how to find the SNMP trap Source

recently the network devices are getting a SNMP trap authentication failure from a server, how ever the SNMP feature is not installed and the SNMP trap service is disabled

my guess it is from an application that is installed on the server

how can i identify it

tried to do a netstat filtering with UDP 161 and 162, only it is retiring the loop back IP