Yen-Cheng Chen http://ycchen.im.ncnu.edu.tw/ ycchen@ncnu.edu.tw Introduction to SNMP Yen-Cheng Chen http://ycchen.im.ncnu.edu.tw/ ycchen@ncnu.edu.tw

Contents 1. Basic Concepts 2. Management Information Base 3. Simple Network Management Protocol 4. SNMP Application Examples 5. Reference Appendix: ASN.1 Concept

1. Basic Concepts .... Notification Polling .... .... Management Station PC UNIX NM FDDI ... .... RMON Device Polling Notification Firewall / Router .... UNIX .... ... PC Internet UNIX PC

網路管理標準化 每個網路設備必須提供一致的網路管理介面 (亦即相同的網路管理通信協定)。 如果每個廠商的網路設備均提供一套獨特專屬(Proprietary)的網管方 法與介面，網路管理工作將很難執行。 網路管理標準化 每個網路設備必須提供一致的網路管理介面 (亦即相同的網路管理通信協定)。

網路管理相關標準 Internet ISO/ITU-T X.700 Series: ITU-T M.3000 Series: SNMPv1, SNMPv2, SNMPv3 ISO/ITU-T X.700 Series: CMIP/S (Common Management Information Protocol / Service) ITU-T M.3000 Series: TMN (Telecommunication Management Networks)

SNMP Concepts IAB: Internet Activities Board SNMP: Simple Network Management Protocol De facto standards of network management for TCP/IP networks (Internet) IAB recommends all IP & TCP implementations should be network manageable. That is, all TCP/IP network devices should support SNMP. IAB: Internet Activities Board

SNMP Architectural Model Key Components One or more Management Stations Perform management applications, i.e, Monitor & Control. Multiple Network Elements hosts, routers, gateways, ..., which each contain an Agent. Network Management Protocol Exchange network management information.

SNMP Architectural Model (cont.) Management Station Network Elements (NEs) Host Router 網路介面 SNMP UDP IP 網路介面 SNMP UDP IP 網路介面 SNMP UDP IP Manager Agent Agent Network Management Protocol . . . SNMP Network

Management Components Manager Agent Network Management Protocol Management Information Base (MIB)

Management Components Management Station (Manager) Network management applications. Provide an interface which the human network manager can monitor and control the network. Agent Network devices should be equipped with agent software so that they can be managed from a management station. Responds to requests for information from managers. Responds to requests for actions from managers. May asynchronously provide managers with important but unsolicited information.

Management Components (cont.) Network Management Protocol Communication protocol between managers and agents NM protocol provides a standard way to exchange management information between managers and agents. Management Information Base (MIB) A collection of Managed Objects. The resources to be managed are represented as objects, called Managed Objects (MOs).

Management Information Base (MIB) Managed Resources Each resource to be managed is represented by an object, called managed object (MO). The MIB is a structured collection of MOs. Essentially, each MO is a data variable. Each agent in an NE maintains an MIB. Monitor: by reading the values of MOs in the MIB. Control: by modifying the values of MOs in the MIB. MIB Agent SNMP UDP IP 網路介面 NE: Network Element

SNMP Services Four Services Five SNMP PDUs Manager Agent(s) Get, Set, GetNext, Trap Five SNMP PDUs GetRequest, SetRequest, GetNextRequest, GetResponse, Trap Get, Set, GetNext Request Get Response Trap Manager Agent(s) PDU: Protocol Data Unit

SNMP Services Get GetNext Set Trap Manager Agent Manager Agent Manager Get Request Get Response Manager Agent Get GetNext Set Trap GetNext Request Get Response Manager Agent Set Request Get Response Manager Agent Trap Request Manager Agent

SNMP Services (cont.) Get Request: Get-Next Request: Set Request: Retrieve the values of objects in the MIB of an agent. Get-Next Request: Retrieve the values of the next objects in the MIB of an agent. Set Request: Update the values of objects in the MIB of an agent. Trap Request Report extraordinary events to the manager.

