0

I am implementing the pysnmp code for snmpv3, trying to send a trap over to a machine in my network. I can see that the trap is being seen in Wireshark but it does not show up in any of my trap receivers. The code is as below :

from pysnmp.hlapi import *

errorIndication, errorStatus, errorIndex, varBinds = next(
    sendNotification(
        SnmpEngine(OctetString(hexValue='8000000001020304')),
        UsmUserData('usr', authKey='authh', privKey='privv',
                    authProtocol=usmHMACSHAAuthProtocol,
                    privProtocol=usmAesCfb128Protocol), 
        UdpTransportTarget('192.168.1.79',162),
        ContextData(),
        'trap',
        NotificationType(ObjectIdentity('SNMPv2-MIB', 'authenticationFailure'))
    )
)

if errorIndication:
    print(errorIndication)

If I remove authKey, privKey, authProtocol and privProtocol, I can see the traps being recieved in the trap receiver but when I put them all in, I do not see the traps.

My questions are:

  1. Does ubuntu have to open up its 161 and 162 ports for windows machine to receive it?
  2. Even with a hard coded Engine ID, I am able to send a trap with no authentication, but is it necessary to have the correct Engine ID in the case of full authentication ? Is that why the trap isn't showing up? If so, can someone guide me on finding the engine ID of the receiving system ?
  3. Can we surely say that since Wireshark is clearly seeing the trap come through, its only a matter of configuration on Trap receiver to show the trap ?

Please help me with this.

Thank you.

Ilya Etingof
  • 5,440
  • 1
  • 17
  • 21
E..Nygma149
  • 11
  • 5

1 Answers1

0

Make sure your SNMPv3 keys are 8 or more characters long. This is a requirement that comes with the SNMP standard.

With SNMPv3 TRAP you are required to explicitly configure SNMP engine ID to both notification originator (your script) and notification receiver if you are using any crypto features.

You should set arbitrary SNMP engine ID to your notification originator (it is the authoritative part in this exchange), then configure the same SNMP engine ID (along with USM user and keys) to your notification receiver. No need to figure out SNMP engine ID of the receiver.

It may not be a firewall issue since plain text TRAPs get through.

May be try simpler setup like MD5 auth and no encryption (authNoPriv). Just in case your notification receiver does not support the newer cypher suite.

Ilya Etingof
  • 5,440
  • 1
  • 17
  • 21