SNMP 1. SNMP Versions SNMP version 1 (SNMPv1) SNMP version 2 (SNMPv2) SNMP version 3 (SNMPv3) 2.
(Icon Laboratories) SNMP Sniffer User Manual
Transcript of (Icon Laboratories) SNMP Sniffer User Manual
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
1/34
2001 Ic on La b ora to ries, Inc . All Rights Reserved Version 2.1
SNMP Sniffer
Manual
3636 Westown Parkway
Suite 101
West Des Moines, IA 50266
Main: (888) 235-3443Fax: (515) 226-3462
http://www.icon-labs.comCopyright 201, All rights reserved.
http://www.icon-labs.com/ -
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
2/34
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
3/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 2
Copyright notices for software that is distributed with the SNMP Sniffer aregiven in the following files:wpcapCpwr t . t x t and netSnm pCp w rt . txt .These
files are installed along with the application.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
4/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 3
End-User License Agreement Icon Laboratories, Inc.SNMP Sniffer
IMPORTANT! READ CAREFULLY: This License Agreement (License) is a legalagreement between you and Icon Laboratories, Inc. The right to use the Softwareis granted only on the condition that you agree to the following License. If You donot agree to the terms of the License, then Icon Laboratories, Inc. and its Grantorsare unwilling to license the Software to You, in which case You may return thepackage within 30 days and Your purchase price will be refunded. HOWEVER, BYINSTALLING, COPYING OR USING THE SOFTWARE YOU INDICATE YOUR
ACCEPTANCE OF THESE TERMS AND CONDITIONS.
1. DEFINITIONS:You and Your means the entity purchasing, opening and using thispackage.
Software means computer programming code contained on theaccompanying media and in the form (object or source) and format provided,and all full or partial copies of same, whether provided by Icon Laboratoriesor copies made by You as permitted under this License.
Documentation means the related user materials furnished with theSoftware, and all full or partial copies of same, that describe its operationalcharacteristics or matters related to its installation or use, whether providedin published written material, on magnetic media or communicated byelectronic means.
Program is a general term meaning the Software and its associatedDocumentation collectively. Programs may contain or be derived frommaterials of third party authors (Grantor) from whom Icon Laboratories hasobtained marketing rights. Grantors are listed in the Documentation and areintended beneficiaries of this License.
Authorized Unit means the host computer or target microprocessor whichthe Software per its Documentation, is intended to operate on and uponwhich You install and use the Software.
2. GRANT OF LICENSE: Subject to Your prompt payment of quoted fees, IconLaboratories hereby grants You the following non-exclusive, non-transferablerights and licenses:
To install and use one copy of the Software on any Authorized Unit owned or
leased by You for Your internal business purposes on one Authorized Unit ata time by a single user.
Copy the Software to make an archive copy for use as a back-up, providedthat the primary and back-up copy may not be used concurrently.
Use the Documentation, and make a reasonable number of printed copiesfrom Documentation provided in electronic form, as is solely necessary inconnection with Your permitted internal use of the Software.
ICON LABORATORIES RESERVES ALL RIGHTS NOT EXPRESSLY
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
5/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 4
GRANTED TO YOU HEREUNDER. Additional printed hard copies ofDocumentation may be purchased.
3. RESTRICTIONS, OWNERSHIP:The Program is protected by copyright lawsand international treaty. Ownership rights and intellectual property rights inthe Program shall remain at all times in Icon Laboratories and/or itsGrantors. The Program is licensed, not sold. You may not: (i) modify theProgram, translate reverse engineer, decompile, disassemble (except to theextent applicable laws specifically prohibit such restriction) or attempt toderive the source code of Software provided to You in object code form, createderivative works of the Program or let any third party do any of the foregoing;
or (ii) copy the Program other than as specified above; or (iii) sublicense, rent,lease, timeshare, grant a security interest in, transfer possession of theProgram or otherwise assign or delegate this License or any of Your rights orduties hereunder. You agree to use Your best efforts to protect the Programfrom unauthorized reproduction, disclosure or use.
4. TERMS AND TERMINATION:The License is effective until terminated. Youmay terminate Your License at any time. Your rights under this License willterminate automatically without notice from Icon Laboratories if You fail tocomply with any terms of this License. Upon termination for any reason Youshall return or, with Icon Laboratories permission, destroy all Programcopies in Your possession or under Your control and certify to IconLaboratories in writing that You have compiled with this requirement.
