We now return to the description of the MIB. We describe only the following groups: system (system identification), if (interfaces), at (address translation), ip, icmp, and tcp. Additional groups are defined.
The system group is simple; it consists of seven simple variables (i.e., no tables). Figure 25.16 shows their names , data types, and descriptions.
We can query the router netb for some of these variables:
sun % snmpi -a netb -c secret snmpi> get sysDescr.0 sysObjectID.0 sysUpTime.0 sysServices.0 sysDescr.0="Epilogue Technology SNMP agent for Telebit NetBlazer" sysObjectID.0=1.3.6.1.4.1.12.42.3.1 sysUpTime.0=22 days, 11 hours, 23 minutes, 2 seconds (194178200 timeticks) sysServices.0=0xc<internet,transport>
The system's object identifier is in the internet.private. enterprises group (1.3.6.1.4.1) from Figure 25.6. From the Assigned Numbers RFC we can determine that the next object identifier (12) is assigned to the vendor (Epilogue).
We can also see that the sysServices variable is the sum of 4 and 8: this element supports the Internet layer (i.e., routing) and the transport layer (i.e., end-to-end).
Only one simple variable is defined for this group: the number of interfaces on the system, shown in Figure 25.17.
This group also defines a table with 22 columns . Each row of the table defines the characteristics for each interface, as shown in Figure 25.18.
We can query the host sun for some of these variables for all its interfaces. We expect to find three interfaces, as in Section 3.8, if the SLIP interface is up:
sun % snmpi -a sun snmpi> next ifTable first see what index of first interface is ifIndex.1=1 snmpi> get ifDescr.1 ifType.1 ifMtu.1 ifSpeed.1 ifPhysAddress.1 ifDescr.1="le0" ifType.1=ethernet-csmacd(6) ifMtu.1=1500 ifSpeed.1=10000000 ifPhysAddress.1=0x08:00:20:03:f6:42 snmpi> next ifDescr.1 ifType.1 ifMtu.1 ifSpeed.1 ifPhysAddress.1 ifDescr.2="sl0" ifType.2=propPointToPointSerial(22) ifMtu.2=552 ifSpeed.2=0 ifPhysAddress.2=0x00:00:00:00:00:00 snmpi> next ifDescr.2 ifType.2 ifMtu.2 ifSpeed.2 ifPhysAddress.2 ifDescr.3="lo0" ifType.3=softwareLoopback(24) ifMtu.3=1536 ifSpeed.3=0 ifPhysAddress.3=0x00:00:00:00:00:00
We first get five variables for the first interface using the get operator, and then get the same five variables for the second interface using the get-next operator. The last command gets these same five variables for the third interface, again using the get-next command.
The interface type for the SLIP link is reported as proprietary point-to-point serial, not SLIP. Also, the speed of the SLIP link is not reported .
It is critical to understand the relationship between the get-next operator and the column-row ordering. When we say next ifDescr.1 it returns the next row of the table for this variable, not the next variable in the same row. If tables were stored in a row-column order instead, we wouldn't be able to step to the next occurrence of a given variable this way.
The address translation group is mandatory for all systems, but was deprecated by MIB-II. Starting with MIB-II, each network protocol group (e.g., IP) contains its own address translation tables. For IP it is the ipNetToMediaTable.
Only a single table with three columns is defined for the at group, shown in Figure 25.19.
We can use a new command within the snmpi program to dump an entire table. We'll query the router named kinetics (which routes between a TCP/IP network and an AppleTalk network) for its entire ARP cache. This output reiterates the lexicographic ordering of the entries in the table:
sun % snmpi -a kinetics -c secret dump at atIfIndex.1.1.140.252.1.4=1 atIfIndex.1.1.140.252.1.22=1 atIfIndex.1.1.140.252.1.183=1 atIfIndex.2.1.140.252.6.4=2 atIfIndex.2.1.140.252.6.6=2 atPhysAddress.1.1.140.252.1.4=0xaa:00:04:00:f4:14 atPhysAddress.1.1.140.252.1.22=0x08:00:20:0f:2d:38 atPhysAddress.1.1.140.252.1.183=0x00:80:ad:03:6a:80 atPhysAddress.2.1.140.252.6.4=0x00:02:16:48 atPhysAddress.2.1.140.252.6.6=0x00:02:3c:48 atNetAddress.1.1.140.252.1.4=140.252.1.4 atNetAddress.1.1.140.252.1.22=140.252.1.22 atNetAddress.1.1.140.252.1.183=140.252.1.183 atNetAddress.2.1.140.252.6.4=140.252.6.4 atNetAddress.2.1.140.252.6.6=140.252.6.6
If we watch the packet exchange using tcpdump, when snmpi dumps an entire table it first issues a get-next for the table name ( at in this example) to get the first entry. It prints the first entry and issues another get-next. This continues until the entire table has been dumped.
