AgentX Tutorial using Net-SNMP – Trap implementation

Third one in this series is implementation of SNMP Traps, the method which is the main strength of SNMP. These Traps provide an event based system where NMS relies heavily on the monitored stations to tell them if something of interest has happened. mib2c again provides an easy way to implement traps. This is actually one of the easiest ones of the three in this series. Again as I said before clone my repository and checkout the code to find what was done and how. Following are three commands of interest.


git clone https://github.com/jainvishal/agentx-tutorial.git
git checkout step3_traps_autogenerated
git checkout step3_traps_implement

mib2c provides mib2c.notify.conf to compile the MIB and generate C code. By default it uses SNMPv2 for traps and I leave it as is. Implementation is as simple as copying the data into right variables when time comes and they will be delivered. Continue reading

AgentX Tutorial using Net-SNMP – Simple Table MIB for Dummies

Second in the series of implementing an AgentX agent I describe a simple table implementation. Net-SNMP provides multiple implementations from easy one to more elaborate ones. An approach should be accepted based on the need. For most of the needs MIB for Dummies work (mib2c -c mib2c.mfd.conf). Points to consider for using MIB for dummies are :

  1. Data could be cached and smaller time windows are acceptable where data may be stale compared to real world values (or application can implement a logic to mark cache expired on real value change)
  2. Data reloads are not resource intensive
  3. Data set for table is small so memory foot print of copying to cache will be small

Continue reading

Most often used Network Sniffer flags for tcpdump and snoop

Most often used flags for tcpdump and snoop are below. Snoop is for SunOS while tcpdump is available for mostly all Unix/Linux kinds. We will discuss filters in another post. And to read back and process the captured files, I use wireshark which provides lots of options to deep dive into the packet stream.

Purpose snoop tcpdump Description
Select Interface -d <iface> -i <iface> Not needed if system has only one interface (ignoring localhost)
Capture full -s 0 -s 0 Snap length controls how much to capture. Zero means capture all.
Write capture to a file -o <filename> -w <filename>
Avoid DNS lookups for IPs in capture -r -n So no DNS lookups are performed when displaying real-time capture, good for efficiency

Continue reading