5. LIMITED WARRANTY: Icon Laboratories warrants, for Your sole benefit, thatfor a period of thirty (30)days from the date of delivery to You (the Warranty
Period) that, (a) the media containing the Program is free from defects undernormal use, if You properly installed it; and, (b) that the Software, ifunmodified and operated as directed, will substantially perform as describedin its Documentation. EXCEPT FOR THE FOREGOING LIMITED WARRANTYTHE PROGRAM IS PROVIDED AS IS, AND TO THE MAXIMUM EXTENTPERMITTED BY APPLICABLE LAW, ICON LABORATORIES AND ITSGRANTORS DISCLAIM ALL OTHER WARRANTIES, EITHER EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OFMERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE,NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING ORUSAGE IN TRADE. You assume full responsibility for the selection of theSoftware to achieve Your intended purpose, for the proper installation anduse of the Software and verifying the results obtained from Your use and forall other matters under Your control. Icon Laboratories does not warrant thatthe quality or performance of Software will meet Your requirements or thatthe operation of Software will be or can be made interrupted or error free.
6. Some jurisdictions do not allow the limitation or exclusion of impliedwarranties or how long an implied warranty may last, so the abovelimitations may not apply to You. This Warranty gives You specific legalrights and You may have other rights which vary from jurisdiction tojurisdiction.
7. LIMITATION OF REMEDIES: Your exclusive remedy and Icon Laboratoriessole liability for any defective media or failure of Software to conform to itsDocumentation You report to Icon Laboratories in writing during theWarranty period, Icon Laboratories will, at its option and expense, either: (a)replace defective media: or, (b) use commercially reasonable efforts to correct
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
6/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 5
non-conforming Software or replace it with a functionally equivalent program,or, (c) if Icon Laboratories determines the foregoing remedies are impractical,accept return of the Program, terminate this License and refund the amountYou paid Icon Laboratories for the Program copies so returned. At the end ofthis Warranty Period all such liability shall terminate. TO THE MAXIMUMEXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL ICONLABORATORIES OR ITS GRANTORS BE LIABLE FOR ANY SPECIAL,INDIRECT, PUNITIVE, EXEMPLARY, INCIDENTAL OR CONSEQUENTIALDAMAGES, INCLUDING ANY LOST PROFITS OR LOST SAVINGS ARISINGFROM THE USER, OR INABILITY TO USE OR ACHIEVE ANY PARTICULARRESULTS FROM USE OF THE PROGRAM EVEN IF ICON LABORATORIES
HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF ANYREMEDY HEREIN SHALL HAVE PROVEN INEFFECTIVE. In no case shall thetotal cumulative liability of Icon Laboratories or its Grantor(s) to You for alldamages, losses and causes of action, regardless of legal theory, exceed theamount You paid Icon Laboratories under this License for the right to use theProgram in question.
8. Some jurisdictions do not allow the exclusion or limitation of incidental orconsequential damages to this limitation and exclusion may not apply to You.
9. USE OF PURCHASER'S NAME: You agree that Icon Laboratories may useYour Company's name and may disclose that You are a licensee of IconLaboratories products in Icon Laboratories' advertising, press, promotion andsimilar public disclosures with respect to the Program. However, suchadvertising, promotion or similar public disclosures shall not indicate thatYou, in any way, endorse Icon Laboratories products without Your prior
written permission.
10. GENERAL: You acknowledge that You have read this License, understand itand agree to be bound by its terms. You further agree that it constitutes theentire agreement between You and Icon Laboratories and supersedes in theirentirety any and all oral or written agreements previously existing betweenYou and Icon Laboratories with respect to the subject matter. THEACCEPTANCE OF ANY PURCHASE ORDER PLACED BY YOU IS EXPRESSLYMADE CONDITIONAL ON YOUE ASSENT TO THE TERMS SET FORTHHEREIN, AND NOT THOSE IN YOUR PURCHASE ORDER. If any part of thisLicense is held invalid by, or in conflict with, any law having jurisdiction overthis License, that provision of the License shall be enforced to the maximumextent permissible so as to effect the intent of the parties and the remainingprovisions shall remain in full force and effect. This License shall be governedby and construed in accordance with Iowa law (except for conflict of lawprovisions), as applied to contracts entered into and to be performed entirely
within Iowa between Iowa residents. Venue for disputes hereunder shall be inapplicable state or federal courts in Iowa. U.S.A. and You and IconLaboratories consent to the exclusive jurisdiction and venue of such courts.The application the United Nations Convention of Contracts for theInternational Sale of Goods is expressly excluded. This Agreement may onlybe modified in writing signed by an authorized officer of Icon Laboratories.
