SNMP :
Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.
Two components are defined for SNMP: a manager and an agent. In a local network, one or more managers and one agent per IT system to be monitored and configured via SNMP are installed.
Use SNMP management software to monitor any network device on which you install SNMP agent software.
The agents gather information about these systems and store this data in a MIB (management information base). They exchange messages with the manager via a connectionless protocol, so that SNMP does not rely on any particular transport protocol,it is usually implemented on UDP/IP. However, other implementations are possible and available (e.g. via OSI, AppleTalk, SPX/IPX) with different versions of SNMP.
Using SNMP, you can monitor network performance, audit network usage, detect network faults or inappropriate access, and in some cases configure remote devices.
What does SNMP do?
- Monitor inbound and outbound Traffic flowing through the device
- Early Detection of faults within network devices along with Alerts/Notifications
- Analyzing data collected from devices over long periods of time to identify bottlenecks and performance issues
- Ability to remotely configure compatible devices
- Access and Control devices remotely that are connected via SNMP
Concepts in SNMP :
- SNMP Manager (Network Management System)
- SNMP Agents (SNMP Agent is a piece of software that is bundled with the network device (router, switch, server, wifi, etc))
- SNMP Port(SNMP Manager polls the agents at regular intervals over Port UDP 161.)
- Managed Device (includes Servers, Switches, Routers, and more.)
- MIB (Management Information Database)
- OID (Object Identifier is a simply a number made up by the MIB and unique per device)
- Traps(Traps are used when the Device needs to alert the Network Management software of an event without being polled)
- Versions(v1, v2c, v3)
ARP :
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address.
There are four types of arp messages that may be sent by the arp protocol. These are identified by four values in the "operation" field of an arp message. The types of message are:
- ARP request
- ARP reply
- RARP(Reverse ARP) request
- RARP(Reverse ARP) reply
There is a Reverse ARP (RARP) for host machines that don't know their IP address. RARP enables them to request their IP address from the gateway's ARP cache.
Nmap :
Network Mapper is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
It answers below questions :
- What computers did you find running on the local network?
- What IP addresses did you find running on the local network?
- What is the operating system of your target machine?
- Find out what ports are open on the machine that you just scanned?
- Find out if the system is infected with malware or virus.
- Search for unauthorized servers or network service on your network.
- Find and remove computers which don’t meet the organization’s minimum level of security.
Nmap features include:
- Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
- Port scanning – Enumerating the open ports on target hosts.
- Version detection – Interrogating network services on remote devices to determine application name and version number.
- OS detection – Determining the operating system and hardware characteristics of network devices.
- Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.
Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
Uses of Nmap:
- Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.
- Identifying open ports on a target host in preparation for auditing.
- Network inventory, network mapping, maintenance and asset management.
- Auditing the security of a network by identifying new servers.
- Generating traffic to hosts on a network, response analysis and response time measurement.
- Find and exploit vulnerabilities in a network.