[SNMP4J] how to create IP packet using SNMP4J

Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) shivigoe at cisco.com
Fri Feb 13 04:47:55 CET 2015


Thanks for your reply Cris.
We need to use pcap in our project for IP spoofing as adding the extra varbind "snmpTrapAddress” is not recognized by few NMS we have in our stack. But I am not sure how to convert SNMP4J pdu and community target in some form that can be consumed by pcap API for sending the packet.

Regards,
Shivi

From: Chris Janicki [mailto:Chris.Janicki at Augur.com]
Sent: Thursday, February 12, 2015 8:19 PM
To: Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco)
Subject: Re: [SNMP4J] how to create IP packet using SNMP4J

Hi Shivi,

Years ago we tried pcap for spoofing and ran into headaches reliably routing the spoofed address through the network, unless both the original and spoofing (proxy) machine's addresses were on the same subnet.  Since we couldn't always guarantee that, we didn't go further.

Instead we've been following RFC 3584<https://tools.ietf.org/html/rfc3584> (see Section 3.1.4).  It specifies an extra varbind "snmpTrapAddress" to hold the original/spoofed address.  This RFC was written for converting v1 traps to v2/3, but the logic still works for spoofing since most NMS applications can recognize snmpTrapAddress.

There may be a few NMS that don't automatically recognize snmpTrapAddress, but usually their rules can be customized to handle it anyway.  (If not, you can tell your NMS vendor to read RFC 3584 to remind them that they *should* handle it per the official SNMP standards!  :-)

If you're working on the project for fun or a custom project, I hope that's helpful.  But if you really just need a solution, check out our TrapStation<http://www.augur.com> product... It's not free, but it is supported, and avoids the frustration of starting from scratch.

Regards,
Chris

Chris Janicki ≡ Chris.Janicki at augur.com<mailto:Chris.Janicki at augur.com> ≡ www.augur.com<http://www.augur.com>






On Feb 12, 2015, at 3:50 AM, Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) <shivigoe at cisco.com<mailto:shivigoe at cisco.com>> wrote:

Hi,

I need to do IP spoofing while sending out the snmp trap. ? I can't use the snmp.send(pdu, target) for sending trap as I need to modify the source IP in the outgoing  trap.
I am using jnet pcap librabry for IP spoofing which creates an IP packet and sends it. I need to understand how can I form an IP packet from snmp pdu and target. Does SNMP4J provides some API for this

Regards,
Shivi

_______________________________________________
SNMP4J mailing list
SNMP4J at agentpp.org<mailto:SNMP4J at agentpp.org>
https://oosnmp.net/mailman/listinfo/snmp4j



More information about the SNMP4J mailing list