If You have any questions concerning this License or desire to contact IconLaboratories for any reason, please write: Icon Laboratories, Inc., 3636Westown Parkway, West Des Moines, IA 50266, telefax (515) 226-3462,
email: [email protected].
mailto:[email protected] -
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
7/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 6
ContentsIntroduction........................................................................................................................7Features..............................................................................................................................7
Packet display features .................................................................................7
Packet display and filtering options..............................................................7
MIB Options.................................................................................................8
Choose LAN Adapter...................................................................................8
Capture Limits..............................................................................................8Statistics .......................................................................................................8
System Requirements.......................................................................................................10
Hardware requirements ..............................................................................10
Software requirements................................................................................10
Operating System requirements .................................................................10
Network requirements .......... .......... .......... ........... .......... ........... .......... ........ 10Installing the Software .....................................................................................................11
How to install the SNMP Sniffer................................................................11Using the SNMP Sniffer ..................................................................................................14
Starting the Application and Using the Menu Options...............................14
GUI Packet Window ..................................................................................17
Capturing Packets.......................................................................................19
Choose LAN Adapter.................................................................................20
Capture Limits............................................................................................20Statistics .....................................................................................................22
Filtering......................................................................................................23
Display Options..........................................................................................24
Choosing and Loading MIBs......................................................................25Questions and Answers....................................................................................................27
What is the SNMP Sniffer?........................................................................27
What platforms are supported?...................................................................27
What software is required to run the SNMP Sniffer?.................................27
What packet information does the SNMP Sniffer give to the user? ...........27
How is this packet information displayed?.................................................27
How do I selectively view specific SNMP packets? ..................................28
What other packet display options are available?.......................................28
What management information base (MIB) is used as the target of theSNMP commands?.....................................................................................28
Can I save a list of packets and view it later?.............................................28
What if the SNMP Sniffer doesnt capture ALL of the SNMP Packets I am
expecting it to capture?...............................................................................29
What if no packets are being captured (and/or displayed)?............. .......... .29
Why cant I change the way packet information is displayed after Ive
stopped my packet capture session? ......... .......... ........................................30
Why arent the OIDs resolved, even when Ive checked that option?........30
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
8/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 7
Why are there missing packet numbers in the Packet View?............ ......... 30
When I tried to open a past capture session, why do I get an "Unexpected
File Format" error?.....................................................................................30
What is the purpose of the Capture Limits dialog box? .............................31
IntroductionThank you for using this version of the SNMP Sniffer from Icon
Laboratories, Inc. The SNMP Sniffer is a promiscuous SNMP packet
capture application. It filters all SNMP traffic visible to it and
displays captured SNMP packets in real time. It uses the WinPcap
packet capture utility. Winpcap is the adaptation of libpcap that
works on the Windows operating system.
FeaturesThe SNMP Sniffer captures SNMP packets, decodes them, and
displays them on the screen in an easy-to-read format. The
application has the following capabilities:
Pa c ke t d isp lay fea tures
Packets are displayed as they are captured (i.e. in real time).
Each packet captured is given a packet number and is
displayed along with host information c oncerning the source
and destination of the packet. The time of the packet capture
is also displayed.
Each SNMP packet is parsed, and the values contained within
the SNMP data fields are given. These fields include version,
community, PDU type, request ID, error status, and error index.
Information about each packet's VarBinds (variable bindings) is
displayed in a separate part of the window. Thisac commodates packets with multiple VarBinds.
SNMP version 1 trap packets do not contain the same fields as
other SNMP packets. The field values of v1 trap packets are
listed in a separate part of the window.
A separate part of the window displays the entire SNMP
packet, minus header information, in hexadecimal form.
