nv-l
[Top] [All Lists]

Re: Invalid SNMP Trap Packet

To: nv-l@lists.tivoli.com
Subject: Re: Invalid SNMP Trap Packet
From: James_Shanks@tivoli.com
Date: Tue, 13 Feb 2001 14:37:36 -0500
Well, it means just what it says.  A trap has a particular format per SNMP.
It starts with x'30', followed by the length of the trap, followed by the
SNMP version number, the community name, the enterprise id, and so on, all
encoded in ASN.1 format.    For details you can consult a book on SNMP if
you like.  Some agent in your network, the one at 10.116.1.254, sent
something to trapd's port which was not a trap or was not properly
formatted per SNMP protocol, and we spit it out.  trapd is just informing
you that this remote box is sending garbage. If you want to see what it is,
you will have to run the trapd.trace while dumping all the packets to hex
and wait for it to occur again.  You configure trapd to do that with the
Configure dialog or with SMIT.  Then you turn on the trace by typing in
"trapd -T"  and wait.
But it is probably easier to investigate it at the other end.  Does the
agent at 10.116.1.254 log what it does?

I suppose trapd could do name resolution on the IP address here but there
is little point since it cannot format the rest of what it has.  It doesn't
know what it is, so it doesn't know what to do with it.  It uses the IP
address out of the IP header just in case that is part of the problem.   At
the point in the code where this is determined we haven't done name
resolution yet, so we just spit it out and leave.

Basically the agent  at 10.116.1.254 and trapd is washing his hands of it.

James Shanks
Team Leader, Level 3 Support
 Tivoli NetView for UNIX and NT



William.Stringfellow@bankofamerica.com@tkg.com on 02/13/2001 01:59:15 PM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  [NV-L] Invalid SNMP Trap Packet





Hello Tivoleers(?),
     Running AIX 4.3.2 NV 5.1.1 (We're in the process of upgrading to 4.3.3
and 6.0.1)

     I am receiving the following message in my trapd.log and am curious
about 2 things.

982089155  7  Tue Feb 13 18:32:35 2001 <none> T WARNING: invalid SNMP Trap
packet from agent 10.116.1.254 source A pid -1

1.  What constitutes an Invalid SNMP Trap packet?  I know about lack of
formatting in the trapd.conf but have never seen this particular fault
before, and can't find anything in the NetView Administrators Guide, Users
Guide or any other Tivoli document.

2.  Our name resolution is performed entirely in /etc/hosts.  The IP
address
given for the device sending the invalid trap is defined in my /etc/hosts
file.  So why does it show up as an IP address and not a hostname?

TIA,
Bill
Bank of America


_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web