Get-Next Request MIB Tree : 1 2 3 4 5 6 ＊ In SNMP, Only leaf objects have values. :Non-Leaf Object :Leaf Object

Default UDP Ports for SNMP Management Station Network Elements (NEs) Manager Agent SNMP SNMP 162 Any 161 Any UDP UDP IP IP 網路介面 網路介面

SNMP Standards SNMP Protocol (Std 15) RFC1157: Simple Network Management Protocol. Structure of Management Information (SMI) (Std 16) RFC1155: Structure and Identification of Management Information for TCP/IP- based Internets. RFC1212: Concise MIB Definitions. MIB-II (Std 17) RFC1213: Management Information Base for Network Management of TCP/IP- based Internets: MIB-II. http://www.isi.edu/rfc-editor/rfc.html

2. Management Information Base Structure of Management Information (SMI) Set of rules on how managed objects should be defined. Objects are defined using Abstract Syntax Notation One ASN.1 (ITU-T X.208 / ISO 8824) MIB The collection of all defined objects Contains hierarchically organized variables corresponding to managed objects. MIB-II, RMON MIB, Bridge MIB, Repeater MIB, X.25 MIB, FDDI MIB, Token Ring MIB, ...

Object Identifier Object Identifier (OID): 1.3.6.1.2.1 1.3.6.1.2.1.2 Global identifier for a particular object type. An OID consists of a sequence of integers, which specify the position of the object in the global object identifier tree. root 2 1 ccitt iso joint-iso-ccitt 3 2 1 std reg authority org 1.3.6.1.2.1 member body 6 dod 1.3.6.1.2.1.2 1 1.3.6.1.4.1 internet 1 4 2 3 directory mgmt experimental private 1 1 MIB II MIB II enterprises enterprises system 1 interface 2 interface at 3 IP 4 ICMP 5 TCP 6 UDP 7 EGP 8 Trans. 10 SNMP 11

Private MIB Registration Companies can register their private MIB extensions in the global MIB tree by contacting the Internet Assigned Numbers Authority (IANA). http://www.iana.org/ Currently assigned enterprise subtrees ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

SMI (RFC1155) RFC1155-SMI DEFINITIONS ::= BEGIN EXPORTS -- EVERYTHING internet, directory, mgmt, experimental, private, enterprises, OBJECT-TYPE, ObjectName, ObjectSyntax, SimpleSyntax, ApplicationSyntax, NetworkAddress, IpAddress, Counter, Gauge, TimeTicks, Opaque; internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 } directory OBJECT IDENTIFIER ::= { internet 1 } mgmt OBJECT IDENTIFIER ::= { internet 2 } experimental OBJECT IDENTIFIER ::= { internet 3 } private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 }

SMI (cont.) ASN.1 Macro OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) "ACCESS" Access "STATUS" Status VALUE NOTATION ::= value (VALUE ObjectName) Access ::= "read-only" | "read-write" | "write-only" | "not-accessible" Status ::= "mandatory" | "optional" | "obsolete" END ObjectName ::= OBJECT IDENTIFIER

OBJECT-TYPE Example sysDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandary ::= { system 1}

SMI (cont.) ObjectName ::= OBJECT IDENTIFIER NetworkAddress ::= ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax} SimpleSyntax ::= number INTEGER, string OCTET STRING, object OBJECT IDENTIFIER, empty NULL} } ApplicationSyntax ::= address NetworkAddress, counter Counter, gauge Gauge, ticks TimeTicks, arbitrary Opaque } NetworkAddress ::= CHOICE { internet IpAddress} IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4)) Counter ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295) Gauge ::= [APPLICATION 2] TimeTicks ::= [APPLICATION 3] Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING END

Object Syntax Summary Simple Syntax Application Syntax Integer Octet String Object Identifier Null Application Syntax Network Address Counter Gauge Time Ticks Opaque

Concise MIB Definition (RFC 1212) DescrPart ::= "DESCRIPTION" value (description DisplayString) | empty ReferPart ::= "REFERENCE" value (reference DisplayString) IndexPart ::= "INDEX" "{" IndexTypes "}" | empty IndexTypes ::= IndexType | IndexTypes "," IndexType IndexType ::= value (indexobject ObjectName) | type (indextype) DefValPart ::= "DEFVAL" "{" value (defvalue ObjectSyntax) "}" END OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type(ObjectSyntax) "ACCESS" Access "STATUS" Status DescrPart ReferPart IndexPart DefValPart VALUE NOTATION ::= value (VALUE ObjectName)

