Why does WireShark say that SNMPv3 traps sent from cOS Core are "snmpV2-trap"?

Last modified on 8 Sep, 2020. Revision 3

The data portion of SNMPv3 and SNMPv2 traps are identical. Only the wrapping headers differ. Wireshark shows the data portion in the summary line.

Manually testing SNMP trap behavior using ucs-snmp
- SNMPv2 trap:
- SNMPv3 trap
Related articles

Up to date for	Core 12.00.22 Core 13.00.01 WireShark 2.6.10
Status	OK

Manually testing SNMP trap behavior using ucs-snmp

This can be tested on e.g. a Linux host:

$ snmptrap -v 2c -c public 192.168.0.101 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456

$ snmptrap -v 3 -u ExampleSecurityName -l noAuthNoPriv 192.168.0.101 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456

If you walk inside the packet data, you’ll see that the trap data itself is identical in both v2 and v3, but they’re wrapped in different headers (v2 vs v3).

SNMPv2 trap:

SNMPv3 trap

Note that the contained data is still identified as a “v2 trap”, it is unchanged.

No related articles found.

Tags snmp core wireshark

Why does WireShark say that SNMPv3 traps sent from cOS Core are "snmpV2-trap"?

Manually testing SNMP trap behavior using ucs-snmp

SNMPv2 trap:

SNMPv3 trap

Related articles