Figure 25.20 shows the arrangement of this table.
The AppleTalk physical addresses on interface number 2 are 32-bit values, not the 48-bit Ethernet addresses to which we're accustomed. Also note that an entry exists for our router ( netb at 140.252.1.183), which we expect, since kinetics and netb are on the same Ethernet (140.252.1) and kinetics must use ARP to send the SNMP responses back to us.
The ip group defines numerous variables and three tables. Figure 25.21 defines the simple variables.
The first table in the ip group is the IP address table. It contains one row for each IP address on the system. Each row contains five variables, described in Figure 25.22.
We can query the host sun for its entire IP address table:
sun % snmpi -a sun dump ipAddrTable ipAdEntAddr.127.0.0.1=127.0.0.1 ipAdEntAddr.140.252.1.29=140.252.1.29 ipAdEntAddr.140.252.13.33=140.252.13.33 ipAdEntIfIndex.127.0.0.1=3 loopback interface, lo0 ipAdEntIfIndex.140.252.1.29=2 SLIP interface, sl0 ipAdEntIfIndex.140.252.13.33=1 Ethernet interface, le0 ipAdEntNetMask.127.0.0.1=255.0.0.0 ipAdEntNetMask.140.252.1.29=255.255.255.0 ipAdEntNetMask.140.252.13.33=255.255.255.224 ipAdEntBcastAddr.127.0.0.1=1 all three use one bits for broadcast ipAdEntBcastAddr.140.252.1.29=1 ipAdEntBcastAddr.140.252.13.33=1 ipAdEntReasmMaxSize.127.0.0.1=65535 ipAdEntReasmMaxSize.140.252.1.29=65535 ipAdEntReasmMaxSize.140.252.13.33=65535
The interface numbers can be compared with the output following Figure 25.18, and the IP addresses and subnet masks can be compared with the values output by the ifconfig command in Section 3.8.
The next table, Figure 25.23, is the IP routing table. (Recall our description of routing tables in Section 9.2.) The index used to access each row of the table is the destination IP address.
Figure 25.24 is the IP routing table on the host sun obtained with the dump ipRouteTable command using snmpi. We have deleted all five of the routing metrics, since they are all -1. In the column headings we've also removed the prefix ipRoute from each variable name.
For comparison, here is the IP routing table in the format output by netstat (which we discussed in Section 9.2). Figure 25.24 is lexicographically ordered, unlike the netstat output:
sun % netstat -rn Routing tables Destination Gateway Flags Refcnt Use Interface 140.252.13.65 140.252.13.35 UGH 0 115 le0 127.0.0.1 127.0.0.1 UH 1 1107 lo0 140.252.1.183 140.252.1.29 UH 0 86 sl0 default 140.252.1.183 UG 2 1628 sl0 140.252.13.32 140.252.13.33 U 8 68359 le0
The final table in the ip group is the address translation table, Figure 25.25. As we said earlier, the at group is now deprecated, and this IP table replaces it.
Here is the ARP cache on the system sun:
sun % arp -a Svr4 (140.252.13.34) at 0:0:c0:c2:9b:26 bsdi (140.252.13.35) at 0:0:c0:6f:2d:40
and the corresponding SNMP output:
sun % snmpi -a sun dump ipNetToMediaTable ipNetToMediaIfIndex.1.140.252.13.34=1 ipNetToMediaIfIndex.1.140.252.13.35=1 ipNetToMediaPhysAddress.1.140.252.13.34=0x00:00:c0:c2:9b:26 ipNetToMediaPhysAddress.1.140.252.13.35=0x00:00:c0:6f:2d:40 ipNetToMediaNetAddress.1.140.252.13.34=140.252.13.34 ipNetToMediaNetAddress.1.140.252.13.35=140.252.13.35 ipNetToMediaType.1.140.252.13.34=dynamic(3) ipNetToMediaType.1.140.252.13.35=dynamic(3)
The icmp group consists of four general counters (total number of input and output ICMP messages, and number of input and output ICMP messages with errors) and 22 counters for the different ICMP message types: 11 input counters and 11 output counters. These are shown in Figure 25.26.
