Network Management-II (SNMP)
Results 1 to 3 of 3

Thread: Network Management-II (SNMP)

  1. #1
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Post Network Management-II (SNMP)

    I am gona discuss about Simple Network Management Protocol SNMP which is used for managing the networks. Its the second part of Network Management tutorial.

    What Is SNMP: -

    Acronym of Simple Network Management Protocol. A protocol thats is used to exchange the MIBs or management information between the network devices. Its an application layer protocol that works on client server model.

    Why SNMP is Required? :-

    Well as its mentioned earlier its the base protocol for the network management. Its used to collect the management information which stored in devices in the form of MIB (Management Information Base).

    Components: -

    It consists of three major components:-
    1. Managed Devices.
    2. Agents.
    3. Network Management System.

    AGENT: -

    A Software that enables a device to respond to manager requests to view or update MIB data, and send traps reporting problems or significant events.

    MANAGED DEVICES: -

    A device or a node that contain SNMP Agent. These devices has the capability of collecting and storing the management information reuired by the network managementSystem. These managed devices can be a system, router, switches e.t.c.

    Network Management System: -

    NMS is the whole system which has these managed devices, a manger or sometime referred as process running on a management workstation that requests information about devices on the network.

    So simple an NMS is the station that wants to manage the network which include managed devices and unmanaged devices. Managed devices are those which include Agent and unmanged devices are without agent and SNMP provides the link between these managed devices and station who wants to manage them or who wants the information.

    Information stored in the Managed device is in the form of MIB. You can read more about MIB from the RFC 1155.

    Advantages of SNMP: -

    Standardized
    universally supported
    extendible
    portable
    allows distributed management access
    lightweight protocol

    SNMP uses UDP as the transport mechanism for SNMP messages. For instance SNMP uses two ports for FTP. UDP port 161 and 162

    SNMP Commands: -

    There are several SNMP command some of these are: -

    => get-request
    => get-bulk-request
    => response
    => set-request e.t.c

    Working:-

    As described in the previous tutorial there are two methods to get the information frm the Manged device. Client Pull and Server Push.
    There are four basic operation : -

    1. GET
    2. GET NEXT
    3. SET
    4. TRAP

    When the Manager wants to get any specific information from the agent it sends a get-request command or get-next-request command. On receipt of that command the agent will send a response which can either be an error or the information requested. When the manager wants to change any information say suppose wants to shutdown a link from a switch will send a set-request command.

    The important thing is that TRAP. Traps are usually unrequested event report that are sent to the Manager by the agent. Now you must be thinking why this unrequested report in sent?. Suppose the Network Interface Card has failed on a node so an even has occured to report about this event a TRAP will be sent to the Manager. You can assosiate priority to the traps like Critical, Major, Minor, Warning, Informational e.t.c.

    When these traps are received at Managers end it handles it in different ways: -

    => Log the reception of the TRAP.
    => Completely Igone the TRAP. (Suppose its just the information that system B has been shutdown)
    => Poll that Agent from where the TRAP is sent for further inforamtion.

    And most important thing is that the application being run on the Manager Station can be setup to send an Email, Voice mail, or send an alpha-numeric page to the network administrator’s pager that says:
    Your PDC just Blue-Screened at 011:45AM. Have a nice day.


    Basic Message Format: -

    The message format of the SNMP contains following field:

    1. Message Length
    2. Message Version
    3. Community String
    4. PDU Header
    5. PDU Body

    4 and 5 are SNMP Protocol Data unit and rest are message preamble.

    Security Problems: -

    This is one of the main issue about the SNMP, before going through the security first thing to consider here is Community String. All the managed devices are grouped into communities. Community String acts as a password in get and set opeartion. So Community string can provide two type of access, read-only and read-write.

    SNMP lacks in authentication vulnerability, what the problem is that if anyone within the network has Sniffer s/he can capture frame and can read the community string then they can alter the infrmation from the Managed Device. These issues are concerned with SNMP version 1 and 2. The latest version of SNMP is 3, which has solved this major flaw.
    Version 3 uses DES encryption, also its providing access control to MIB and can limit the operation.

    I have attached total 5 sceen shots of the SNMP different packets i have captured. You can distinguish between them via there names the thing i want to mention here is that: -

    1. In SNMPv1 all three packets you can see that community srting is in plain text "NISAR"
    2. In SNMPv2Get still community is plain text "NISAR"
    3. The important thing to note is in SNMPv3GetBulk you can see that there are lots of fields, you can see that security model is USM, Authorative Engine ID is empty, User name is in PLain Text and the authentication parameter is encrypted.

