the same time has no needs to keep a listening port open for its own functionality to work. Nevertheless it is not really a good idea - not only because of engine ID discovery but also for being able to implement the trap-directed-polling principle implementing a command responder (i.e., agent interface) is recommended for trap sender too.

1 Like