SNMP使用的协议为UDP,默认端口为161和162.

使用iptables

命令如下:

iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP

使用mib browser采集设备上的节点,会超时(timeout)

在串口打开tcpdump打印消息如下:

root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP
root@hbg:/#
root@hbg:/#
root@hbg:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
DROP       udp  --  anywhere             anywhere             udp dpts:snmp:snmp-trap

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@hbg:/# tcpdump
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:12:53.215582 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:53.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:12:54.215559 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:55.215538 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:55.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:12:55.509887 LLDP, length 138: TVWS
12:12:55.899593 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
12:12:55.899857 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
12:12:55.900431 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime 查询报文
12:12:56.215514 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:57.215491 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:57.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:12:58.215468 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:59.215445 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:59.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:00.215421 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:00.898934 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime 查询报文
12:13:01.215396 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:01.449712 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:02.215372 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:02.339996 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
12:13:03.215351 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:03.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:04.215327 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:05.215304 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:05.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:05.899351 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime  查询报文
12:13:06.215279 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:07.215260 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
^C
29 packets captured
29 packets received by filter
0 packets dropped by kernel

查询报文的次数在于你配置mib browser中retransmits的次数

允许通过为:

iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT

root@hbg:/# iptables -D INPUT 1
root@hbg:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
root@hbg:/#
root@hbg:/#
root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT
root@hbg:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     udp  --  anywhere             anywhere             udp dpts:snmp:snmp-trap

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@hbg:/# tcpdump
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:15:55.211339 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:55.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:15:55.629877 LLDP, length 138: TVWS
12:15:56.211318 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:57.211291 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:57.449708 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:15:58.211269 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:58.702348 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
12:15:58.702588 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
12:15:58.703184 IP 192.168.2.234.58494 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime   查询报文
12:15:58.704048 IP 192.168.2.125.snmp > 192.168.2.234.58494:  C=world GetResponse(28)  system.sysUpTime.0=304450  响应报文
12:15:59.211246 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:59.449711 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:00.211223 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:00.561467 IP 192.168.2.234.58496 > 192.168.2.125.snmp:  C=world GetRequest(31)  E:45138.3030.1.1.4.0    查询报文
12:16:00.598459 IP 192.168.2.125.snmp > 192.168.2.234.58496:  C=world GetResponse(35)  E:45138.3030.1.1.4.0=192.168.2.125  响应报文
12:16:01.211198 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:01.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:02.211178 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:03.211152 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:03.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:03.709734 ARP, Request who-has 192.168.2.234 tell 192.168.2.125, length 28
12:16:03.710467 ARP, Reply 192.168.2.234 is-at 54:ee:75:4a:37:b5 (oui Unknown), length 46
12:16:04.211128 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:05.211106 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:05.338555 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
12:16:05.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:06.211083 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:07.211060 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:07.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:08.211035 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:09.211012 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:09.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
^C
33 packets captured
34 packets received by filter
0 packets dropped by kernel

openwrt拦截snmp报文的更多相关文章

  1. SNMP报文抓取与分析(二)

    SNMP报文抓取与分析(二) SNMP报文抓取与分析(二) 1.SNMP报文表示简介 基本编码规则BER 标识域Tag表示 长度域length表示 2.SNMP报文详细分析(以一个get-respon ...

  2. SNMP报文抓取与分析(一)

    SNMP报文抓取与分析(一) 1.抓取SNMP报文 SNMP报文的形式大致如下图所示 我们这里使用netcat这个工具来抓取snmp的PDU(协议数据单元).(因为我们并不需要前面的IP和UDP首部) ...

  3. SNMP学习笔记之SNMP报文以及不同版本(SNMPv1、v2c、v3)的区别

    本篇文章将重点分析SNMP报文,并对不同版本(SNMPv1.v2c.v3)进行区别! 四.SNMP协议数据单元 在SNMP管理中,管理站(NMS)和代理(Agent)之间交换的管理信息构成了SNMP报 ...

  4. SNMP学习笔记之SNMP报文协议详解

    0x00 简介 简单网络管理协议(SNMP)是TCP/IP协议簇的一个应用层协议.在1988年被制定,并被Internet体系结构委员会(IAB)采纳作为一个短期的网络管理解决方案:由于SNMP的简单 ...

  5. BurpSuite经常拦截firefox报文如success.txt的解决办法

    因为工作需要经常使用Burp对收发报文进行检测,平时习惯使用火狐浏览器,但是火狐浏览器经常进行一些登录状态的检测,导致Burp拦截中出现大量的火狐报文,如http://detectportal.fir ...

  6. 能ping通虚拟机,但snmp报文 Destination unreachable(Host administratively prohibited

    如题目,使用virtual box 虚拟机,虚拟机系统为centos6.5, 主机系统为win10 内外设置ip在同一网段后,互相能ping通,centos 系统开启snmp服务,此处说明以下, sn ...

  7. iptables拦截tcp报文syn/ack/rst/psh/fin

    https://www.cnblogs.com/Qingluan/p/5137136.html https://blog.csdn.net/weixin_34216107/article/detail ...

  8. SNMP TRAP报文解析

    转载地址: https://blog.csdn.net/eric_sunah/article/details/19557683 SNMP的报文格式 SNMP代理和管理站通过SNMP协议中的标准消息进行 ...

  9. SNMP简单网络管理协议

    声明:以下内容是学习谌玺老师视频整理出来(http://edu.51cto.com/course/course_id-861.html) SNMP(Simple Network Management ...

随机推荐

  1. 关于64位win7环境下VS连接oracle数据库的问题

    本机环境:64位win7,安装了64位的oracle桌面类 服务器环境:64位windows server 2008,64位oracle服务器端 问题:本机用sql developer连数据库没有问题 ...

  2. ASP.NET MVC Url中带点号出现404错误的解决方案

    由于项目需求,项目的路由设计如下 config.Routes.MapHttpRoute( name: "Get/Put Sku", routeTemplate: "api ...

  3. Java 后台sql注入

    JdbcTemplate.update(sql, ArrayList.toArray()) Connection conn = null; PreparedStatement ps = null; c ...

  4. brew install nvm

    brew install nvm mkdir ~/.nvm nano ~/.bash_profilectrl+x 退出 source ~/.bash_profile echo $NVM_DIR nvm ...

  5. Objective-C Runtime 运行时之三:方法与消息(转载)

    前面我们讨论了Runtime中对类和对象的处理,及对成员变量与属性的处理.这一章,我们就要开始讨论Runtime中最有意思的一部分:消息处理机制.我们将详细讨论消息的发送及消息的转发.不过在讨论消息之 ...

  6. erase-credentials配置

    转自:Spring Security怎样不让默认的ProviderManager清除密码等信息 <authentication-manager erase-credentials="f ...

  7. 一些Android经验

    1.如果在调试Android程序中,你非常确定你的代码是没有问题的,比如在跟Server交互时候,抓包软件抓到的包是正常的,但是在解析数据时候有问题, 你可以试着换个Android设备看看,模拟器换成 ...

  8. springmvc注释

    //请求json串(商品信息)    输出json(商品信息) //@RequestBody将请求的商品信息的json串转成itemsCustom对象 //@ResponseBody将itemsCus ...

  9. X11 基本绘图

    #include <X11/Xlib.h> int main() { Display * dsp = XOpenDisplay(NULL); int screenNum = Default ...

  10. IBM Minus One

    IBM Minus One Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/Others) Total ...