Pa c ke t d isp lay a nd fi lte ring o p t ions
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
9/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 8
Display options allow the user to utilize IP-to-DNS conversion,
resolve OIDs (object identifiers), display time in AM/PM format,
and show/hide the gridlines on the display.
The user may choose to only capture packets from/to a
certain IP address. Filtering may also be done on port,
community, OID value, SNMP version or PDU type.
Packet display and filter options can be modified in the
Options menu.
M IB Op t ions
MIBs may be used to resolve OIDs (object identifiers) for
captured pac kets. MIBs must be loaded before they are used
to resolve OIDs.
Sample MIBs are supplied with the application. You may also
load other MIBs. You may load a ll of the MIBs in a certain path
or specific MIBs in a path.
In order to load different MIBs, you must unload MIBs that are
already loaded.
Choo se LAN Ad ap te r
If you have more than one LAN adapter on your machine, you
can use this dialog box to choose which adapter is used to
capture SNMP packets.
Please check the User's Manual or the Choose LAN Adapterdialog box if you are unsure which adapter has the WinPcap
driver installed on it.
Ca p ture Limi ts
You can use this dialog box to set upper limits on the number
of pac kets to capture and the amount of system memory
available to the SNMP Sniffer. This option lets you leave a packet capture session running for
hours or days without worrying about using too much system
memory.
Sta tistic s
When a packet capture session is begun, a dialog box displays
the elapsed time of the current capture and the number of
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
10/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 9
SNMP packets accepted by the filter.
Other basic pac ket capture statistics may be displayed after a
capture session has been stopped.
A new pac ket capture session may be started from the toolbar
or the "Capture" menu. Statistics are available in the capture
menu.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
11/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 10
System Requirements
Hardw are req u irem ents
Minimum
133 MHz Pentium PC
16 MB or more of RAM
10-MB hard-disk space
CD-ROM drive or access to a C D-ROM over a computer
network
VGA display adapter or Higher-resolution display adapter
Network Adapter card
Connection to an ethernet LAN
Softwa re req uirem en ts
WinPcap packet capture driver. (This is packaged with the
software).
Op erat ing System req ui rem ents
Windows 98/ME or Windows 2000/NT 4.0 platforms.
Netwo rk req u irem ents
The minimum requirement is a connection to an Ethernet LAN.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
12/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 11
Installing the SoftwareThe SNMP Sniffer is compatible with Windows 98/ME/NT/2000.
Installation includes the WinPcappacket capture driver. Please
delete any other instances of WinPcapthat are a lready present
on your system before beginning the installation process.
It is necessary to have Administrator privileges in order to install
SNMP Sniffer on Windows NT and Windows 2000.
The primary installed components are the Winp cappacket
capture driver, libsnm p .dl l(for dec oding of packets), and the
SNMP Sniffer application.
See the Questions and Answers section for more information about
the WinPcapsoftware.
How to insta ll the SNMP Sniffer
From the CD-ROM:
Follow these steps to install the SNMP Sniffer from the CD-ROM.
1. Quit any active Microsoft Windows programs.
2. Insert the product CD-ROM into a drive.
The install screen will appear automatically. If the install
screen does not appear after a few seconds, select Run
from the Start menu and enter drive: setup.exe, where
drive is the letter of the CD-ROM drive into which you
loaded the product CD.
3. Follow the prompts that appear on your screen.
4. An icon will appear on your desktop.
5. An entry will be placed on the START PROGRAMS menu.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
13/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 12
Glossary of SNMP Terms
GUI
Graphical User Interface: An interface for issuing commands to a
computer utilizing a pointing device, such as a mouse, that
manipulates and ac tivates graphical images on a monitor.
IPInternet Protocol: The network layer for the TCP/IP protoc ol suite
widely used on Ethernet networks.
MIB
Management Information Base: A structured collec tion of a ll the
managed objects maintained by a device. Managed objects
are structured in the form of a hierarchica l tree. MIBs are
specifications containing definitions of management information
so that networked systems can be remotely monitored,
configured, and controlled.
OIDObject identifier: Generally an implementation-specific integer or
pointer that uniquely identifies an object.
PDU
Protocol Data Unit: A message contains administrative
information and an SNMP. The PDU type identifies the type of
the message. The contents of a PDU are control fields, which are
dependent on the message type, and an array of pairs. The first
element of each pair is used to identify management
information and the second element is used to specify the value
of management information.
