I am trying to discover some Windows and Linux machines that are provided by a 3rd part vendor so I dont have Local Admin access.
Providing I have the community string can discover these devices and find information like OS, HDD utilization, machine name?
Kind Regards,
Warren Gardner
The typical SNMP discovery is simply a number of SNMP GET/GET-NEXT requests to query the list of predefined OIDs. The procedure scans the range of IP addresses (UDP port 161) using the same SNMP security parameters. For SNMP v1/v2C the only parameter you need to specify is Read Community string. For SNMPv3 you have to specify security level, auth/priv protocol, username and password and some other parameters.
Please note that there is no standard for SNMP discovery. So usually the results of discovery are very limited (subset of RFC1213 - MIB-2):
sysName,
sysDescr,
sysLocation
network interfaces
The advanced SNMP discovery procedure is usually implemented in commercial software/NMS and includes extended information from Cisco IOS, printer status (toner level and so on), etc. Also these systems are capable of doing topology discovery based on CDP, LLDP, routing tables.
Related
SMB's session setup packet contains both a NativeOS and NativeLanMan field that describe both host and client.
I have a need to determine if a network share is SAMBA or Windows Server to avoid a bug.
I know both of these do set unique fields for the setup packet but I am at a loss of finding a win32 api that may expose this info.
My OpenNMS system is running on Windows Server 2012 and I am doing most of my configurations through the web interface.
I have configured an SNMP community associated with a range of ip addresses for the node I want to monitor. I have specified a string for this community. I have added the node (which contains multiple ip addresses) for provisioning. I have added the node to the default data collection group. However, when I try to navigate to the node, rescan it, and manage data collection per interface, I cannot view the node as an option from which to collect data. I also do not see SNMP data on the node availability graphs, only ICMP data. How should I approach this problem. Are there any additional files I need to edit?
If any of you have some knowledge of OpenNMS, I would appreciate the help. I have only been using OpenNMS for 2 weeks now, and I have very little knowledge of SNMP or networking, though I am learning more every day.
First of all, it is important to ensure your OpenNMS as SNMP access to your Device you want to monitor. You can verify this by running the following command from the CLI off your OpenNMS server:
snmpwalk -v 2c -c <your-community-string> <your-ip-interface>
If you don't see any output or a timeout, you have connectivity issues which can be firewalls between your OpenNMS and the device you want to monitor. It can also be the SNMP Agent on your Device does not allow access from your OpenNMS servers IP address.
As I'm reading your Node has multiple IP interfaces you have provisioned. You can define an attribute "SNMP Primary" which means:
P: It is the primary interface and when it is reachable, OpenNMS will try to fetch all SNMP performance data from this interface
S: It is set as secondary, it means SNMP is available but will only be used to fetch SNMP performance data if the primary interface is down
N: Not used for SNMP performance data collection
By default OpenNMS detects also services like SNMP. The SNMP service is assigned to the interface when it is possible to fetch the System Object ID (sysoid) .1.3.6.1.2.1.1.2.0 from the given IP interface using the SNMP community you have configured by the IP address in the WebUI. You can troubleshoot this on the CLI using the snmpget command from your OpenNMS server like this:
snmpget -v 2c -c <your-community-string> <your-ip-interface> .1.3.6.1.2.1.1.2.0
If you don't get a result, OpenNMS will not detect the SNMP service. OpenNMS will only try to collect SNMP performance data from an IP interface when the SNMP service is associated.
Hope this helps for further troubleshooting.
Snmpv3 is a secured protocol compared to Snmpv2 and Snmpv1. But I dont understand what is the use of context name.We already have an user name and also authentication and privacy passwords which provide a security level. Someone using a wireshark cannot identify it as it is sent through encrypted form. So what is the use of context name in Snmpv3?
The contextName and contextEngineID parameters allow multiple versions of the same MIB objects to be made available by a single SNMPv3 engine, as if you have multiple agents running on the same IP address and port. These are distinguished from one another by contextName and contextEngineID, where otherwise they would have had a different address and/or port. One reason for this could be that you have a master agent with multiple sub-agents and the sub-agents have some overlap. Another reason would be a proxy agent: for example, a manager that only speaks SNMPv3 and devices than only speak SNMPv1 could use a multi-lingual proxy at a single address/port and use the contextName and contextEngineID to identify devices. The proxy here would map the contextName and contextEngineID to device address/port and translate/forward requests to the devices and responses back to the manager.
i am working on a network discovery program which employs snmp to discover devices in the network. My program takes the router-ip as input, scans the iprotetable(iprouttenext hop),to determine if any other routers are connected to it. for non router devices (like switch) the algorithm scans the arptable (ipnettomediatable) of the router, but cant find the connected switch unless i ping from the switch to the router. is there any way where i can determine the device connected directly to the router ..?
Getting the devices connected to a router or switch is not that easy. Switches usually maintain a MAC forwarding database where it stores which MAC address has been seen on which switch port. This table can be easily read by using the bridge MIB. Unfortunately, there are several issues to take care of:
Those entries disappear again, when a device to the switch has been switched off or is simply not communicating. Usually, the entries in the MAC forwarding tables age out after 5 minutes or so.
The fact that a MAC address has been seen on a switch port doesn't mean that the device having the mac address is directly connected to the port. There might be any number of other switches, routers or hubs inbetween.
Some manufacturers like Cisco or HP use their own protocols to determine the network topology. There are several protocols (that area usually also available through a SNMP MIB):
CDP (Cisco Discovery Protocol): This is a proprietary protocol developed by Cisco to expose network topology information. Some vendors licensed this technology and implement that protocol in their products.
LLDP (Link Layer Discovery Protocol): A standard similar to CDP, but without paying Cisco license fees :-)
And many more. I know kthat Extreme Networks has their own protocols and I am pretty sure that other vendors have them as well.
The problem with those protocols is when you have a mixed environment. Cisco switches talking CDP do not understand Extremen Network's protocol and vica versa.
If your goal is to find IP addresses to discover, then you might use the ARP caches for routers. Scanning the ARP caches for switches makes no real sense, because they're operating on layer 2.
I was using broadcast message for my java snmp agent
I have to scan my Infrastructure and find it out the way I should use (WMI, SSH, SNMP, etc.) to discover the device details.
The approach I am following as of now is
Get the availability of device.
Query using WMI (If responding? use this protocol to discover this device)
If the above device does not respond to WMI use another protocol like SSH or SNMP (it's configurable) etc.
Is there any other way of discovery for a mixed environment? Please suggest.
The approach you are taking seems reasonable. Alternatively, you could have some existing software do this for you.