Geek Answers Handbook

WinSNMP sets the source / manager port

The documentation for SnmpSetPort says that api allows you to set the port for the target.

However, is there a way to influence the port number of the source object, i.e. manager? Or at least configure it to use a single port always?

Using wirehark, I see that WinSNMP selects the arbritrary src port port. My client uses strict firewall rules. SNMP SET is sent normally (to agent port 161), but responses are blocked by firewall rules. Since WinSNMP effectively randomly selects the outgoing port, I can’t even set up a firewall.

EDIT: Added illustrations to illustrate:

Outgoing request for src 4089 port outgoing request

The incoming response is on the same port 4089, which, of course, is blocked by firewall rules. incoming request

However, if I restart my application, WinSNMP allocates a different src port number, for example. 4110

How can I control the src port of the request? i.e. response dst port.

+4
source share
2 answers

The random port (source port) is selected from the range of ports reserved for Windows and is fully configurable,

http://support.microsoft.com/kb/929851

When you run netsh int ipv4 show dynamicport udp and netsh int ipv6 show dynamicport udp you can see the current ranges.

The following commands can set new ranges,

 netsh int ipv4 set dynamicport udp start=start_v4 num=number_v4 netsh int ipv6 set dynamicport udp start=start_v6 num=number_v6

But generally speaking, you should change your firewall rules, instead of changing your account settings. Why does a firewall rule strictly check the source port? This is less obvious to me.

0
source

I think you're looking for the wrong place

Microsoft Technet

SNMP uses the default UDP port 161 for general SNMP messages and UDP port 162 for SNMP error messages. If these ports are used by another protocol or service, you can change the settings by changing the local services file on the agent. The services file is located in \%SystemRoot%\System32\Drivers\Etc

go and change the port.

then you can configure the port in the firewall exceptions :)

===========

New changes

Look at Ethernet II: either SRC or DST in the images - VMWARE_79

Now this openCore (4089) is the port used by remote services / trojans / and is blocked by default by the firewall due to its vulnerabilities if you add the same port to the firewall exceptions that should work.

(Note: this port will also not work if you access some other services or remote code execution.), But it can lead to some uncertainty, to avoid this, you can allow a specific IP address, in this case CLIENT., If the port 161 is used by another application, then this can happen, and it will look for another port.

Look for port 162 used for the trap [Ref .: http://technet.microsoft.com/en-us/library/cc959637.aspx] (control system).

Check if port 162 is blocked on the client or your system, and this can happen and it will use a different port.

For more information, I will need additional information about your projects. Pls provide details if the above changes do not help :)

0
source

More articles:


All Articles