Examples: MIB II (RFC 1213) mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } system OBJECT IDENTIFIER ::= { mib-2 1 } interfaces OBJECT IDENTIFIER ::= { mib-2 2 } at OBJECT IDENTIFIER ::= { mib-2 3 } ip OBJECT IDENTIFIER ::= { mib-2 4 } icmp OBJECT IDENTIFIER ::= { mib-2 5 } tcp OBJECT IDENTIFIER ::= { mib-2 6 } udp OBJECT IDENTIFIER ::= { mib-2 7 } egp OBJECT IDENTIFIER ::= { mib-2 8 } -- cmot OBJECT IDENTIFIER ::= { mib-2 9 } transmission OBJECT IDENTIFIER ::= { mib-2 10 } snmp OBJECT IDENTIFIER ::= { mib-2 11 } ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of interface entries. The number of entries is given by the value of ifNumber." ::= { interfaces 2 } ifEntry OBJECT-TYPE SYNTAX IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An interface entry containing objects at the subnetwork layer and below for a particular interface." INDEX { ifIndex } ::= { ifTable 1 }

Identification of Managed Objects Use Object Identifier (OID) OID = Object Type OID . Instance Identifier Object Type OID: Each Object type has a unique OID Instance Identifier: Identify instances of object type E.g .mib-2.interface.ifTable.ifEntry.ifDescr.2

Two Kinds of Managed Objects Type-Specific Objects: sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ::= {system 1} OID: mib-2.system.1.0 Columnar Objects OID: mib-2.interface.ifTable.ifEntry.ifDescr.2 mib-2.interface.ifTable.ifEntry.ifDescr.6 mib-2.interface.ifTable.ifEntry.ifType.2 mib-2.interface.ifTable.ifEntry.ifType.6

Columnar Objects IfEntry ::= SEQUENCE { ifTable OBJECT-TYPE ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, … } ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry … ::= { interface 2 } ifEntry OBJECT-TYPE SYNTAX IfEntry … INDEX {ifIndex } ::= { ifTable 1} ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS madatory ... ::= {ifEntry 2}

Columnar Objects .ifTable.ifEntry.1 (1.3.6.1.2.1.2.2.1.1) .ifTable.ifEntry.2 (1.3.6.1.2.1.2.2.1.2) .ifTable.ifEntry.3 (1.3.6.1.2.1.2.2.1.3) ifIndex ifDescr ifType . . . 1 le0 6 . . . 6 llc0 1 . . . 7 lo0 24 . . . 9 le1 6 . . . 1.3.6.1.2.1.2.2.1.2.6 1.3.6.1.2.1.2.2.1.3.7

Index in MIB II ifEntry {ifIndex} atEntry {atNetIfIndex, atNetAddress} ipAddrEntry {ipAdEntAddr } ipRouteEntry {ipRouteDest} ipNetToMediaEntry {ipNetToMediaIfIndex, ipNetToMediaNetAddress} tcpConnEntry {tcpConnLocalAddress, tcpConnLocalPort, tcpConnRemoteAddress, tcpConnRemotePort} udpEntry {udpLocalAddress, udpLocalPort} egpNeighEntry {egpNeighAddr}

Index Example To get the state of the TCP connection: 10.144.18.118:1200 ===> 10.144.14.40:1600  Use snmp_get_req. to get the “tcpConnState” of the tcpConnTable in MIB II. tcpConnState ==> .1.3.6.1.2.1.6.13.1.1 .1.3.6.1.2.1.6.13.1.1.10.144.18.118.1200.10.144.14.40.1600

MIB II System Group Interfaces Group Address-Translation Group Provide general information about the managed system. Interfaces Group Contains generic information about the physical interfaces. Address-Translation Group Contains information about the mapping between network addresses and physical addresses for each physical interface. IP Group Contains information about the implementation and operation of IP at the managed system. ICMP Group Contains information about the implementation and operation of ICMP at the managed system.

MIB-II (cont.) TCP Group UDP Group EGP Group Transmission Group Contains information about the implementation and operation of TCP at the managed system. UDP Group Contains information about the implementation and operation of UDP at the managed system. EGP Group Contains information about the implementation and operation of EGP at the managed system. Transmission Group Provides details about the underlying transmission media for each interface. SNMP Group Provides the statistics of SNMP operations at the managed system.

MIB-II MIB-II (RFC 1213) is superset of MIB-I Objects that are related grouped into object groups MIB module comprises module name, imports from other modules, and definitions of current module RFC 1213 defines eleven groups

MIB II (RFC 1213) System Group Provide general information about the managed system. Interfaces Group Contains generic information about the physical interfaces. Address-Translation Group Contains information about the mapping between network addresses and physical addresses for each physical interface. IP Group Contains information about the implementation and operation of IP at the managed system. ICMP Group Contains information about the implementation and operation of ICMP at the managed system.