PacketA short block of data transmitted in a packet switching network.
Sniffer
A tool that monitors packets on a TCP/IP network.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
14/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 13
SNMP
Simple Network Management Protocol: The Internet standard
protocol, defined in STD 15, RFC 1157, developed to manage
nodes on an IP network. The SNMP-based management
approach is defined by a collec tion of documents. These
documents define a management framework consisting of four
major components: a management protocol
a definition of management information and events
a core set of management information and events
a mechanism and approach to manage the use of the
protocol including security and ac cess control
The operations in SNMP are limited to retrieving the value of
management information, modifying the value of management
information, and reporting an event.
VarBind
Variable bindings are a list of object identifier -- value pairs that
specify the managed objects to either collect or modify.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
15/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 14
Using the SNMP Sniffer
Start ing the A pp lica t ion and Using the M enu Op t ions
A shortcut to the SNMP Sniffer should be added to your desktop
during the installation process. If not, you can access theapplication by clicking the Start button and highlighting the
Programs menu. Then highlight the Icon Labs menu followed
by the SNMP Sniffer option. Click on SNMP Sniffer selec tion.
The SNMP Sniffer information window will appear followed by the
main screen.
Main Screen
File menu:
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
16/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 15
Capture menu:
Begin: start a new packet capture session
Stop: stop the current packet capture session (if one is
executing)
Choose LAN Adapter: select the network adapter to use
for packet captures
Capture Limits: set limits on number of packets to c apture
and the amount of system memory available to the
application
Statistics: view capture data
Number of TCP/IP packets seen
Total number of SNMP Packets captured
SNMP Packets filtered by PDU Type or Version
Number of packets dropped by Kernel
Options menu:
View and modify filter specifications for future captures
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
17/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 16
Modify display features for future captures
Select MIB paths, load locations, and display loaded MIBs
View menu: Allows the option to view or hide the toolbar and
status bar.
Help menu: Used to define elements of the application and
provide contact information.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
18/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 17
GUI Pa c ke t Windo w
How the screen is laid out:
Packet # - Assigned by the application
Time - Using the hh:mm:ss format
Destination - Destination IP address
Source - Source IP addresses
Version - SNMP version of the packet
Community - Details to whom access to the pac ket is
available
PDU Type - The different types of SNMP packets
Req-ID - SNMP agent request ID number
err status/gen trap - Generic trap field applies to SNMP
trap packets; error status field applies to all remaining
packets
err idx/spec trap - Specific trap field applies to SNMP
trap packets; error index field applies to all remaining
packets
GUI Packet window
In the VarBinds view, the VarBind name and value are tied to the
highlighted packet in the upper half portion of the screen.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
19/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 18
Version 1 trap packets have a slightly different format than otherSNMP packets. The V1 trap view displays three of the fields for this
type of packet:
V1 Trap - Enterprise
Agent-address
Trap Time-stamp
V1 trap view and Packet Hex view
In the Hex view, the hex data is tied to the highlighted packet in
the upper half portion of the screen. In this view, the SNMP data is
shown in hexadecimal format. Only the SNMP packet is shown --
no header information is included.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
20/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 19
Ca p turing Pac ke ts
A packet capture can be started in three different ways:
1. Selec t Begin from the Capture pull down menu.
2. Select the "green light icon from the toolbar.
3. Type CTRL+B from the keyboard.
Green light icon
Once started, the status bar will display both the time spent
capturing the packets and the number of SNMP packets
captured. Most toolbar buttons and menu options are disabledduring a capture session.
To stop the packet capture, select "Stop" from the Capture pull-
down menu OR select the "red light" icon from the toolbar. The
toolbar button will be enabled when a c apture is started.
"Red light" icon
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
21/34
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
22/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 21
capture and view ONLY the packets you want.
As packets are captured, the application allocates memory for
the packets. In tests, the Windows Task Manager revealed that
the amount of memory required is about 6-8 KB per packet. This is
added to the approximately 7 MB required by the application
when it is launched. Limiting a capture by memory usage is a
safeguard for your system.
The SNMP Sniffer deallocates memory whenever the current
packet display is cleared. This can be done in 3 ways:
1. By clicking "New" in the File menu or on the toolbar.
2. By clicking "Open" and opening a previously saved capture
session.
