I'm evaluating Unbrowse SNMP Trap Listener to "Alert" when an SNMP V1/2 and V3 trap is recieved on a Windows XP machine. I've tested few versions and only 1.5 works. I found that the difference is when the Trap listener is turned on, and when i do a netstat -an in cmd prompt. Only ver 1.5 binds UDP port 162 to NIC IP e.g (10.1.1.3 : 162). For the other versions, it is (0.0.0.0 : 162). I've already made sure that the allow promiscious mode is checked in the settings but it just doesn't work.

Though the ver 1.5 can receive V3 traps, it is not able to capture the OID thus resulting in a unknown type trap.

May i know if anyone has experienced this before? if yes, what's the solution? Tks.

Only ver 1.5 binds UDP port 162 to NIC IP e.g (10.1.1.3 : 162). For the other versions, it is (0.0.0.0 : 162).


Yes, we made a change from R.1.6 to bind to 0.0.0.0 rather than just a specific interface. Binding to 0.0.0.0 allows Unbrowse to listen for traps on any interface.

Can you try the following ?

1. Uninstall R1.5 and clean up the old configuration. To do this press the Start button > Run > Type %APPDATA%. This will open up the application data folder. Locate the subfolder named Unleash NetworksUnbrowse. Delete or rename the folder named Unbrowse.


2. Install the latest version of Unbrowse.

3. Go to Tools > Customize > Trap Console and select "Normal UDP Socket" as the preferred provider.

4. Press Ctrl + Shift +T to start the trap console

5. Ensure that "UDP:162" is displayed in the status bar at the bottom of the trap console

If this still does not work, try changing the provider to Windows Raw Sockets (again via Tools > Customize > Trap Console).


Though the ver 1.5 can receive V3 traps, it is not able to capture the OID thus resulting in a unknown type trap.


It is probably because the incoming v3 trap is using authPriv mode. To correctly decrypt and show these traps do the following.

1. Create an agent for the IP Address and Security Name (user name shown in the trap console)

2. Change the version of the new agent to SNMPv3 and specify the auth and priv passwords.

3. Go to Tools > Customize > Advanced > Trap Console and check the "Try to decrypt SNMPv3 Traps" setting.



Thanks,

Vivek R

Unleash Networks

May i know wat does changing to Windows Raw Sockets via Tools > Customize > Trap Console do?

BTW, tested uninstall the old and tried install latest 1.6 -> Still the same problem

Hi,

Raw Sockets allow Unbrowse to monitor SNMP traps even if some other application has port 162 already open. Check out this tip for more detail. Another advantage of Raw Sockets is that it can listen to all traps on all ports, not just 162. The disadvantage is that on some versions of Vista (esp Business and Enterprise) we have experienced some flakiness.

Back to your problem:

1. Does the bottom of the trap console show the string "UDP : 162" ?

2. Are there any errors shown when you start the trap console (Ctrl+Shift+T) ?

3. Are you getting any traps on port 162 ? You can confirm this by using Wireshark or Unsniff. If you are, then Unbrowse ought to display the traps. If it isn't and Raw Sockets does not help either, it is probably a bug. If you can send us a small capture file or even a screenshot of the trap, we can debug it real quick.


Thanks,

It is still not working. I've captured the pkts using both ver 1.6 and 1.5. There is also a small screen shot showing something did appear on the Trap console using ver 1.5. The source IP is 172.16.3.2 and the destination IP where the unbrowse is installed is 10.178.9.42

Hi,

Sorry, but the screenshot does not seem to be attached correctly. Can you send it across to info at unleashnetworks dot com ?


Can you also check if the adapter you are listening on is the correct one ? Use: Tools > Customize > Trap Console > Preferred Adapter

I would have suspected a windows firewall block, but since 1.5 works, that does not seem to be the case.

Thanks,

Vivek