ECE-6612

http://www.csc.gatech.edu/copeland/jac/6612/

Prof. John A. Copeland

[email protected]
404 894-5177

Office: Klaus 3362

email or call for office visit

Chap 8: SNMP - Simple Network Mgmt Protocol

Includes copies of figures from Chap. 8 of
“Network Security Essentials, Applications and Standards”
by William Stallings
 Network Management Architecture

rated collection of tools for network monitoring an

ingle operator interface.

Minimal amount of separate equipment – software and
communications capability built into the existingeq
ary parts are:
Management station (central control, has a “agent”)
Management agents (software in network equipment)
Management Information Base (MIB)
etwork management protocol (rules for communication
2
3
“SNMP Management Station” - central
control. It SNMP
can set parameters and collect
Terminology
information from the
“SNMP Agents” located on the controlled
network systems.
“Proxy” – an add-on box to add SNMP
features to a network unit (router, modem,
PC, …) that does not have built-in SNMP
capability.
“Trap” – an unsolicited message, perhaps
reporting an alarm condition (to UDP port
162).
“Intermediate Management Station” - for
distributed control. It can set parameters
and collect information from the Agents on
a local region of the network. Only the
more important information would be passed 4
SNMPv1 (version 1) is “connectionless” since it
utilizes UDP SNMP
(rather
v1, than TCP)v3as the transport
v2, and
layer protocol.
SNMPv2 allows the use of TCP for “reliable,
connection-oriented” service.
Problems with SNMP v1 addressed by version 2:
• Lack of support for distributed network
management.
• Functional deficiencies - v2 can use
TCP/IP and Novell IPX
Problem addressed by version 3:
• Security - version 1 used a community
name as a password.
• Version 3 adds encryption, and host
authentication, 5
The Role of SNMP

6
Proxy Configuration

7
 SNMP v3 – a Security Add-on
SNMP v3 “engine” operating at the
Application Layer:

• On outgoing PDU’s inserts

authentication codes (MACs), encrypts
certain fields, encapsulates the PDU into
a message for transmission.

• For incoming messages (from the

Transport Layer) performs authentication
verification, decryption, and extracts
PDU’s from the message to pass up to the
SNMP applications above.

• Security Subsystem- performs the

authentication and encryption tasks.
8
SNMP Protocol Architecture

9
SNMPv3 PDU with User Security Model (USM)

10
ssages Use the Management Info. Base (MIB) and ASN.
(Abstract Syntax Notation)

ects (Parameters ) are expressed as leaves on the MIB tree.

Object Object ID (OID)
+--iso(1) .1
+--org(3) .1.3
+--dod(6) .1.3.6
+--internet(1) .1.3.6.1
+--directory(1) .1.3.6.1.1
+--mgmt(2) .1.3.6.1.2
| +--mib-2(1) .1.3.6.1.2.1
| +--transmission(10) .1.3.6.1.2.10
+--experimental(3) .1.3.6.1.3
+--private(4) .1.3.6.1.4
| +--enterprises(1) .1.3.6.1.4.1
[next number is company ID]*
+--security(5) .1.3.6.1.5
+--snmpV2(6) .1.3.6.1.6
+--snmpDomains(1) .1.3.6.1.6.1
+--snmpProxys(2) .1.3.6.1.6.2
+--snmpModules(3) .1.3.6.1.6.3

* when a company gets a number from IANA, it can extend the

tree to cover a new system.
11
Index: 0
Decoding
Byte: 29 Type: 30 0 82a 1 UDP Trap Message
9 - 265
Byte: 33 Type: 30 1 f - 15
Byte: 35 Type: 6 1 .1.3.6.1.2.1.1.3.0 System
Up Time (0.01 s)
Byte: 45 Type: 43 1 1977555
->
sysUpTime = 19775.55 s
Byte: 50 Type: 30 1 1c - 28
Byte: 52 Type: 6 2 .1.3.6.1.6.3.1.1.4.1.0 Type
of Event
Byte: 64 Type: 6 2 .1.3.6.1.4.1.8712.4.1.1.2.1.7.5
Indicates that the IP has a profile violation.
->
snmpTrapOID = swCoreEventOOP
Byte: 80 Type: 30 2 2a - 42
Byte: 82 Type: 6 3 .1.3.6.1.4.1.8712.4.1.1.2.1.1.1

Byte: 98 Type: 44 3 StealthWatch+Therminator

->
stealthwatchCoreConfig = StealthWatch+Therminator
Byte: 124 Type: 30 3 16 - 22
Byte: 126 Type: 6 4 .1.3.6.1.4.1.8712.4.1.1.2.1.6.1.1 The
unique alarm identifier (serial no).

Byte: 143 Type: 42 4 207986

->
stealthwatchCoreAlarmsId = 207986 12
 Sources of SNMP Information on the Web
To work with SNMP messages on a unix system, install the Net-
SNMP utilitys, available at “www.net-snmp.org
A number of standard MIBs will then be found in
/usr/share/snmp/mibs
To look up Enterprise Numbers, go to Web site of the Internet
Assigned Numbers Authority (IANA),
“www.iana.org/assignments/enterprise-numbers”.
The “List of Lists” at “www.iana.org/numbers.html” is a
wonderful body of information on all the Internet assigned
numbers (protocols, ports, IPs vs. area, AS numbers, ...).
For information on ASN.1 -
“www.cs.columbia.edu/~hgs/internet/asn.1.html”
RFC’s on SNMP: 788, 1098, 1215, 1442, 1592, 1906, 2578. To
get them, use “www.ietf.org/rfc/rfc<number_here>.txt”
13