snmp检查

cat > /opt/app/ssa/check_snmp.sh <<'EOF' #!/bin/bash # 用法: ./check_snmp.sh <ip> [community] # 例: ./check_snmp.sh 192.168.0.1 public IP=$1 COMM=${2:-public} [ -z "$IP" ] && { echo "Usage: $0 <ip> [community]"; exit 1; } echo "================ SNMP 服务检测 ================" echo "目标: $IP community: $COMM" echo "===============================================" # 1) ICMP echo -n "[1] ICMP : " if ping -c 1 -W 2 "$IP" >/dev/null 2>&1; then echo "OK (主机在线)"; else echo "FAIL (主机不通)"; exit 1; fi # 2) UDP 161 echo -n "[2] UDP/161 : " nmap_out=$(nmap -sU -p 161 --reason "$IP" 2>/dev/null | grep '^161' | awk '{print $2,$3}') echo "$nmap_out" # 3) SNMP 协议(v2c) echo -n "[3] SNMP v2c : " out=$(snmpget -v 2c -c "$COMM" -t 3 -r 1 "$IP" 1.3.6.1.2.1.1.1.0 2>&1) if echo "$out" | grep -q 'STRING'; then echo "OK -> $(echo "$out" | sed 's/.*STRING: //')" echo "===============================================" echo "[结论] SNMP 已开通,且 community 正确" exit 0 else echo "FAIL -> $(echo "$out" | head -1)" fi # 4) SNMP 协议(v1 兜底) echo -n "[4] SNMP v1 : " out=$(snmpget -v 1 -c "$COMM" -t 3 -r 1 "$IP" 1.3.6.1.2.1.1.1.0 2>&1) if echo "$out" | grep -q 'STRING'; then echo "OK -> 仅支持 v1"; else echo "FAIL"; fi # 5) 抓包(终极判断) echo "[5] 抓包诊断(10秒)..." tcpdump -i any -nn "udp port 161 and host $IP" -c 10 -w /tmp/snmp_$IP.pcap >/dev/null 2>&1 & TPID=$! sleep 1 snmpget -v 2c -c "$COMM" -t 3 -r 0 "$IP" 1.3.6.1.2.1.1.1.0 >/dev/null 2>&1 sleep 5 kill $TPID 2>/dev/null wait $TPID 2>/dev/null sent=$(tcpdump -nn -r /tmp/snmp_$IP.pcap 2>/dev/null | grep -cE "> $IP\.161 ") recv=$(tcpdump -nn -r /tmp/snmp_$IP.pcap 2>/dev/null | grep -cE "$IP\.161 >") echo " 发送请求包: $sent" echo " 收到回包 : $recv" echo echo "===============================================" if [ "$recv" -gt 0 ]; then echo "[结论] SNMP 服务【已开通】,但被限制了" echo " 回了包但 snmpget 不识别,常见原因:" echo " (a) community 字不对" echo " (b) ACL 限制了源 IP" echo " (c) snmpd 回了 authenticationFailure" echo " 诊断命令:" echo " snmpget -d -v 2c -c $COMM $IP 1.3.6.1.2.1.1.1.0 # 看回包内容" echo " snmpget -v 2c -c <试别的community> $IP 1.3.6.1.2.1.1.1.0" elif [ "$sent" -gt 0 ]; then echo "[结论] SNMP 服务【未开通】或被防火墙静默丢弃" echo " 有请求无任何响应,可能原因:" echo " (a) snmpd 未启动" echo " (b) 防火墙 drop 了 UDP 161" echo " (c) ACL 配置成 silent-drop" else echo "[结论] 抓包失败,检查 tcpdump 权限或网络" fi echo "===============================================" EOF

[root@iZb5g01h403pdu8w4b49ohZ ssa]# ./check_snmp.sh 192.168.0.1 public ================ SNMP 服务检测 ================ 目标: 192.168.0.1 community: public =============================================== [1] ICMP : OK (主机在线) [2] UDP/161 : open snmp [3] SNMP v2c : OK -> Linux localhost.localdomain 4.19.0-91.82.179.3.uelc20.x86_64 #1 SMP Wed Jul 10 20:26:01 CST 2024 x86_64 =============================================== [结论] SNMP 已开通,且 community 正确

[root@iZb5g01h403pdu8w4b49ohZ ssa]# ./check_snmp.sh 192.168.0.2 public ================ SNMP 服务检测 ================ 目标: 192.168.0.2 community: public =============================================== [1] ICMP : OK (主机在线) [2] UDP/161 : open snmp [3] SNMP v2c : FAIL -> Timeout: No Response from 10.16.228.80. [4] SNMP v1 : FAIL [5] 抓包诊断(10秒)... 发送请求包: 0 收到回包 : 0 =============================================== [结论] 抓包失败,检查 tcpdump 权限或网络 ===============================================