SNMP Simple Network Management Protocol. SNMP and UDP Uses UDP as transport protocol Connectionless...
47
SNMP SNMP S S imple imple N N etwork etwork M M anagement anagement P P rotocol rotocol
-
Upload
ilene-alexander -
Category
Documents
-
view
309 -
download
1
Transcript of SNMP Simple Network Management Protocol. SNMP and UDP Uses UDP as transport protocol Connectionless...
SNMPSNMP
SSimple imple NNetwork etwork MManagement anagement PProtocolrotocol
SNMP and UDPSNMP and UDP
Uses UDP as transport protocolUses UDP as transport protocol ConnectionlessConnectionless Port 161 for sending and receiving requests Port 161 for sending and receiving requests
and answersand answers Port 162 for sending traps and alerts from Port 162 for sending traps and alerts from
managed devicesmanaged devices
SNMP Communities (1/2)SNMP Communities (1/2)
Used by SNMPv1 & SNMPv2Used by SNMPv1 & SNMPv2
Used to establish trust between manager Used to establish trust between manager and agentand agent
Three communitiesThree communities Read OnlyRead Only Read WriteRead Write TrapTrap
SNMP Communities (2/2)SNMP Communities (2/2)
Community stringsCommunity strings Essentially passwordsEssentially passwords DefaultsDefaults
Read Only = “public”Read Only = “public”
Read Write = “private”Read Write = “private” Should be changed before going liveShould be changed before going live Sent in clear text!Sent in clear text! How can security risk be limited?How can security risk be limited?
Structure of Management Structure of Management Information (1/17)Information (1/17)
SMI version 1SMI version 1 RFC 1155RFC 1155 Defines how managed objects are namedDefines how managed objects are named Defines managed objects data typesDefines managed objects data types
SMI version 2SMI version 2 RCFRCF Enhancements for SNMPv2Enhancements for SNMPv2
Structure of Management Structure of Management Information (2/17)Information (2/17)
Definition of managed objectsDefinition of managed objects Name or OIDName or OID
Uniquely identifies a managed objectUniquely identifies a managed object
Two formsTwo forms Human readableHuman readable NumericNumeric
Structure of Management Structure of Management Information (3/17)Information (3/17)
Definition of managed objects (cont.)Definition of managed objects (cont.) Type and SyntaxType and Syntax
Defined using a subset of Abstract Syntax Notation Defined using a subset of Abstract Syntax Notation One (ASN.1)One (ASN.1)
ASN.1ASN.1 Way of specifying how data is represented and Way of specifying how data is represented and
transmitted between managers and agentstransmitted between managers and agents Machine independentMachine independent
Structure of Management Structure of Management Information (4/17)Information (4/17)
Definition of managed objects (cont.)Definition of managed objects (cont.) EncodingEncoding
Single instance of a managed object is encoded Single instance of a managed object is encoded into a string of octets using Basic Encoding Rules into a string of octets using Basic Encoding Rules (BER)(BER)
BERBER Defines how objects are encoded and decodedDefines how objects are encoded and decoded
Structure of Management Structure of Management Information (5/17)Information (5/17)
Naming OIDsNaming OIDs Objects are organized in a treelike hierarchyObjects are organized in a treelike hierarchy OIDs are made up of a series of integers OIDs are made up of a series of integers
separated by periods (.)separated by periods (.) Human readable names translate the Human readable names translate the
numbers into textnumbers into text
Structure of Management Structure of Management Information (6/17)Information (6/17)
1.3.6.1.2.1.1.6.01.3.6.1.2.1.1.6.0 iso.org.dod.internet.mgmt.mib-iso.org.dod.internet.mgmt.mib-
2.system.sysLocation.02.system.sysLocation.0
org (3)
dod (6)
internet (1)
mgmt (2) experimental (3) private (4)directory (1)
mib-2 (1)
tcp (6)
udp (7)
egp (8)
cmot (9)
transmission (10)
snmp (11)
system (1)
interfaces (2)
addresstranslation
(3)
ip (4)
icmp (5)
...
