Network Management

This wiki entry will cover using Server Network Management Protocol (SNMP) to collect network monitoring information.

pfSense SNMP Client

Log in to the pfSense GUI. Navigate to Services, SNMP. From there select Enable and configure the daemon settings similar to the image below.

Make sure to select the restart button on the SNMP page (near top right).

CentOS SNMP Client

Install the SNMP client using the following command: sudo yum install net-snmp-utils. You can use snmpwalk as shown below to query systems on the network.

CentOS SNMP Server

Install the SNMPD package on the server using sudo yum install net-snmp-utils net-snmp. SNMPD is the SNMP Server. Now you need to change the SNMPD config. This file is located at /etc/snmp/snmpd.conf. It is recommended that you make a backup of the default configuration. See the configuration for this lab below.

Start and enable the service using systemctl. Next allow the service through the firewall using sudo firewall-cmd --add-service=snmp --permanent && sudo firewall-cmd --reload.

Windows Server SNMP

To install the SNMP service feature on a Windows server open server manager, select the server you want to install the feature on, and then select the SNMP Service under Features. If you are trying to install SNMP Tools you will need to select SNMP Tools under Features, RSAT, Feature Administration Tools, SNMP Tools. If you are configuring SNMP on a remote system you will need to enable Remote Computer Management for the server. To do this invoke a remote PowerShell session on the desired machine then run the following command. Set-NetFirewallRule -DisplayGroup "Remote Event Log Management" -Enable True". Then open Computer Manager, Services and Applications, then Services. Double click the SNMP server and configure the settings similar to the below image. Restart the service for changes to take effect.

Capture SNMP Traffic

TCP dump will allow you to capture SNMP Traffic. The man page for TCP dump can be found here. For this lab we used TCP dump to capture traffic on the webservers primary interface listening for port 161 and capturing 10 packets. The packets were dumped in ASCII format. This is the command you needed tcpdump -c 10 -i ens192 'port 161'.