1 SNMP Simple network management protocol Group: Techno Presented by: Karthik Gottiparthy Gautami Parulkar Neeraj Sharma Jigar Patel Hariharan Venkataraman

2 Agenda Introduction Basic Concepts MIB RMON SNMPv3

3 SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices. It operates over the UDP UDP Port SNMP Message UDP Port SNMP Trap Messages SNMP

4 Basic Components The network management contains four key elements Management station(NMS) It is an interface by which the network manager may monitor and control the network Management Agent It responds to requests for information and actions from management station( hosts, bridges, routers and hubs) Management information base It functions as a collection of access points at the agent for the management station Network Management protocol(SNMP) The management station and agents are linked by this

5

6 SNMP Commands SNMP has 5 different functions referred to as Protocol Data Units (PDU’s), which are: GetRequest(Get) - Retrieves the value of a MIB variable stored on the agent machine(integer, string, or address of another MIB variable) GetNextRequest(GetNext) - Retrieves the next value in MIB table (continued till the end of the MIB table) GetResponse(Response) - Response from a SNMP agent to Get, GetNext and Set commands SetRequest(Set) - Changes the value of a MIB variable Trap - Asynchronous notification. -SNMP agents can be programmed to send a trap

7

8 SNMP communities An SNMP community is the group of agents and management stations using SNMP protocol. A community name is used to identify a group. It will not respond to requests from management stations that do not belong to one of its communities. SNMP default communities are: Write = private Read = public

9

10 SNMP Management Information Base (MIB) Structure of Management Information. MIB Object Definition.

11 MIB(Management Information Base) Each resource to be managed is represented by an object.Collections of these objects is MIB. Each object is a data variable that represents one aspect of the managed agent.e.g.: these aspects may be the TCP,IP,UDP connections done. MIB is a text file that describes the managed object using syntax of ASN.1(Abstract Syntax Notation).

12 STRUCTURE OF MANAGEMENT INFORMATION SMI generates a framework within which a MIB can be defined and constructed. SMI identifies the data types used in MIB and specifies how resources within the MIB can be represented and named. Defines individual object including the syntax and the value of the object.

13 Data Types: 1.SIMPLE TYPES : 2.APPLICATION-WIDE TYPES: INTEGER OBJECT STRING OBJECT IDENTIFIER Gauge Counter Time Ticks IP Address Opaque Network Address STRUCTURE OF MANAGEMENT INFORMATION

14 MIB Structure Each Type of object is associated with an identifier called Object Identifier(OID). Identifier serves to name the object and also a value is associated with the type of the object. An OID is represented by a sequence of integers separated by decimal points. Set of defined objects has a Tree Structure.

15 MIB Object Group iso(1) org(3) dod(6) internet(1) directory(1) private(4) mgmt(2) experimental(3)

16 MIB Object Group Cond’t mgmt (2)mib-2(1) system (1) snmp(11) transmission(10) egp (8) udp (7) tcp (6) icmp (50) ip (40) at (3) interface (2)

17 Organization of Managed objects Example: When a SNMP manager requests for the object, it will send first an OID to the SNMP agent requesting the information about the object. The OID : iso.org.dod.internet.mgmt.mib-2.tcp.tcpMaxConn

18 Example of an Object Definition tcpMaxConn OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION “The limit on the total number of TCP connections the entity can support. In entities where the maximum number of connection is dynamic, this object should contain the value –1.” ::= {tcp 4} tcp(mib-2 6) tcpMaxConn(4) tcpRtoMax(3) tcpRtoMin(2) tcpRtoAlgorithm(1)

19 Object Definition Object-Type: - String that describes the MIB object. SYNTAX: - Defines what kind of info is stored in the MIB object. ACCESS: -read-only,read-write,write-only,not accessible. STATUS: -state of the object in regards the SNMP. i.e. mandatory,optional,obsolete,deprecated. DESCRIPTION: - Reason why the MIB object exists.

20 SNMP-MIB Browser

21 SNMP – MIB Browser (3) Navigation… - MIB Tree  System  sysUpTime -Notice Lower LHS - Notice OID

22 SNMP – MIB Browser (4) SNMP PDU’s… (1) Get - Select ‘Go’  ‘Get’ - RHS has values. - OID – Value

23 SNMP – MIB Browser (5) SNMP PDU’s… (2) GetNext -Selected OID is: Returned value: ( ) or “DSG, O’Reilly Institute, F.35”

24 SNMP – MIB Browser (6) SNMP… (3) Get SubTree -Position of MIB: (a.k.a. system) -RHS values: Returns all values below system.

25 SNMP – MIB Browser (7) SNMP… (4) Walk -MIB Location: (a.k.a. mib-2) - Returns *ALL* values under mib-2

26 SNMP – MIB Browser (8) Tables… - MIB Location: (or interfaces) - Select ifTable,  Go, then Table View. - Refresh/Poll

27 SNMP – MIB Browser (9) SNMP… - Graph -Select a value from the RHS, say sysUpTime -Highlight and select ‘Go’, then ‘Graph’. -Interval = 1s  set.

28 RMON – Remote Network Monitoring What is RMON? specification of MIB provides vital information It defines a set of functions to support remote monitoring Why RMON? problem with MIB II purely local How is RMON differs from MIB II? Whole network

29 RMON Components RMON MIB NMS RMON probe Ethernet

30 RMON MIB Groups Statistics (1) – Ethernet stats History (2) – snapshots based on stats(1) Alarm (3) – ability to set threshold, generate alarm on interesting event Host (4) – per i/f host stats HostTopN (5) – store/sort by top N hosts Matrix (6) – X talks to Y Filter (7) – filter pkts and capture/or cause event Capture (8) – traditional pkt analyzer Event (9) – table of events generated by probe TokenRing (10) – maintains statistics and configuration information for token ring subnets

31 RMON version RMON v1: Defines 10 MIB groups Physical and Data link (MAC layer) layers of the OSI model. RMON v2: An extension of RMON 1 RMON2 has an emphasis on IP traffic and application- level traffic. monitor packets on all network layers.

32 Token ring LAN Router FDDI backbone Router Ethernet Central Management Console with RMON Local Management Console with RMON PC with RMON probe Router with RMON probe B A

33 SNMP v1,v2 SNMP is a simple request/response protocol. This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap. SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMPv1 is widely used and is the de facto network-management protocol in the Internet community. SNMP version 2 (SNMPv2) is an evolution of the initial version Both versions contain lack of security.

34 SNMP v3 The SNMPv3 architecture introduces the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control. The architecture supports the concurrent use of different security, access control and message processing models. The security features: Message integrity - Ensuring that a packet has not been tampered with in-transit. Authentication - Determining the message is from a valid source. Encryption - Scrambling the contents of a packet prevent it from being seen by an unauthorized source.

35 SNMPv3 also introduces the ability to dynamically configure the SNMP agent. This dynamic configuration support enables addition, deletion, and modification of configuration entries either locally or remotely. SNMP lacks any authentication capabilities, which results in vulnerability to a variety of security threats. It include masquerading occurrences, modification of information, message sequence and timing modifications, and disclosure. SNMPv3 Applications * Command Generators * Command Responders * Notification Originators * Notification Receivers * Proxy Forwarders. SNMP v3

36 ?