<html><body><div style="font-family: Arial; font-size: 12pt; color: #000000"><div aria-label="Compose body">Hey all, I apologize for the fact that this message refers to Solaris rather than Linux, but I'm hoping that there's enough overlap that it might be interesting/useful to others anyway...<br></div><div><br></div><div> I am really puzzling over an issue I'm fighting on a Solaris 10 system, & I'm hoping that a "2nd pair of eyes" might be able to help me get past this apparent blind spot... The server in question has three network interfaces (B, C, & A - and 'A' is the logical interface created with B & C bonded together).</div><div><br></div><div> Our monitoring admin is trying to set up monitoring of this server on all three interfaces over the typical SNMP protocol (UDP 161). I have confirmed that snmpd is active & listening on UDP 161, and connections can be made from any system to network interfaces A & C. The monitoring server (which is in a different city) is not able to connect to UDP 161 on interface B, although I can repeatedly make a successful connection to interface B using netcat from a Linux server that's on the same network as the monitoring server. The monitoring server is able to monitor several hundred other servers without issue (& has done so for years), so I am making the assumption that that end is working as expected. <em>(And, that server is out of my area of responsibility as well.)</em><br></div><div><br></div><div> Firewalls & network check out fine. I have also confirmed that the local OS firewall is not active (using both 'svcs' & 'ipfstat' commands). The snmpd.conf file consists of only nine lines, none of which mentions specific network interfaces/IPs/etc. Since the usual troubleshooting steps haven't led to a resolution, I've coordinated with the monitoring admin, & had him attempt to connect again after I'd fired up 'snoop' on the Solaris box, just so that I could see what's happening when the connection attempts are being made, I've then transferred the packet capture file to my workstation & opened it with WireShark. <br></div><div><br></div><div> Now I'm not an expert with snoop or WireShark (yet!) but from what I can see, I have 34 packets that arrived at the 'B' interface of the Solaris server, each of which contains an SNMP 'get-request' for the same OID. When I remove the filter that shows only packets addressed to the 'B' interface, I can see that interface A receives packets with 'get-next-request' & OIDs that are incrementing. I do *not* see any responses from the Solaris server to the monitoring server (for any interface) - the snoop command that I used is below:<br></div><div><br></div><div> snoop -P -V -o <output file> -q -r <IP address of monitoring server><br></div><div><br></div><div> I'd initially thought that I had mistakenly captured only incoming packets, but the command arguments that I provided do not support that belief:<br></div><div><p> [ -P ] # Turn OFF promiscuous mode<br> [ -V ] # Show all summary lines<br> [ -q ] # Suppress printing packet count
[ -r ] # Do not resolve address to name<br><br><br><span style="font-family: arial,helvetica,freesans,sans-serif;">I've <em>considered</em> looking at the configuration for the network interface bonding, but that really doesn't seem as though it would be a likely source of the problem. And before I forget to mention it, I have restarted the snmpd daemon as well.<br><br>Any suggestions that anyone can offer would be appreciated.</span><br><br><span style="font-family: arial,helvetica,freesans,sans-serif;">Thanks in advance,</span><br><br><span style="font-family: arial,helvetica,freesans,sans-serif;">T.</span><br></p></div></div></body></html>