MIB-II (cont.) TCP Group Contains information about the implementation and operation of TCP at the managed system. UDP Group Contains information about the implementation and operation of UDP at the managed system. EGP Group Contains information about the implementation and operation of EGP at the managed system. CMOT Group Placeholder for OSI (CMIP Over TCP/IP) Transmission Group Provides details about the underlying transmission media for each interface. SNMP Group Provides the statistics of SNMP operations at the managed system.

System Group

System Group

01000100 72= 8 + 64 sysServices OBJECT-TYPE SYNTAX INTEGER (0..127) ACCESS read-only STATUS mandatory DESCRIPTION "A value which indicates the set of services that this entity primarily offers. The value is a sum. This sum initially takes the value zero, Then, for each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly: layer functionality 1 physical (e.g., repeaters) 2 datalink/subnetwork (e.g., bridges) 3 internet (e.g., IP gateways) 4 end-to-end (e.g., IP hosts) 7 applications (e.g., mail relays) For systems including OSI protocols, layers 5 and 6 may also be counted." ::= { system 7 } 72= 8 + 64 01000100

System Information

Interfaces Group

iFEntry

ifType http://www.iana.org/assignments/smi-numbers

ifAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), -- ready to pass packets down(2), testing(3) -- in some test mode } ACCESS read-write STATUS mandatory DESCRIPTION "The desired state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { ifEntry 7 } ifOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), -- ready to pass packets down(2), testing(3) -- in some test mode } ACCESS read-only STATUS mandatory DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { ifEntry 8 }

ifTable

ifTable (cont.)

IP Group

IP Group ipForwarding: IP Address Table contains table of IP addresses not-forwarding(2) IP Address Table contains table of IP addresses IP Route Table contains an entry for each route IP Network-to-Media Table is address translation table mapping IP addresses to physical addresses

IP Address Table

ipAddrTable

IP Routing Table

IP Routing Table

ipRouteTable Example Sec. other(1), invalid(2), direct(3), indirect(4) local(2), netmgmt(3), icmp(4), egp(5), ggp(6), hello(7), rip(8), is-is(9), s-is(10), ciscoIgrp(11), bbnSpfIgp(12), ospf(13), bgp(14)

IP Address Translation Table

IP Address Translation Table

IPNetToMediaTable = ARP Table other(1), invalid(2), read-write dynamic(3), static(4) read-write = ARP Table

ICMP Group

ICMP icmpOutEchos icmpInEchoReps icmpInTimeExcs Objects associated with ping icmpOutEchos - # ICMP echo messages sent icmpInEchoReps # ICMP echo reply messages received Objects associated with traceroute/tracert icmpInTimeExcs # ICMP time exceeded messages received

TCP Group

TCP Connection Table

TCP Connection Table

TCP Connection State tcpConnState OBJECT-TYPE SYNTAX INTEGER { closed(1), listen(2), synSent(3), synReceived(4), established(5), finWait1(6), finWait2(7), closeWait(8), lastAck(9), closing(10), timeWait(11), deleteTCB(12) } ACCESS read-write STATUS mandatory … ::= { tcpConnEntry 1 } TCP Connection State

tcpConnTable

UDP Group

UDP Group

udpTable

IETF MIBs 1213 MIB-II 1316 Character Stream 1317 RS-232-like Hardware 1471 PPP 1513 RMON for Token Ring 1757 RMON 2021 RMON-II .....

3. SNMP Version SNMP PDU SNMP Message Version Identifier Community Name Protocol Data Unit The length of SNMP messages should not exceed 484 octets. Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data ANY } Version Community SNMP PDU

SNMP Authentication Community Community Name Authentication Failure Relationship between an Agent and Managers. Community Name Used to validate the SNMP messages. SNMP Password. Default ‘Get’ community name: “public”. Authentication Failure Agent sends “Authentication Failure Trap” to Manager.

SNMP PDU Five SNMP PDUs: GetRquest : GetNextRequest : GetResponse : PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError(0), tooBig(1), noSuchName(2), badValue(3), readOnly(4) genErr(5)}, error-index INTEGER, variable-bindings SEQUENCE OF { name ObjectName, value ObjectSyntax } Five SNMP PDUs: GetRquest : GetNextRequest : GetResponse : SetRequest : Trap : [0] PDU [1] PDU [2] PDU [3] PDU [4] Trap-PDU PDU: Protocol Data Unit

. . . SNMP PDU (cont.) PDU type request-id variable-bindings variable-bindings GetRequest, GetNextRequest, SetRequest PDU type request-id error-status error-index variable-bindings GetResponse variable-bindings name value . . .

