¡Hola!
En las entradas anteriores hemos realizado una introducción a SNMP , estudiando sus componentes y arquitectura, y hemos profundizado en los MIBs y el árbol de información de gestión . Hoy we will focus in SNMP messages.
To achieve the goal of being a simple protocol, SNMP proposed a limited set of management commands and responses. The initial version of the protocol was only 5 operators: Get
- to obtain or read the value of one or more instances of an object. GetNext
- very similar to Get, it differs in that this operation gets the value of next OID tree
- Set, to write or set the value of one or more instances of an object.
- Trap, which are messages sent by agents to the NMS to report that there has been a certain event
- Response, are the responses from the NMS agents containing the requested values.
SNMPv2 introduced 2 new operators:
- GetBulk was introduced as an enhancement to Get Next requests, when to get data from a table (such as information of the network interfaces of a computer or table routing).
- Inform, a message similar to trap but that includes a confirmation from the NMS to receive the message.
GET / GET NEXT / GET BULK / SET
TRAP
INFORM
To see the performance of SNMP in action and to make some catches WireShark need a SNMP NMS and any device. To do this you can use your home router, switch or your own machine.
I will be using a Windows XP virtual machine on which I installed the SNMP service (Start-> Add / Remove Programs -> add windows components -> Management and Monitoring Tools -> SNMP). Once installed you can configure the agent and to define the details. For example, we can establish the contact, which will be the information contained in the sysContact object value, or location, which is the value of sysLoc, both the System group.
If we go to the security tab, we see that by default only public community is created, which is read-only rights. A community (community string) is something like a password in plain text (and therefore very uncertain.) In the next post will discuss security and SNMPv3 protocol.
can create a new community with read and write:
Once the changes have to restart the service. NMS
As we will use the application Blackowl MIB browser. In the picture you can see how I selected the computer on which I work (typing its IP in the Host field), I went sailing through the tree to the group object system and have conducted three operations get to get the value of objects sysDescr, sysContact and sysLocation. As the community of read operations is set by default to public, do not set anything:
As you can see, the values \u200b\u200bthat are returned by the agent that we established previously on the computer.
If you look, the object can be modified sysLocation from the NMS, as access is readwrite. Let's change it! To this end, we must provide our NMS data write of the agent community. We have to go to properties, select SNMPv2 and write the appropriate community string.
If we perform the operation on the object sysLocation September, we miss a new window asking the value to write to the agent:
If we go to the computer and look at the properties we can test SNMP that indeed SysLocation value has changed:
Finally I leave a couple of pictures of the catch made with WireShark get to perform the operation on the object and sysContact response from the agent:
CAUTION After testing, you should disable SNMP or secure in your equipment, lest your teams start doing strange things ...
In the next article speak, precisely, safety and SNMPv3 protocol.
Greetings!
Sources:
http://www3.rad.com/networks/applications/snmp/comp.htm
http://www.manageengine.com/network-monitoring/what-is-snmp.html
0 comments:
Post a Comment