SNMP protocol, whose first version was officially released on 1990 and means Simple Network Management Protocol, is the easiest and simplest way a sysadmin has in order to manage and diagnose problems inside his network devices.

Let’s see what is, how snmp works and why this simple protocol is the essential key for a smooth network environment.

What is SNMP?

In the most general terms, network monitoring means the use of available communication protocols to collect information on the status of communication systems, whether they be routers, land line communications or cell phones. Among them, SNMP raises as the most used monitoring tool.

Do you want to know more about network monitoring?

Remote networks, unified monitoring, intelligent thresholds… discover network monitoring in Pandora FMS Enterprise version.

As we previously said, SNMP works as a mechanism of communication between network devices and a network administrator. Routers, switches, servers, printers…, most of every and each network device supports SNMP protocol. Not only with informative purposes, but also to perform different actions inside those devices (such as remote configuration).

How does SNMP work?

Belonging to the application layer (7th layer of the OSI model), allows communication between network devices. Those known as SNMP agents (request receivers) work in a set of predefined UDP ports, known as SNMP port or SNMP ports. Request receiving port (sent by any available port) is UDP 161 and UDP 162 is used to receive notifications (also known as SNMP trap port).

SNMP protocol works in two different ways: SNMP polls and traps. Polling consists of launching remote queries, either actively or on demand, carrying out operation queries synchronously. Traps, meanwhile, are messages sent by SNMP devices asynchronously, according to changes or events, to configured addresses.

To get the most out of SNMP monitoring, it’s best to use both modes when setting up a monitoring system.

SNMP versions

SNMP currently has three different protocol versions, gathered in different RFCs over time (since first ones on 1988, until today).

Those versions are:

1. SNMPv1 – defined in RFC 1155, 1156 and 1157, defines the way SNMP works.
2. SNMPv2 – communication and security improvements of first version. It has two subversions, one on which security is community based (version SNMP2c, RFCs 1901 and 1908), and one on which security is user based (version SNMPv2u, RFCs 1909 and 1910).
3. SNMPv3 – this third version, which includes and improves security and encryption, has struggled to find a market. The SNMP v3 is defined in RFC 3411 and 3418 and, since 2004, SNMPv3 is known as the actual standard protocol version.

SNMP alerts

Therefore, after knowing how SNMP protocol works, it is clear that one of its main uses are the alerts generated by all devices. Two types can be found in a SNMP monitoring network: synchronous alerts, those requested by an agent SNMP request (known as SNMP polling alerts), and asynchronous alerts, without agent request (known as SNMP traps or snmtraps).

This alert and notification system is the true key of SNMP protocol used in network monitoring tools base their operation of custom alerts. For example, in Pandora FMS we handle a wide range of custom alerts that can be triggered based on these SNMP alerts.

Now lets discuss in more detail what are and how monitoring works based on SNMP polling and SNMP traps.

SNMP trap monitoring

First configure your devices to send traps when specific circumstances are met, and secondly set up a tool that can collect the SNMP traps it receives, whether it be a machine with the necessary services, or a piece of monitoring software. How you configure the SNMP devices will depend on the manufacturer’s model and the device itself, and is carried out from a management interface accesible via a browser and its IP address.

Traps can be received in Linux by using the demon snmptrapd, installed as follows, e.g. on CentOS systems:

# yum install net-snmp-utils net-snmp-libs net-snmp

In our example we’re going to use Pandora FMS to receive and process the SNMP traps. If you already have a Pandora FMS server installed you won’t need any new dependencies, but you’ll have to enable it to receive the traps. Search for snmpconsole in the pandora_server.conf file and enable it as follows:

snmpconsole 1

Once the SNMP traps console is enabled Pandora FMS will be able to receive and process them and display them in the corresponding section:

To ensure the incoming traps are arriving correctly, you can consult the corresponding log file, usually at: /var/log/snmptrapd.log.

SNMP trap alerts

Alerts can also be configured via SNMP monitoring for the traps we prepared. In this case they won’t function in the same way as any other module, unlike with SNMP polling, but instead are based on filtering rules. Using these rules we can identify traps belonging to other devices, filter the contents of said trap, OID, etc..