Trap-PDU Enterprise: Agent Address: Generic Trap: Specific Trap: Type of Object generating trap. Agent Address: Address of object generating trap. Generic Trap: Generic trap type. Specific Trap: Enterprise specific trap. Time Stamp: Time elapsed between the last initialization of the network entity and the generation of the trap. Variable Bindings “Interesting” information Trap-PDU ::= [4] IMPLICIT SEQUENCE { enterprise OBJECT IDENTIFIER, agent-addr NetworkAddress, generic-trap INTEGER { coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborLoss(5), enterpriseSpecific(6)}, specific-trap INTEGER, time-stamp TimeTicks, variable-bindings VarBindList } PDU type enterprise agent-addr generic-trap specific-trap time-stamp variable-bindings

How does a Manager do? Manager NM Application Agent NM Agent Translates Internal Data to ASN.1 Format Sends Request PDU to Agent NM Application Agent Translates ASN.1 Package to Internal Data Format Received Response PDU from Agent NM Application Agent Manager

How does an Agent do? Agent From Manager To Manager Received SNMP Request PDU from Manager Translates ASN.1 Structure to Internal Data Maps MIB Variables to Internal Variables From Manager Sends SNMP Response PDU to Manager Translates Response PDU to ASN.1 Format Implement SNMP Request to Set or Get MIB Value To Manager Agent

Main Loop of Agent Agent waits for an incoming datagram in Port 161 Reads the datagram from UDP and notes the transport address of the sending entity. Increments the QUANTUM to keep track of the logical request-id being processed by agent De-serializes the datagram into an ASN.1 structure. If error occurs, log error and discard packet. The ASN.1 structure is translated into SNMP message. If error occurs, log error and discard packet. Check on VERSION-NUMBER field. If error occurs, log error and discard packet.

Main Loop of Agent (cont.) Community name is looked up. If community is unknown to agent, agent send AUTHENTICATION trap to Manager station in Port 162; log error and discard packet. Agent loops through list of variables in the request. If no prototype is found, return a GET-RESPONE with error noSuchName and discard package. Once prototype is fund, operation is checked against community profile. If mismatch occurs, return get-respone with error noSuchName or readOnly and discard package. Otherwise, agent invokes access routine to perform the desired operation.

What's New in SNMPv2 ... No more Trap PDU, 3 New PDUs: Added Security getBulkReq, InformReq, SNMPv2-Trap Added Security 18 Error Status Values SNMPv2 SMI / SNMPv2 MIB M-to-M Communications Table Operations ...

4. SNMP Application Examples SNMP Commands snmpget [options] node variable [...] query a node using SNMP Get request snmpnext [options] node variable [...] query a node using SNMP GetNext request snmpwalk [options] node variable query a node repeatedly using SNMP GetNext/GetBulk requests snmptrap [-d] [-p port] [-c community] node enterprise agent-addr generic-trap specific-trap time-stamp variable type value [variable type value...] issue an SNMP Version 1 Trap options:[-d] [-t timeout] [-r retries] [-p port] [-c community] [-v version]

Example for snmpget >>snmpget -d 10.144.18.118 .1.3.6.1.2.1.1.1.0 Transmitted 41 bytes to camry (10.144.18.118) port 161: Initial Timeout: 0.80 seconds 0: 30 27 02 01 00 04 06 70 75 62 6c 69 63 a0 1a 02 0'.....public... 16: 02 18 bc 02 01 00 02 01 00 30 0e 30 0c 06 08 2b .........0.0...+ 32: 06 01 02 01 01 01 00 05 00 -- -- -- -- -- -- -- ................ 0: SNMP MESSAGE (0x30): 39 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: GET-REQUEST-PDU (0xa0): 26 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 14 bytes 27: SEQUENCE VARBIND (0x30): 12 bytes 29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0 39: NULL (0x5) 0 bytes

Example for snmpget (cont.) Received 69 bytes from camry (10.144.18.118) port 161: 0: 30 43 02 01 00 04 06 70 75 62 6c 69 63 a2 36 02 0C.....public.6. 16: 02 18 bc 02 01 00 02 01 00 30 2a 30 28 06 08 2b .........0*0(..+ 32: 06 01 02 01 01 01 00 04 1c 53 75 6e 20 53 4e 4d .........Sun SNM 48: 50 20 41 67 65 6e 74 2c 20 53 55 4e 57 2c 55 6c P Agent, SUNW,Ul 64: 74 72 61 2d 31 -- -- -- -- -- -- -- -- -- -- -- tra-1........... 0: SNMP MESSAGE (0x30): 67 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: RESPONSE-PDU (0xa2): 54 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 42 bytes 27: SEQUENCE VARBIND (0x30): 40 bytes 29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0 39: OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1" system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1

Example of snmpwalk snmpwalk 10.144.18.118 .1.3.6.1.2.1.1 system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1 system.sysObjectID.0 : OBJECT IDENTIFIER: .iso.org.dod.internet.private.enterprises.42.2.1.1 system.sysUpTime.0 : Timeticks: (198219958) 22 days, 22:36:39.58 system.sysContact.0 : DISPLAY STRING- (ascii): lino@ms.chttl.com.tw system.sysName.0 : DISPLAY STRING- (ascii): camry system.sysLocation.0 : DISPLAY STRING- (ascii): Information Technology Laboratory 3F system.sysServices.0 : INTEGER: 72 (01001000)B

Example of snmptrap snmptrap -d manager .1.3.6.1.4.1.612.1.1 10.144.18.116 6 99999 0 .1.3.6.1.1 octetstringascii "Trap test" Transmitted 64 bytes to manager (10.144.18.100) port 162: 0: 30 3e 02 01 00 04 06 70 75 62 6c 69 63 a4 31 06 0>.....public.1. 16: 09 2b 06 01 04 01 84 64 01 01 40 04 0a 90 12 74 .+.....d..@....t 32: 02 01 06 02 03 01 86 9f 43 01 00 30 13 30 11 06 ........C..0.0.. 48: 04 2b 06 01 01 04 09 54 72 61 70 20 74 65 73 74 .+.....Trap test 0: SNMP MESSAGE (0x30): 62 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: V1-TRAP-PDU (0xa4): 49 bytes 15: OBJ-ID ENTERPRISE (0x6) 9 bytes: .1.3.6.1.4.1.612.1.1 26: IPADDRESS AGENT-ADDR (0x40) 4 bytes: 10.144.18.116 (manager2) 32: INTEGER GENERIC-TRAP (0x2) 1 bytes: 6 35: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: 99999 40: TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0) 43: SEQUENCE VARBIND-LIST (0x30): 19 bytes 45: SEQUENCE VARBIND (0x30): 17 bytes 47: OBJ-ID (0x6) 4 bytes: .1.3.6.1.1 53: OCTET-STR (0x4) 9 bytes: "Trap test"

Get System Information Get “System Group” of MIB II Use get_request or get_next_request sysDescr .1.3.6.1.2.1.1.1.0 sysObjectID .1.3.6.1.2.1.1.2.0 sysUptime .1.3.6.1.2.1.1.3.0 sysContact .1.3.6.1.2.1.1.4.0 sysName .1.3.6.1.2.1.1.5.0 sysLocation .1.3.6.1.2.1.1.6.0

Get Interface Information Get “Interface Group” of MIB II Repeatedly Use “get_next_request” Note: We don’t know the ifIndex values in ifTable. First get the next object of .ifTable.ifEntry.0 Then repeatedly “get_next” Until the whole subtree is visited.

Traffic Monitoring (C2 - C1 )  8  100% (t2 - t1)  Bandwidth Get “ifInOctets” and “ifOutOctets” of MIB II Interface Group t1: C1 t2: C2 (C2 - C1 )  8  100% Utilization (%) = (t2 - t1)  Bandwidth

6. Reference The Simple Book, marshall T.Rose, Prentice-Hall Inc. SNMP, SNMPv2 and RMON: The Practical Guide to Network Management, Willeam Stallings SMI; http://ds.internic.net/rfc/rfc1155.txt Concise MIB Format; http://ds.internic.net/rfc/rfc1212.txt SNMP; http://ds.internic.net/rfc/rfc1157.txt MIB II; http://ds.internic.net/rfc/rfc1213.txt Trap Format; http://ds.internic.net/rfc/rfc1215.txt ASN.1 and BER; ITU-T X.208, X.209

Development of SNMP Standards SNMPv2  SNMPv3 RMON I RMON II

SNMPv3 An Architecture for Describing Internet Management Frameworks Local Processing Model for version 3 of the Simple Network Management Protocol (SNMPv3) Message Processing and Control Model for version 3 of the Simple Network Management Protocol (SNMP) User-based Security Model for version 3 of the Simple Network Management Protocol (SNMPv3) View-based Access Control Model (VACM) for version 3 of the Simple Network Management Protocol (SNMP) User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

RMON I & II