Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: SNMP packets that seems to be broadcasting

SNMP packets that seems to be broadcasting 11 years 5 months ago #8216

  • Lexion
  • Lexion's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
I have been using Ethereal to monitor our network to try and understand what traffic we have and if it should be there in the first place and try and reduce our broadcast traffic.

I do not have a full understanding of the SNMP protocol as I cant find any tutorials that seem to start from a very basic stand point or I missed the plot entirely.

what I am seeing in ethereal is a packet with a source of one of our NT4 servers and a the destination is a HP printer, I can see a few printers on here.

Source: Intel_36:49:13
Destination: Hewlett-_28:e0:64
Protocol: SNMP
Info: GET-NEXT iso.3.6.1.4.1.11.2.4.3.12.7 iso.3.6.1.4.1.11.2.3.9.1.1.2.1 iso.3.6.1.4.1.11.2.3.9.1.1.2.2 iso.3.6.1.4.1.11.2.3.9.1.1.2.3 iso.3.6.1.4.1.11.2.3.9.1.1.2.8 iso.3.6.1.4.1.11.2.3.9.1.1.2.9 iso.3.6.1.4.1.11.2.3.9.1.1.2.10 iso.3.6.1.4.1.11.2.3.9.1.1.2.11 iso.3.6.1.4.1.11.2.3.9.1.1.2.12 iso.3.6.1.4.1.11.2.3.9.1.1.2.13 iso.3.6.1.4.1.11.2.3.9.1.1.2.14 iso.3.6.1.4.1.11.2.3.9.1.1.2.15 iso.3.6.1.4.1.11.2.3.9.1.1.2.16 iso.3.6.1.4.1.11.2.3.9.1.1.2.17 iso.3.6.1.4.1.11.2.3.9.1.1.2.18 iso.3.6.1.4.1.11.2.3.9.1.1.2.19 iso.3.6.1.4.1.11.2.3.9.1.1.3

Should I be able to see these packets or have we configured something wrong on the server, I have looked in the packets I captured for the MAC address of other servers we use for print services but I can not see any packets for them. I am presuming that these packets should only bee seen by the destination as they are not destined to a broadcast address.

If you have any useful sites where I might learn more that would be very helpful too
The administrator has disabled public write access.

Re: SNMP packets that seems to be broadcasting 11 years 5 months ago #8231

From the position in which you were sniffing were you situated at a hub? If you were, then your just seeing normal SNMP management traffic flying across the hub(since it is a logical bus) which is nothing to be worried about. :D

As for a tutorial, I think reading the RFC would be the most helpful which you can find here
For a less technical tutorial, check out this site
"He who breaks something to find out what it is, has left the path of wisdom."

Gandalf the Grey
The administrator has disabled public write access.

Re: SNMP packets that seems to be broadcasting 11 years 5 months ago #8237

  • Lexion
  • Lexion's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
Non of the devices are plugged into a hub everything is connected to switches. Thanks for the links will have a read of them
The administrator has disabled public write access.

Re: SNMP packets that seems to be broadcasting 11 years 4 months ago #8328

  • tiamat
  • tiamat's Avatar
  • Offline
  • Distinguished Member
  • Posts: 102
  • Karma: 0
Check the printer properties on the NT servers. If you look at the port settings under Configure Port, there will probably be an SNMP checkbox called SNMP Status Enabled, along with the community name and SNMP Device Index. Having this checked will cause the server to poll the printer every so often. Just uncheck the box to eliminate the SNMP traffic.
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup