[SNMP4J] how to create IP packet using SNMP4J

Frank Fock fock at agentpp.com
Fri Feb 13 17:55:37 CET 2015 

Hi Shivi,

A PDU can be easily encoded to an BER byte stream which represents exactly the SNMP message.
Then you only have to add the IP header and compute payload length etc. and you are done.

Best regards.
Frank



> On 13 Feb 2015, at 04:47, Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) <shivigoe at cisco.com> wrote:
> 
> Thanks for your reply Cris.
> We need to use pcap in our project for IP spoofing as adding the extra varbind "snmpTrapAddress” is not recognized by few NMS we have in our stack. But I am not sure how to convert SNMP4J pdu and community target in some form that can be consumed by pcap API for sending the packet.
> 
> Regards,
> Shivi
> 
> From: Chris Janicki [mailto:Chris.Janicki at Augur.com]
> Sent: Thursday, February 12, 2015 8:19 PM
> To: Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco)
> Subject: Re: [SNMP4J] how to create IP packet using SNMP4J
> 
> Hi Shivi,
> 
> Years ago we tried pcap for spoofing and ran into headaches reliably routing the spoofed address through the network, unless both the original and spoofing (proxy) machine's addresses were on the same subnet.  Since we couldn't always guarantee that, we didn't go further.
> 
> Instead we've been following RFC 3584<https://tools.ietf.org/html/rfc3584> (see Section 3.1.4).  It specifies an extra varbind "snmpTrapAddress" to hold the original/spoofed address.  This RFC was written for converting v1 traps to v2/3, but the logic still works for spoofing since most NMS applications can recognize snmpTrapAddress.
> 
> There may be a few NMS that don't automatically recognize snmpTrapAddress, but usually their rules can be customized to handle it anyway.  (If not, you can tell your NMS vendor to read RFC 3584 to remind them that they *should* handle it per the official SNMP standards!  :-)
> 
> If you're working on the project for fun or a custom project, I hope that's helpful.  But if you really just need a solution, check out our TrapStation<http://www.augur.com> product... It's not free, but it is supported, and avoids the frustration of starting from scratch.
> 
> Regards,
> Chris
> 
> Chris Janicki ≡ Chris.Janicki at augur.com<mailto:Chris.Janicki at augur.com> ≡ www.augur.com<http://www.augur.com>
> 
> 
> 
> 
> 
> 
> On Feb 12, 2015, at 3:50 AM, Shivi Goel -X (shivigoe - NICHEPRO TECHNOLOGIES PRIVATE LIMITED at Cisco) <shivigoe at cisco.com<mailto:shivigoe at cisco.com>> wrote:
> 
> Hi,
> 
> I need to do IP spoofing while sending out the snmp trap. ? I can't use the snmp.send(pdu, target) for sending trap as I need to modify the source IP in the outgoing  trap.
> I am using jnet pcap librabry for IP spoofing which creates an IP packet and sends it. I need to understand how can I form an IP packet from snmp pdu and target. Does SNMP4J provides some API for this
> 
> Regards,
> Shivi
> 
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org<mailto:SNMP4J at agentpp.org>
> https://oosnmp.net/mailman/listinfo/snmp4j
> 
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> https://oosnmp.net/mailman/listinfo/snmp4j

More information about the SNMP4J mailing list