I am gona discuss about Simple Network Management Protocol SNMP which is used for managing the networks. Its the second part of Network Management tutorial.

What Is SNMP: -

Acronym of Simple Network Management Protocol. A protocol thats is used to exchange the MIBs or management information between the network devices. Its an application layer protocol that works on client server model.

Why SNMP is Required? :-

Well as its mentioned earlier its the base protocol for the network management. Its used to collect the management information which stored in devices in the form of MIB (Management Information Base).

Components: -

It consists of three major components:-
1. Managed Devices.
2. Agents.
3. Network Management System.

AGENT: -

A Software that enables a device to respond to manager requests to view or update MIB data, and send traps reporting problems or significant events.

MANAGED DEVICES: -

A device or a node that contain SNMP Agent. These devices has the capability of collecting and storing the management information reuired by the network managementSystem. These managed devices can be a system, router, switches e.t.c.

Network Management System: -

NMS is the whole system which has these managed devices, a manger or sometime referred as process running on a management workstation that requests information about devices on the network.

So simple an NMS is the station that wants to manage the network which include managed devices and unmanaged devices. Managed devices are those which include Agent and unmanged devices are without agent and SNMP provides the link between these managed devices and station who wants to manage them or who wants the information.

Information stored in the Managed device is in the form of MIB. You can read more about MIB from the RFC 1155.

Advantages of SNMP: -

Standardized
universally supported
extendible
portable
allows distributed management access
lightweight protocol

SNMP uses UDP as the transport mechanism for SNMP messages. For instance SNMP uses two ports for FTP. UDP port 161 and 162

SNMP Commands: -

There are several SNMP command some of these are: -

=> get-request
=> get-bulk-request
=> response
=> set-request e.t.c

Working:-

As described in the previous tutorial there are two methods to get the information frm the Manged device. Client Pull and Server Push.
There are four basic operation : -

1. GET
2. GET NEXT
3. SET
4. TRAP

When the Manager wants to get any specific information from the agent it sends a get-request command or get-next-request command. On receipt of that command the agent will send a response which can either be an error or the information requested. When the manager wants to change any information say suppose wants to shutdown a link from a switch will send a set-request command.

The important thing is that TRAP. Traps are usually unrequested event report that are sent to the Manager by the agent. Now you must be thinking why this unrequested report in sent?. Suppose the Network Interface Card has failed on a node so an even has occured to report about this event a TRAP will be sent to the Manager. You can assosiate priority to the traps like Critical, Major, Minor, Warning, Informational e.t.c.

When these traps are received at Managers end it handles it in different ways: -

=> Log the reception of the TRAP.
=> Completely Igone the TRAP. (Suppose its just the information that system B has been shutdown)
=> Poll that Agent from where the TRAP is sent for further inforamtion.

And most important thing is that the application being run on the Manager Station can be setup to send an Email, Voice mail, or send an alpha-numeric page to the network administrator’s pager that says:
Your PDC just Blue-Screened at 011:45AM. Have a nice day.


Basic Message Format: -

The message format of the SNMP contains following field:

1. Message Length
2. Message Version
3. Community String
4. PDU Header
5. PDU Body

4 and 5 are SNMP Protocol Data unit and rest are message preamble.

Security Problems: -

This is one of the main issue about the SNMP, before going through the security first thing to consider here is Community String. All the managed devices are grouped into communities. Community String acts as a password in get and set opeartion. So Community string can provide two type of access, read-only and read-write.

SNMP lacks in authentication vulnerability, what the problem is that if anyone within the network has Sniffer s/he can capture frame and can read the community string then they can alter the infrmation from the Managed Device. These issues are concerned with SNMP version 1 and 2. The latest version of SNMP is 3, which has solved this major flaw.
Version 3 uses DES encryption, also its providing access control to MIB and can limit the operation.

I have attached total 5 sceen shots of the SNMP different packets i have captured. You can distinguish between them via there names the thing i want to mention here is that: -

1. In SNMPv1 all three packets you can see that community srting is in plain text "NISAR"
2. In SNMPv2Get still community is plain text "NISAR"
3. The important thing to note is in SNMPv3GetBulk you can see that there are lots of fields, you can see that security model is USM, Authorative Engine ID is empty, User name is in PLain Text and the authentication parameter is encrypted.

Please See your self.

SNMP Applications: -

Here's the list of some of the various SNMP management Products:

1. http://www.hp.com/go/openview/ HP OpenView
2. http://www.tivoli.com/ IBM NetView
3. http://www.novell.com/products/managewise/ Novell ManageWise
4. http://www.sun.com/solstice/ Sun MicroSystems Solstice
5. http://www.microsoft.com/smsmgmt/ Microsoft SMS Server
6. http://www.compaq.com/products/serve...ement/ Compaq Insight Manger
7. http://www.redpt.com/ SnmpQL - ODBC Compliant
8. http://www.empiretech.com/ Empire Technologies
9. ftp://ftp.cinco.com/users/cinco/demo/ Cinco Networks NetXray
10. http://www.netinst.com/html/snmp.html SNMP Collector (Win9X/NT)
11. http://www.netinst.com/html/Observer.html Observer
12. http://www.gordian.com/products_technologies/snmp.html Gordian’s SNMP Agent
13. http://www.castlerock.com/ Castle Rock Computing
14. http://www.adventnet.com/ Advent Network Management
15. http://www.smplsft.com/ SimpleAgent, SimpleTester

Among these tools i have used SNMP Collector, also there is another tool MRTG and recently i have downloaded AdventNet ManageEngine OpManager5 it looks good and a freeware is available but with less features. You can wash your hands on it :-)


The upcoming Tutorials are MIB and RMON.