In the next screenshot you can see various alerts created with different filtering options, and actions checking that everything is working fine:

SNMP polling monitoring

The protocol works by launching a query against an IP address and requires a specific parameter: the SNMP community string, an alphanumeric chain used to authorize the operation, and which adds an extra layer of security. When an SNMP check is launched against a compatible device, you get a list containing a lot of data that can be difficult to interpret at first:

# snmpwalk –v 1 –c public 192.168.50.14

monitorizacion snmp

Each line returned by snmpwalk has an OID (object identifier) and corresponds to a piece of data determined by the device. To better understand what the values returned by the SNMP check are, you can install the system manufacturer’s MIBs (management information base). MIBs are libraries that translate these numeric chains into a legible format allowing us to interpret the data.

Let’s look at some data we’ve got back after executing an SNMP check with the MIBs installed:

There are also web sites where you can consult any of these OIDs in case of doubt. If you know the OIDs you want to monitor, you can carry out the query like this by indicating the alphanumeric code that appears after the IP address in question:

monitorizacion snmp

# snmpwalk –v 1 –c public 192.168.1.50 IF-MIB::ifPhysAddress.2

Done like this, only the values of the SNMP object queried will be shown, so if you have a monitoring tool the data will be included in the different checks. In this case, we created a basic SNMP monitoring for a few devices using Pandora FMS, and the result is as follows:

SNMP polling alerts

Once data collection on modules via SNMP polling is being carried out, we can create alerts on Pandora FMS for those modules, executing actions proactively in function of the thresholds we’ve configured, and they work in the same way as any other alerts for any modules on Pandora FMS.

SNMP modules in Pandora FMS

We built Pandora FMS as a flexible monitoring software, capable of monitoring devices, infrastructures, applications, services and business processes. Among them, we have a complete SNMP module.

The wait is finally over, and the seventh version of Pandora FMS, “Next Generation” has arrived to keep your networks in working order, and more. Now including UX monitoring, transaction monitoring, extra features and visual highlights, interactive network maps and events history. It’s difficult to imagine that there is a more powerful and complete monitoring software currently available. We’re excited to talk about the new network maps upgrades, but if you’d like to find out about the other new additions click here.

The glowing iridescent Pandora FMS Omni-Brain that directs the office hive-mind has instructed the developers to make changes to the network maps function, consolidating both Open and Enterprise versions into a single tool, all-in-one. It’s now possible to display network maps totally visually and dynamically, with greater interaction possibilities, and represent any kind of network topology, including manual L2 links. You can also view all and any sub-networks that your organization is running and/or maintaining, on- or off-site; create hierarchy relations allowing a greater level of topological detail than ever before.

Creating network maps

Network maps can be created from:

• An agent group, if there are hierarchy relations between nodes in a group and these are going to be shown on the map.
• A network mask, to define the boundaries of a sub-network.
• Finally, one of the most usual ways, via self-discovery tasks. A reconnaissance task can be carried out to detect your network topology, respecting the connections and relations between nodes. At network interface level and layer 2 relations, information is presented automatically.

Keep in mind the relations between modules and agents to define the network topology you want to view.

In the following screenshot the available options for map-generating can be seen. You can select a group of agents (Group), a recon task (Recon task), or a network mask (CIDR IP mask).

If “Recon task” is selected the map design will show discovered nodes and any relations detected among them:

In a wider environment the perspective is going to be different: here you can see what a network map with more connected nodes would look like:

You can see how Pandora FMS connects to intermediary locations in the node diaspora. These locations usually correspond to routers, switches or access points.

Navigating network maps

Simpler than before, once a network map has been created you can move around it by simply dragging the mouse. Double-click or scroll to zoom in.

If you zoom in on a recon task-generated map you’ll see an image like the one below, allowing you to see relations between different map elements in more detail, including those at interface level.

It’s also easier to navigate map elements; simply drag and drop the elements, or scroll around the map at your leisure.

Editing maps

But there’s more; Pandora FMS 7’s maps are completely dynamic, meaning their default design can be modified, and elements displayed in the way that best suits the user. All intuitively and by simply using the mouse.

Double-click on any node on the map and you’ll see different edit options deployed, plus their relevant details. Likewise, you can now create, delete or modify relations between nodes and also their appearance.

To create a dependent relation between nodes or interfaces simply click on the node and create the relation by defining the parent and child element. You can also change the position of the node by dragging and dropping them on the map. If you need to move various nodes simultaneously, press “ctrl” and select the groups you want to move.