For the ICMP messages with additional codes (recall from Figure 6.3 that there are 16 different codes for destination unreachable), a separate counter is not maintained by SNMP for each code.
Figure 25.27 describes the simple variables in the tcp group. Many of these refer to the TCP states that we showed in Figure 18.12.
We can query some of these variables on the system sun:
sun % snmpi - a sun snmpi> get tcpRtoAlgorithm.0 tcpRtoMin.0 tcpRtoMax.0 tcpMaxConn.0 tcpRtoAlgorithm.0=vanj(4) tcpRtoMin.0=200 tcpRtoMax.0=12800 tcpMaxConn.0=-1
This system (SunOS 4.1.3) uses the Van Jacobson retransmission timeout algorithm, uses timeouts between 200 ms and 12.8 seconds, and has no fixed limit on the number of TCP connections. (This upper limit of 12.8 seconds appears wrong, since most implementations use an upper limit of 64 seconds, as we saw in Chapter 21.)
The tcp group has a single table, the TCP connection table, shown in Figure 25.28. This contains one row for each connection. Each row contains five variables: the state of the connection, local IP address, local port number, remote IP address, and remote port number.
Let's look at this table on the system sun. We show only a portion of the table, since there are many servers listening for connections. Before dumping this table two TCP connections were established:
sun % rlogin gemini IP address of gemini is 140.252.1.11
and
sun % telnet localhost IP address should be 127.0.0.1
The only listening server that we show is the FTP server, on port 21:
sun % snmpi -a sun dump tcpConnTable tcpConnState.0.0.0.0.21.0.0.0.0.0=listen(2) tcpConnState.127.0.0.1.23.127.0.0.1.1415=established(5) tcpConnState.127.0.0.1.1415.127.0.0.1.23=established(5) tcpConnState.140.252.1.29.1023.140.252.1.11.513=established(5) tcpConnLocalAddress.0.0.0.0.21.0.0.0.0.0=0.0.0.0 tcpConnLocalAddress.127.0.0.1.23.127.0.0.1.1415=127.0.0.1 tcpConnLocalAddress.127.0.0.1.1415.127.0.0.1.23=127.0.0.1 tcpConnLocalAddress.140.252.1.29.1023.140.252.1.11.513=140.252.1.29 tcpConnLocalPort.0.0.0.0.21.0.0.0.0.0=21 tcpConnLocalPort.127.0.0.1.23.127.0.0.1.1415=23 tcpConnLocalPort.127.0.0.1.1415.127.0.0.1.23=1415 tcpConnLocalPort.140.252.1.29.1023.140.252.1.11.513=1023 tcpConnRemAddress.0.0.0.0.21.0.0.0.0.0=0.0.0.0 tcpConnRemAddress.127.0.0.1.23.127.0.0.1.1415=127.0.0.1 tcpConnRemAddress.127.0.0.1.1415.127.0.0.1.23=127.0.0.1 tcpConnRemAddress.140.252.1.29.1023.140.252.1.11.513=140.252.1.11 tcpConnRemPort.0.0.0.0.21.0.0.0.0.0=0 tcpConnRemPort.127.0.0.1.23.127.0.0.1.1415=1415 tcpConnRemPort.127.0.0.1.1415.127.0.0.1.23=23 tcpConnRemPort.140.252.1.29.1023.140.252.1.11.513=513
For the rlogin to gemini only one entry appears, since gemini is a different host. We only see the client end of the connection (local port 1023), but both ends of the Telnet connection appear (client port 1415 and server port 23), since the connection is through the loopback interface. We can also see that the listening FTP server has a local IP address of 0.0.0.0, indicating it will accept connections on any interface.