Skip to main content

SNMP packets that seems to be broadcasting

More
19 years 6 months ago #8216 by Lexion
I have been using Ethereal to monitor our network to try and understand what traffic we have and if it should be there in the first place and try and reduce our broadcast traffic.

I do not have a full understanding of the SNMP protocol as I cant find any tutorials that seem to start from a very basic stand point or I missed the plot entirely.

what I am seeing in ethereal is a packet with a source of one of our NT4 servers and a the destination is a HP printer, I can see a few printers on here.

Source: Intel_36:49:13
Destination: Hewlett-_28:e0:64
Protocol: SNMP
Info: GET-NEXT iso.3.6.1.4.1.11.2.4.3.12.7 iso.3.6.1.4.1.11.2.3.9.1.1.2.1 iso.3.6.1.4.1.11.2.3.9.1.1.2.2 iso.3.6.1.4.1.11.2.3.9.1.1.2.3 iso.3.6.1.4.1.11.2.3.9.1.1.2.8 iso.3.6.1.4.1.11.2.3.9.1.1.2.9 iso.3.6.1.4.1.11.2.3.9.1.1.2.10 iso.3.6.1.4.1.11.2.3.9.1.1.2.11 iso.3.6.1.4.1.11.2.3.9.1.1.2.12 iso.3.6.1.4.1.11.2.3.9.1.1.2.13 iso.3.6.1.4.1.11.2.3.9.1.1.2.14 iso.3.6.1.4.1.11.2.3.9.1.1.2.15 iso.3.6.1.4.1.11.2.3.9.1.1.2.16 iso.3.6.1.4.1.11.2.3.9.1.1.2.17 iso.3.6.1.4.1.11.2.3.9.1.1.2.18 iso.3.6.1.4.1.11.2.3.9.1.1.2.19 iso.3.6.1.4.1.11.2.3.9.1.1.3

Should I be able to see these packets or have we configured something wrong on the server, I have looked in the packets I captured for the MAC address of other servers we use for print services but I can not see any packets for them. I am presuming that these packets should only bee seen by the destination as they are not destined to a broadcast address.

If you have any useful sites where I might learn more that would be very helpful too
More
19 years 6 months ago #8231 by cybersorcerer
From the position in which you were sniffing were you situated at a hub? If you were, then your just seeing normal SNMP management traffic flying across the hub(since it is a logical bus) which is nothing to be worried about. :D

As for a tutorial, I think reading the RFC would be the most helpful which you can find here
For a less technical tutorial, check out this site

"He who breaks something to find out what it is, has left the path of wisdom."

Gandalf the Grey
More
19 years 6 months ago #8237 by Lexion
Non of the devices are plugged into a hub everything is connected to switches. Thanks for the links will have a read of them
More
19 years 6 months ago #8328 by tiamat
Check the printer properties on the NT servers. If you look at the port settings under Configure Port, there will probably be an SNMP checkbox called SNMP Status Enabled, along with the community name and SNMP Device Index. Having this checked will cause the server to poll the printer every so often. Just uncheck the box to eliminate the SNMP traffic.
Time to create page: 0.122 seconds