Solved

Understanding SNMP

Posted on 2004-08-26
20
872 Views
Last Modified: 2012-05-05
I'd like someone to just explain in plain english the basics of SNMP.

What I'm trying to get to is a VB program that can query a network devices IP address and return information on device type, manufacturer and model etc.

So WMI has SNMP support, so I thought I could develop something which loops through an IP range and queries each device. Problem is I don't know where to start and most of the articles require a good understanding of SNMP and networking to start with. Also I don't know what to install just to get a simple "hello world" snmp program running !!
0
Comment
Question by:plq
20 Comments
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 50 total points
Comment Utility
Hi plq,

from the SNMP FAQ
The "simple" in SNMP doesn't mean "trivial". It cannot
be learned by flipping through a few emails or news posts.
The "simple" in SNMP is only in contrast to protocols
which are thought to be even more complex than SNMP.

There is no magic solution to learning SNMP. All
of us who have mastered the subject did so by 1)reading
several books on the subject, 2)reading/playing with the sample code
from CMU or NET-SNMP, 3)implementing several trial products
over a period of months.

If your boss expects SNMP miracles and will not listen to
reason, either become a good liar or find a new job.

Or, as David Perkins posted in recent response to a newbie:

"It will take you at least 6 months or so of studying and
usage to "comprehend SNMP very well". I suggest that
you read a few books (more than one) on SNMP and RMON,
since authors focus on different aspects of the subject
area."

You can find these resources listed in this FAQ and
on several other Web sites devoted to SNMP. Good luck!

http://www.faqs.org/faqs/snmp-faq/part1/

Sunnycoder
0
 
LVL 3

Assisted Solution

by:fatlad
fatlad earned 300 total points
Comment Utility
Using SNMP will be a huge pain to do, as it requires some form of authentication (it varies by version) before it will respond, so you will need to log onto every machine and configure this before you can scan them, which defeats the object of your project.

Why not just try mingsweeper (www.hoobie.net/mingsweeper/) or some similar application? Mingsweeper uses the way machines IP stacks respond to packets to identify the OS. This would seem to be a closer alignment to what you are after.

Regards

FatLad
0
 
LVL 4

Accepted Solution

by:
cyrnel earned 150 total points
Comment Utility
I've only scratched the surface with a few very specific projects so don't pretend to be an expert. The FAQ above is mandatory, and the net-snmp project provides a great toolkit to get something running. http://www.net-snmp.org/
0
 
LVL 8

Author Comment

by:plq
Comment Utility
Thanks chaps. Yes I've researched this a few times in the past and whats out there is getting better but still its impossible to understand without spending months on it.

I don't actually mind how the end result is achieved, whether from free tools or programming, snmp or ip stacks. I downloaded nmap once but didn't have a clue how to use it.

Is it really that difficult to query a device to ask it for device type, manufacturer and model ? networkview seems to do it ok  :(

I'll research all these links and come back later....

0
 
LVL 8

Author Comment

by:plq
Comment Utility
OK this is definitely a "getting started" problem.

I've got a very basic dlink router/firewall on 192.168.0.1, this is a domainless network, just a few XP and 2000 boxes linked out via a hub to the router.

How could I use one of the net-snmp programs (like snmp-walk) to query the router for information ?

0
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
What info are you after?
0
 
LVL 8

Author Comment

by:plq
Comment Utility
Ultimately manufacturer, model and device type but just anything other than "timeout" would be good !

I'd like to be able to query a device for which information it can give. Then I can decide whether to collect it or not. Some clients might want ports in use and the ip address connected to each port, others will just want basic asset info.

thanks
0
 
LVL 8

Author Comment

by:plq
Comment Utility
But I'm not interested in querying PC's or *ux boxes - only routers, switches, firewalls etc for asset info
0
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
It depends on the model of router, I would think that something aimed at the SOHO market like a dlink would only have a very limited set of SNMP MiBs.
0
 
LVL 8

Author Comment

by:plq
Comment Utility
So can I query the router to ask it what MIBs it supports ?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 8

Author Comment

by:plq
Comment Utility
networkview could query it

Description; Value;
IP Address; 192.168.0.1;
MAC Address; 00-0D-88-60-B7-3E;
NIC Manufacturer; ;
DNS Name; ;
SysDescr; Internet Gateway Device;
Company; D-Link Systems;
SysContact; ;
SysLocation; ;
SysUpTime; 15 days 9 h. 18 m. 13 s.;
SysObjectID; .1.3.6.1.4.1.171;
SysName; ;
Type; SNMP Device;
Note; ;
Active TCP ports; 80;
Ftp; ;
Telnet; ;
Smtp; ;
Http; ;
Pop3; ;
Imap4 (143); ;
; ;
; ;
0
 
LVL 8

Author Comment

by:plq
Comment Utility
I'm sure they got company from a look list of mac address, but I think sysdescr must have come from SNMP ?
0
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
Much easier to look at it, get the model number and then check the dlink website!

Basically the MiB is a list of information that can be processed by SNMP. There are a basic MIBs that all devices must support to be SNMP capable. There are then more specific MIBs for individual devices.

SNMP is not really designed to be used as a discovery method for devices. It normally requires configuration at both device and NMS to work correctly. Something like network view will use many other things besides SNMP to get the majority of info.
0
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
the sysdescr may come from SNMP, but it will only be visibile if the community strings are set correctly.
0
 
LVL 8

Author Comment

by:plq
Comment Utility
I think I'm getting warmer

I can do
 snmpbulkget -v2c -Cn1 -Cr5 -Os -c public acomputername system ifTable

thats giving me the OS version and Network Card details. This also works:

 snmpbulkget -v2c -Cn1 -Cr5 -Os -c public 192.168.0.150 system ifTable

 but when I try it with the router address it errors (Error in packet, a general failure occurred, Failed object ifTable). If I can just get that returning sysdescr and mac address thats a great start.
0
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
I think that bulkget is an SNMP v2 feature it could be that your other router is not capable or not configured to run v2.
0
 
LVL 8

Author Comment

by:plq
Comment Utility
Brilliant. I now have:

snmpget -v2c -c public 192.168.0.1 system.sysDescr.0

giving me "Internet Gateway Device"

Do you know where I can get a list of standard MIB strings incl the string for mac address ?
0
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
0
 
LVL 8

Author Comment

by:plq
Comment Utility
Good, I've found a few pointers.

One more thing. Whats the way of getting the mac address from ip address using these tools - is there a string that I can snmpget, or is there another way ? I understood it was a hex representation of a string of 6 numbers ?? , so all I need is how to query the device for those numbers .
0
 
LVL 8

Author Comment

by:plq
Comment Utility
I found it in

interfaces.ifTable.ifEntry.ifPhysAddress.1

Now the fun starts... C programming :)

thanks for your help
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now