SUN (42)
microsoft(311)
apple (63)
enterprise (1)
cisco (9)
IBM (2)
HP (11)
proteon (1)
Internet Activities Board (IAB) Administered Vendor Administered
wellfleet (18) unassigned (9118)
iso (1)
Naming OIDsNaming OIDs
Structure of Management Structure of Management Information (8/17)Information (8/17)
Structure of Management Structure of Management Information (9/17)Information (9/17)
Structure of Management Structure of Management Information (10/17)Information (10/17)
Defining OIDsDefining OIDs Syntax attribute provides for definition of Syntax attribute provides for definition of
managed objects through a subset of ASN.1managed objects through a subset of ASN.1 Datatypes define what kind of information a Datatypes define what kind of information a
managed object can holdmanaged object can hold Similar to datatypes used in programmingSimilar to datatypes used in programming
Structure of Management Structure of Management Information (11/17)Information (11/17)
SNMPv1 DatatypesSNMPv1 DatatypesInteger (32 bit)Integer (32 bit)
StringString
Counter (32 bit)Counter (32 bit)
OIDOID
NULL (not used)NULL (not used)
SequenceSequence
Sequence ofSequence of
IpAddressIpAddress
NetworkAddressNetworkAddress
GaugeGauge
TimeTicksTimeTicks
OpaqueOpaque
Structure of Management Structure of Management Information (12/17)Information (12/17)
MIB-1MIB-1
Structure of Management Structure of Management Information (13/17)Information (13/17)
Extensions to the SMI in V2Extensions to the SMI in V2 Integer32 – same as INTEGERInteger32 – same as INTEGER Counter32 – same as COUNTERCounter32 – same as COUNTER Gauge32 – same as GAUGEGauge32 – same as GAUGE Unsigned32 – decimal valueUnsigned32 – decimal value
0 to 20 to 23232 – 1, inclusive – 1, inclusive Counter64 – similar to Counter32Counter64 – similar to Counter32
Max value of Max value of 18,556,744,073,709,551,61518,556,744,073,709,551,615 BITS – An enumeration of non-negative bitsBITS – An enumeration of non-negative bits
Structure of Management Structure of Management Information (14/17)Information (14/17)
MIB-II MIB-II
Structure of Management Structure of Management Information (15/17)Information (15/17)
MIB-II (cont.)MIB-II (cont.) Currently, there are 108 subordinates or Currently, there are 108 subordinates or
object groups under MIB-2. object groups under MIB-2. These are the result of specific RFC’s for These are the result of specific RFC’s for
various protocols, etc.various protocols, etc.
Structure of Management Structure of Management Information (16/17)Information (16/17)
MIB-II (cont.)MIB-II (cont.)
Structure of Management Structure of Management Information (17/17)Information (17/17)
MIB-II (cont.)MIB-II (cont.) System (1.3.6.1.2.1.1) – Objects pertaining to system operationSystem (1.3.6.1.2.1.1) – Objects pertaining to system operation
Uptime, system contact, system nameUptime, system contact, system name interfaces (1.3.6.1.2.1.2) – interface informationinterfaces (1.3.6.1.2.1.2) – interface information at (1.3.6.1.2.1.3) – address translationat (1.3.6.1.2.1.3) – address translation ip (1.3.6.1.2.1.4) – ip information, including routingip (1.3.6.1.2.1.4) – ip information, including routing icmp (1.3.6.1.2.1.5) – icmp informationicmp (1.3.6.1.2.1.5) – icmp information tcp (1.3.6.1.2.1.6) – tcp information, including connection statetcp (1.3.6.1.2.1.6) – tcp information, including connection state udp (1.3.6.1.2.1.7) – udp statisticsudp (1.3.6.1.2.1.7) – udp statistics egp (1.3.6.1.2.1.8) – egp statistics, including neighbor tableegp (1.3.6.1.2.1.8) – egp statistics, including neighbor table transmission (1.3.6.1.2.1.10) – no objects defined (other sub-transmission (1.3.6.1.2.1.10) – no objects defined (other sub-
trees)trees) snmp (1.3.6.1.2.1.11) – performance of snmp implementationsnmp (1.3.6.1.2.1.11) – performance of snmp implementation
