如何使用 tcpdump 捕获和解码 SNMP 流量

使用以下命令，你可以捕获和解码进出特定接口（此示例中为 enp3s0）的 SNMP 流量：

tcpdump_snmp_capture.sh

tcpdump -v -i enp3s0 'udp port 161'

tcpdump -v -i enp3s0 'udp port 161'

这通过仅过滤端口 161（SNMP 端口）上的 UDP 数据包来实现。-v 标志告诉 tcpdump 实时解码流量。

示例输出：

tcpdump_snmp_example.txt

01:28:27.915505 IP (tos 0x0, ttl 64, id 28865, offset 0, flags [DF], proto UDP (17), length 151)
    10.9.2.199.snmp > 10.9.2.15.47669:  { SNMPv3 { F=a } { USM B=1 T=608 U="admin" } { ScopedPDU E=_80_00_6a_92_03_44_a5_6e_43_5e_4c C="" { GetResponse(33) R=1015374419  105.1.1.1.5.1.2=1 } } }
01:28:27.915646 IP (tos 0x0, ttl 64, id 38290, offset 0, flags [DF], proto UDP (17), length 150)
    10.9.2.15.47669 > 10.9.2.199.snmp:  { SNMPv3 { F=ar } { USM B=1 T=608 U="admin" } { ScopedPDU E=_80_00_6a_92_03_44_a5_6e_43_5e_4c C="" { GetNextRequest(32) R=1015374420  105.1.1.1.5.1.2 } } }

01:28:27.915505 IP (tos 0x0, ttl 64, id 28865, offset 0, flags [DF], proto UDP (17), length 151)
    10.9.2.199.snmp > 10.9.2.15.47669:  { SNMPv3 { F=a } { USM B=1 T=608 U="admin" } { ScopedPDU E=_80_00_6a_92_03_44_a5_6e_43_5e_4c C="" { GetResponse(33) R=1015374419  105.1.1.1.5.1.2=1 } } }
01:28:27.915646 IP (tos 0x0, ttl 64, id 38290, offset 0, flags [DF], proto UDP (17), length 150)
    10.9.2.15.47669 > 10.9.2.199.snmp:  { SNMPv3 { F=ar } { USM B=1 T=608 U="admin" } { ScopedPDU E=_80_00_6a_92_03_44_a5_6e_43_5e_4c C="" { GetNextRequest(32) R=1015374420  105.1.1.1.5.1.2 } } }

Check out similar posts by category: Networking

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee