0

I am attempting to listen and continually grab incoming UDP traffic on port 162 as shown below, however, we never seem to enter the while loop.

The traffic is visible via tcpdump on port 162 and the Perl code below is running as root. The script seems to be waiting and listening but, never any output.

Surely missing a key bit. Any ideas?

use IO::Socket::INET;

# flush after every write
$| = 1;

my $received;
my ($peeraddress, $peerport);

my $socket = new IO::Socket::INET(
   LocalAddr => 'localhost',
   LocalPort => '162',
   Proto     => 'udp',
   Type      => SOCK_DGRAM,
) or die "ERROR in Socket Creation : $@\n";

while ( $socket->recv($received, 1024) ) {
   $peeraddress = $socket->peerhost();
   $peerport = $socket->peerport();
   print "\n($peeraddress , $peerport) said : $received";
}

$socket->close();

EDIT: the above code works when 'localhost' is replaced with '0.0.0.0', please see @ikegami 's answer. Also had the problem of traffic not reaching it because of the system firewall, as noted in comments.

Marcus
  • 5,772
  • 8
  • 35
  • 60
  • Is the traffic going to 127.0.0.1 or another address? – ikegami Jan 23 '23 at 17:19
  • Tip: No need for `Type`. It's derived from `udp`. – ikegami Jan 23 '23 at 17:26
  • Is tcpdump capturing tcp packets or udp packets? – mob Jan 23 '23 at 17:45
  • Works perfectly for me if I actually send UDP data to localhost (i.e. 127.0.0.1) on the same machine and port 162. So something is different in your environment, i.e. no UDP, no localhost, no same machine or different port. Show actually what you observe in tcpdump. – Steffen Ullrich Jan 23 '23 at 18:15
  • @ikegami the traffic (snmptraps) is coming from a remote host, so that host is sending to my host at its FQDN. – Marcus Jan 23 '23 at 18:15
  • @Marcus: *" is coming from a remote host,"* - then it cannot be received by localhost. Use 0.0.0.0 instead. – Steffen Ullrich Jan 23 '23 at 18:16
  • @mob udp packets – Marcus Jan 23 '23 at 18:16
  • @SteffenUllrich Hm ok, tried `LocalAddr => '0.0.0.0'` but still not seeing output... – Marcus Jan 23 '23 at 18:22
  • 2
    @Marcus: Make sure that no firewall rules on your system block access. Note that tcpdump captures traffic before any local firewall blocks it, so just because you see it in tcpdump does not mean that it is not blocked – Steffen Ullrich Jan 23 '23 at 18:29
  • @SteffenUllrich That was it... I had no idea tcpdump was pre-local-firewall, and never would have thought of it. Many thanks to you and all. – Marcus Jan 23 '23 at 18:38

1 Answers1

2

You are listening to 127.0.0.1:162, but the traffic is going to another adapter.

Say you're behind a NAT router and your internet traffic goes to 192.168.1.2. You would need to listen to 192.168.1.2:162 instead of 127.0.0.1:162.

Alternatively, you can listen to 0.0.0.0:162. The special address 0.0.0.0 indicates you want to listen to all adapters, so both 127.0.0.1 and 192.168.1.2 in our example.

ikegami
  • 367,544
  • 15
  • 269
  • 518
  • I am enlightened by this, thank you. Using 0.0.0.0:162 currently but nice to know I can be more specific if needed. – Marcus Jan 23 '23 at 18:51