SNMP OperationsSNMP Operations
getget
getnextgetnext
getbulk (v2, v3)getbulk (v2, v3)
setset
getresponsegetresponse
traptrap
notification (v2, v3)notification (v2, v3)
inform (v2, v3)inform (v2, v3)
report (v2, v3)report (v2, v3)
Variable BindingVariable Binding A list of MIB objects that allows a request’s recipient A list of MIB objects that allows a request’s recipient
to see what the originator wants to knowto see what the originator wants to know OID = OID = valuevalue
SNMP Operations (2/15)SNMP Operations (2/15)
SNMP Operations (3/15)SNMP Operations (3/15)
GETGET Initiated by the NMSInitiated by the NMS NMS sends request to agentNMS sends request to agent Agent processes requestAgent processes request Agent sends getresponse back to NMSAgent sends getresponse back to NMS
snmpget cisco.ora.com public .1.3.6.1.2.1.1.6.0snmpget cisco.ora.com public .1.3.6.1.2.1.1.6.0
System.sysLocation.0 = “”System.sysLocation.0 = “”
SNMP Operations (4/15)SNMP Operations (4/15)
GETNEXTGETNEXT Lets you issue a sequence of commands to Lets you issue a sequence of commands to
retreive a group of values from a MIBretreive a group of values from a MIB For each MIB object, a separate GETNEXT For each MIB object, a separate GETNEXT
requests and GETRESPONSE are generatedrequests and GETRESPONSE are generated Traverses a subtree in lexicographic orderTraverses a subtree in lexicographic order
SNMP Operations (5/15)SNMP Operations (5/15)
snmpwalk cisco.ora.com public systemsnmpwalk cisco.ora.com public systemsystem.sysDescr.0 = “Cisco IOS Software, C2600 Software (C2600-system.sysDescr.0 = “Cisco IOS Software, C2600 Software (C2600-
IPBASE-M), Version 12.3(8)T3, RELEASE SOFTWARE (fc1) IPBASE-M), Version 12.3(8)T3, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2004 by Cisco Systems, Inc. Compiled Tue 20-Jul-04 17:03 by 1986-2004 by Cisco Systems, Inc. Compiled Tue 20-Jul-04 17:03 by eaarmas”eaarmas”
system.sysObjectID.0 = OID: enterprises.9.1.19system.sysObjectID.0 = OID: enterprises.9.1.19
system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23
system.sysContact.0 = “”system.sysContact.0 = “”
system.sysName.0 = “cisco.ora.com”system.sysName.0 = “cisco.ora.com”
system.sysLocation.0 = “”system.sysLocation.0 = “”
system.sysServices.0 = 6system.sysServices.0 = 6
SNMP Operations (6/15)SNMP Operations (6/15)
GETBULKGETBULK Allows a NMS to retrieve a large section of a Allows a NMS to retrieve a large section of a
table at oncetable at once Tells agent to send back as much information Tells agent to send back as much information
as possible – incomplete responses possibleas possible – incomplete responses possible Two fields requiredTwo fields required
Nonrepeaters – tells command that first N objects Nonrepeaters – tells command that first N objects can be retreived with a simple getnext operationcan be retreived with a simple getnext operation
Max-repetitions – tells command to attempt up to Max-repetitions – tells command to attempt up to M getnext operations to retrieve remaining objectsM getnext operations to retrieve remaining objects
SNMP Operations (7/15)SNMP Operations (7/15)
Snmpbulkget –v2c public –Cn1 –Cr3 Snmpbulkget –v2c public –Cn1 –Cr3 linux.ora.com sysDescr ifInOctets linux.ora.com sysDescr ifInOctets ifOutOctetsifOutOctets
System.sysDescr.0 = “Linux snort 2.4.1-10 #1 Thu Sep 6 17:27:27 EDT System.sysDescr.0 = “Linux snort 2.4.1-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown”2001 i686 unknown”
Interfaces.ifTable.ifEntry.ifInOctets.1 = 70840Interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
Interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840Interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
Interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020Interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
Interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152Interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
