Internet Protocol Analysis/Network Monitoring

This lesson introduces network monitoring and looks at the Simple Network Monitoring Protocol (SNMP). Activities include installing, configuring and testing the SNMP service, using Wireshark to examine SNMP network traffic, and using OpenNMS to monitor a network.

Readings

edit
  1. Wikipedia: Network monitoring
  2. Wikipedia: Simple Network Management Protocol
  3. Wikipedia: Management information base

Multimedia

edit
  1. YouTube: An Overview of SNMP - CompTIA Network+ N10-005: 4.4

Activities

edit
  1. Install the SNMP Service.
  2. Configure the SNMP Service.
  3. Test the SNMP Service.
  4. Use a free or open source network monitoring tool to monitor a network:
  5. Review Wireshark: Simple Network Management Protocol (SNMP).
  6. Consider situations in which a packet analyzer might be used to troubleshoot network monitoring traffic.

Lesson Summary

edit
  • Network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages.[1]
  • Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks.[2] With SNMP, administrative computers called managers monitor or manage a group of hosts on a computer network. Each managed system executes an agent which reports information via SNMP to the manager.[3]
  • SNMP uses a Management Information Base (MIB) to describe the structure of the management data of a device subsystem. The MIB is a hierarchical namespace containing object identifiers (OID), and each OID identifies a variable that can be read or set via SNMP.[4]
  • SNMP is an application layer protocol. SNMP agents receive requests on UDP port 161. SNMP managers receive notifications (Traps and InformRequests) on UDP port 162.[5]
  • SNMP messages from managers include GetRequest, SetRequest, GetNextRequest, and GetBulkRequest. SNMP messages from agents include Response and Trap. SNMP messages from manager to manager include InformRequest.[6]
  • SNMP versions 1 and 2 support limited security through the use of a clear-text password known as a community string. SNMP version 3 supports encryption on UDP ports 10161 and 10162.[7][8]
  • Default SNMP settings present a variety of security issues that must be addressed when SNMP is implemented on a network.[9]

Key Terms

edit
agent
A software component that runs on managed devices and responds to requests from the network management system.[10]
availability
The degree to which a system, subsystem, or equipment is in a specified operable and committable state.[11]
managed device
A network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional access to node-specific information.[12]
network management system
A combination of hardware and software used to monitor and administer a computer network or networks.[13]
response time
The interval between the receipt of the end of transmission of an inquiry message and the beginning of the transmission of a response message to the station originating the inquiry.[14]
uptime
A measure of the time a machine has been up without any downtime.[15]

Review Questions

edit
Enable JavaScript to hide answers.

Click on a question to see the answer.

  1. Network monitoring describes the use of a system that _____ and that _____.
    Network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages.
  2. Simple Network Management Protocol (SNMP) is an Internet-standard protocol for _____. With SNMP, administrative computers called _____ monitor or manage a group of hosts on a computer network. Each managed system executes an _____ which reports information via SNMP to the manager.
    Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. With SNMP, administrative computers called managers monitor or manage a group of hosts on a computer network. Each managed system executes an agent which reports information via SNMP to the manager.
  3. SNMP uses a _____ to describe the structure of the management data of a device subsystem. The _____ is a hierarchical namespace containing _____, and each _____ identifies a variable that can be read or set via SNMP.
    SNMP uses a Management Information Base (MIB) to describe the structure of the management data of a device subsystem. The MIB is a hierarchical namespace containing object identifiers (OID), and each OID identifies a variable that can be read or set via SNMP.
  4. SNMP is an _____ layer protocol. SNMP _____ receive requests on _____ port _____. SNMP _____ receive notifications on _____ port _____.
    SNMP is an application layer protocol. SNMP agents receive requests on UDP port 161. SNMP managers receive notifications on UDP port 162.
  5. SNMP messages from managers include _____. SNMP messages from agents include _____. SNMP messages from manager to manager include _____.
    SNMP messages from managers include GetRequest, SetRequest, GetNextRequest, and GetBulkRequest. SNMP messages from agents include Response and Trap. SNMP messages from manager to manager include InformRequest.
  6. SNMP versions 1 and 2 support limited security through the use of a clear-text password known as a _____. SNMP version 3 supports encryption on _____ ports _____ and _____.
    SNMP versions 1 and 2 support limited security through the use of a clear-text password known as a community string. SNMP version 3 supports encryption on UDP ports 10161 and 10162.
  7. Default SNMP settings present a variety of _____ that must be addressed when SNMP is implemented on a network.
    Default SNMP settings present a variety of security issues that must be addressed when SNMP is implemented on a network.

Assessments

edit

See Also

edit

References

edit
  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.