1 00:00:00,007 --> 00:00:02,007 - [Instructor] The Simple Network Management Protocol 2 00:00:02,007 --> 00:00:05,005 is integral to every enterprise. 3 00:00:05,005 --> 00:00:08,007 It allows network admins to gather statistical information 4 00:00:08,007 --> 00:00:11,001 from network connected devices, 5 00:00:11,001 --> 00:00:13,005 workstations, servers, firewalls, 6 00:00:13,005 --> 00:00:15,008 routers, switches, printers, 7 00:00:15,008 --> 00:00:18,008 virtually any network connected device. 8 00:00:18,008 --> 00:00:23,005 SNMP is heavily used by Network Management Systems or NMS' 9 00:00:23,005 --> 00:00:28,004 that poll, trend, and alert on network and server status. 10 00:00:28,004 --> 00:00:30,000 In the SNMP environment, 11 00:00:30,000 --> 00:00:33,004 the server doing collections is known as the manager. 12 00:00:33,004 --> 00:00:35,008 The manager will generally directly run 13 00:00:35,008 --> 00:00:37,007 a network management station. 14 00:00:37,007 --> 00:00:39,000 This is the software package 15 00:00:39,000 --> 00:00:42,007 responsible for doing collection and storage. 16 00:00:42,007 --> 00:00:45,004 Some larger designs will distribute polling engines 17 00:00:45,004 --> 00:00:47,001 in geographic areas. 18 00:00:47,001 --> 00:00:49,004 Polling engine is a piece of software 19 00:00:49,004 --> 00:00:53,009 that will issue SNMP requests to manage devices' agents. 20 00:00:53,009 --> 00:00:55,008 An agent is a software package 21 00:00:55,008 --> 00:00:59,003 that will respond to SNMP requests from managers. 22 00:00:59,003 --> 00:01:02,008 In short, the agent runs on the device you want to monitor. 23 00:01:02,008 --> 00:01:06,005 SNMP can be either read-only or read/write. 24 00:01:06,005 --> 00:01:09,008 Read is the ability to only retrieve information. 25 00:01:09,008 --> 00:01:12,004 Read/write gives you the ability to change information 26 00:01:12,004 --> 00:01:13,008 on a remote device. 27 00:01:13,008 --> 00:01:16,008 Writing can be used to adjust informational data 28 00:01:16,008 --> 00:01:20,004 or do things like disable or enable switch ports. 29 00:01:20,004 --> 00:01:23,002 Whenever an SNMP agent is going to be polled, 30 00:01:23,002 --> 00:01:24,008 the information is retrieved 31 00:01:24,008 --> 00:01:29,009 by asking for specific object identifiers or OIDs. 32 00:01:29,009 --> 00:01:33,000 OIDs are long streams of numbers in dotted notation. 33 00:01:33,000 --> 00:01:35,006 For example, the OID for system description 34 00:01:35,006 --> 00:01:40,005 is 1.3.6.1.2.1.1.1. 35 00:01:40,005 --> 00:01:42,005 Think of this like an index. 36 00:01:42,005 --> 00:01:46,005 Management Information Bases, or MIBs, will take these OIDs 37 00:01:46,005 --> 00:01:50,003 and map them to a hierarchical human-readable form. 38 00:01:50,003 --> 00:01:53,007 MIBs aren't always necessary for SNMP's function, 39 00:01:53,007 --> 00:01:56,006 but it makes it much easier to utilize. 40 00:01:56,006 --> 00:01:59,005 MIBs generally make it easier to add new monitoring points 41 00:01:59,005 --> 00:02:02,003 into an existing network monitoring system. 42 00:02:02,003 --> 00:02:06,007 Agents' requests are received on UDP port 161. 43 00:02:06,007 --> 00:02:10,004 SNMP traps are sent to UDP port 162. 44 00:02:10,004 --> 00:02:13,008 Traps are messages that are sent from an agent to a manager 45 00:02:13,008 --> 00:02:16,003 when some defined event occurs. 46 00:02:16,003 --> 00:02:18,004 When using TLS for encryption, 47 00:02:18,004 --> 00:02:22,000 an agent listens on UDP port 10161 48 00:02:22,000 --> 00:02:25,009 and traps are sent on UDP 10162. 49 00:02:25,009 --> 00:02:30,003 SNMPv1 and V2C both implement a simple 50 00:02:30,003 --> 00:02:32,007 community-based authentication system. 51 00:02:32,007 --> 00:02:35,009 A community is basically just a plaintext password 52 00:02:35,009 --> 00:02:37,000 sent to an agent. 53 00:02:37,000 --> 00:02:40,004 In v3, there were three main additions: 54 00:02:40,004 --> 00:02:43,002 confidentiality by encrypting packets, 55 00:02:43,002 --> 00:02:46,005 integrity to ensure packets haven't been tempered with, 56 00:02:46,005 --> 00:02:49,001 and authentication to validate the source. 57 00:02:49,001 --> 00:02:53,004 Having a solid NMS is core to administrator sanity. 58 00:02:53,004 --> 00:02:57,001 SNMP allows an administrator to see trends. 59 00:02:57,001 --> 00:03:01,004 SNMP allows an administrator to see trends, predict issues, 60 00:03:01,004 --> 00:03:05,000 and react with speed and confidence.