Interfaces.ifTable.ifEntry.ifInOctets.3 = 0Interfaces.ifTable.ifEntry.ifInOctets.3 = 0
Interfaces.ifTable.ifEntry.ifOutOctets.3 = 0Interfaces.ifTable.ifEntry.ifOutOctets.3 = 0
SNMP Operations (8/15)SNMP Operations (8/15)
SETSET Change the value of a managed objectChange the value of a managed object Create a new row in a tableCreate a new row in a table
SNMP Operations (9/15)SNMP Operations (9/15)
snmpget cisco.ora.com public system.sysLocation.0snmpget cisco.ora.com public system.sysLocation.0
system.sysLocation.0 = “”system.sysLocation.0 = “”
snmpset cisco.ora.com private system.sysLocation.0 s snmpset cisco.ora.com private system.sysLocation.0 s “Atlanta, GA”“Atlanta, GA”
system.sysLocation.0 = “Atlanta, GA”system.sysLocation.0 = “Atlanta, GA”
snmpget cisco.ora.com public system.sysLocation.0snmpget cisco.ora.com public system.sysLocation.0
system.sysLocation.0 = “Atlanta, GA”system.sysLocation.0 = “Atlanta, GA”
*sysLocation is defined as a string in RFC 1213*sysLocation is defined as a string in RFC 1213
SNMP Operations (10/15)SNMP Operations (10/15)
Error ResponsesError Responses SNMPv1SNMPv1
noError(0)noError(0)
tooBig(1)tooBig(1)
noSuchName(2)noSuchName(2)
badValue(3)badValue(3)
readOnly(4)readOnly(4)
genErr(5)genErr(5)
SNMP Operations (11/15)SNMP Operations (11/15)
Error Responses Error Responses (cont.)(cont.) SNMPv2SNMPv2
noAccess(6)noAccess(6)
wrongType(7)wrongType(7)
wrongLength(8)wrongLength(8)
wrongEncoding(9)wrongEncoding(9)
wrongValue(10)wrongValue(10)
noCreation(11)noCreation(11)
resourceUnavailable(13)resourceUnavailable(13)
commitFailed(14)commitFailed(14)
undoFailed(15)undoFailed(15)
authorizationError(16)authorizationError(16)
notWritable(17)notWritable(17)
inconsistentName(18)inconsistentName(18)
SNMP Operations (12/15)SNMP Operations (12/15)
SNMP TrapsSNMP Traps A way for agents to tell the NMS that A way for agents to tell the NMS that
something bad has happenedsomething bad has happened Originate from agents & sent to Originate from agents & sent to
predetermined destination (NMS, log server, predetermined destination (NMS, log server, etc.)etc.)
Prone to getting lostProne to getting lost
SNMP Operations (13/15)SNMP Operations (13/15)
SNMP Traps (cont.)SNMP Traps (cont.) Seven generic trap numbersSeven generic trap numbers
coldStart (0)coldStart (0) An agent has rebooted or startedAn agent has rebooted or started
warmStart (1)warmStart (1) An agent has reinitialized An agent has reinitialized
linkDown (2)linkDown (2) An interface on the device has gone downAn interface on the device has gone down
linkUp (3)linkUp (3) An interface on the device has come upAn interface on the device has come up
SNMP Operations (14/15)SNMP Operations (14/15)
SNMP Traps (cont.)SNMP Traps (cont.) Seven generic trap numbers (cont.)Seven generic trap numbers (cont.)
authenticationFailure (4)authenticationFailure (4) Indicates that a wrong community string was used to try Indicates that a wrong community string was used to try
to access the agentto access the agent
egpNeighborLoss (5)egpNeighborLoss (5) An EGP neighbor has gone downAn EGP neighbor has gone down
enterpriseSpecific (6)enterpriseSpecific (6) General catchallGeneral catchall Enterprise specificEnterprise specific Defined under the Defined under the private-enterpriseprivate-enterprise branch of the SMI branch of the SMI
SNMP Operations (15/15)SNMP Operations (15/15)
SNMP InformSNMP Inform SNMPv2SNMPv2 Allows for acknowledged sending of trapsAllows for acknowledged sending of traps
SNMP reportSNMP report Defined in the draft for SNMPv2 but never Defined in the draft for SNMPv2 but never
implementedimplemented Now part of SNMPv3Now part of SNMPv3
SNMP MessagesSNMP Messages
SNMPv1 & SNMPv2 messagesSNMPv1 & SNMPv2 messages Consist of a header and PDUConsist of a header and PDU
