SNMP Simple Network Management Protocol

SNMP and UDP Uses UDP as transport protocol Connectionless Connectionless Port 161 for sending and receiving requests and answers Port 161 for sending and receiving requests and answers Port 162 for sending traps and alerts from managed devices Port 162 for sending traps and alerts from managed devices

SNMP Communities (1/2) Used by SNMPv1 & SNMPv2 Used to establish trust between manager and agent Three communities Read Only Read Only Read Write Read Write Trap Trap

SNMP Communities (2/2) Community strings Essentially passwords Essentially passwords Defaults Defaults Read Only = “public” Read Write = “private” Should be changed before going live Should be changed before going live Sent in clear text! Sent in clear text! How can security risk be limited? How can security risk be limited?

Structure of Management Information (1/17) SMI version 1 RFC 1155 RFC 1155 Defines how managed objects are named Defines how managed objects are named Defines managed objects data types Defines managed objects data types SMI version 2 RCF RCF Enhancements for SNMPv2 Enhancements for SNMPv2

Structure of Management Information (2/17) Definition of managed objects Name or OID Name or OID Uniquely identifies a managed object Two forms Human readable Human readable Numeric Numeric

Structure of Management Information (3/17) Definition of managed objects (cont.) Type and Syntax Type and Syntax Defined using a subset of Abstract Syntax Notation One (ASN.1) ASN.1 Way of specifying how data is represented and transmitted between managers and agents Way of specifying how data is represented and transmitted between managers and agents Machine independent Machine independent

Structure of Management Information (4/17) Definition of managed objects (cont.) Encoding Encoding Single instance of a managed object is encoded into a string of octets using Basic Encoding Rules (BER) BER Defines how objects are encoded and decoded Defines how objects are encoded and decoded

Structure of Management Information (5/17) Naming OIDs Objects are organized in a treelike hierarchy Objects are organized in a treelike hierarchy OIDs are made up of a series of integers separated by periods (.) OIDs are made up of a series of integers separated by periods (.) Human readable names translate the numbers into text Human readable names translate the numbers into text

Structure of Management Information (6/17) iso.org.dod.internet.mgmt.mib- 2.system.sysLocation.0 iso.org.dod.internet.mgmt.mib- 2.system.sysLocation.0

org (3) dod (6) internet (1) mgmt (2)experimental (3) private (4) directory (1) mib-2 (1) tcp (6) udp (7) egp (8) cmot (9) transmission (10) snmp (11) system (1) interfaces (2) address translation (3) ip (4) icmp (5)... SUN (42) microsoft(311) apple (63) enterprise (1) cisco (9) IBM (2) HP (11) proteon (1) Internet Activities Board (IAB) AdministeredVendor Administered wellfleet (18) unassigned (9118) iso (1) Naming OIDs

Structure of Management Information (8/17)

Structure of Management Information (9/17)

Structure of Management Information (10/17) Defining OIDs Syntax attribute provides for definition of managed objects through a subset of ASN.1 Syntax attribute provides for definition of managed objects through a subset of ASN.1 Datatypes define what kind of information a managed object can hold Datatypes define what kind of information a managed object can hold Similar to datatypes used in programming Similar to datatypes used in programming

Structure of Management Information (11/17) SNMPv1 Datatypes Integer (32 bit) String Counter (32 bit) OID NULL (not used) Sequence Sequence of IpAddressNetworkAddressGaugeTimeTicksOpaque

Structure of Management Information (12/17) MIB-1

Structure of Management Information (13/17) Extensions to the SMI in V2 Integer32 – same as INTEGER Integer32 – same as INTEGER Counter32 – same as COUNTER Counter32 – same as COUNTER Gauge32 – same as GAUGE Gauge32 – same as GAUGE Unsigned32 – decimal value Unsigned32 – decimal value 0 to 2 32 – 1, inclusive Counter64 – similar to Counter32 Counter64 – similar to Counter32 Max value of 18,556,744,073,709,551,615 BITS – An enumeration of non-negative bits BITS – An enumeration of non-negative bits

Structure of Management Information (14/17) MIB-II

Structure of Management Information (15/17) MIB-II (cont.) Currently, there are 108 subordinates or object groups under MIB-2. Currently, there are 108 subordinates or object groups under MIB-2. These are the result of specific RFC’s for various protocols, etc. These are the result of specific RFC’s for various protocols, etc.

Structure of Management Information (16/17) MIB-II (cont.)

