Monday, 8 February 2016

Probing an SNMP device, MIB's and OID's

When talking to an SNMP device it is important that you are aware of all of the information available to yourself (i.e. which information can be polled from the device) - fortunately this is where MIB's (Management Information Base) comes into play - they define a description of what exact information can be polled from a device.

MIB files are typical available for download from the hardware vendors support site - although they are not always available unfortunately. 

In some case it might be necessary to instead probe a device - again there are various tools to do this (including snmpget and snmpwalker). To list all available information we can issue something like:

snmpwalk -v2c -c public 10.0.0.1

Now OID's are a bit like MAC addresses - in that portions of the OID are carved out for specific identities:

[Vendor OID][Store Identifier].[Message element Identifier]

Vendors typically have a root (or base) OID where there information should be located - up until a specific ending value. For example Cisco's is 1.3.6.1.4.1.9 - you can find a complete list here: http://www.alvestrand.no/objectid/1.3.6.1.4.1.9.html

So alternatively (and better yet) we could also issue the following command that only scan's Cisco's namespace:

snmpwalk -v2c -c public 10.0.0.1 .1.3.6.1.4.1.9

Example output:

SNMPv2-SMI::enterprises.9.6.1.101.29.4.1.1.1774375000 = INTEGER: 1774375000
SNMPv2-SMI::enterprises.9.6.1.101.29.4.1.1.1818787036 = INTEGER: 1818787036
SNMPv2-SMI::enterprises.9.6.1.101.29.4.1.2.1774375000 = INTEGER: 1
SNMPv2-SMI::enterprises.9.6.1.101.29.4.1.2.1818787036 = INTEGER: 1

There are various tools that can help you make more sense of OID's - for example to get a description of what the following OID is (.1.3.6.1.4.1.9.6.1.101.29.4.1.1.1774375000) - we could issue:

snmpwalk -v2c -c public 10.0.1.1 .1.3.6.1.4.1.9.6.1.101.29.4.1.1.1774375000


0 comments:

Post a comment