Receinving traps - SNMP

This is a discussion on Receinving traps - SNMP ; I've got a program that is recieving traps from a remote agent. I need to verify the data received is a trap and not any other data. I'm trying to create a structure to map the packet data too so ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Receinving traps

  1. Receinving traps

    I've got a program that is recieving traps from a remote
    agent. I need to verify the data received is a trap
    and not any other data. I'm trying to create a structure
    to map the packet data too so I can extract the correct
    information. The only text I can find that decribes the
    format of the packet is below:

    Trap-PDU ::=
    [4]

    IMPLICIT SEQUENCE {
    enterprise -- type of object generating
    -- trap, see sysObjectID in [5]
    OBJECT IDENTIFIER,

    agent-addr -- address of object generating
    NetworkAddress, -- trap

    generic-trap -- generic trap type
    INTEGER {
    coldStart(0),
    warmStart(1),
    linkDown(2),
    linkUp(3),
    authenticationFailure(4),
    egpNeighborLoss(5),
    enterpriseSpecific(6)
    },

    specific-trap -- specific code, present even
    INTEGER, -- if generic-trap is not
    -- enterpriseSpecific

    time-stamp -- time elapsed between the last
    TimeTicks, -- (re)initialization of the network
    -- entity and the generation of the
    trap

    variable-bindings -- "interesting" information
    VarBindList
    }

    Is htie the real format? I'm looking for more on the
    lines of

    -----------------------------------
    | Header | From | .... | Variable |
    -----------------------------------

    I see the objects up there but I'm not sure how much space
    they take. If I knew I could start cutting up the
    packet into data that I need.

    Thanks,
    Chris

  2. Re: Receinving traps

    [Sorry for the delay in responding to this]

    Chris Fowler wrote:
    > I've got a program that is recieving traps from a remote
    > agent. I need to verify the data received is a trap
    > and not any other data.


    There is an implicit header field, containing the type of
    the PDU. (It's actually a result of the encoding mechanism
    rather than a specifically defined header value, but that
    doesn't really matter).


    > I see the objects up there but I'm not sure how much space
    > they take. If I knew I could start cutting up the
    > packet into data that I need.


    The problem is that SNMP packets don't have fixed-size headers,
    or anything close. The order of things is pretty fixed, but
    the sizes (and hence where to look) is not.
    Even the first header field (the SNMP version) may appear in
    the third or fourth octet of the PDU - depending on the overall
    size. The request type appears quite a bit later, after various
    version-specific information.

    Realistically, the only way to determine whether this is a
    trap PDU or not, is to decode it (at least up to that point).
    Or rather, to let the toolkit library that you're using decode
    it - there's no point in re-inventing the wheel!
    Then check the type field in that toolkit's data structure.

    Also remember that there are three different types of notification
    request (v1 TRAP, v2 TRAP and v2 INFORM)

    Dave

+ Reply to Thread