Hello,
Is there a way to monitor server ports using SNMP (I'm using net-snmp-python to check this with python). So far I've checked pretty simple with "nc" command, however I want to see if I can do this with SNMP.
Thank you for your answers and patience.
It's hard to see where SNMP might fit in.
The best way to monitor would be to use a protocol specific client (i.e., run a simple query v.s. MySQL, retrieve a test file using FTP, etc.)
If that doesn't work, you can open a TCP or UDP socket to the ports and see if anyone is listening.
You might try running nmap against the ports you want to check, but that won't necessarily give you an indication that the server process on the other side of an open port is alive.
Well if you want to use SNMP to see exactly what ports are listening, you should be able to use the following OIDS and walk the table
"1.3.6.1.2.1.6.13.1.1" tcpConnState
"1.3.6.1.2.1.7.5.1.1" udpLocalAddress
Walking UDP would give you something like this:
snmpwalk -cpublic 192.168.1.13 1.3.6.1.2.1.7.5.1.1
UDP-MIB::udpLocalAddress.0.0.0.0.68 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.0.0.0.0.161 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.0.0.0.0.32908 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.0.0.0.0.33281 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.0.0.0.0.33795 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.0.0.0.0.34822 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.0.0.0.0.44782 = IpAddress: 0.0.0.0
UDP-MIB::udpLocalAddress.192.168.1.13.9950 = IpAddress: 192.168.1.13
and TCP like:
snmpwalk -cpublic 192.168.1.13 1.3.6.1.2.1.6.13.1.1
TCP-MIB::tcpConnState.0.0.0.0.21.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.0.0.0.0.23.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.0.0.0.0.80.0.0.0.0.0 = INTEGER: listen(2)
Walking the tables will show you what ports are listening, and could provide you with some information.
Now if you just want to check to see if specific ports that you listed in your question are listening you can use the following OIDS to check.
ftp -- 1.3.6.1.2.1.6.13.1.1.0.0.0.0.21.0.0.0.0.0
ssh -- 1.3.6.1.2.1.6.13.1.1.0.0.0.0.22.0.0.0.0.0
http -- 1.3.6.1.2.1.6.13.1.1.0.0.0.0.80.0.0.0.0.0
https -- 1.3.6.1.2.1.6.13.1.1.0.0.0.0.443.0.0.0.0.0
bind -- 1.3.6.1.2.1.7.5.1.1.0.0.0.0.53
the above OIDS assume that the server is bound to the default address (0.0.0.0). But they could be bound to the server IP address only (depends on config). In that case assuming your Server IP is 192.168.10.1 you would get
1.3.6.1.2.1.7.5.1.1.192.168.10.1.53 for bind
so all that being said I think if you wanted to tell if http was listening on the default address on host 192.168.10.1, using the python net snmp bindings you would have something like this.
import netsnmp
oid = netsmp.Varbind('1.3.6.1.2.1.6.13.1.1.0.0.0.0.80.0.0.0.0.0')
result = netsnmp.snmp(oid,
Version = 2,
DestHost="192.168.10.1",
Community="public")
I am not 100% sure if the Varbind is required as I don't do any snmp stuff in python,and some examples I found had it, and some didn't. But try it either way. in the above query, if the server isn't listening it will return a no such OID, if it is open and listening result should Integer(2).