3. By clicking "Start capture" in the Capture menu or on the
toolbar.
Memory is also deallocated when you exit the application.
In Windows, memory that is deallocated is marked as available for
use, but the memory usage (i.e. "working set") of the
corresponding application is NOT reduced. This can be observedusing the Windows Task Manager. Windows gives memory priority
to applications that are visible on the desktop. An easy way to
reduce the memory usage of any process is to minimize the
process's window. Even though the SNMP Sniffer deallocates
memory as it goes along, this is not revealed in the working set
value. The limit on memory usage is based on the working set,
NOT on the amount of memory allocated by the application.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
23/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 22
Sta tistic s
The following data may be viewed for a packet capture:
Total number of TCP/IP packets seen.
SNMP packets captured by the basic packet filter. This is
a count of all SNMP packets that also satisfy IP address
and port number filtering options.
SNMP Packets filtered according to SNMP packet filter
options. This is a count of packets that, in addition to
satisfying the basic packet filter, also satisfy SNMP-specific
filtering options.
Number of SNMP pac kets dropped by kernel.
To view this data, select Statistics from the Capture menu. To
view the filtering specifications for the current capture, select
'Filters' from the 'Options' menu.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
24/34
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
25/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 24
click OK. Your options will be saved and the dialog box will close.
Disp lay O p t ion s
The display can be modified so that the information desired is
displayed.
To save your settings for future capture sessions, click Save as
Default.
To set the display options, check the boxes desired for the nextcapture and c lick on ok.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
26/34
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
27/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 26
Note : All MIBs inc lud ed b y a MIB tha t is b eing loa d ed m ust b e
p resent in the M IB Pa th.
RECOMMENDATION: It is recommended that additional MIBs you
wish to load (and any MIBs they include) are plac ed into the
\ MIBs\ User directory and that "Load all MIBs" is
chosen. This builds a more complete MIB tree that contains
standard SNMP OIDs.
You may also unload unnecessary MIBs that are already loaded.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
28/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 27
Questions and Answers
What is the SNMP Sniffer?
The SNMP Sniffer is an application that captures SNMP packets on
a network node and then displays the packets in a graphica l userinterface (GUI) format. Both capture and display occur in real
time. The SNMP Sniffer uses the WinPcap packet capture driver to
examine all known packets and capture specific packets based
upon options chosen by the user.
What platforms are supported?
The SNMP Sniffer supports Windows 98/Me and NT/2000. Other
platforms could be supported in the future, based upon demand.
Please contact Icon Laboratories, Inc., if you are interested in using
the SNMP Sniffer on a different platform.
What software is required to run the SNMP Sniffer?
The application requires the WinPcap packet capture driver. This is
installed during the normal setup process. For more information on
the WinPcap architecture, see the WinPcap driver web page(http : / / netgroup -serv.po l ito . it / WinPc ap ).There is also a WinPcap
FAQ at that site.
What packet information does the SNMP Sniffer give to the user?
The application displays a variety of information about SNMP
packets: arrival time, IP destination address, IP source address,SNMP packet version, community, request ID, error index, error
status, PDU type, VarBind information, trap information, and a
hexadecimal display of the packet.
How is this packet information displayed?
Packets are displayed in a list format, while field data within a
http://netgroup-serv.polito.it/WinPcap)http://netgroup-serv.polito.it/WinPcap) -
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
29/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 28
packet is displayed in columns. Since one SNMP pac ket may
contain multiple VarBinds, a separate list displays VarBind
information. Trap packets for version 1 traps contain different fields
from other SNMP packets, so these fields are displayed in a third
view. These three views are stacked vertically in the display. The
packet view is given the most space, but the user may adjust the
amount of space allocated to each view.
How do I selectively view specific SNMP packets?
In the default case, the SNMP Sniffer uses a packet filter that
captures all SNMP pac kets on the typical SNMP message and trap
ports (161 and 162, respec tively). However, the user may narrow
the focus of this filter by spec ifying IP source or destination address,
port number, OID, SNMP packet version, or PDU type.
What other packet display options are available?
The user has the following options for the display:
IP addresses may be resolved to domain names. Object identifiers (OIDs) may be c onverted into name format.
Time may be displayed in 24-hour or am/pm format.
What management information base (MIB) is used as the target of
the SNMP commands?
