This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap: • The Get operation is used by the NMS to retrieve the value of one or more object ins
Trang 1object that contains a single object instance, the integer value that indicates the total number of input Novell Netware packets on a router interface An object identifier (or object ID) uniquely identifies a managed object in the MIB hierarchy The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations
Figure 8.9
MIB tree
The top-level MIB object Ids belong to different standards organizations, while lower-level object Ids are allocated by associated organizations Vendors can define private branches that include managed objects for their own products MIBs that have not been standardized typically are positioned in the experimental branch The managed object at Input can be uniquely identified either by the object name – iso.identified-organization dod.internet private.enterprise.cisco.temporary variables.Novell.atInput – or by the equivalent object descriptor: 1.3.6.1.4.1.9.3.4.1
SNMP is a simple request–response protocol The network-management system issues a request, and managed devices return responses This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap:
• The Get operation is used by the NMS to retrieve the value of one or more object instances from an agent If the agent responding to the Get operation
Trang 2cannot provide values for all the object instances in a list, it does not provide any values
• The GetNext operation is used by the NMS to retrieve the value of the next object instance in a table or list within an agent
• The Set operation is used by the NMS to set the values of object instances within an agent
• The Trap operation is used by agents to asynchronously inform the NMS of
a significant event The Get, GetNext, and Set operations used in SNMPv2 are exactly the same as that used in SNMPv1 SNMPv2, however, adds and enhances some operations The SNMPv2 Trap operation, for example, serves the same function as that used in SNMPv1 It, however, uses a different message format and is designed to replace the SNMPv1 Trap SNMPv2 also defines two additional protocol operations: GetBulk and Inform:
• The GetBulk operation is used by the NMS to efficiently retrieve large blocks of data, such as multiple rows in a table GetBulk fills a response message with as much of the requested data as will fit
• The Inform operation allows one NMS to send trap information to another NMS and receive a response In SNMPv2, if the agent responding to GetBulk operations cannot provide values for all the variables in a list, it provides partial results
SNMP is a distributed-management protocol A system can operate exclusively as either
an NMS or an agent, or it can perform the functions of both When a system operates as both an NMS and an agent, another NMS might require that the system query managed devices and provide a summary of the information learned, or that it report locally stored management information
SNMP lacks any authentication capabilities, which results in vulnerability to a variety of security threats
These include masquerading, modification of information, message sequence and timing modifications, and disclosure:
• Masquerading consists of an unauthorized entity attempting to perform management operations by assuming the identity of an authorized management entity
• Modification of information involves an unauthorized entity attempting to alter a message generated by an authorized entity so that the message results
in unauthorized accounting management or configuration management operations
• Message sequence and timing modifications occur when an unauthorized entity reorders, delays, or copies and later replays a message generated by an authorized entity
• Disclosure results when an unauthorized entity extracts values stored in managed objects, or learns of notifiable events by monitoring exchanges between managers and agents
Trang 3Because SNMP does not implement authentication, many vendors do not implement Set operations, thereby reducing SNMP to a monitoring facility
8.9.7 SNMP interoperability
SNMPv2 is incompatible with SNMPv1 in two areas: message formats and protocol
operations SNMPv2 messages use different header and protocol data unit (PDU)
formats than SNMPv1 messages SNMPv2 also uses two protocol operations that are not specified in SNMPv1 Furthermore, RFC 1908 defines two possible SNMPv1/v2 coexistence strategies: proxy agents and ‘bilingual’ network-management systems
Proxy agents
An SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices,
as follows:
• An SNMPv2 NMS issues a command intended for an SNMPv1 agent
• The NMS sends the SNMP message to the SNMPv2 proxy agent
• The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged
• GetBulk messages are converted by the proxy agent to GetNext messages and then are forwarded to the SNMPv1 agent
• The proxy agent maps SNMPv1 Trap messages to SNMPv2 Trap messages and then forwards them to the NMS
Bilingual network-management system
Bilingual SNMPv2 network-management systems support both SNMPv1 and SNMPv2
To support this dual-management environment, a management application in the bilingual NMS must contact an agent The NMS then examines information stored in a local database to determine whether the agent supports SNMPv1 or SNMPv2 Based on the information in the database, the NMS communicates with the agent using the appropriate version of SNMP
