http://www.perlmonks.org?node_id=1020591


in reply to Re^2: How to encode snmpv2 trap varbind
in thread How to encode snmpv2 trap varbind

Are you sure they have to be spoofed?

The reason I ask is because there may be a simpler way to accomplish this. Most network monitoring systems (unless they're brain-damaged) support SNMP-COMMUNITY-MIB::snmpTrapAddress (1.3.6.1.6.3.18.1.3 with a .0 as your instance identifier). This is an SNMPv2 varbind that you can pass that contains an IP address to signify that the NMS should treat that as the originating SNMP source (commonly used by SNMP trap relays and aggregators). The docs on it noted that it should be the second varbind sent after the sysUptime (http://tools.ietf.org/html/rfc2576).

This variable serves roughly the same purpose as the agent-addr value in SNMPv1 traps. In fact, if your NMS supports SNMPv1, using that and setting agent-addr should be another viable option.

I've used both of the above methods successfully to "spoof" traps to multiple NMS's in the past. It works correctly on nearly all of them. In fact, if any of them fail to treat the trap as if it had come from the snmpTrapAddress/agent-addr, I'd recommend filing a bug with the developer and get them to fix their application.

I'd definitely recommend giving this a try. It may simplify things a great deal for you, and save you from the hassle and complexity of packet-level spoofing.

If needed, I might be able to dig up some (working) code I've used to accomplish the above; however, I was using the Net-SNMP project's SNMP perl module (not Net::SNMP), so the syntax is quite different.