Generic MIBs are supplied with the application, and the user may
also specify a local or network path to use other MIBs. MIBs may
be specified in the "Options" menu, in the "MIB Options" dialog box.
Can I save a list of packets and view it later?
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
30/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 29
Any packet capture may be saved and reopened later. The suffix
.sft is given to the capture file when it is stored. Choose open
from the File menu and select the pac ket you would like to
reopen.
What if the SNMP Sniffer doesnt capture ALL of the SNMP Packets I
am expecting it to capture?
There are a couple reasons why a packet may not be captured:1. The packet never reached the node of the network that the
SNMP Sniffer was operating on. This is due to the network
topology. For instanc e, a switched network may isolate the
application from seeing the packet.
2. The filter may be excluding the packet. Go to Options/Filters
to see if the correct SNMP packet filter settings are being used.
3. One of the capture limits may have been exceeded. Click on
Capture Limits in the Capture menu to see if memory usage or
packet capture values have been exceeded.
What if no packets are being captured (and/or displayed)?
You can tell if any packets are being captured by looking at theCapture/Statistics dialog box after attempting a packet capture.
If the number of total packets seen is zero, then the packet
capture driver is not capturing any packets. First, go to the
"Choose LAN Adapter" dialog box and make sure that you have
selected the correct adapter to watch for packets. You can try
packet captures with other adapters on the list if you are not sure
which one you should use.
There might also be a problem with the WinPcap driver on
Windows NT/2000. The following description is from the WinPcap
FAQ:
At the moment, if you execute a WinPcap-based
application for the first time since the last reboot, you must
be administrator. At the first exec ution, the driver will be
dynamically installed in the system, and from that moment
every user will be able to use WinPcap to sniff the packets.
If neither of these methods solves your problem, please check the
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
31/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 30
latest FAQ on our web site. If your question isnt answered there,
you may contact Icon Laboratories, Inc., support team by
emailing us at [email protected].
Why cant I change the way packet information is displayed afterIve stopped my packet capture session?
Except for the appearance of gridlines, packet display information
must be set in the Options/Display Options dialog box BEFORE acapture is begun. When a packet capture session is started,
packet information is stored in the same format as it is displayed,
so the display cannot be modified after a capture is done.
Why arent the OIDs resolved, even when Ive checked that
option?
The MIB that you selected might not have been loaded c orrectly.
Try setting the MIB path again. If this doesn't work, please contact
Icon Laboratories at [email protected].
Why are there missing packet numbers in the Packet View?
Every time an SNMP packet meets the current requirements of the
WinPcap driver, the packet is given a unique Packet Number. The
driver filters packets based on pac ket header information. After
this, the application itself may apply another filter based on
information WITHIN the SNMP packet (e.g. version or PDU type).
Pac kets that already have pac ket numbers may be excluded in
this process, so some packet numbers would not be shown.
When I tried to open a past capture session, why do I get an
"Unexpected File Format" error?
If you get this error, it is because you are trying to open a capture
file that was saved in an earlier version of the SNMP Sniffer. Files
saved in SNMP Sniffer Version 1.x cannot be opened by later
versions of the application. Starting with Version 2.0, capture files
that are stored in one version of the SNMP Sniffer will be accessible
in future versions.
mailto:[email protected]:[email protected] -
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
32/34
Ic on La b orato r ies, Inc .
www. icon- labs .com 31
What is the purpose of the Capture Limits dialog box?
When the SNMP Sniffer captures and displays an SNMP packet, it
allocates a certain amount of memory for that packet. In tests,
the memory usage for the application turns out to be about 7 MB
upon initialization and an additional 6-8 KB per captured packet.
The Capture Limits dialog box exists for you to ensure that the
application will not use up too much memory on your machine. It
is a useful option if you would like to start a capture session and
then let it run unattended for hours, days, or even weeks.
As soon as the limit -- memory usage or number of packets -- is
reached, the capture is automatically stopped and the packets
are displayed. The status bar also displays the following statement:
"Capture Aborted because Capture Limit(s) Exceeded".
If your question has not been addressed here, please contact Icon
Laboratories at [email protected]. Other information and
recent FAQs may be accessed at their web site --
http://www.icon-labs.com.
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
33/34
-
8/13/2019 (Icon Laboratories) SNMP Sniffer User Manual
34/34