Header consists of 2 fieldsHeader consists of 2 fieldsVersionVersion
Community nameCommunity name
Header PDU
SNMP PDU Formats (1/5)SNMP PDU Formats (1/5)
SNMPv1SNMPv1 Get, GetNext, Response, and SetGet, GetNext, Response, and Set
PDUtype
RequestID
ErrorStatus
ErrorIndex
Object 1Value 1
Object 2Value 2
Object nValue n
Variable Bindings
SNMP PDU Formats (2/5)SNMP PDU Formats (2/5)
SNMPv1 (cont.)SNMPv1 (cont.) TrapTrap
EnterpriseAgent
Address
GenericTrapType
SpecificTrapCode
TimeStamp
Object 1Value 1
Object 2Value 2
Object nValue n
Variable Bindings
SNMP PDU Formats (3/5)SNMP PDU Formats (3/5)
SNMPv2SNMPv2 Get, GetNext, Inform, Response, Set, & TrapGet, GetNext, Inform, Response, Set, & Trap
PDUType
RequestID
ErrorStatus
ErrorIndex
Object 1Value 1
Object 2Value 2
Object nValue n
Variable Bindings
SNMP PDU Formats (4/5)SNMP PDU Formats (4/5)
SNMPv2SNMPv2 GetBulkGetBulk
PDUType
RequestID
Non-Repeaters
Max-Repetitions
Object 1Value 1
Object 2Value 2
Object nValue n
Variable Bindings
SNMP PDU Formats (5/5)SNMP PDU Formats (5/5)
Host ManagementHost Management
Host Resources MIBHost Resources MIB 1.3.6.1.2.1.251.3.6.1.2.1.25 Defines a basic framework for managing hostsDefines a basic framework for managing hosts
hrSystem (1)hrSystem (1) Uptime, system date, system users, system processesUptime, system date, system users, system processes
hrStorage (2) & hrDevice (3)hrStorage (2) & hrDevice (3) Objects pertaining to system storage and system utilizationObjects pertaining to system storage and system utilization
hrSWRun (4), hrSWRunPerf (5), & hrSWInstalled (6) hrSWRun (4), hrSWRunPerf (5), & hrSWInstalled (6) Objects pertaining to OS and software running or installedObjects pertaining to OS and software running or installed
Vendor specific MIBs are defined to provide Vendor specific MIBs are defined to provide more detailed information about their hostsmore detailed information about their hosts
Remote Monitoring (1/4)Remote Monitoring (1/4)
RMON MIBRMON MIB 1.3.6.1.2.1.161.3.6.1.2.1.16
statisticsstatisticshistoryhistoryalarmalarmhostshostshostTopNhostTopNmatrixmatrixfilterfiltercapturecaptureeventevent
Remote Monitoring (2/4)Remote Monitoring (2/4)
Statistics (1.3.6.1.2.1.16.1)Statistics (1.3.6.1.2.1.16.1) Statistics about all interfaces being monitoredStatistics about all interfaces being monitored
History (1.3.6.1.2.1.16.2)History (1.3.6.1.2.1.16.2) Periodic statistical samples from the statistics Periodic statistical samples from the statistics
groupgroup
Alarm (1.3.6.1.2.1.16.3)Alarm (1.3.6.1.2.1.16.3) Configure polling interval and threshold for Configure polling interval and threshold for
RMON objectsRMON objects
Remote Monitoring (3/4)Remote Monitoring (3/4)
Hosts (1.3.6.1.2.1.16.4)Hosts (1.3.6.1.2.1.16.4) Records traffic stats for each host on the Records traffic stats for each host on the
networknetwork
hostTopN (1.3.6.1.2.1.16.5)hostTopN (1.3.6.1.2.1.16.5) Used to generate reports on hosts that top a Used to generate reports on hosts that top a
list ordered by a parameter in the host tablelist ordered by a parameter in the host table
Matrix (1.3.6.1.2.1.16.6)Matrix (1.3.6.1.2.1.16.6) Error and utilization information for sets of two Error and utilization information for sets of two
addressesaddresses
Remote Monitoring (4/4)Remote Monitoring (4/4)
Filter (1.3.6.1.2.1.16.7)Filter (1.3.6.1.2.1.16.7) Matches packets based on a filter equationMatches packets based on a filter equation When packet meets filter, an event may be When packet meets filter, an event may be
triggeredtriggered
Capture (1.3.6.1.2.16.8)Capture (1.3.6.1.2.16.8) Allows packets to be captured if they meet a Allows packets to be captured if they meet a
filter in the filter groupfilter in the filter group
Event (1.3.6.1.2.16.9)Event (1.3.6.1.2.16.9) Controls the definition of RMON eventsControls the definition of RMON events
