This is one of a set of exercises. Previously: Discovery Protocol exercise
In this exercise you will explore some of the main features of the different SNMP versions. You will see how SNMPv1 and SNMPv2 have different ways to get object values, and the security features of SNMPv3.
Steps:
- Set the Wireshark display filter to only show SNMP and start capturing packets.
- The subtree of objects whose values you will GET depends on the last digit of your student number:
| Last digit of student ID | Subtree to read | Last object to get |
Number of objects to get = Number of GET requests for SNMPv1 = MaxRepetitions for SNMPv2 |
|---|---|---|---|
|
1,6 |
System |
sysServices.0 |
7 |
|
2,7 |
Ip |
ipFragCreates.0 |
19 |
|
3,8 |
Icmp |
icmpOutAddrMaskReps.0 |
26 |
|
4,9 |
Tcp |
tcpRetransSegs.0 |
12 |
|
5,0 |
Udp |
udp.OutDatagrams.0 |
4 |
- Enter the IP address of switch 1 (192.168.200.1) in the Host field in the main window of the MIB Browser.
- Set the MIB Browser to use SNMPv1, as shown in the screenshot "Using the MIB Browser to set the SNMP version". Press OK to apply the changes.
Using the MIB Browser to set the SNMP version
- Use the MIB Browser to GET the first object in the "Subtree to read". The screenshot gives an example of "Using the MIB Browser to access the system subtree".
Using the MIB Browser to access the system subtree
- Repeatedly send "GetNext" requests to get successive objects until you get to the "Last object to get".
- Use Wireshark to determine the total number of bytes sent in GET requests and responses, and record your results in the SNMP Versions Exercise Results .
- Tip: Create a display filter to show "snmp and ip.dst==192.168.200.1" to show SNMP traffic to the switch, or change "ip.dst" to "ip.src" to show SNMP traffic from the switch, and then use Wireshark's Statistics-Summary feature and note the statistics about the displayed packets.
- Set the MIB Browser to use SNMPv2c and specify the "Max Repetitions" as per the table above. Restart the Wireshark capture and use the MIB Browser to "Get Bulk" starting with the first object in the "Subtree to read". Again, "Use Wireshark to determine the total number of bytes sent in GET requests and responses, and record your results in the SNMP Versions Exercise Results".
- Set the MIB Browser to use SNMPv3 but before pressing "OK", click the Add button in the SNMPv3 section to create a user with the specifications shown in the screenshot "Using the MIB Browser to set SNMPv3 parameters". Use the "Auth Password" which is provided elsewhere. Click "OK" on the "SNMPv3 parameters" window and the window in which you are selecting the SNMP version.
Using the MIB Browser to set SNMPv3 parameters
- To test that SNMPv3 is working, read the value of the object identified in the table below which corresponds to the 3rd last digit of your student ID. If you get an error and you were attempting to access the cdpCache objects, then try replacing the .1 at the end of the OID with .2. Record the value in the SNMP Versions Exercise Results .
| 3rd last digit of student ID | Object name |
Object ID (but see the note above about the .1 at the end might need to be .2) |
|---|---|---|
| 1,6 |
cdpCacheAddress |
.1.3.6.1.4.1.9.9.23.1.2.1.1.4.2.1 |
| 2,7 |
cdpCacheDeviceId |
.1.3.6.1.4.1.9.9.23.1.2.1.1.6.2.1 |
| 3,8 |
cdpCacheDevicePort |
.1.3.6.1.4.1.9.9.23.1.2.1.1.7.2.1 |
| 4,9 |
cdpCacheVlanId |
.1.3.6.1.4.1.9.9.23.1.2.1.1.14.2.1 |
| 5,0 |
ifDescr.1 |
.1.3.6.1.2.1.2.2.1.2.1 |
Next: Notifications exercise