Best Practice for capturing SNMP packets


Article ID: 211379


Updated On:


CA Spectrum


When dealing with SNMP communication issues, users will often need to capture SNMP packets for debugging purposes. What is the best practice for capturing these packets?


Release : 20.2.x

Component : Spectrum Core / SpectroSERVER


On Windows, Wireshark is the best practice for capturing these packets.

On Linux, tcpdump is a great tool to run this capture. Below is a sample command that can be run on SpectroSERVER systems to review the SNMP data:

tcpdump -w troubleshoot.pcap -vv -A -T snmp -s 0 "(dst port 162) or (src port 161) or (dst port 161) and (host <SpectroSERVER IP>)"

Additional Information

If SNMPv3 is being used, the SNMPv3 profile information will need to be entered into Wireshark in order to decrypt the packets so they are legible.