TTM4128 - Semester Assignment 1 (2015)

Learning Objectives:
to be able to configure and run an SNMP agent in a host using the net-snmp tool suite (snmpd)
to be able to determine the managed objects needed to find management information and use the suitable
command(s) to get their values
to be able to write an SNMP module that specifies an SNMP notification
to be able to configure and run a trap receiver using net-snmp tool suite (snmptrapd)
to be able to use a net-snmp command to send notifications (snmptrap)
to be able to design and implement a network management scheme based on the points above

For the following tasks we use the tools of the net-snmp suite. You can find documentation and tutorials for
the tools and configuration files on their website http://www.net-snmp.org/ or check the man pages in your
installation.
You are advised to start as early as possible with the assignment and use the tuition hours to ask about unclear
or ambiguous parts in this assignment.

General Practical Information

net-snmp is included in most Unix-like OS (also on SAHARA). Check your installation before you install it.
You may use the computers in SAHARA for the assignment. Consider the following points:
On a SAHARA computer, check that you are in group ttm4128 (in linux, open a terminal and type
groups).
The group ttm4128 has the following rights on the computers in sahara:
restart of snmpd: sudo /etc/init.d/snmpd restart
read and write permission in folder /etc/snmp/
read and write permission for file /usr/share/snmp/mibs/NTNU-NOTIFICATION-MIB.txt
You can stop snmptrapd by restarting snmpd. Or more convenient, you may start it in the shell with the
no-fork option snmptrapd -f, which leaves the process in the foreground. You can stop the process now
by pressing <ctrl>+<c>.
Files outside your home directory can be changed and deleted by anyone. Make a backup copy in your
home directory.
Check the file /etc/snmp/snmp.conf that the line mibs: is commented. If not, comment it using #.
Otherwise, you may get a Sub-id not found error when you use some commands such as snmpget.
For the last task where you have to send emails, check https://innsida.ntnu.no/wiki/-/wiki/English/
Setup+student+email+account+in+Thunderbird for the necessary information on the email server at
NTNU.

TTM4128 - Assignment

TTM4128 - Network and Service Management

NTNU - Department of Telematics

Task 1.1 Setting up the agent (15%)

First you are asked to set up an SNMP agent which you can query later on for management information. Use as
agent the snmpd daemon from net-snmp and run it on your machine. You will need this agent in the remaining
tasks so let it run until you finish all tasks.
a) Configure the following data in your agent:
version: SNMPv2c
read-only access
community name: ttm4128
location information of your choice
contact information of your choice
Then start the daemon.
Report: Explain the steps to configure and run your agent. Provide the path to the configuration file, its
content and the executed command(s).
b) How is the access control solved in the configuration in a)?
Report: Explain the access control mechanism used in the above configuration. Discuss very briefly the
security of it.
c) Use net-snmp command(s) to access the location and contact information of your agent.
Report: Give the executed command(s) and their results.
d) Show the interaction between manager and agent in c) in a diagram.
Report: Give the diagram (you can draw it on paper and paste a scan in the report. Make sure that it is
readable!). The diagram has to include at least: manager, one agent, any running daemons and executed
commands, any exchanged messages.

Task 1.2 Querying data from the agent (15%)

a) Which commands from net-snmp can be used to query the SNMP agent?
Report: List three different commands, explain briefly the differences between the commands and give for
each an example showing its advantages.
Now query your agent from Task 1.1 with the right net-snmp commands to answer the following questions.
Report: Provide the following for question b)-d):
Indicate which MIB module and MIB object holds such information.
Give the executed command(s) and the obtained result(s).
Answer the question with a sentence and give numbers always with units.
b) How many IP addresses are associated with the machine? What are they?
c) List some of the TCP ports that are open and listening for requests on the machine. Which MIB object
holds the information that indicates the ports are listening for connections?
d) How many network interfaces does the machine have? What are they? Which interface can send/receive
the largest packet (the most number of octets in a packet)? What is the physical address of this interface?
e) Suppose you do not have internet access on your machine with the net-snmp manager, explain how you
could find out which MIB modules are supported and how you can obtain the information about a specific
MIB object (e.g. its syntax and description).

TTM4128 - Network and Service Management

Task 1.3 Sending traps to snmptrapd (20%)

You are now asked to configure and run an SNMP manager which can receive SNMPv2 notifications. We use
the snmptrapd daemon from the net-snmp tool suite as notification receiver application. In order to keep it
simple you can let the SNMP manager and SNMP agent run on the same computer.
a) Setting up the Receiver
Configure and run the trap receiver snmptrapd on your machine so that all received SNMPv2c notifications
are logged.
Report: Explain the steps to configure and run your notification receiver. Give the configuration file and
the executed command(s).
b) Add a new Notification
We define now a new notification which we then use to send information to the SNMP manager. Put
the following code into a file called NTNU-NOTIFICATION-MIB.txt in the directory where all MIB files are
stored (i.e. /usr/share/snmp/mibs on most Unix and Unix-like OS)
NTNU-NOTIFICATION-MIB DEFINITIONS ::= BEGIN
IMPORTS
enterprises, NOTIFICATION-TYPE, MODULE-IDENTITY
FROM SNMPv2-SMI;
ntnuMibModule MODULE-IDENTITY
LAST-UPDATED "201501010000Z"
ORGANIZATION "NTNU"
CONTACT-INFO "email: ttm4128@item.ntnu.no"
DESCRIPTION "NTNU notifications"
REVISION "201501010000Z"
DESCRIPTION "This module contains a notification"
::= { enterprises 12345 2}