Structure of Management Information (17/17) MIB-II (cont.) System ( ) – Objects pertaining to system operation System ( ) – Objects pertaining to system operation Uptime, system contact, system name interfaces ( ) – interface information interfaces ( ) – interface information at ( ) – address translation at ( ) – address translation ip ( ) – ip information, including routing ip ( ) – ip information, including routing icmp ( ) – icmp information icmp ( ) – icmp information tcp ( ) – tcp information, including connection state tcp ( ) – tcp information, including connection state udp ( ) – udp statistics udp ( ) – udp statistics egp ( ) – egp statistics, including neighbor table egp ( ) – egp statistics, including neighbor table transmission ( ) – no objects defined (other sub- trees) transmission ( ) – no objects defined (other sub- trees) snmp ( ) – performance of snmp implementation snmp ( ) – performance of snmp implementation

SNMP Operations getgetnext getbulk (v2, v3) setgetresponsetrap notification (v2, v3) inform (v2, v3) report (v2, v3) Variable Binding A list of MIB objects that allows a request’s recipient to see what the originator wants to know A list of MIB objects that allows a request’s recipient to see what the originator wants to know OID = value OID = value

SNMP Operations (2/15)

SNMP Operations (3/15) GET Initiated by the NMS Initiated by the NMS NMS sends request to agent NMS sends request to agent Agent processes request Agent processes request Agent sends getresponse back to NMS Agent sends getresponse back to NMS snmpget cisco.ora.com public System.sysLocation.0 = “”

SNMP Operations (4/15) GETNEXT Lets you issue a sequence of commands to retreive a group of values from a MIB Lets you issue a sequence of commands to retreive a group of values from a MIB For each MIB object, a separate GETNEXT requests and GETRESPONSE are generated For each MIB object, a separate GETNEXT requests and GETRESPONSE are generated Traverses a subtree in lexicographic order Traverses a subtree in lexicographic order

SNMP Operations (5/15) snmpwalk cisco.ora.com public system system.sysDescr.0 = “Cisco IOS Software, C2600 Software (C2600- IPBASE-M), Version 12.3(8)T3, RELEASE SOFTWARE (fc1) Technical Support: Copyright (c) by Cisco Systems, Inc. Compiled Tue 20-Jul-04 17:03 by eaarmas” system.sysObjectID.0 = OID: enterprises system.sysUpTime.0 = Timeticks: ( ) 3 days, 3:35:07.23 system.sysContact.0 = “” system.sysName.0 = “cisco.ora.com” system.sysLocation.0 = “” system.sysServices.0 = 6

SNMP Operations (6/15) GETBULK Allows a NMS to retrieve a large section of a table at once Allows a NMS to retrieve a large section of a table at once Tells agent to send back as much information as possible – incomplete responses possible Tells agent to send back as much information as possible – incomplete responses possible Two fields required Two fields required Nonrepeaters – tells command that first N objects can be retreived with a simple getnext operation Max-repetitions – tells command to attempt up to M getnext operations to retrieve remaining objects

SNMP Operations (7/15) Snmpbulkget –v2c public –Cn1 –Cr3 linux.ora.com sysDescr ifInOctets ifOutOctets System.sysDescr.0 = “Linux snort #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown” Interfaces.ifTable.ifEntry.ifInOctets.1 = Interfaces.ifTable.ifEntry.ifOutOctets.1 = Interfaces.ifTable.ifEntry.ifInOctets.2 = Interfaces.ifTable.ifEntry.ifOutOctets.2 = Interfaces.ifTable.ifEntry.ifInOctets.3 = 0 Interfaces.ifTable.ifEntry.ifOutOctets.3 = 0

SNMP Operations (8/15) SET Change the value of a managed object Change the value of a managed object Create a new row in a table Create a new row in a table

SNMP Operations (9/15) snmpget cisco.ora.com public system.sysLocation.0 system.sysLocation.0 = “” snmpset cisco.ora.com private system.sysLocation.0 s “Atlanta, GA” system.sysLocation.0 = “Atlanta, GA” snmpget cisco.ora.com public system.sysLocation.0 system.sysLocation.0 = “Atlanta, GA” *sysLocation is defined as a string in RFC 1213

SNMP Operations (10/15) Error Responses SNMPv1 SNMPv1noError(0)tooBig(1)noSuchName(2)badValue(3)readOnly(4)genErr(5)

SNMP Operations (11/15) Error Responses (cont.) SNMPv2 SNMPv2noAccess(6)wrongType(7)wrongLength(8)wrongEncoding(9)wrongValue(10)noCreation(11) resourceUnavailable(13) commitFailed(14) undoFailed(15) authorizationError(16) notWritable(17) inconsistentName(18)