    Please See your self.

    SNMP Applications: -

    Here's the list of some of the various SNMP management Products:

    1. http://www.hp.com/go/openview/ HP OpenView
    2. http://www.tivoli.com/ IBM NetView
    3. http://www.novell.com/products/managewise/ Novell ManageWise
    4. http://www.sun.com/solstice/ Sun MicroSystems Solstice
    5. http://www.microsoft.com/smsmgmt/ Microsoft SMS Server
    6. http://www.compaq.com/products/serve...ement/ Compaq Insight Manger
    7. http://www.redpt.com/ SnmpQL - ODBC Compliant
    8. http://www.empiretech.com/ Empire Technologies
    9. ftp://ftp.cinco.com/users/cinco/demo/ Cinco Networks NetXray
    10. http://www.netinst.com/html/snmp.html SNMP Collector (Win9X/NT)
    11. http://www.netinst.com/html/Observer.html Observer
    12. http://www.gordian.com/products_technologies/snmp.html Gordian’s SNMP Agent
    13. http://www.castlerock.com/ Castle Rock Computing
    14. http://www.adventnet.com/ Advent Network Management
    15. http://www.smplsft.com/ SimpleAgent, SimpleTester

    Among these tools i have used SNMP Collector, also there is another tool MRTG and recently i have downloaded AdventNet ManageEngine OpManager5 it looks good and a freeware is available but with less features. You can wash your hands on it :-)


    The upcoming Tutorials are MIB and RMON.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Nice tutorial. One thing that I am interested in knowing:

    How much bandwidth is required to use SNMP? On a LAN, bandwith is no problem. But over the WAN, bandwidth is certainly a concern. I've been using MRTG on a LAN and have had no problems with it. I really like MRTG. But I've been hesitant to use it over the WAN. I've seen the anwsers vary. What would you say?

    How much bandwidth does SNMP use per poll? I know it will change depending on which info is being requested and how many interfaces you are polling...

    Also, what is the best FREE snmp utilities you have used? Doesn't matter which platform. (*nix or m$)
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Thanks for the reply..... well tell how much bandwidth is required is difficult to answer as i cannt formulate that ....... but one thing i can say it really impact the traffic...... cause this will increase extra traffic on your network besides the real traffic. Tell you one very interesting story of MRTG realting to my country....... It was being used at the main gateway of Pakistan which is linked with satellite SEAMEWE3 and the local pakistani ISPs. Now the interesting part was that the configuration was in such a way that whenever a link goes down an alert is generated which invoke a sound. And believe me or not all the time when u goto that server room you will b hearing that DAME sound ..... ...... why all the time because it was configured in such a way that no matter link goes down from the ISP end or from the gateway the trap will be generated.
    So the reason why i am mentioning this here is because ppl should not configure it in this way.

    Comming back to your questions.

    I've been using MRTG on a LAN and have had no problems with it. I really like MRTG. But I've been hesitant to use it over the WAN. I've seen the anwsers vary. What would you say?

    Certainly the answer would vary, cause ppl have diffferent technologies at WAN, anyhow as per my point of view its a risk using it over WAN...... reason is not bandwidth only but that security problem. Because as i said in tutorial version 2 is being widely used all over the world you will find very few products supporting version 3 so better not take that high risk over the WAN.... but if u do have version 3 being used then keep one thing in the mind..... as there is tradeoff between security and speed same is with this either you go for the management or you go for performace as per speed point of view...... you have to first check how much bandwidth you have over the WAN...... a good idea is to use it as demo over there with a server n with few nodes then increase the nodes slowly. Also it depends on the method u r using for the collection of data polling or pushing.......

    One more thing if u really want to go over the WAN use RMon this will reduce the bandwidth demand and quite safe......
    And as i said bandwidth i cannt comment on that.

    About utility well as i said earlier i have used MRTG, SNMP Collector or SNMPc, i have also seen but havent used HP Openview its really nice...... you can also get trial version of Trivoli its an excellent tool...... but i think you should try this AdventNet ManageEngine OpManager5 a freeware version is available there but u will be limited in that....... but still looks cool to me..... anything else u want to know i am here to help.....
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides