Best Practice for capturing SNMP packets

book

Article ID: 211379

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

When dealing with SNMP communication issues, users will often need to capture SNMP packets for debugging purposes. What is the best practice for capturing these packets?

Environment

Release : 20.2.x

Component : Spectrum Core / SpectroSERVER

Resolution

On Windows, Wireshark is the best practice for capturing these packets.

On Linux, tcpdump is a great tool to run this capture. Below is a sample command that can be run on SpectroSERVER systems to review the SNMP data:

tcpdump -w troubleshoot.pcap -vv -A -T snmp -s 0 "(dst port 162) or (src port 161) or (dst port 161) and (host <SpectroSERVER IP>)"

Additional Information

If SNMPv3 is being used, the SNMPv3 profile information will need to be entered into Wireshark in order to decrypt the packets so they are legible.