[CentOS] lost udp packets

Thu Oct 4 17:26:20 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Thu, Oct 4, 2012 at 12:17 PM, James Pifer <jep at obrien-pifer.com> wrote:
> On 10/4/2012 9:40 AM, James Pifer wrote:
>> I have a CentOS release 5.8 that has snmp traps being sent to it. I've
>> been trying to forward the snmp traps to another system. I've tried
>> forwarding with snmpd/snmptrapd, iptables, and some forwarding programs.
>> I can see snmp traps getting delivered to the system with tcpdump and
>> wireshark, but no matter what app I run, the traps do not appear to be
>> reaching the application or port 162. It seems like the packets are
>> possibly being dropped right away.
>> iptables is wide open:
>> # iptables -L
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>> Chain FORWARD (policy ACCEPT)
>> target     prot opt source               destination
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>> If I run the apps I can see port 162 open and closed depending on what I
>> have running, so I'm sure there's not a specific app running already on
>> that port.
>> Anyone have any ideas on what could be happening to these packets and
>> why they might not be reaching port 162 on this host?
> Just a follow up. I ran tcpdump for port 162 for a little while and when
> I stopped I see this at the end:
> 737 packets captured
> 737 packets received by filter
> 0 packets dropped by kernel
> So I guess the kernel is not dropping them. Still can't explain why
> applications are not picking them up.
> Any help is appreciated.

I'd try strace'ing the app that is supposed to be receiving them to
see if the socket opens are working and what happens with a packet
arrives on the port.

   Les Mikesell
      lesmikesell at gmail.com