netsnmp-pcap - SNMP extension which captures network traffic and reports the number of packets captured, and the throughput
netsnmp-pcap [--config /etc/snmp/pcap.conf] [--debug [n]] netsnmp-pcap { --help | --man | --version }
Specify the base OID to server the table from. Default to the same as bsnmpd-pcap, .1.3.6.1.4.1.12325.1.1112
bsnmpd-pcap
Specify the path to the configuration file. Default to /etc/snmp/pcap.conf
Enable debug mode, i.e., traces POE events.
Tell the program to detach itself from the terminal and become a daemon. Use --no-detach to prevent this.
--no-detach
Specify the path to a file to write the PID of the daemon.
Print a short usage description, then exit.
Print the manual page of the program, then exit.
Print the program name and version, then exit.
This program is a port of bsnmpd-pcap, the pcap plugin for FreeBSD's bsnmpd, as an AgentX for Net-SNMP, written in Perl. It allows you to measure arbitrary network traffic, in packets or octets, using the pcap(3) library. Multiple flows of traffic can be measured by setting as many network monitors, with different filters.
The counters are available as a table under the same OID as bsnmpd-pcap, but this can be changed using the --base-oid option:
--base-oid
.1.3.6.1.4.1.12325.1.1112
The following entries are provided, where N is the index:
the number of network monitors present
the index of the network monitor
a human description of the netowrk monitor (may be empty)
the network device that traffic is being monitored on
the pcap(3) filter used to select certain network packets for monitoring
the number of octets seen by the monitor
the number of packets seen by the monitor
The configuration format is the same as bsnmpd-pcap, where you define the network monitors by setting the corresponding SNMP functions. Here is an example which defines three network monitors:
%pcap pcapDescr.1 = "ARP, ICMP and VRRP traffic" pcapDevice.1 = "eth0" pcapFilter.1 = "arp or icmp or vrrp" pcapDescr.2 = "DNS traffic" pcapDevice.2 = "eth0" pcapFilter.2 = "port domain" pcapDescr.3 = "HTTP traffic" pcapDevice.3 = "eth0" pcapFilter.3 = "port http or port https"
and the corresponding result from snmpwalk:
# snmpwalk -v2c -On -c public localhost .1.3.6.1.4.1.12325.1.1112 .1.3.6.1.4.1.12325.1.1112.1 = INTEGER: 3 .1.3.6.1.4.1.12325.1.1112.2.1.0.1 = INTEGER: 1 .1.3.6.1.4.1.12325.1.1112.2.1.0.2 = INTEGER: 2 .1.3.6.1.4.1.12325.1.1112.2.1.0.3 = INTEGER: 3 .1.3.6.1.4.1.12325.1.1112.2.1.1.1 = STRING: "ARP, ICMP and VRRP traffic" .1.3.6.1.4.1.12325.1.1112.2.1.1.2 = STRING: "DNS traffic" .1.3.6.1.4.1.12325.1.1112.2.1.1.3 = STRING: "HTTP traffic" .1.3.6.1.4.1.12325.1.1112.2.1.2.1 = STRING: "eth0" .1.3.6.1.4.1.12325.1.1112.2.1.2.2 = STRING: "eth0" .1.3.6.1.4.1.12325.1.1112.2.1.2.3 = STRING: "eth0" .1.3.6.1.4.1.12325.1.1112.2.1.3.1 = STRING: "arp or icmp or vrrp" .1.3.6.1.4.1.12325.1.1112.2.1.3.2 = STRING: "port domain" .1.3.6.1.4.1.12325.1.1112.2.1.3.3 = STRING: "port http or port https" .1.3.6.1.4.1.12325.1.1112.2.1.4.1 = Counter32: 56 .1.3.6.1.4.1.12325.1.1112.2.1.4.2 = Counter32: 1347 .1.3.6.1.4.1.12325.1.1112.2.1.4.3 = Counter32: 29137 .1.3.6.1.4.1.12325.1.1112.2.1.5.1 = Counter32: 2 .1.3.6.1.4.1.12325.1.1112.2.1.5.2 = Counter32: 15 .1.3.6.1.4.1.12325.1.1112.2.1.5.3 = Counter32: 53 End of MIB
Because this program is based on POE::Component::NetSNMP::agent, it suffers from the same problem, which is that when the snmpd daemon it is connected to dies, the default POE loop will spin over the half-closed Unix socket, eating 100% of CPU until the daemon is restarted and the sub-agent has reconnected. A workaround is to use an alternative event loop: POE::Loop::AnyEvent, POE::Loop::EV and POE::XS::Loop::EPoll have been tested to not expose this problem.
To select the event loop, set the POE_EVENT_LOOP environment variable to its name: POE_EVENT_LOOP=POE::Loop::AnyEvent
POE_EVENT_LOOP
POE_EVENT_LOOP=POE::Loop::AnyEvent
snmpd(1), bsnmpd-pcap(8), pcap(3), tcpdump(1)
http://www.net-snmp.org/
http://thewalter.net/stef/software/bsnmp-pcap/
http://www.tcpdump.org/
Sebastien Aperghis-Tramoni (sebastien@aperghis.net)
To install netsnmp-pcap, copy and paste the appropriate command in to your terminal.
cpanm
cpanm netsnmp-pcap
CPAN shell
perl -MCPAN -e shell install netsnmp-pcap
For more information on module installation, please visit the detailed CPAN module installation guide.