slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ECE-6612 http://www.csc.gatech.edu/copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 PowerPoint Presentation
Download Presentation
ECE-6612 http://www.csc.gatech.edu/copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177

Loading in 2 Seconds...

play fullscreen
1 / 13

ECE-6612 http://www.csc.gatech.edu/copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 - PowerPoint PPT Presentation


  • 155 Views
  • Uploaded on

ECE-6612 http://www.csc.gatech.edu/copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 Office: Klaus 3362 email or call for office visit Chap 8: SNMP - Simple Network Mgmt Protocol Includes copies of figures from Chap. 8 of

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ECE-6612 http://www.csc.gatech.edu/copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177' - presta


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

ECE-6612

http://www.csc.gatech.edu/copeland/jac/6612/

Prof. John A. Copeland

john.copeland@ece.gatech.edu

404 894-5177

Office: Klaus 3362

email or call for office visit

Chap 8: SNMP - Simple Network Mgmt Protocol

Includes copies of figures from Chap. 8 of

“Network Security Essentials, Applications and Standards”

by William Stallings

slide2

Network Management Architecture

An integrated collection of tools for network monitoring and

control.

• Single operator interface.

• Minimal amount of separate equipment – software and

network communications capability built into the existingequipment.

The primary parts are:

• Management station (central control, has a “agent”)

• Management agents (software in network equipment)

• Management Information Base (MIB)

• Network management protocol (rules for communication)

2

slide4

SNMP Terminology

“SNMP Management Station” - central control. It can set parameters and collect information from the

“SNMP Agents” located on the controlled network systems.

“Proxy” – an add-on box to add SNMP features to a network unit (router, modem, PC, …) that does not have built-in SNMP capability.

“Trap” – an unsolicited message, perhaps reporting an alarm condition (to UDP port 162).

“Intermediate Management Station” - for distributed control. It can set parameters and collect information from the Agents on a local region of the network. Only the more important information would be passed up to the Management Station.

4

slide5

SNMP v1, v2, and v3

SNMPv1 (version 1) is “connectionless” since it utilizes UDP (rather than TCP) as the transport layer protocol.

SNMPv2 allows the use of TCP for “reliable, connection-oriented” service.

Problems with SNMP v1 addressed by version 2:

• Lack of support for distributed network management.

• Functional deficiencies - v2 can use TCP/IP and Novell IPX

Problem addressed by version 3:

• Security - version 1 used a community name as a password.

• Version 3 adds encryption, and host authentication,

5

slide8

SNMP v3 – a Security Add-on

SNMP v3 “engine” operating at the Application Layer:

• On outgoing PDU’s inserts authentication codes (MACs), encrypts certain fields, encapsulates the PDU into a message for transmission.

• For incoming messages (from the Transport Layer) performs authentication verification, decryption, and extracts PDU’s from the message to pass up to the SNMP applications above.

• Security Subsystem- performs the authentication and encryption tasks.

8

slide11

Messages Use the Management Info. Base (MIB) and ASN.1

(Abstract Syntax Notation)

Objects (Parameters ) are expressed as leaves on the MIB tree.

ObjectObject ID (OID)

+--iso(1) .1

+--org(3) .1.3

+--dod(6) .1.3.6

+--internet(1) .1.3.6.1

+--directory(1) .1.3.6.1.1

+--mgmt(2) .1.3.6.1.2

| +--mib-2(1) .1.3.6.1.2.1

| +--transmission(10) .1.3.6.1.2.10

+--experimental(3) .1.3.6.1.3

+--private(4) .1.3.6.1.4

| +--enterprises(1) .1.3.6.1.4.1 [next number is company ID]*

+--security(5) .1.3.6.1.5

+--snmpV2(6) .1.3.6.1.6

+--snmpDomains(1) .1.3.6.1.6.1

+--snmpProxys(2) .1.3.6.1.6.2

+--snmpModules(3) .1.3.6.1.6.3

* when a company gets a number from IANA, it can extend the tree to cover a new system.

11

slide12

Decoding a UDP Trap Message

trap_server.pl 9/26/04 22:45 [data has the form: 30(length), (6)OID, (42) value or (44) string]

From: 209.128.181.100 Mon Sep 27 21:24:26 EDT 2004

Len: 82 1 26 - 294 Version: 2 Domain: public Reg_ID: 391 Error: 0 Index: 0

Byte: 29 Type: 30 0 82 1 9 - 265

Byte: 33 Type: 30 1 f - 15

Byte: 35 Type: 6 1 .1.3.6.1.2.1.1.3.0 System Up Time (0.01 s)

Byte: 45 Type: 43 1 1977555

-> sysUpTime = 19775.55 s

Byte: 50 Type: 30 1 1c - 28

Byte: 52 Type: 6 2 .1.3.6.1.6.3.1.1.4.1.0 Type of Event

Byte: 64 Type: 6 2 .1.3.6.1.4.1.8712.4.1.1.2.1.7.5 Indicates that the IP has a profile violation.

-> snmpTrapOID = swCoreEventOOP

Byte: 80 Type: 30 2 2a - 42

Byte: 82 Type: 6 3 .1.3.6.1.4.1.8712.4.1.1.2.1.1.1

Byte: 98 Type: 44 3 StealthWatch+Therminator

-> stealthwatchCoreConfig = StealthWatch+Therminator

Byte: 124 Type: 30 3 16 - 22

Byte: 126 Type: 6 4 .1.3.6.1.4.1.8712.4.1.1.2.1.6.1.1 The unique alarm identifier (serial no).

Byte: 143 Type: 42 4 207986

-> stealthwatchCoreAlarmsId = 207986

Byte: 148 Type: 30 4 22 - 34

Byte: 150 Type: 6 5 .1.3.6.1.4.1.8712.4.1.1.2.1.6.1.3 Host Ip Address of [that caused] the alarm.

Byte: 167 Type: 44 5 209.182.185.012

-> stealthwatchCoreAlarmsHost = 209.182.185.012

12

slide13

Sources of SNMP Information on the Web

To work with SNMP messages on a unix system, install the Net-SNMP utilitys, available at “www.net-snmp.org

A number of standard MIBs will then be found in /usr/share/snmp/mibs

To look up Enterprise Numbers, go to Web site of the Internet Assigned Numbers Authority (IANA), “www.iana.org/assignments/enterprise-numbers”.

The “List of Lists” at “www.iana.org/numbers.html” is a wonderful body of information on all the Internet assigned numbers (protocols, ports, IPs vs. area, AS numbers, ...).

For information on ASN.1 -

“www.cs.columbia.edu/~hgs/internet/asn.1.html”

RFC’s on SNMP: 788, 1098, 1215, 1442, 1592, 1906, 2578. To get them, use “www.ietf.org/rfc/rfc<number_here>.txt”

13