Administrator HandbookTOC

SNMP trap simulator

Introduction to snmp trap and snmp notification simulation

The snmp trap simulator is an ideal tool provided with LoriotPro for snmp trap simulation and for testing LoriotPro trap filter or any of your trap server. Trap Simulator allows you to forge fake snmpv1 traps or snmpv2c notifications and to send them to any snmp trap receiver.

SNMP Trap simulation is very useful to test your trap filters within LoriotPro and check that the associated actions are well performed. It is difficult on a server with an SNMP agent to force the generation of a Snmp Trap or a snmp v2c notification that is sent when a disk, a power supply a fan fails.

snmp V1 trap versus snmp v2c notification

SNMPv1 traps were defined in RFC 1157, with the following fields:

Enterprise Identifies the type of managed object generating the snmp v1 trap. Enterprise field contains value of sysObjectID of the device sending trap.For vendor specific snmp v1 traps, Generic snmp v1 trap type field is set to enterpriseSpecific(6).
Agent address Provides the address of the managed object generating the snmp v1 trap.
Generic trap type Indicates one of a number of generic snmp v1 trap types.
Specific trap code Indicates one of a number of specific trap codes.
Time stamp Provides the amount of time that has elapsed between the last network reinitialization and generation of the snmp v1 trap.
Variable bindings The data field of trap containing PDU. Each variable binding associates a particular MIB object instance with its current value.

The standard snmp v1 generic traps are:

0 coldStart The snmp device performs a power on
1 warmStart The snmp device performs a sofwtare reload or ipl
2 linkDown One of the interface of the snmp device went down
3 linkUp One of the interface of the snmp device went up
4 authenticationFailure A snmp manager tries to access a snmp agent with a wrong community or wrong user rights
5 egpNeighborLoss Exterior gateway protocol loss a neighbor router
6 enterprise specific Entreprise proprietary traps

In SNMPv2c trap is defined as NOTIFICATION and formatted differently comparing to SNMPv1. It has the following parameters:

sysUpTime Same as Time stamp in SNMPv1 trap
snmpTrapOID Trap identification field. For generic traps, values are defined in RFC 1907, for vendor specific traps snmpTrapOID is essentially a concatenation of the SNMPv1 Enterprise parameter and two additional sub-identifiers, '0', and the SNMPv1 Specific trap code parameter.
VarBindList A list of variable bindings

Starting the snmp trap simulator

To test a SNMP Trap or snmp v2c notification action, select the service tab of the workspace and call the contextual menu by a right click. Select trap Simulator option.

snmp trap simultaor selection
Load the trap simulator

You access the Trap Simulator Interface.

snmp trap simulator

Sending simulated trap and notification

If you wnat to send a forged snmp v1 trap you can select the address of the source of the trap.

Next enter the address and the community. If you send trap from this LoriotPro to this LoriotPro use the loopback address 127.0.0.1. Check that the community is right if you want to verify a filter set on the trap community in the LoriotPro trap filter..

In the combo box V1 standard trap or in the V1 enterprise and notification list , select the trap or notification that you want to simulate by a double click. The trap name is displayed in the lower text box and the variable bindings field is completed.

The V1 list box contains only the SNMP V1 trap except the Enterprise trap (Trap V1 of type 6).

snmp trap V1

The table column description of snmp v2c notification and snmp v1 trap

Name The trap or notification name as defined in the MIB
Trap V1 name or father the full name of the trap in snmp v1 or the father object name for snmp v2c
Version the snmp version, snmp v1 or snmp v2
V1 Enterprise specific A unique number that identifies this trap among all the traps from this vendor
MIB The MIB file compiled on the LoriotPro manager where is defines this trap or notification
Objects list of object, variable bindings and their value. Arbitrary value are assigned for the simulation.

The list contain all the SNMP V1 trap (Enterprise) and  snmp v2c notification).

Devices are not able to send all the listed snmp v2c notification or SNMP Trap. You can use the SNMP walker tool to find what MIB files thus trap or notification are supported by a device.

In the example below we select a snmp v2 notification. A snmp v1 trap at the same time.

snmp v2 trap send

You can modify the value of the variable bindings in the lower field of the screen. In our exemple the Variable binding object are defined and import from the MIB file. Values were arbitrary set to 145 by LoriotPro but you can chaage them.

When you have made your selection, click Send.

Come back to the LoriotPro Event Manager and select the trap tab. The SNMP trap are displayed in the trap tab window. The simulated SNMP trap has also fake variable bindings (varbinds 1 to 10).

Version

Generic snmp trap / Notification Icon Description

SNMP V1

0 - Cold Start

cold start trap

A Cold Start snmp trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered

SNMP V1
 

1 - Warm Start

warm start trap

A Warm Start snmp trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered.

SNMP V1

2 - Link Down

link down trap

A Link Down snmp trap signifies that the SNMP entity, acting in an agent role, has a Network Interface becoming down.

SNMP V1

3 - Link Up

link up trap

A Link Down snmp trap signifies that the SNMP entity, acting in an agent role, has a Network Interface becoming up.

SNMP V1

4 - Authentication Failure

authentication trap

An Authentication Failure snmp trap signifies that the SNMP entity, acting in an agent role, has received a protocol message that is not properly authenticated. 

SNMP V1

5 - Egp

egp trap

EGP Router snmp trap

SNMP V1

6 - Enterprise

enterprise trap

An Enterprise snmp trap signifies that the SNMP entity, acting in an agent role, has sent a snmp trap that is defined in the private MIB section. Enterprise

unknown

 

unknown trap

unrecognized trap

SNMP V2 Notification

V2

<strong>snmp v2c</strong> notification

snmp v2c trap or snmp v2c notification type

SNMP V2 Notification

V2

snmp v2c notification

snmp v2c trap or snmp v2c notification type

SNMP V3 Notification

V3

SNMP v3 notification

snmp v3 trap or snmp v3 notification type

SNMP V3 Notification

V3

SNMP v3 notification

snmp v3 trap or snmp v3 notification type

 

If you have defined filter associated to a SNMP trap the associated actions will be executed.  


www.loriotpro.com