ntnu OBJECT IDENTIFIER ::= { enterprises 12345 }

telematics OBJECT IDENTIFIER ::= { ntnu 1 }
itemnotifs OBJECT IDENTIFIER ::= { telematics 5 }
anotif NOTIFICATION-TYPE
STATUS current
DESCRIPTION "This notification is used to send any information related to ITEM."
::= { itemnotifs 3 }
END
You can validate the module utilizing the tools in http://www.simpleweb.org/ietf/mibs/validate/ (use
severity level 3).
Report: Answer the following questions:
1. What is the OID of the notification anotif ?
2. What data is sent automatically with the notification anotif ?
3. When is it triggered?
4. Assume the SNMP manager and SNMP agent run on two different computers. On which computer
do you need to add the definition of the new notification?
c) Send the Notification from the command line
Get the values of sysName and sysLocation from your SNMP agent (snmpd from Task 1.1) by using the
snmpget command. Then, by using the snmptrap command send these values with your newly created
SNMPv2c notification to your SNMP manager. Note that snmpTrapOID must contain the OID of the
newly defined notification anotif.
Report: Give the executed command(s) and the content of the log file.

TTM4128 - Assignment

NTNU - Department of Telematics

d) Analyze the trap mechanism

Show the interaction between manager and agent in c) in a diagram.
Report: Give the diagram (you can draw it on paper and paste a scan in the report. Make sure that it is
readable!). The diagram has to include at least: manager, one agent, any running daemons and executed
commands, any exchanged messages.

Task 1.4 Use Case 1 (25%)

Adam is a network administrator for a small startup company. Lately the networks performance has been
poorer than usual. He suspects that some staffs are streaming videos during work hours. Fortunately, Adam
has access to all computers. He has the idea of using SNMP trap mechanisms so that any computer with an
unusually high internet usage will notify him. Below is Adams main idea.
He already has an SNMP manager installed on his monitoring machine. He would like the manager to receive
and log an SNMP trap when another computer in the network has an unusually high incoming IP traffic (i.e. IP
traffic is over a certain threshold). To achieve this, he will install SNMP agents on all machines in the network
and implement a trap machanism there.
Can you help Adam the admin?
Write an application which runs on the staffs machines and which checks the SNMP agents every minute the
number of received IPv4 datagrams (including those received in error). If this number is higher then a threshold
threshold the application sends an SNMP trap containing the following information to the SNMP manager:
The total number of input datagrams (IPv4) received from interfaces, including those received in error.
The total number of input datagrams successfully delivered to IPv4 user-protocols (including ICMP).
Write the program in your preferred language (Java, bash-script, Perl . . . ).
Hint: you can execute command line commands from within your program.
The SNMP manager should run snmptrapd as above. To simplify the setup, use only one machine as both
Adams computer and a staff machine. Choose threshold in a way that the trap is sent 5-10 times in 15 minutes.
Let the program run for at least 15 minutes and create some traffic. Use the anotif in Task 1.3 as the trap OID.
Optional: Plot the number of input datagrams in your favorite plotting tool (get the data from the snmptrapd
log file).
Report: Explain your solution. Provide your program (comment what you are doing) and the content of your
log file (from snmptrapd).

Task 1.5 Use Case 2 (25%)

Ruth is an administrator at another small company and tries to achieve a similar task as Adam. However, she
is not allowed to install a custom-made application on other computers. Fortunately, each machine has at least
an SNMP agent installed. Since she cannot implement a trap mechanism on those machines, she decides to go
with a polling approach. She also would like to regularly receive an e-mail with a nice overview of the incoming
IP traffic on all computers so she can monitor the situation even when she is on vacation!
You need to help Ruth with this task.
Set up at least two SNMP agents (on different computers). Set up an SNMP manager (on yet another computer or one of the previous two) which queries every minute the number of received IPv4 datagrams on the
SNMP agents. Then, the machine with the SNMP manager should send every 5 minutes an e-mail with the
aggregated and nicely presented data (in a way you would like to receive data) to the following e-mail address:
ttm4128@item.ntnu.no (please try it first with your own . . . ). Let the machines run for 15 minutes (i.e. we
should receive 3 emails from each group).
Report: Explain your solution. Provide your program (comment what you are doing).

TTM4128 - Network and Service Management

Report
Make sure you answer all the questions. At the end of each task it is clearly stated what you should include in
the report. Be explicit but try to be concise.

TTM4128 - Assignment

NTNU - Department of Telematics