TCP/IP Protocol: Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is a TCP/IP protocol used to gather or set data for remote devices on the network. Examples can include routers, computers, printers, and other devices. The data gathered can include how the device is operating as well as how it has been operating in the past. Current settings can also be obtained, such as IP Addresses of the Network Interface Card (NIC) in a computer. Each object on the network, such as a router, is a managed object. Each managed object contains software which responds to the SNMP requests. The responding software on the managed device is an Agent. Each Agent contains a list of valid requests which is called the Management Information Base (MIB). The MIB consists of a list of Object Identifiers (OIDs) that have a special meaning for each device. Each device has a specific MIB which has OIDs what do not exist in other MIBs. For example, a printer may contain the OID for ink cartridge levels (prtMarkerSuppliesLevel). Some OIDs can be requested (read), such as printer ink level, while others can be set (write) such as prtAuxiliarySheetBannerPage which is used to enable banner sheets to print before each print job. NOTE: Be aware that the specific device you may want to use SNMP to monitor must support SNMP. Each device and even services have their own MIB to support all functions of the specific device and service. The Manager is the software which is used to request information from the Agents. The Manager is installed on a computer and tracks the ‘traps’ set for monitoring. For example, a trap can be set to alert you when the printer ink becomes very low so you know when to replace the cartridge. SNMP is currently using version 3 (SNMPv3), and it uses User Datagram Protocol (UDP) ports 161 and 162. The Agent receives requests on Port 161 from the Managers and responds to the Managers on Port 162. Secure SNMP uses ports 10161 and 10162 using Transport Layer Security (TLS). When secured, the Agent receives requests on Port 10161 from the Managers and sends a secured response to the Managers on Port 10162. NOTE: Security measures other than TLS exist for securing SNMP. Datagram Transport Security Layer (DTLS) is another security option. Understand that SNMPv3 works on both TCP/IP version 4 and version 6. SNMPv3 has seven Protocol Data Units (PDUs) as follows: GetRequest – Manager-to-Agent request for information GetNextRequest – Manager-to-Agent request for information of next value in OID GetBulkRequest - Manager-to-Agent request for information of all values in OID SetRequest – Manager-to-Agent request to change the value of an OID Response – Agent-to-Manager response for GET requests Trap – Agent-to-Manager response when a specific value reaches a threshold InformRequest – Manager-to-Manager or Agent-to-Manager response to acknowledge a Trap NOTE: The InformRequest was used to verify a Trap since the delivery is not guaranteed because is uses UDP. Manager The SNMP daemon (snmpd) is used to install SNMP on a Linux system to make an SNMP Manager. First, the SNMP daemon needs to be installed by using the following command: ‘sudo apt-get install snmpd’. Answer ‘y’ (yes) to install SNMP. The file /etc/snmp/snmpd.conf can be deleted and remade using the following: rocommunity public syslocation "Server, Linux.ORG" syscontact JarretBuse@Hotmail.com NOTE: The community is a name given to a group of devices. SNMP version 1 and 2 use the community string to verify that the Manager and Agent are in the same group (a simple form of security). SNMP version 3 uses username and passwords for authentication. Now, the SNMP daemon needs to use the new file and listen on all interfaces (it defaults to loopback). Edit /etc/default/snmpd and comment the following lines: # snmpd options (use syslog, close stdin/out/err). SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1' Adding the following lines: SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf' NOTE: The initial line allows the manager to poll SNMP only from the loopback (127.0.0.1), but the replacement line allows you poll the whole network. Restart the snmpd service with the command: sudo service snmpd restart. Agent In some cases, it can be useful to monitor a computer as you would any other SNMP device on the network. Traps can be set just as they would be on any network device being monitored. Install the SNMP daemon and follow the rest of the instructions. Once installed, the SNMP daemon has no MIBs as required by an Agent. You need to install the MIBs by running: sudo apt-get install snmp-mibs-downloader Open the file /etc/snmp/snmp.conf and comment out all the lines. Edit the file etc/snmp/snmpd.conf and change the line: rocommunity public default -V systemonly to: rocommunity public 10.0.0.0/8 NOTE: Change the community name from public if needed and the IP network address should be appropriate to your network. SNMP Security Very simple measures can be taken to secure your SNMP devices from those outside your network. If the network is firewalled to the Internet, be sure to block the SNMP ports from the Internet so no one from the Internet can access your SNMP devices. Do not use the ‘public’ community name. If using SNMP version 3, use a complicated username and password. With any of these instructions, be sure to follow all directions and not skip a step. Also, be aware that the SNMP daemon is not the only SNMP Manager available, others may suit your needs better.