[snmp] RE: Bind to a specific port

Josh Bers jbers at bbn.com
Tue May 27 15:41:07 BST 2008 

You are right, it is not so important to use the same source port number,
however, it is easier to track data to/from an application if the port
numbers are consistent. If you do a tcpdump with a net-snmp agent, you'll
see that the source port of the response pdu's are always from port 161. It
also indicates that you are using the same udp socket to listen and send on,
which is conserving resources..

If I were to build a firewall or traffic shaper, it would be more secure to
filter on source port as well as the destination port, which in the case of
an snmp manager may well be constantly changing...

Josh

-----Original Message-----
From: snmp-bounces at snmp.westhawk.co.uk
[mailto:snmp-bounces at snmp.westhawk.co.uk] On Behalf Of Andrew Chandler
Sent: Tuesday, May 27, 2008 2:08 PM
To: 'List for discussion of the Westhawk SNMP stack'
Subject: RE: [snmp] RE: Bind to a specific port

Just curious - why is it such a requirement to have the sending port be
locked to a specific number?   In all my experience it was all about the
receiving port being constant and the originating port was free to be
random.   Even firewalls by and large are fine with this you just map the
destination port and allow any src port.    

-----Original Message-----
From: snmp-bounces at snmp.westhawk.co.uk
[mailto:snmp-bounces at snmp.westhawk.co.uk] On Behalf Of Josh Bers
Sent: Tuesday, May 27, 2008 12:13 PM
To: 'Birgit Arkesteijn'
Cc: 'List for discussion of the Westhawk SNMP stack'
Subject: [snmp] RE: Bind to a specific port

Hi Birgit,

Thanks for your many responses...


It turns out my issue was not setting the ContextEngineId to the
AuthEngineId (the stack may want to do this by default for Authoritative
contexts).

As you say, the agent side clearly is not as well developed, yet. I think
that the whole socket issue deserves some re-design to serve in agent
capacity...Sharing a single socket for sending out datagrams might be the
way to go for an agent.... 

You currently have a single listening context receiving requests on port 161
(say). Then to reply you'd like to use the same socket to send the response
to the requestor... (this can be the sendTo address of the socket or read
from the context), however, you don't want to create a new socket to respond
to the requestor (as the stack currently does) because then you will indeed
have to pick a random open port number to avoid conflicting with other
contexts...and it wastes system resources..

The way the DatagramSocket works you can create it with a specific local
Port number (see SocketAddress or SocketId) and leave the local IP
un-defined (null). Since the underlying impl uses sendTo it can send to any
number of remote destinations at packet send time.

That way over the wire all responses from the agent will have the src port
be 161....

Josh

-----Original Message-----
From: Birgit Arkesteijn [mailto:birgit at westhawk.co.uk]
Sent: Tuesday, May 27, 2008 12:13 PM
To: Josh Bers
Cc: 'List for discussion of the Westhawk SNMP stack'
Subject: Re: Bind to a specific port

Hi Josh,

No, there isn't.

I have to read up on DatagramSocket and DatagramPacket (used by our
StandardSocket), but a quick glance doesn't tell me how to specify the local
port on the fly.

As far as I can tell, you can give the local port to listen *on* (i.e. 
all incoming packets that are send to port 161), but as far as I can tell,
not the local port where to send *from*.

Cheers, Birgit



On 25/05/08 05:03, Josh Bers wrote:
> I am attempting to create an agent, however, when I send response to a 
> manager the stack uses a different port (local) on which to send 
> responses from, e.g., if I am listening on port 1162 for requests, 
> responses go out on 1190 (or other random port). Is there a way to 
> tell the stack to use a specific local port when sending response pdu's?
> 
>  
> 
> Thanks,
> 
>  
> 
> Josh
> 
>  
> 
> Josh Bers
> 
> Senior Engineer, Mobile Networking Systems
> 
> BBN Technologies
> 
> web: www.bbn.com <http://www.bbn.com> ph: (617) 873-4262 fax: (617)
873-4523
> 
>  
> 

--
-- Birgit Arkesteijn, birgit at westhawk.co.uk,
-- Westhawk Ltd, Albion Wharf, 19 Albion Street, Manchester M1 5LN, UK
-- Company no: 1769350
-- Registered Office:
-- 15 London Road, Stockton Heath, Warrington WA4 6SJ. UK.
-- tel.: +44 (0)161 237 0660
-- <URL: http://www.westhawk.co.uk>


_______________________________________________
snmp mailing list
snmp at snmp.westhawk.co.uk
http://snmp.westhawk.co.uk/mailman/listinfo/snmp

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
snmp mailing list
snmp at snmp.westhawk.co.uk
http://snmp.westhawk.co.uk/mailman/listinfo/snmp

More information about the snmp mailing list