Scribd Logo
Upload

Welcome to Scribd!

  • 08 SNMP

    Uploaded by

    sravs587
    29 views13 pages
    This document provides information about ECE-6612, a course on Simple Network Management Protocol (SNMP) taught by Professor John Copeland at Georgia Tech. It includes figures from the textbook "Network Security Essentials" and discusses SNMP network management architecture, SNMP versions 1-3, the roles of SNMP managers and agents, and the Management Information Base. Additional resources on SNMP standards, documentation, and Internet-assigned numbers are also referenced.

    Original Description:

    Original Title

    08-SNMP

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides information about ECE-6612, a course on Simple Network Management Protocol (SNMP) taught by Professor John Copeland at Georgia Tech. It includes figures from the textbook "Network Security Essentials" and discusses SNMP network management architecture, SNMP versions 1-3, the roles of SNMP managers and agents, and the Management Information Base. Additional resources on SNMP standards, documentation, and Internet-assigned numbers are also referenced.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    29 views13 pages

    08 SNMP

    Uploaded by

    sravs587
    This document provides information about ECE-6612, a course on Simple Network Management Protocol (SNMP) taught by Professor John Copeland at Georgia Tech. It includes figures from the textbook "Network Security Essentials" and discusses SNMP network management architecture, SNMP versions 1-3, the roles of SNMP managers and agents, and the Management Information Base. Additional resources on SNMP standards, documentation, and Internet-assigned numbers are also referenced.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 13

    ECE-6612

    http://www.csc.gatech.edu/copeland/jac/6612/

    Prof. John A. Copeland


    john.copeland@ece.gatech.edu
    404 894-5177

    Office: Klaus 3362


    email or call for office visit

    Chap 8: SNMP - Simple Network Mgmt Protocol


    Includes copies of figures from Chap. 8 of
    “Network Security Essentials, Applications and Standards”
    by William Stallings
    Network Management Architecture

    rated collection of tools for network monitoring an

    ingle operator interface.


    Minimal amount of separate equipment – software and
    communications capability built into the existingeq
    ary parts are:
    Management station (central control, has a “agent”)
    Management agents (software in network equipment)
    Management Information Base (MIB)
    etwork management protocol (rules for communication
    2
    3
    “SNMP Management Station” - central
    control. It SNMP
    can set parameters and collect
    Terminology
    information from the
    “SNMP Agents” located on the controlled
    network systems.
    “Proxy” – an add-on box to add SNMP
    features to a network unit (router, modem,
    PC, …) that does not have built-in SNMP
    capability.
    “Trap” – an unsolicited message, perhaps
    reporting an alarm condition (to UDP port
    162).
    “Intermediate Management Station” - for
    distributed control. It can set parameters
    and collect information from the Agents on
    a local region of the network. Only the
    more important information would be passed 4
    SNMPv1 (version 1) is “connectionless” since it
    utilizes UDP SNMP
    (rather
    v1, than TCP)v3as the transport
    v2, and
    layer protocol.
    SNMPv2 allows the use of TCP for “reliable,
    connection-oriented” service.
    Problems with SNMP v1 addressed by version 2:
    • Lack of support for distributed network
    management.
    • Functional deficiencies - v2 can use
    TCP/IP and Novell IPX
    Problem addressed by version 3:
    • Security - version 1 used a community
    name as a password.
    • Version 3 adds encryption, and host
    authentication, 5
    The Role of SNMP

    6
    Proxy Configuration

    7
    SNMP v3 – a Security Add-on
    SNMP v3 “engine” operating at the
    Application Layer:

    • On outgoing PDU’s inserts


    authentication codes (MACs), encrypts
    certain fields, encapsulates the PDU into
    a message for transmission.

    • For incoming messages (from the


    Transport Layer) performs authentication
    verification, decryption, and extracts
    PDU’s from the message to pass up to the
    SNMP applications above.

    • Security Subsystem- performs the


    authentication and encryption tasks.
    8
    SNMP Protocol Architecture

    9
    SNMPv3 PDU with User Security Model (USM)

    10
    ssages Use the Management Info. Base (MIB) and ASN.
    (Abstract Syntax Notation)

    ects (Parameters ) are expressed as leaves on the MIB tree.


    Object Object ID (OID)
    +--iso(1) .1
    +--org(3) .1.3
    +--dod(6) .1.3.6
    +--internet(1) .1.3.6.1
    +--directory(1) .1.3.6.1.1
    +--mgmt(2) .1.3.6.1.2
    | +--mib-2(1) .1.3.6.1.2.1
    | +--transmission(10) .1.3.6.1.2.10
    +--experimental(3) .1.3.6.1.3
    +--private(4) .1.3.6.1.4
    | +--enterprises(1) .1.3.6.1.4.1
    [next number is company ID]*
    +--security(5) .1.3.6.1.5
    +--snmpV2(6) .1.3.6.1.6
    +--snmpDomains(1) .1.3.6.1.6.1
    +--snmpProxys(2) .1.3.6.1.6.2
    +--snmpModules(3) .1.3.6.1.6.3

    * when a company gets a number from IANA, it can extend the


    tree to cover a new system.
    11
    Index: 0
    Decoding
    Byte: 29 Type: 30 0 82a 1 UDP Trap Message
    9 - 265
    Byte: 33 Type: 30 1 f - 15
    Byte: 35 Type: 6 1 .1.3.6.1.2.1.1.3.0 System
    Up Time (0.01 s)
    Byte: 45 Type: 43 1 1977555
    ->
    sysUpTime = 19775.55 s
    Byte: 50 Type: 30 1 1c - 28
    Byte: 52 Type: 6 2 .1.3.6.1.6.3.1.1.4.1.0 Type
    of Event
    Byte: 64 Type: 6 2 .1.3.6.1.4.1.8712.4.1.1.2.1.7.5
    Indicates that the IP has a profile violation.
    ->
    snmpTrapOID = swCoreEventOOP
    Byte: 80 Type: 30 2 2a - 42
    Byte: 82 Type: 6 3 .1.3.6.1.4.1.8712.4.1.1.2.1.1.1

    Byte: 98 Type: 44 3 StealthWatch+Therminator


    ->
    stealthwatchCoreConfig = StealthWatch+Therminator
    Byte: 124 Type: 30 3 16 - 22
    Byte: 126 Type: 6 4 .1.3.6.1.4.1.8712.4.1.1.2.1.6.1.1 The
    unique alarm identifier (serial no).

    Byte: 143 Type: 42 4 207986


    ->
    stealthwatchCoreAlarmsId = 207986 12
    Sources of SNMP Information on the Web
    To work with SNMP messages on a unix system, install the Net-
    SNMP utilitys, available at “www.net-snmp.org
    A number of standard MIBs will then be found in
    /usr/share/snmp/mibs
    To look up Enterprise Numbers, go to Web site of the Internet
    Assigned Numbers Authority (IANA),
    “www.iana.org/assignments/enterprise-numbers”.
    The “List of Lists” at “www.iana.org/numbers.html” is a
    wonderful body of information on all the Internet assigned
    numbers (protocols, ports, IPs vs. area, AS numbers, ...).
    For information on ASN.1 -
    “www.cs.columbia.edu/~hgs/internet/asn.1.html”
    RFC’s on SNMP: 788, 1098, 1215, 1442, 1592, 1906, 2578. To
    get them, use “www.ietf.org/rfc/rfc<number_here>.txt”
    13

    You might also like