Snmpv3 is a secured protocol compared to Snmpv2 and Snmpv1. But I dont understand what is the use of context name.We already have an user name and also authentication and privacy passwords which provide a security level. Someone using a wireshark cannot identify it as it is sent through encrypted form. So what is the use of context name in Snmpv3?
The contextName and contextEngineID parameters allow multiple versions of the same MIB objects to be made available by a single SNMPv3 engine, as if you have multiple agents running on the same IP address and port. These are distinguished from one another by contextName and contextEngineID, where otherwise they would have had a different address and/or port. One reason for this could be that you have a master agent with multiple sub-agents and the sub-agents have some overlap. Another reason would be a proxy agent: for example, a manager that only speaks SNMPv3 and devices than only speak SNMPv1 could use a multi-lingual proxy at a single address/port and use the contextName and contextEngineID to identify devices. The proxy here would map the contextName and contextEngineID to device address/port and translate/forward requests to the devices and responses back to the manager.
Related
I am trying to discover some Windows and Linux machines that are provided by a 3rd part vendor so I dont have Local Admin access.
Providing I have the community string can discover these devices and find information like OS, HDD utilization, machine name?
Kind Regards,
Warren Gardner
The typical SNMP discovery is simply a number of SNMP GET/GET-NEXT requests to query the list of predefined OIDs. The procedure scans the range of IP addresses (UDP port 161) using the same SNMP security parameters. For SNMP v1/v2C the only parameter you need to specify is Read Community string. For SNMPv3 you have to specify security level, auth/priv protocol, username and password and some other parameters.
Please note that there is no standard for SNMP discovery. So usually the results of discovery are very limited (subset of RFC1213 - MIB-2):
sysName,
sysDescr,
sysLocation
network interfaces
The advanced SNMP discovery procedure is usually implemented in commercial software/NMS and includes extended information from Cisco IOS, printer status (toner level and so on), etc. Also these systems are capable of doing topology discovery based on CDP, LLDP, routing tables.
We are trying to create a simulation script where we need to send TCP packet data to the server in way that it appears to be coming from different IP every time.
Basically we need to emulate multiple devices ( with different IP) which are constantly sending data to the server.
The server creates a new connection only for request coming in from a new IP.
What is the best possible way to achieve it ? Is there a way of using proxy servers or some sort of virtualization to accomplish this ?
What you want to use is IP aliasing. This allows you to create virtual network interfaces. Each virtual interface can have one or more IP addresses assigned to it.
This link shows how to do it in Linux.
This link shows how to do it in Windows.
Next your clients need to specify which of your addresses to use. Use getifaddrs() to enumerate the available addresses. Then use the bind() system call on the socket before you do a connect(). This way you can have multiple clients and each one will use a different source IP address. This post has the details.
I have a ruby server based on TCPSocket (non-HTTP).
I have 2 different domains, both pointing with an A-Record to my servers IP Address (the same one). So, there are clients connecting to one of those domains.
Is it possible to tell which domain a client was connecting to?
I saw that this is possible in other protocols, but I'm not sure if this is based on manually added headers or really extracted from the basic tcp/ip connection. E.g. in PHP there is $_SERVER["HTTP_HOST"] which shows to which domain a client was connecting.
At the TCP socket level, the only things that are known are the source and destination IP addresses (and ports) of the connection. How the IP address was resolved via DNS is not possible to know at this layer. Even though HTTP works on top of TCP, HTTP servers have to look at the HTTP headers from the client to know which domain they are making a request to. (That's how the HTTP_HOST value gets filled in.)
One possible solution is to configure your server to have an additional IP address. This can be by assigning an additional IP address to the NIC or adding an additional NIC. Then have each domain use a different IP address. Otherwise, this is not possible and you may want to consider your application protocol on top of TCP to convey this information.
I am working on some legacy code on Windows for a desktop app in "C.
The client needs to know the geo-location of the user who is running the application.
I have the geo-location code all working (using MaxMind: http://dev.maxmind.com/).
But now I'm looking for help in getting their external IP.
From all the discussions on this topic throughout SO and elsewhere it seems that there is a way to do this by connecting to a "reliable" host (server) and then doing some kind of lookup. I'm not too savvy on WinSock but this is the technology that may be the simplest to use.
Another option is to use WinHttpConnect technology.
Both have "C" interfaces.
Thank you for your support and suggestions.
You can write a simple web service that checks the IP address(es) that the program presents when connecting to that web service.
Look at http://whatismyip.com for an example.
Note that multiple addresses can be presented by the HTTP protocol if there are proxy servers along the route.
You can design your simple web service to get the IP of the client. See
How do I get the caller's IP address in a WebMethod?
and then return that address back to the caller.
Note that in about 15% of cases (my experience metric) the geo location will be way off. The classic example is that most AOL users are routed through a small number of proxy servers. However, there are many other cases where the public IP does not match the user's actual location. Additionally, Geo IP databases are sometimes just wrong.
Edit
It is not possible to detect your external IP address using only in-browser code.
The WebSocket has no provision to expose your external IP address.
https://www.rfc-editor.org/rfc/rfc6455
You need an outside server to tell you what IP it sees.
What is the meaning of internal profile or external profile in Free Switch?
Also I don't know the meaning of -
application="bridge".
I also cannot understand
data="${sofia_contact($${gwuser}#$${domain})}"
or
data="sofia/internal/${destnumber}#192.168.10.33:5062"
It will be really helpful if someone could give me a proper explanation, or at least, point me to a right direction.
"internal" and "external" are names of sip profiles. Those are usually defined in the default configuration of freeswitch. They are sample configurations optimized for internal or external access, you can define other sip profiles with a configuration according to your needs.
application="bridge" is an application that bridges an incoming call to an other external or internal destination.
data="sofia/internal/${destnumber}#192.168.10.33:5062" means you want to use the sofia sipstack, the sip profile with the name "internal" with the content of the variable "destnumber" to ip 192.168.10.3 on port 5062.
Application bridge connects two channels(end-points) together.
sofia_* is the open source SIP protocol implementation developed by Nokia guys.
So, $${gwuser} is variable which contains the name of the user to call in SIP address notation: name#domain.
${domain} is the domain name.
sofia/internal/<adress> means that will be used internal sip number which is handled by local freeswitch PBX.
I think you should clarify a bit how freeswitch (mod_sofia) consider locally registered endpoints vs gateways:
http://wiki.freeswitch.org/wiki/Mod_sofia