[clue] (Slightly OT) - This SNMP issue has me baffled

foo7775 at comcast.net foo7775 at comcast.net
Wed Jul 15 13:09:12 MDT 2015 

From: "David L. Anselmi" <anselmi at anselmi.us> 
To: "CLUE's mailing list" <clue at cluedenver.org> 
Sent: Wednesday, July 15, 2015 11:11:05 AM 
Subject: Re: [clue] (Slightly OT) - This SNMP issue has me baffled 

foo7775 at comcast.net wrote: 
> 
> Now I'm not an expert with snoop or WireShark (yet!) but from what I can see, I have 34 packets 
> that arrived at the 'B' interface of the Solaris server, each of which contains an SNMP 
> 'get-request' for the same OID. When I remove the filter that shows only packets addressed to the 
> 'B' interface, I can see that interface A receives packets with 'get-next-request'& OIDs that 
> are incrementing. I do *not* see any responses from the Solaris server to the monitoring server 
> (for any interface) - the snoop command that I used is below: 

Sorry to hear that you're stuck using Solaris. 

You might want to figure out why you're not seeing the responses. If you can get them it might help. 

So since you're not seeing get-next-request to B, is there a chance that its responses aren't 
getting to the monitoring server? I guess snmpwalk from the local network would show them if it 
works. But maybe something is losing the replies along that path. 

HTH, 
Dave 
_______________________________________________ 


Thanks Dave, the sympathy helps a little bit... (heh) 

That's the big question that I have right now - since I can see that the packets are getting to the server, is the server just not responding, or is something dropping/blocking the return traffic?? I can think of three potential courses of action right now - 

1st, a coworker has apparently found other systems that aren't able to complete an snmpwalk connection to this host - so, note all of the systems that can't complete an snmpwalk connection to this server & run a traceroute from this server to each of those, then check to see if there are any common nodes in the traceroute output. The network & firewall teams swear up & down that everything's working as it should, so that option has the potential to cause a bit of heartburn... 

2nd, fire up another snoop session using the same command line, *this time* capture output from a successful connection attempt - that *should* confirm whether or not I should also be able to see the outgoing packets. (I'm going to be doing that in the next few minutes.) 

3rd, remove & reinstall the sma/snmp packages, in case one or more of the files has gotten corrupted. I'm treating this as a last resort, because it feels like a 'cop-out' to me... 

FWIW, I've already compared the snmp.conf & snmpd.conf files to another server that's working as it should - the snmp.conf file had one extra line (that I commented out, then restarted the services), the snmpd.conf file matched the one from the server that's working. 

Thanks again, 

T. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20150715/a8388c5f/attachment.html

More information about the clue mailing list