How to find process sending SNMP packets?
Hi all
I post to the Security forum - maybe Vista Networking might have been better? Anyway - here's the issue:
I see a Vista machine sending SNMP requests (udp/161) with a default community "public" regulary to two (2) IP-addresses that do not belong to any known network. I would like to find out what process sends these requests. The computer has never been a member
of a domain, and the SNMP feature is not installed.
I have used Sysinternal's TCPView and netstat but I was unable to find any application sending udp/161 traffic. Yet on the wire I clearly see the traffic:
18:37:28.718784 PortC, IN: IP 192.168.1.70.57210 > 192.168.0.3.161:
GetRequest(63) .1.3.6.1.2.1.25.3.2.1.5.1 .1.3.6.1.2[|snmp]
Any ideas? Suggestions appreciated.
Best
Maurice
July 13th, 2011 12:48pm
Hi,
Thanks for posting in Microsoft TechNet forums.
SNMP provides security by using community names and SNMP authentication traps.
An SNMP trap is an event notification message sent by the SNMP Trap service running on an SNMP host. The SNMP trap is sent to other SNMP hosts or to an SNMP management system,
which are known as trap destinations.
Please refer to http://technet.microsoft.com/en-us/library/cc754924.aspx
Best Regards
Magon Liu
TechNet Subscriber Support
in forum. If you have any feedback on our support, please contact
tnmff@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2011 4:54am