Section 2.9. Reverse Engineering SNMP


2.9. Reverse Engineering SNMP

You might be wondering why something like this is even a topic for SNMP. Isn't SNMP a standard, you may ask? Well, it is, but that doesn't prevent vendors from doing things in nonstandard, and downright oblique, ways. In some cases, vendors either do not publish their SNMP MIB, or they use SNMP as a means of updating a network device from a GUI. For example, the Netgear WAG302 access point comes with Windows-based management software. This software uses SNMP to gather information from the WAP. The Netgear device supports several standard SNMP MIBs, but it also has support for two additional private MIBs: Netgear's MIB and that of a third-party provider. Netgear doesn't make its private MIB available. Using Ethereal (yes, it is available for Windows, too), you can capture the traffic as you work with a management application, such as the one that comes with the Netgear device, and see what SNMP requests and responses flow over the network.

As we mentioned already, Ethereal does a nice job of telling you things like the SNMP version, error codes, OIDs, and actual data in the PDU. We even get to see the OIDs and their values. For example, the following is an excerpt from the notification trace:

     Object identifier 3: 1.3.6.1.2.1.2.2.1.1 (IF-MIB::ifIndex)     Value: INTEGER: 2     Object identifier 4: 1.3.6.1.2.1.2.2.1.7 (IF-MIB::ifAdminStatus)     Value: INTEGER: up(1)     Object identifier 5: 1.3.6.1.2.1.2.2.1.8 (IF-MIB::ifOperStatus)     Value: INTEGER: up(1) 

We see that ifIndex is set to INTEGER 2, ifAdminStatus is set to INTEGER 1 (which Ethereal has translated to up for us), and ifOperStatus is set to up as well.

We suggest that you add Ethereal to your arsenal of network tools. It can help you greatly, not only in reverse engineering SNMP, but also in terms of learning about datagram structures and the like.




Essential SNMP
Essential SNMP, Second Edition
ISBN: 0596008406
EAN: 2147483647
Year: 2003
Pages: 165

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net