TCP/IP defines an electronic messaging protocol named SMTP SMTP is used by E-mail programs such as Outlook Express or Eudora to send E-mail messages and files from a user on a local network to a user on a remote network
SMTP defines the interchange between two SMTP processes It does NOT define how the mail is to be passed from the sender to SMTP, or how the mail is to be passed from SMTP to the recipient The SMTP process with mail to send is called the SMTP client, while the receiving SMTP process is called the SMTP server
Mail is forwarded to an SMTP client in one of two ways The user can either use TELNET to enter the information manually, or the application such as Outlook Express can invoke the client
The first step in the transmission of the data is the connection setup, whereby the SMTP client opens a TCP connection to the remote SMTP server at port 25 The client then sends a ‘Hello’ command containing the name of the sending user The SMTP server now sends a reply indicating its ability to receive mail TELNET users will have to enter the IP address or the domain name of the server (e.g smtp-01.ny.us.ibm.net), the relevant port number (25) and a terminal type (e.g VT-100) The first two items are necessary for TCP
to create the necessary socket
Trang 4The second step in the process involves the actual mail transfer Mail transfer begins with a ‘Mail From’ command containing the name of the sender, followed by a ‘Receipt’ command indicating the recipient A ‘Data’ command is followed by the actual message SMTP can be considered a reliable delivery service in that the underlying TCP protocol ensures correct delivery to the SMTP server SMTP, however, does not guarantee nor offer mechanisms for reliable delivery from the SMTP server to the user
When the message transfer is complete another message can be sent, the direction of transfer changed, or the connection closed
Closing the connection, involves the SMTP client issuing a ‘Quit’ command Both sides then execute a TCP close operation in order to release the connection
SMTP commands begin with a four-octet command code (in ASCII), which can be followed by an argument The SMTP replies use the same format as FTP, i.e a 3-digit numeric value followed by a text string Here follows some SMTP commands
MAIL FROM: sender-e-mail-address
VRFY recipient-mail-address
RCPT TO: recipient-e-mail-address
EXPN alias-name
DATA
HELP command-name
RSET
NOOP
QUIT
In the following example a simple ASCII string is sent to a recipient via a TELNET connection
220 prserv.net – Maillenium ESMTP/ MULTIBOX out4 #30
MAIL FROM: john@hotmail.com
250 ok
RCPT TO: deb@iinet.net.au
250 ok; forward to <deb@iinet.net.au)
DATA
354 ok
‘This is only a test message.’
250 ok, id = 2000042800030723903cb80fe
QUIT
The current version of the post office protocol is POP3 POP3 uses the well known port number 110 Like SMTP, it involves a client running on a local machine and a server running on a remote machine POP3 is very much the opposite of SMTP in that its function is to retrieve mail from a remote POP3 server to a local POP3 client
It was developed to ease the load on mail servers Instead of multiple clients logging in
to a remote mail server, the remote POP3 server makes a quick connection to the actual mail server, retrieves and removes the mail from the mail server, and then downloads it to the local POP3 client As in the case of SMTP, it uses a TCP connection for this purpose Unlike SMTP, proper authentication with a user name and a password is required
POP3 commands include the following
STAT
Trang 5LIST message-number
RETR message-number
DELE message-number
NOOP
RSET
QUIT
TOP message-number number-of-lines
The following example shows the interaction with a POP3 server via a TELNET connection
+OK POP Server Version 1.0 at pop1a.prserv.net
USER auinet.deb
+OK Password required for deb
PASS geronimo
+OK deb has 2 messages (750 octets)_
LIST
+OK 2 messages (75 octets)
1 374
2 376
TOP 1 10
+OK 274 octets
Received from out4.prserv.net [32.97.166.34] by in2.prserv.net id 956880005.59882-1: Fri, 28 Apr 2000- 00:00:00 +0000
Received: from <unknown domain> ([129:37:1675:208] by prserv.net (out4) with SMTP
Id <2000042723591123901fj001e; Thu, 27 Apr 2000 23:59:48: +0000
‘This is only a test message.’
QUIT
The bootstrap protocol BOOTP (RFC 951) is an alternative to RARP When a diskless
workstation (for example a PLC) is powered up, it broadcasts a BOOTP request on the network
A BOOTP server hears the request, looks up the requesting client’s MAC address in its BOOTP file, and responds by telling the requesting client machine:
• The server’s IP address and NetBIOS name
• The fully qualified name of the file that is to be loaded into memory of the requesting machine, and executed at boot-up
Although BOOTP is an alternative to RARP, it operates in an entirely different way RARP operates at the data link layer and the RARP packets are contained within the local network (e.g Ethernet) frames; hence it cannot cross any routers With BOOTP the information is carried by UDP via IP, hence it can operate on an internetwork across routers and the server can be several hops away from the client and facilitate address resolution across routers Although BOOTP uses IP and UDP, it is still small enough to fit within a bootstrap ROM on a client workstation
Figure 8.10 depicts the BOOTP message format