SNMP Operations (12/15) SNMP Traps A way for agents to tell the NMS that something bad has happened A way for agents to tell the NMS that something bad has happened Originate from agents & sent to predetermined destination (NMS, log server, etc.) Originate from agents & sent to predetermined destination (NMS, log server, etc.) Prone to getting lost Prone to getting lost

SNMP Operations (13/15) SNMP Traps (cont.) Seven generic trap numbers Seven generic trap numbers coldStart (0) An agent has rebooted or started An agent has rebooted or started warmStart (1) An agent has reinitialized An agent has reinitialized linkDown (2) An interface on the device has gone down An interface on the device has gone down linkUp (3) An interface on the device has come up An interface on the device has come up

SNMP Operations (14/15) SNMP Traps (cont.) Seven generic trap numbers (cont.) Seven generic trap numbers (cont.) authenticationFailure (4) Indicates that a wrong community string was used to try to access the agent Indicates that a wrong community string was used to try to access the agent egpNeighborLoss (5) An EGP neighbor has gone down An EGP neighbor has gone down enterpriseSpecific (6) General catchall General catchall Enterprise specific Enterprise specific Defined under the private-enterprise branch of the SMI Defined under the private-enterprise branch of the SMI

SNMP Operations (15/15) SNMP Inform SNMPv2 SNMPv2 Allows for acknowledged sending of traps Allows for acknowledged sending of traps SNMP report Defined in the draft for SNMPv2 but never implemented Defined in the draft for SNMPv2 but never implemented Now part of SNMPv3 Now part of SNMPv3

SNMP Messages SNMPv1 & SNMPv2 messages Consist of a header and PDU Consist of a header and PDU Header consists of 2 fields Header consists of 2 fieldsVersion Community name HeaderPDU

SNMP PDU Formats (1/5) SNMPv1 Get, GetNext, Response, and Set Get, GetNext, Response, and Set PDU type Request ID Error Status Error Index Object 1 Value 1 Object 2 Value 2 Object n Value n Variable Bindings

SNMP PDU Formats (2/5) SNMPv1 (cont.) Trap Trap Enterprise Agent Address Generic Trap Type Specific Trap Code Time Stamp Object 1 Value 1 Object 2 Value 2 Object n Value n Variable Bindings

SNMP PDU Formats (3/5) SNMPv2 Get, GetNext, Inform, Response, Set, & Trap Get, GetNext, Inform, Response, Set, & Trap PDU Type Request ID Error Status Error Index Object 1 Value 1 Object 2 Value 2 Object n Value n Variable Bindings

SNMP PDU Formats (4/5) SNMPv2 GetBulk GetBulk PDU Type Request ID Non- Repeaters Max- Repetitions Object 1 Value 1 Object 2 Value 2 Object n Value n Variable Bindings

SNMP PDU Formats (5/5)

Host Management Host Resources MIB Defines a basic framework for managing hosts Defines a basic framework for managing hosts hrSystem (1) Uptime, system date, system users, system processes Uptime, system date, system users, system processes hrStorage (2) & hrDevice (3) Objects pertaining to system storage and system utilization Objects pertaining to system storage and system utilization hrSWRun (4), hrSWRunPerf (5), & hrSWInstalled (6) Objects pertaining to OS and software running or installed Objects pertaining to OS and software running or installed Vendor specific MIBs are defined to provide more detailed information about their hosts Vendor specific MIBs are defined to provide more detailed information about their hosts

Remote Monitoring (1/4) RMON MIB statisticshistoryalarmhostshostTopNmatrixfiltercaptureevent

Remote Monitoring (2/4) Statistics ( ) Statistics about all interfaces being monitored Statistics about all interfaces being monitored History ( ) Periodic statistical samples from the statistics group Periodic statistical samples from the statistics group Alarm ( ) Configure polling interval and threshold for RMON objects Configure polling interval and threshold for RMON objects

Remote Monitoring (3/4) Hosts ( ) Records traffic stats for each host on the network Records traffic stats for each host on the network hostTopN ( ) Used to generate reports on hosts that top a list ordered by a parameter in the host table Used to generate reports on hosts that top a list ordered by a parameter in the host table Matrix ( ) Error and utilization information for sets of two addresses Error and utilization information for sets of two addresses

Remote Monitoring (4/4) Filter ( ) Matches packets based on a filter equation Matches packets based on a filter equation When packet meets filter, an event may be triggered When packet meets filter, an event may be triggered Capture ( ) Allows packets to be captured if they meet a filter in the filter group Allows packets to be captured if they meet a filter in the filter group Event ( ) Controls the definition of RMON events Controls the definition of RMON events