Right click on a node to deploy its options, see details or create a relation between two nodes at interface level, selecting the parent and child element respectively. Right click on a blank space to see the following options:

One of the most important labor-saving tools is the automatic generation of relations. This is possible thanks to self-discovery tasks, that allow relations between existing nodes to be automatically detected.

Last but not least, Pandora FMS 7 Next Generation includes the holding area. If you need to manually add new agents and relations to a pre-existing map, or if the recon task discovers new hosts, using the “refresh holding area” option will display nodes created or discovered subsequently in the “holding area”, and the original map will maintain its aesthetic, not being sullied with elements created a posteriori. Drag the new nodes out of the holding area to see its corresponding relations by clicking refresh.

In the Pandora FMS video “Network Maps” you can see everything we’ve explained in this article, and find out how to create, edit, and use a network map in a dynamic, graphic and easier way than in previous versions.

For more info visit https://pandorafms.com/ or our YouTube channel.

We already live in a post-apocalyptic future that has nothing to envy to great franchises like Mad Max or Blade Runner.

Proof of this are pollution, pandemics and the fact that your most intimate secrets can be violated because your most impenetrable slogans are in a database of leaked passwords.

Do you feel that pinch? It’s fear and cruel reality knocking at your door at the same time.

But, well, let’s stand by. Just as Mel Gibson or Harrison Ford would do in their sci-fi plots. Let a hard guy grimace get drawn on your face, adjust your pistol grip and put on comfortable shoes. Help us and help yourself answer this question:

Are you in a database of leaked passwords?

You already know that periodically, the security of large companies that store hundreds of data, including your passwords, is violated with total impunity.

We have repeated it countless times: No one is free from evil because, friends, evil never rests. And on top of that, there are no superheroes for these things.

That is why we will try to guide you to check, in a simple way, whether you and your passwords are in a database of leaked passwords.

That way you will find out whether you are safe or you already have to start thinking about coming up with new and original passwords.

*Remember: 

No matter how far-fetched and armored it may seem, from time to time you will have to check if it has been leaked. We do not want anyone with bad intentions to use them and take advantage of some of the services you have hired or, directly, steal your information. 

To guide you in this search what we will do is start by checking your emails. We will check whether they are included in some of these databases of leaked passwords. That way we will not only reveal if these have been filtered, but also the rest of the accounts in which you repeat the same username and password over and over again.

Is all this necessary?

Between you and me, it’s easier to memorize a password than to try it with hundreds. That’s why you repeat the same one since your teenage days! Damn it… maybe even since you met messenger and Terra chat. 

But this is a very dangerous thing! If someone has already obtained your old hotmail email and the password you used in it, and that you may continue to use, what they will do is, apart from appropriating your email, is to use that information to enter other platforms or services where you continue to use the same username and password as in that hotmail. 

Once you know whether any of the credentials that you usually repeat have been leaked, you will have in your hand the option to change them both on the site that has been violated and in the rest of the places where you use them. 

How do we do it?

To find out whether the passwords of any of the websites in which you have registered have been violated and filtered, you just have to go to:

haveibeenpwned.com

A portal that is responsible for collecting information from password databases filtered throughout the Internet.

*The page is quite intuitive. It works as a search engine. As the main Google page. So calm down.

Let’s go with a small list of steps to follow:

1. Enter haveibeenpwned.com.
2. Go to the main text box. In there type the email account you want to verify. You will be immediately shown the accounts or platforms, linked to it, that have been breached.
3. If after typing your email and pressing enter, the screen turns green, you are in luck, your email has not been involved in any massive leak.
4. However, if the screen turns to a maroon shade… Shit! The password linked to that email has been leaked! What’s more, the very attentive page will tell you where. Below you will see a list of websites where you used to enter with that email and where the passwords have been stolen.
5. Go change passwords! Both from your email and from all the pages that appeared to you. Well, and the rest where you may be using the same username and password that you used with the compromised accounts.

Conclusions

We know it’s a hassle to change passwords every once in a while, but so is it to have your account stolen and impersonate you by putting a horrible profile picture. This among many other unmentionable bad deeds that can be done. Now that you can check whether you’re in one of those leaked password databases, we leave it to you.