Skip to main content

SNMP Basics


SNMP stands for Simple Network Management Protocol.
It was created in 1988. The purpose of its creation was to manage a growing number of network elements in a computer network. Slowly, this protocol started becoming popular and it forms the basis of network management today.

Through snmp one can retrieve information about network devices like routers, printers, hubs or even normal computers. The information that can be retrieved through snmp is endless. Some examples of the type of information that can be retrieved through snmp are :

  • System up time
  • CPU usage level
  • Disk usage level
  • Network settings etc.

Not only information can be retrieved but also these network devices can be configured with new values through snmp. Despite being simple in its design and approach, its the sheer power of this protocol that makes its popular network management protocol today.

SNMP system design

A computer network system that uses SNMP for network management consists of the three fundamental components :
The SNMP manager : It is a software that usually runs on the machine of network administrator or any human manager managing the computer network.
The SNMP agent : It is a software that usually runs on the network node that is to be monitored. This node could be a printer, router etc.
The SNMP MIB : MIB stands for Management information base. This component makes sure that the data exchange between the manager and the agent remains structured.
So we can easily say that the SNMP manager acts as an interface between human network manager and the network node being managed. Similarly, the SNMP agent acts as an interface between the SNMP manager and the network node being monitored.

The SNMP MIB

The definition of SNMP MIB can be a bit cryptic to newbies. So lets understand the concept of SNMP MIBs through a small example here.

Suppose a mobile company server sends a poll question to all the company’s subscribers through SMS. Being that company’s subscriber, you get that message on your phone and you reply to it. Simple enough. Now, assume a situation where in a next poll the same company sends MMS this time. But, this time your phone is not able to comprehend that SMS due to some of its technology limitations (or any other problem). So, in this case you won’t be able to receive and hence reply to the MMS.

So we see that the problem above happened because of lack of some MMS capabilities on your phone. So, in a nutshell your phone was not able to comprehend the incoming message successfully.

One could assume that same is the case with SNMP manager and an SNMP agent. The network protocol used between them is of-course SNMP but there has to be a protocol for composing and comprehending the information being queried. The information being queried could be anything like the disk usage of the network node that has agent running on it. So the crux is that there should be a standard structure in which the the query should be formed by the SNMP manager and the query should be understood by the SNMP agent.

The very basic component of the structure used in case of SNMP is an object. Every information that can be queried through SNMP is looked in terms of an object. For example the a system’s up time is an object known as ‘sysUpTime’. Every object is has an associated ID known as Object ID or OID which is unique for every object. A group of objects form a MIB.

For example, if you take a look at the following images :




You will see that the whole information system in SNMP is in a form of tree where individual information nodes are objects having unique OIDs. For example the unique OID for the object sysUpTime is .1.3.6.1.2.1.1.3.0 . Looking at the figure above, you can easily deduce this OID. The ’0′ at the last of OID signifies that this object is a scalar and not a table.

There is also a textual description of the numeric OID. For example, the textual description of sysUpTime OID (presented above) is iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.

SNMP Messages

SNMP communication between manager and agent takes place in form of messages. Following are the basic messages used for communication :
  • SNMP GET
  • SNMP GET-NEXT
  • SNMP GET-RESPONSE
  • SNMP SET
  • SNMP TRAP

The messages GET and GET-NEXT are used to fetch the value of a particular MIB object. The message GET-RESPONSE is used mostly by the agent to send the response to a GET or GET-NEXT message. The message SET is used by the manager to set the new value of a particular MIB object at the agent. The message TRAP is used by the agent to send information about some alarming values for some object to the manager so that appropriate action could be taken by the manager.


SNMP Works On UDP
At the transport layer, the protocol used for SNMP message transportation is UDP. This is because UDP outperforms TCP in lossy networks where congestion is usually very high.
Port No.161:GET,GET NEXT,SET
Port No.162:TRAPS




Comments

Popular posts from this blog

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8. Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv

Installing vmware-11.0 on Ubuntu 15.04 Using kernel Patch

curl http://pastie.org/pastes/9934018/download -o /tmp/vmnet-3.19.patch cd /usr/lib/vmware/modules/source tar -xf vmnet.tar patch -p0 -i /tmp/vmnet-3.19.patch tar -cf vmnet.tar vmnet-only rm -r *-only vmware-modconfig --console --install-all References: http://askubuntu.com/questions/605530/vmware-player-7-1-0-on-ubuntu-15-04-kernel-3-19-0-10-generic-app-loading http://askubuntu.com/questions/617704/failed-to-build-vmnet-for-kernel-3-19

SSI Injection Attack

SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the user. The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields. It is possible to check if the application is properly validating input fields data by inserting characters that are used in SSI directives, like:  Code: < ! # = / . " - > and [a-zA-Z0-9] Another way to discover if the application is vulnerable is to verify the presence of pages with extension .stm, .shtm and .shtml. However, the lack of these type of pages does not mean that th