0% found this document useful (0 votes)
265 views13 pages

08 SNMP

This document provides information about ECE-6612, a course on Simple Network Management Protocol (SNMP) taught by Professor John Copeland at Georgia Tech. It includes figures from the textbook "Network Security Essentials" and discusses SNMP network management architecture, SNMP versions 1-3, the roles of SNMP managers and agents, and the Management Information Base. Additional resources on SNMP standards, documentation, and Internet-assigned numbers are also referenced.

Uploaded by

sravs587
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
265 views13 pages

08 SNMP

This document provides information about ECE-6612, a course on Simple Network Management Protocol (SNMP) taught by Professor John Copeland at Georgia Tech. It includes figures from the textbook "Network Security Essentials" and discusses SNMP network management architecture, SNMP versions 1-3, the roles of SNMP managers and agents, and the Management Information Base. Additional resources on SNMP standards, documentation, and Internet-assigned numbers are also referenced.

Uploaded by

sravs587
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 13

ECE-6612

http://www.csc.gatech.edu/copeland/jac/6612/

Prof. John A. Copeland


[email protected]
404 894-5177

Office: Klaus 3362


email or call for office visit

Chap 8: SNMP - Simple Network Mgmt Protocol


Includes copies of figures from Chap. 8 of
“Network Security Essentials, Applications and Standards”
by William Stallings
Network Management Architecture

rated collection of tools for network monitoring an

ingle operator interface.


Minimal amount of separate equipment – software and
communications capability built into the existingeq
ary parts are:
Management station (central control, has a “agent”)
Management agents (software in network equipment)
Management Information Base (MIB)
etwork management protocol (rules for communication
2
3
“SNMP Management Station” - central
control. It SNMP
can set parameters and collect
Terminology
information from the
“SNMP Agents” located on the controlled
network systems.
“Proxy” – an add-on box to add SNMP
features to a network unit (router, modem,
PC, …) that does not have built-in SNMP
capability.
“Trap” – an unsolicited message, perhaps
reporting an alarm condition (to UDP port
162).
“Intermediate Management Station” - for
distributed control. It can set parameters
and collect information from the Agents on
a local region of the network. Only the
more important information would be passed 4
SNMPv1 (version 1) is “connectionless” since it
utilizes UDP SNMP
(rather
v1, than TCP)v3as the transport
v2, and
layer protocol.
SNMPv2 allows the use of TCP for “reliable,
connection-oriented” service.
Problems with SNMP v1 addressed by version 2:
• Lack of support for distributed network
management.
• Functional deficiencies - v2 can use
TCP/IP and Novell IPX
Problem addressed by version 3:
• Security - version 1 used a community
name as a password.
• Version 3 adds encryption, and host
authentication, 5
The Role of SNMP

6
Proxy Configuration

7
SNMP v3 – a Security Add-on
SNMP v3 “engine” operating at the
Application Layer:

• On outgoing PDU’s inserts


authentication codes (MACs), encrypts
certain fields, encapsulates the PDU into
a message for transmission.

• For incoming messages (from the


Transport Layer) performs authentication
verification, decryption, and extracts
PDU’s from the message to pass up to the
SNMP applications above.

• Security Subsystem- performs the


authentication and encryption tasks.
8
SNMP Protocol Architecture

9
SNMPv3 PDU with User Security Model (USM)

10
ssages Use the Management Info. Base (MIB) and ASN.
(Abstract Syntax Notation)

ects (Parameters ) are expressed as leaves on the MIB tree.


Object Object ID (OID)
+--iso(1) .1
+--org(3) .1.3
+--dod(6) .1.3.6
+--internet(1) .1.3.6.1
+--directory(1) .1.3.6.1.1
+--mgmt(2) .1.3.6.1.2
| +--mib-2(1) .1.3.6.1.2.1
| +--transmission(10) .1.3.6.1.2.10
+--experimental(3) .1.3.6.1.3
+--private(4) .1.3.6.1.4
| +--enterprises(1) .1.3.6.1.4.1
[next number is company ID]*
+--security(5) .1.3.6.1.5
+--snmpV2(6) .1.3.6.1.6
+--snmpDomains(1) .1.3.6.1.6.1
+--snmpProxys(2) .1.3.6.1.6.2
+--snmpModules(3) .1.3.6.1.6.3

* when a company gets a number from IANA, it can extend the


tree to cover a new system.
11
Index: 0
Decoding
Byte: 29 Type: 30 0 82a 1 UDP Trap Message
9 - 265
Byte: 33 Type: 30 1 f - 15
Byte: 35 Type: 6 1 .1.3.6.1.2.1.1.3.0 System
Up Time (0.01 s)
Byte: 45 Type: 43 1 1977555
->
sysUpTime = 19775.55 s
Byte: 50 Type: 30 1 1c - 28
Byte: 52 Type: 6 2 .1.3.6.1.6.3.1.1.4.1.0 Type
of Event
Byte: 64 Type: 6 2 .1.3.6.1.4.1.8712.4.1.1.2.1.7.5
Indicates that the IP has a profile violation.
->
snmpTrapOID = swCoreEventOOP
Byte: 80 Type: 30 2 2a - 42
Byte: 82 Type: 6 3 .1.3.6.1.4.1.8712.4.1.1.2.1.1.1

Byte: 98 Type: 44 3 StealthWatch+Therminator


->
stealthwatchCoreConfig = StealthWatch+Therminator
Byte: 124 Type: 30 3 16 - 22
Byte: 126 Type: 6 4 .1.3.6.1.4.1.8712.4.1.1.2.1.6.1.1 The
unique alarm identifier (serial no).

Byte: 143 Type: 42 4 207986


->
stealthwatchCoreAlarmsId = 207986 12
Sources of SNMP Information on the Web
To work with SNMP messages on a unix system, install the Net-
SNMP utilitys, available at “www.net-snmp.org
A number of standard MIBs will then be found in
/usr/share/snmp/mibs
To look up Enterprise Numbers, go to Web site of the Internet
Assigned Numbers Authority (IANA),
“www.iana.org/assignments/enterprise-numbers”.
The “List of Lists” at “www.iana.org/numbers.html” is a
wonderful body of information on all the Internet assigned
numbers (protocols, ports, IPs vs. area, AS numbers, ...).
For information on ASN.1 -
“www.cs.columbia.edu/~hgs/internet/asn.1.html”
RFC’s on SNMP: 788, 1098, 1215, 1442, 1592, 1906, 2578. To
get them, use “www.ietf.org/rfc/rfc<number_here>.txt”
13

You might also like