TCP IP Illustrated

The notation ctraps is the community name of the trap

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ing the snmpi program, but with an invalid community name. This should generate an authenticationFailure trap. Figure 25.31 shows the output. 1 0.0 2 18.86 (18.86) sun.snmp > bsdi.snmp-trap: C=traps Trap (28) E:unix.1.2.5 [140.252.13.33] coldStart 20 sun.snmp > bsdi.snmp-trap: C=traps Trap (29) E:unix.1.2.5 [140.252.13.33] authenticationFailure 1907 Figure 25.31 tcpdump output of traps generated by SNMP agent. First we notice that both UDP datagrams are from the SNMP agent (port 161, printed as the name snmp) with a destination port of 162 (printed as the name snmp-trap). The notation C=traps is the community name of the trap message. This is a configuration option with the ISODE SNMP agent being used. The next notation. Trap(28) in line 1 and Trap(29) in line 2 is the PDU type and length. The next field of output for both lines is E:unix.1.2.5. This is the enterprise: the agent's sysObjectID. It falls under the 1.3.6.1.4.1 node of the tree in Figure 25.6 (iso.org.dod.internet.private.enterprises), so this agent's object identifier is 1.3.6.1.4.1.4.1.2.5. Its abbreviated name is unix.agents.fourBSD-isode.5. The final number (5) is the version number of this release of the ISODE agent. This enterprise value identifies the agent software generating the trap. The next field output by tcpdump is the IP address of the agent (140.252.13.33). The trap type is printed as coldStart on line 1, and authenticationFailure on line 2. These correspond to trap type values of 0 and 4, respectively (Figure 25.30). Since these are not enterprise-specific traps, the specific code must be 0, and is not printed. Next comes the timestamp field, printed as 20 and 1907. This is a TimeTicks value, representing the number of hundredths of a second since the agent initialized. In the case of the cold start trap, the trap was generated 200 ms after the agent was initialized. The tcpdump output indicates that the second trap occurred 18.86 seconds after the first one, which corresponds to the printed value of 1907 hundredths of a se...
View Full Document

This test prep was uploaded on 04/04/2014 for the course ECE EL5373 taught by Professor Guoyang during the Spring '12 term at NYU Poly.

Ask a homework question - tutors are online